| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Prior to this change personal access tokens without a ttl would never
expire. In Gitlab 15.4 we deprecated non-expiring tokens and are
scheduled for removal in 16.0.
https://gitlab.com/gitlab-org/gitlab/-/issues/369122
This change alters the gitlab-shell command for creating tokens to
ensure add a default limit of 30 days.
Closes https://gitlab.com/gitlab-org/gitlab-shell/-/issues/640
|
| |
|
|
|
|
|
|
|
| |
Currently, we perform a request to Gitlab Rails that proxies
the request to primary
However, it causes timeouts on big pushes and consumes large
amount of memory. We can perform an HTTP request directly
from Gitlab Shell instead and stream the response to the user
|
| |
|
|
|
|
|
|
|
|
| |
All the implementations of DNS discovery were done in this epic:
https://gitlab.com/groups/gitlab-org/-/epics/8971. Gitaly allows clients
to configure DNS discovery via dial option. This MR adds the exposed
dial options to client connection creation in Gitlab-shell.
Issue: https://gitlab.com/gitlab-org/gitaly/-/issues/4722
Changelog: added
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
What
---
Make the retryableHTTP client introduced in
https://gitlab.com/gitlab-org/gitlab-shell/-/merge_requests/703 the
default HTTP client.
Why
---
In
https://gitlab.com/gitlab-com/gl-infra/production/-/issues/7979#note_1254964426
we've seen a 99% error reduction on `git` commands from `gitlab-shell`
when the retryableHTTP client is used.
This has been running in production for over 2 weeks in `us-east1-b` and
5 days fleet-wide so we should be confident that this client works as
expected.
Reference: https://gitlab.com/gitlab-com/gl-infra/production/-/issues/7979
Signed-off-by: Steve Azzopardi <sazzopardi@gitlab.com>
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The `TestCanceledContext` test in `twofactorverify_test.go` tests
the scenario wherein the request context gets canceled in the
middle of the request.
A race can occur though when the input gets read before the context
is canceled which can result to a different error: instead of
having the context canceled, the OTP will be blank.
To fix it, we use a blocking reader as input to simulate "waiting
for input" scenario. This way, reading the input will never be
finished and the context cancelation can be done appropriately.
|
| |\
| |
| |
| |
| |
| |
| |
| |
| | |
Add developer documentation to command package
See merge request https://gitlab.com/gitlab-org/gitlab-shell/-/merge_requests/594
Merged-by: Patrick Bajao <ebajao@gitlab.com>
Approved-by: Patrick Bajao <ebajao@gitlab.com>
Co-authored-by: Igor Drozdov <idrozdov@gitlab.com>
|
| | | |
|
| | | |
|
| |/
|
|
|
|
|
|
|
|
|
| |
This commit also excludes gitlab-shell from dependencies:
Gitaly specifies Gitlab Shell as a dependency as well in order
to use gitlabnet client to perform API endpoints to Gitlab Rails.
As a result, Gitlab Shell requires Gitaly -> Gitaly requires an
older version of Gitlab Shell -> that version requires an older
version of Gitlab Shell, etc. Let's use exclude to break the
chain earlier
|
| |
|
|
| |
Use a single channel to handle both Push Auth and OTP results
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When `2fa_verify` command is executed:
- A user is asked to enter OTP
- A blocking call for push auth is performed
Then:
- If the push auth request fails, the user is still able to enter
OTP
- If OTP is invalid, the `2fa_verify` command ends the execution
- If OTP is valid or push auth request succeeded, then the user is
successfully authenticated
- If 30 seconds passed while no OTP or Push have been provided,
then the `2fa_verify` command ends the execution
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
While gitlab-shell currently has a major version of v14, the module path
it exposes is not using that major version like it is required by the Go
standard. This makes it impossible for dependents to import gitlab-shell
as a dependency without using a commit as version.
Fix this by changing the module path of gitlab-shell to instead be
`gitlab.com/gitlab-org/gitlab-shell/v14` and adjust all imports
accordingly.
Changelog: fixed
|
| |
|
|
|
|
|
| |
Before this change, the GitLab internal API could use a boolean
response field to indicate whether gitlab-shell should make
sidechannel connections go Gitaly. We now ignore that response field
and always use sidechannel connections.
|
| |
|
|
|
|
|
|
| |
When gitlab-sshd has been introduced we've started running our
own SSH server. In this case we're able to cache and reuse
Gitaly connections and Registry.
It helps to reduce memory usage.
|
| |
|
|
|
|
|
|
|
| |
Currently, we don't process the results of this execution,
because it's not really imprortant
Let's at least log the err if the execution went wrong
That will also make Vulnerability report happy
|
| |
|
|
|
|
|
| |
If the GitLab API returns an allowed response with use_sidechannel set
to true, gitlab-shell will establish a sidechannel connection and use
SSHUploadPackWithSidechannel instead of SSHUploadPack. This is an
efficiency improvement.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Due to the way sshd works, gitlab-shell could be called with a single
string in the form:
```
/path/to/gitlab-shell -c key-id
```
However, due to the tightening of the regular expressions in fcff692b
this string no longer matches, so logins would fail with:
```
Failed to get username: who='' is invalid
```
This can be reproduced by changing the user's shell to point to
gitlab-shell. For example:
```
usermod git -s /opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell
```
While setting gitlab-shell as the user's shell isn't officially
supported, gitlab-shell still should be able to cope with the key being
specified as the last argument. We now split the argument list and use
the last value.
