summaryrefslogtreecommitdiff
path: root/internal/command
Commit message (Collapse)AuthorAgeFilesLines
* close; things are colliding506-jsandlinJames Sandlin2022-07-151-129/+27
|
* waitgroup implemented & otp testing worksJames Sandlin2022-07-151-66/+111
|
* All testing for otpAuth now works.James Sandlin2022-07-152-144/+111
|
* add temp filesJames Sandlin2022-07-153-0/+553
|
* reorgJames Sandlin2022-07-152-39/+212
|
* Remove redundant channelkmcknight2022-07-121-19/+11
|
* Remove redundant contextskmcknight2022-07-121-9/+7
|
* Update test caseskmcknight2022-04-142-12/+0
|
* Add mock test server handler for push internal apikmcknight2022-04-141-1/+36
|
* Fix test formatting and inconsistencykmcknight2022-04-122-7/+1
|
* Split out into manual/pushkmcknight2022-04-122-20/+135
|
* Fix format errorskmcknight2022-04-071-2/+2
|
* Merge context logger additions from mainKen McKnight2022-04-0632-783/+372
|\ | | | | | | # Conflicts: # internal/command/twofactorverify/twofactorverify.go
| * Reuse Gitaly conns and SidechannelIgor Drozdov2022-03-074-34/+19
| | | | | | | | | | | | | | | | When gitlab-sshd has been introduced we've started running our own SSH server. In this case we're able to cache and reuse Gitaly connections and Registry. It helps to reduce memory usage.
| * Handle and log unhandled errorsIgor Drozdov2022-02-022-7/+11
| | | | | | | | | | | | | | | | | | Currently, we don't process the results of this execution, because it's not really imprortant Let's at least log the err if the execution went wrong That will also make Vulnerability report happy
| * Optionally use SSHUploadPackWithSidechannelJacob Vosmaer2022-01-254-3/+76
| | | | | | | | | | | | | | If the GitLab API returns an allowed response with use_sidechannel set to true, gitlab-shell will establish a sidechannel connection and use SSHUploadPackWithSidechannel instead of SSHUploadPack. This is an efficiency improvement.
| * Relax key and username matching for sshdsh-improve-key-matching-sshdStan Hu2021-11-101-11/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Due to the way sshd works, gitlab-shell could be called with a single string in the form: ``` /path/to/gitlab-shell -c key-id ``` However, due to the tightening of the regular expressions in fcff692b this string no longer matches, so logins would fail with: ``` Failed to get username: who='' is invalid ``` This can be reproduced by changing the user's shell to point to gitlab-shell. For example: ``` usermod git -s /opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell ``` While setting gitlab-shell as the user's shell isn't officially supported, gitlab-shell still should be able to cope with the key being specified as the last argument. We now split the argument list and use the last value. Relates to https://gitlab.com/gitlab-org/gitlab-shell/-/issues/530
| * Improve logging for non-git commands499-log-non-git-commandsNick Thomas2021-10-134-9/+37
| | | | | | | | | | | | | | | | | | Several of our commands only touch the internal API, and go nowhere near Gitaly. Improve logging for each of these in a single MR. In general, we want to be able to tell what happened in the execution of each command, and to track failures down to a specific line of code. Changelog: added
| * Resolve an error-swallowing issue499-log-me-more-moreNick Thomas2021-09-301-0/+7
| |
| * Don't swallow an error parsing SSH_ORIGINAL_COMMANDNick Thomas2021-09-271-9/+4
| |
| * Add context fields to loggingid-context-fieldsIgor Drozdov2021-09-151-1/+1
| | | | | | | | It adds correlation ids wherever possible
| * refactor: rearchitect command and executable Go modulesfeistel2021-09-084-467/+0
| |
| * Merge branch 'remove/generic-args' into 'main'Nick Thomas2021-09-085-28/+28
| |\ | | | | | | | | | | | | | | | | | | refactor: remove commandargs.GenericArgs Closes #212 See merge request gitlab-org/gitlab-shell!506
| | * refactor: add acceptargs field to executablefeistel2021-09-083-9/+11
| | | | | | | | | | | | | | | parse logic will only run if the executable accept args. healthcheck is the only one not accepting arguments.
| | * refactor: improve unknown executable error messagefeistel2021-09-081-1/+2
| | |
| | * refactor: remove commandargs.GenericArgsfeistel2021-08-113-21/+18
| | |
| * | refactor: move away from ioutil (deprecated)feistel2021-08-196-16/+16
| |/
| * Merge branch 'security-300265' into 'main'Patrick Bajao2021-08-042-4/+9
| |\ | | | | | | | | | | | | Modify regex to prevent partial matches See merge request gitlab-org/security/gitlab-shell!6
| | * Modify regex to prevent partial matchesRobert May2021-06-292-4/+9
| | |
| * | Remove some unreliable testsNick Thomas2021-07-303-46/+76
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Logrus buffers its output internally, which makes these tests fail intermittently. They're also not a good example to follow generally. We now have acceptance tests that exercise this functionality so I'm pretty relaxed about losing the expectations. However, we can test them by inspecting the server-received metadata too, so there's no loss of coverage here. The move from logrus to labkit for logging also makes these tests hard to justify keeping.
