summaryrefslogtreecommitdiff
path: root/internal
Commit message (Collapse)AuthorAgeFilesLines
* tests: Replace assert with requirezj-remove-testify-assertZeger-Jan van de Weg2020-10-159-48/+40
| | | | | | | | | Testify features sub packages `assert` and `require`. The difference is subtle, and lost on novice Golang developers that don't read the docs. To create a more consistent code base `assert` will no longer be used. This change was generated by a running a sed command on all `_test.go` files, followed by `goimports -w`.
* Drop "generated random correlation ID" log messagesh-suppress-random-correlation-id-logStan Hu2020-10-131-1/+0
| | | | | | This message happens all the time and doesn't add a lot of value. Relates to https://gitlab.com/gitlab-com/gl-infra/delivery/-/issues/1275
* Make it possible to propagate correlation ID across processesStan Hu2020-09-2044-121/+258
| | | | | | | | | | | | | | | | | | | | | | | | | | | Previously, gitlab-shell did not pass a context through the application. Correlation IDs were generated down the call stack instead of passed around from the start execution. This has several potential downsides: 1. It's easier for programming mistakes to be made in future that lead to multiple correlation IDs being generated for a single request. 2. Correlation IDs cannot be passed in from upstream requests 3. Other advantages of context passing, such as distributed tracing is not possible. This commit changes the behavior: 1. Extract the correlation ID from the environment at the start of the application. 2. If no correlation ID exists, generate a random one. 3. Pass the correlation ID to the GitLabNet API requests. This change also enables other clients of GitLabNet (e.g. Gitaly) to pass along the correlation ID in the internal API requests (https://gitlab.com/gitlab-org/gitaly/-/issues/2725). Fixes https://gitlab.com/gitlab-org/gitlab-shell/-/issues/474
* Fix gitlab-shell not handling relative URLs over UNIX socketssh-fix-unix-relative-url-accessStan Hu2020-08-201-10/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | From https://gitlab.com/gitlab-org/omnibus-gitlab/-/merge_requests/4498#note_397401883, if you specify a relative path such as: ``` external_url 'http://gitlab.example.com/gitlab' ``` gitlab-shell doesn't have a way to pass the `/gitlab` to the host. For example, let's say we have: ``` gitlab_url: "http+unix://%2Fvar%2Fopt%2Fgitlab%2Fgitlab-workhorse%2Fsocket" ``` If we have `/gitlab` as the relative path, how do we specify what is the UNIX socket path and what is the relative path? If we specify: ``` gitlab_url: "http+unix:///var/opt/gitlab/gitlab-workhorse.socket/gitlab ``` This is ambiguous. Is the socket in `/var/opt/gitlab/gitlab-workhorse.socket/gitlab` or in `/var/opt/gitlab/gitlab-workhorse.socket`? To fix this, this merge request adds an optional `gitlab_relative_url_root` config parameter: ``` gitlab_url: "http+unix://%2Fvar%2Fopt%2Fgitlab%2Fgitlab-workhorse%2Fsocket" gitlab_relative_url_root: /gitlab ``` This is only used with UNIX domain sockets to disambiguate the socket and base URL path. If `gitlab_url` uses `http://` or `https://`, then `gitlab_relative_url_root` is ignored. Relates to https://gitlab.com/gitlab-org/gitlab-shell/-/issues/476
* Add support obtaining personal access tokens via SSHTaylan Develioglu2020-08-177-6/+559
| | | | | | | | | | | | | | | | | | | | | | | | Implements the feature requested in gitlab-org/gitlab#19672 This requires the internal api counterpart in gitlab-org/gitlab!36302 to be merged first. It can be used as follows: ``` censored@censored-VirtualBox:~/git/gitlab$ ssh git@gitlab-2004 personal_access_token remote: remote: ======================================================================== remote: remote: Usage: personal_access_token <name> <scope1[,scope2,...]> [ttl_days] remote: remote: ======================================================================== remote: censored@censored-VirtualBox:~/git/gitlab$ ssh git@gitlab-2004 personal_access_token newtoken read_api,read_repository 30 Token: aAY1G3YPeemECgUvxuXY Scopes: read_api,read_repository Expires: 2020-08-07 ```
* Generate and log correlation IDsStan Hu2020-07-316-20/+36
| | | | | This will make it easier to tie an SSH access request to Rails API and Gitaly requests.