Relates to https://gitlab.com/gitlab-org/gitlab-shell/-/issues/530
|
| |
|
|
|
|
|
|
|
| |
Several of our commands only touch the internal API, and go nowhere
near Gitaly. Improve logging for each of these in a single MR. In
general, we want to be able to tell what happened in the execution of
each command, and to track failures down to a specific line of code.
Changelog: added
|
| | |
|
| | |
|
| |
|
|
| |
It adds correlation ids wherever possible
|
| | |
|
| |\
| |
| |
| |
| |
| |
| | |
refactor: remove commandargs.GenericArgs
Closes #212
See merge request gitlab-org/gitlab-shell!506
|
| | |
| |
| |
| |
| | |
parse logic will only run if the executable accept args.
healthcheck is the only one not accepting arguments.
|
| | | |
|
| | | |
|
| |/ |
|
| |\
| |
| |
| |
| | |
Modify regex to prevent partial matches
See merge request gitlab-org/security/gitlab-shell!6
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Logrus buffers its output internally, which makes these tests fail
intermittently. They're also not a good example to follow generally.
We now have acceptance tests that exercise this functionality so I'm
pretty relaxed about losing the expectations. However, we can test
them by inspecting the server-received metadata too, so there's no loss
of coverage here.
The move from logrus to labkit for logging also makes these tests hard
to justify keeping.
|
| | | |
|
| |/
|
|
|
|
|
|
|
|
| |
Geo SSH proxy push currently impossible when the only
action that happens is branch removal. This fix
works in a way that it waits for flush packet from git
and then checks pkt lines to determine is pack data is expected.
The thing is that git doesnt send pack data when only
branch removal happens. Explanation is in
https://gitlab.com/gitlab-org/gitlab/-/issues/330494
|
| |
|
|
|
|
|
|
|
|
|
| |
Gitaly project now properly respects module release flow
and includes a module suffix in the package name. It requires
to re-write all non-suffixed imports with suffixed of a specific
version of tha module. With proper module versioning we don't
need to use a 'replace' directive to point to specific commit
and can use semantic versioning for the gitaly dependency.
Part of: https://gitlab.com/gitlab-org/gitaly/-/issues/3177
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, opentracing (if configured) was initialized late in the
gitlab-shell process's lifespan, coming just before making a gRPC
call to Gitaly.
By moving the opentracing initialization to be at process startup, we
make it available for the whole process lifecycle, which is very useful
to gitlab-sshd, as it means we'll only call tracing.Initialize() once
on process startup, rather than once per SSH connection.
To get this working, we need to introduce a context to gitlab-sshd.
This carries the client/service name, but also carries an initial
correlation ID. The main outcome of this is that all calls to the
authorized_keys endpoint from a given gitlab-sshd process will now
share a correlation ID. I don't have a strong opinion about this either
way.
Changelog: fixed
|
| |\
| |
| |
| |
| | |
Respect parent context for Gitaly calls
See merge request gitlab-org/gitlab-shell!469
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Without these changes, Gitaly calls would not be linked to a parent
context. This means that they would have an unassociated correlationID,
and Gitaly RPC calls would not be cancel()ed by parent context
cancellation.
Changelog: fixed
|
| |\ \
| | |
| | |
| | |
| | |
| | |
| | | |
gitlab-sshd: Respect the ssl_cert_dir config
Closes #516
See merge request gitlab-org/gitlab-shell!467
|
| | |/
| |
| |
| | |
Changelog: fixed
|
| |/
|
|
|
|
|
|
|
| |
Calling finished() in `ContextWithCorrelationID` breaks opentracing,
since it expects us to call it just before exiting, and this defer
runs on function completion.
All existing users of ContextWithCorrelationID already `defer finish()`
themselves, so this call is entirely surplus to requirements.
|
| |
|
|
|
| |
In this case we don't need to propagate cleanup
function. It simplifies the code.
|
| |
|
|
|
|
|
| |
Refactors introspection of execution environment to rely on
per-connection state (`gitlab-shell`) or per request (`gitlab-sshd`)
Relates to https://gitlab.com/gitlab-org/gitlab-shell/-/issues/496
|
| | |
|
| | |
|
| |
|
|
|
| |
This change removes session duration
information from output of 2fa_verify command
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
During a SSH receive-pack request (e.g. `git push`), gitlab-shell was
incorrectly using the user returned by the `/internal/allowed` API
endpoint to make an SSHReceivePack RPC call. This caused a number of
problems with deploy keys with write access:
1. Keys that were generated by a blocked user would be denied the
ability to write.
2. Keys that were generated by user that did not have write access to
the project would also be denied.
GitLab 12.4 removed the Ruby implementation of gitlab-shell in favor of
the Golang implementation, and these implementations worked slightly
differently. In
https://gitlab.com/gitlab-org/gitlab-shell/blob/v10.1.0/lib/gitlab_shell.rb,
the Ruby implementation would always use `@who` (e.g. `key-123`), but in
gitlab-shell v10.2.0 the Go implementation would always use the user
from the API response.
Reads did not have this issue because the user/deploy key is never
passed to Gitaly for additional permission checks. Writes need this
information for the pre-receive to check access to protected branches,
push rules, etc.
Relates to https://gitlab.com/gitlab-org/gitlab-shell/-/issues/479
|
| | |
|
| | |
|
