summaryrefslogtreecommitdiff
path: root/lib/gitlab_access.rb
Commit message (Collapse)AuthorAgeFilesLines
* Add relative git object dir envvars to check access requestfeature/add-pwd-envvar-to-check-access-requestAhmad Sherif2017-10-101-6/+2
|
* Handle GL_REPOSITORY env variable and use it in api callsAlejandro Rodríguez2017-05-111-3/+4
|
* Pass relevant git environment variables while calling `/allowed`Timothy Andrew2016-12-161-1/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | 1. Starting version 2.11, git changed the way the pre-receive flow works. - Previously, the new potential objects would be added to the main repo. If the pre-receive passes, the new objects stay in the repo but are linked up. If the pre-receive fails, the new objects stay orphaned in the repo, and are cleaned up during the next `git gc`. - In 2.11, the new potential objects are added to a temporary "alternate object directory", that git creates for this purpose. If the pre-receive passes, the objects from the alternate object directory are migrated to the main repo. If the pre-receive fails the alternate object directory is simply deleted. 2. In our workflow, the pre-recieve script calls the `/allowed` endpoint on the rails server. This `/allowed` endpoint calls out directly to git to perform various checks. These direct calls to git do _not_ have the necessary environment variables set which allow access to the "alternate object directory" (explained above). Therefore these calls to git are not able to access any of the new potential objects to be added during this push. 3. We fix this by passing the relevant environment variables (GIT_ALTERNATE_OBJECT_DIRECTORIES, GIT_OBJECT_DIRECTORY, and GIT_QUARANTINE_PATH) to the `/allowed` endpoint, which will then include these environment variables while calling out to git.
* Add instrumentation to push hooksmore-instrumentation-down-the-pipelineAhmad Sherif2016-11-161-1/+4
| | | | Related to #22053
* Use full repository path for API calls instead of extracting namedz-support-nested-namespacesDmitriy Zaporozhets2016-10-271-3/+2
| | | | Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
* Rename ENV['PROTOCOL'] to ENV['GL_PROTOCOL'] and make it mandatory with no ↵Patricio Cano2016-07-051-1/+1
| | | | fallback value
* Allow GitLab Shell to check for allowed access based on the used Git protocol.Patricio Cano2016-07-051-3/+4
|
* Refactor repository paths handling to allow multiple git mount pointsshardsAlejandro Rodríguez2016-06-291-1/+1
|
* Write GitlabAccess error to stderr.Douwe Maan2015-04-061-11/+10
|
* Show nice error message when internal API is unreachable.Douwe Maan2015-02-111-8/+13
|
* Revert "Revert "Merge branch 'git_hook_messages'""Valery Sizov2014-11-241-4/+6
| | | | This reverts commit f8453da5868dd7a23d0f2f3da7a45e33c441d1db.
* Revert "Merge branch 'git_hook_messages'"Jacob Vosmaer2014-11-201-6/+4
| | | | | | | | | | At least the following things were broken: - missing require for 'gitlab_access_status' in lib/gitlab_net.rb - gitlabhq master internal API returns 'true' or 'false', gitlab-shell expects JSON This reverts commit 11311a95545f967a5736cd16ab5fc37f7e658519, reversing changes made to 45444597aef3e434571de2491934ae92357ad231.
* Show error message when git access is rejectedValery Sizov2014-11-141-4/+6
|
* Support for custom hooksDrew Blessing2014-11-051-1/+1
|
* using true instead of 1jose2014-10-301-1/+1
|
* The gitlab pre-receive hook expects the call to exec to return 1jose2014-10-301-1/+1
| | | | | | | | | when a user has access. Doing an exit 0 effectively ended the thread. No code would be executed after the call to exec. This changes fixes the problem for the pre-receive hooks but you want to check that GitlabAccess.exec is not used elsewhere. A quick grep of the code seems to indicate this is not the case
* Split one instance variable per lineCiro Santilli2014-10-041-1/+2
|
* GitLab /api/allowed endpoint requires POST requestDmitriy Zaporozhets2014-09-031-1/+1
| | | | | | | This commit made changes to GitLab shell to work with huge pushed (ex. 1k branhes) using POST request to API Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
* GitlabAccess and GitlabPostReceive classes addedDmitriy Zaporozhets2014-09-011-0/+34
Gitlab Access handles security check. GitlabPostReceive creates a sidekiq job Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
View Lorry Controller Status