| * | Switch to labkit/log for logging functionalityIgor Drozdov2021-07-221-1/+2
| | |
| * | Fix the Geo SSH push proxy hangingValery Sizov2021-07-012-5/+27
| |/ | | | | | | | | | | | | | | | | | | Geo SSH proxy push currently impossible when the only action that happens is branch removal. This fix works in a way that it waits for flush packet from git and then checks pkt lines to determine is pack data is expected. The thing is that git doesnt send pack data when only branch removal happens. Explanation is in https://gitlab.com/gitlab-org/gitlab/-/issues/330494
| * fix: upgrade of the gitaly dependencyPavlo Strokov2021-06-023-6/+6
| | | | | | | | | | | | | | | | | | | | | | Gitaly project now properly respects module release flow and includes a module suffix in the package name. It requires to re-write all non-suffixed imports with suffixed of a specific version of tha module. With proper module versioning we don't need to use a 'replace' directive to point to specific commit and can use semantic versioning for the gitaly dependency. Part of: https://gitlab.com/gitlab-org/gitaly/-/issues/3177
| * Fix opentracing setup for gitlab-sshdNick Thomas2021-05-175-17/+39
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, opentracing (if configured) was initialized late in the gitlab-shell process's lifespan, coming just before making a gRPC call to Gitaly. By moving the opentracing initialization to be at process startup, we make it available for the whole process lifecycle, which is very useful to gitlab-sshd, as it means we'll only call tracing.Initialize() once on process startup, rather than once per SSH connection. To get this working, we need to introduce a context to gitlab-sshd. This carries the client/service name, but also carries an initial correlation ID. The main outcome of this is that all calls to the authorized_keys endpoint from a given gitlab-sshd process will now share a correlation ID. I don't have a strong opinion about this either way. Changelog: fixed
| * Merge branch '501-gitaly-respect-parent-context' into 'main'Nick Thomas2021-05-109-15/+21
| |\ | | | | | | | | | | | | Respect parent context for Gitaly calls See merge request gitlab-org/gitlab-shell!469
| | * Respect parent context for Gitaly callsNick Thomas2021-05-059-15/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | | Without these changes, Gitaly calls would not be linked to a parent context. This means that they would have an unassociated correlationID, and Gitaly RPC calls would not be cancel()ed by parent context cancellation. Changelog: fixed
| * | Merge branch '516-handle-ssl-cert-dir-correctly' into 'main'Nick Thomas2021-05-042-87/+60
| |\ \ | | | | | | | | | | | | | | | | | | | | | | | | gitlab-sshd: Respect the ssl_cert_dir config Closes #516 See merge request gitlab-org/gitlab-shell!467
| | * | gitlab-sshd: Respect the ssl_cert_dir config516-handle-ssl-cert-dir-correctlyNick Thomas2021-04-302-87/+60
| | |/ | | | | | | | | | Changelog: fixed
| * | Don't finish the opentracing span earlydont-close-span-earlyNick Thomas2021-04-301-1/+0
| |/ | | | | | | | | | | | | | | | | Calling finished() in `ContextWithCorrelationID` breaks opentracing, since it expects us to call it just before exiting, and this defer runs on function completion. All existing users of ContextWithCorrelationID already `defer finish()` themselves, so this call is entirely surplus to requirements.
| * Replace cleanup functions with t.CleanupIgor Drozdov2021-03-1715-57/+32
| | | | | | | | | | In this case we don't need to propagate cleanup function. It simplifies the code.
| * chore: Refactor env introspection to rely on command initialization496-move-env-introspection-to-sshenvLucas Charles2021-03-1511-173/+100
| | | | | | | | | | | | | | Refactors introspection of execution environment to rely on per-connection state (`gitlab-shell`) or per request (`gitlab-sshd`) Relates to https://gitlab.com/gitlab-org/gitlab-shell/-/issues/496
* | Rework tests after code modskmcknight2022-01-271-29/+14
| |
* | Checkpoint: I do believe it's workingkmcknight2022-01-211-13/+48
| |
* | Fix case formattingkmcknight2022-01-131-1/+1
| |
* | Handle unbuffered channels per review commentkmcknight2022-01-041-36/+37
| |
* | Fix test race conditionkmcknight2021-04-081-12/+11
| |
* | Update tests to handle push notification implementationkmcknight2021-03-261-4/+29
| |
* | Fix incorrect return codekmcknight2021-03-261-0/+2
| |
* | Add prototype code written by Fortinetkmcknight2021-02-251-11/+71
|/
* Use eventually to assert log entriesJaime Martinez2021-02-221-6/+11
|
View Lorry Controller Status