* Revert "Update executable.go"Igor Drozdov2020-07-231-0/+22
| | | This reverts commit 869aeb9057962b089abfd8ce0b6d4a0962bbb154
* Update executable.goIgor Drozdov2020-07-231-22/+0
|
* Log SSH key detailsStan Hu2020-07-236-2/+14
| | | | | | | | | | | | | | | | | | | | | Right now when a client such as gitlab-shell calls the `/api/v4/internal/allowed` API, the response only tells the client what user has been granted access, and it's impossible to tell which deploy key/token was used in the authentication request. This commit adds logs for the following when available: 1. `gl_key_type` (e.g. `deploy_key` or `key`) 2. `gl_key_id` These fields make it possible for admins to identify the exact record that was used to authenticate the user. API changes in the `/internal/allowed` endpoint in https://gitlab.com/gitlab-org/gitlab/-/merge_requests/37289 are needed to support this. Relates to https://gitlab.com/gitlab-org/gitlab-shell/-/issues/203
* Log remote IP for executed commandssh-log-remote-ipStan Hu2020-07-202-1/+8
| | | | | | | | Admins may want to know what client IP originated the request. This commit adds a `remote_ip` field to the log that extracts the IP address from the `SSH_CONNECTION` environment variable. Closes https://gitlab.com/gitlab-org/gitlab-shell/-/issues/199
* Pass in ssl_cert_dir config settingAsh McKenzie2020-07-024-4/+36
|
* Include SSL_CERT_DIR env var in commandAsh McKenzie2020-07-022-22/+60
|
* Support new ssl_cert_dir config settingAsh McKenzie2020-07-012-0/+10
|
* Set client name when making requests to Gitalycl-client-nameChangzheng Liu2020-05-211-3/+16
|
* Fix race conditions with logrus testingsh-fix-logrus-raceStan Hu2020-05-113-0/+19
| | | | | | | | | logrus fires a Goroutine to write logs, so the tests could fail if they checked the event queue before the logrus have fired. Since there isn't an easy way to flush all outstanding hooks, we just retry every 100 ms for up to a second for log to arrive in the queue. Closes https://gitlab.com/gitlab-org/gitlab-shell/-/issues/450
* Fix race conditions in testssh-add-http-status-codeStan Hu2020-05-083-14/+15
| | | | | | | | Calling logrus hook.LastEntry() can lead to race conditions. Use AllEntries instead: https://github.com/sirupsen/logrus/blob/60c74ad9be0d874af0ab0daef6ab07c5c5911f0d/hooks/test/test.go#L77 Closes https://gitlab.com/gitlab-org/gitlab-shell/-/issues/450
* Ensure we are passing the parsed secretDJ Mountney2020-05-061-1/+1
| | | | | | | | Rather than the secret file. The parsing of the file was already done in the gitlab-shell config. This fixes an issue where a recent refactor of the gitlabnet client passed the wrong value.
* Move gitlabnet client to client packagejc-refactor-gitlabnet-clientJohn Cai2020-05-0436-938/+69
|
* Geo Pull custom action supportAsh McKenzie2020-04-176-10/+201
|
* Allow allowedPayloadPath to be providedAsh McKenzie2020-04-171-7/+11
|
* Rename Geo Push custom action testAsh McKenzie2020-04-171-1/+1
|
* Rename action to be more accurateAsh McKenzie2020-04-171-5/+5
|
* Rename allowed payload JSON for accuracyAsh McKenzie2020-04-172-2/+2
|
* New pktline packageAsh McKenzie2020-04-172-0/+162
| | | | | | | Package is responsible for parsing git pkt lines. Copied from gitaly, for now.
* Extract customaction into a separate moduleid-extract-custom-action-in-separate-moduleIgor Drozdov2020-04-145-45/+90
| | | | We'll reuse this module for uploadpack in the future
* Add missed protocol againsh-log-git-upload-receive-packDavid Kim2020-04-081-1/+1
|
* Remove unnecessary command argumentDavid Kim2020-04-084-5/+5
|
* Move logging to handler insteadDavid Kim2020-04-075-29/+23
|
* Change git command logging keys to be be snake casedDavid Kim2020-04-031-5/+5
|
* Add test for command loggingDavid Kim2020-04-037-38/+35
|
* Add tests for loggingDavid Kim2020-03-303-0/+24
|
* Add git-archive-packStan Hu2020-03-263-12/+23
|
* Log git-{upload-pack,receive-pack} requestsStan Hu2020-03-262-0/+24
| | | | This restores the previous Ruby gitlab-shell behavior.
* Log internal HTTP requestsStan Hu2020-03-105-18/+168
| | | | | | | This restores the previous behavior of logging the success and failures of internal HTTP requests. Part of https://gitlab.com/gitlab-org/gitlab/issues/207916
* commands: pass through GIT_PROTOCOL envvar provided by clientsps-git-protocol-envvarPatrick Steinhardt2020-02-283-2/+6
| | | | | | | | | | | Both git-upload-pack and git-receive-pack services inspect the GIT_PROTOCOL environment transferred via SSH in order to decide which protocols are supported by a given client. Currently, we don't use the environment variable at all, though, but instead forward the GitProtocol field of the access verification response. Improve this by passing on the GIT_PROTOCOL environment variable provided by the client as-is.
* Remove support for Custom data.info_message210-remove-action-custom-inform_client-once-12-3-has-been-releasedAsh McKenzie2019-12-245-10/+1
|
* Fix Typosflowed2019-12-211-1/+1
|
* Add git-lfs upload operation assertion37371-git-clone-on-secondary-geo-node-fetches-lfs-files-from-primaryAsh McKenzie2019-12-031-1/+3
|
* Use correct LFS download or upload operation namesAsh McKenzie2019-12-033-40/+62
|
* Merge branch 'pass-ff-to-gitaly' into 'master'Ash McKenzie2019-10-2911-13/+101
| | | | | Add support for Gitaly feature flags See merge request gitlab-org/gitlab-shell!351
* More consistent console messages (golang)Ash McKenzie2019-10-236-19/+10
|
* New console package for writing to the consoleAsh McKenzie2019-10-232-0/+274
|
* Rename import pathsNick Thomas2019-10-1856-209/+209
|
* Move go code up one levelNick Thomas2019-10-1881-0/+5705
View Lorry Controller Status