Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-shell
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Kirill Smelkov
gitlab-shell
Commits
562d7eb4
Commit
562d7eb4
authored
Feb 11, 2015
by
Douwe Maan
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Show nice error message when internal API is unreachable.
parent
f92a9c5a
Changes
8
Hide whitespace changes
Inline
Side-by-side
Showing
8 changed files
with
134 additions
and
32 deletions
+134
-32
bin/check
bin/check
+10
-5
lib/gitlab_access.rb
lib/gitlab_access.rb
+13
-8
lib/gitlab_net.rb
lib/gitlab_net.rb
+7
-1
lib/gitlab_post_receive.rb
lib/gitlab_post_receive.rb
+7
-3
lib/gitlab_shell.rb
lib/gitlab_shell.rb
+12
-11
spec/gitlab_access_spec.rb
spec/gitlab_access_spec.rb
+45
-4
spec/gitlab_net_spec.rb
spec/gitlab_net_spec.rb
+19
-0
spec/gitlab_shell_spec.rb
spec/gitlab_shell_spec.rb
+21
-0
No files found.
bin/check
View file @
562d7eb4
...
...
@@ -8,13 +8,18 @@ require_relative '../lib/gitlab_net'
#
print
"Check GitLab API access: "
resp
=
GitlabNet
.
new
.
check
if
resp
.
code
==
"200"
print
'OK'
else
abort
"FAILED. code:
#{
resp
.
code
}
"
begin
resp
=
GitlabNet
.
new
.
check
if
resp
.
code
==
"200"
print
'OK'
else
abort
"FAILED. code:
#{
resp
.
code
}
"
end
rescue
GitlabNet
::
ApiUnreachableError
abort
"FAILED: Failed to connect to internal API"
end
puts
"
\n
Check directories and files: "
config
=
GitlabConfig
.
new
...
...
lib/gitlab_access.rb
View file @
562d7eb4
...
...
@@ -18,15 +18,20 @@ class GitlabAccess
end
def
exec
status
=
api
.
check_access
(
'git-receive-pack'
,
@repo_name
,
@actor
,
@changes
)
if
status
.
allowed?
true
else
# reset GL_ID env since we stop git push here
ENV
[
'GL_ID'
]
=
nil
puts
"GitLab:
#{
status
.
message
}
"
false
begin
status
=
api
.
check_access
(
'git-receive-pack'
,
@repo_name
,
@actor
,
@changes
)
return
true
if
status
.
allowed?
message
=
status
.
message
rescue
GitlabNet
::
ApiUnreachableError
message
=
"Failed to authorize your Git request: internal API unreachable"
end
# reset GL_ID env since we stop git push here
ENV
[
'GL_ID'
]
=
nil
puts
"GitLab:
#{
message
}
"
false
end
protected
...
...
lib/gitlab_net.rb
View file @
562d7eb4
...
...
@@ -7,6 +7,8 @@ require_relative 'gitlab_logger'
require_relative
'gitlab_access'
class
GitlabNet
class
ApiUnreachableError
<
StandardError
;
end
def
check_access
(
cmd
,
repo
,
actor
,
changes
)
project_name
=
repo
.
gsub
(
"'"
,
""
)
project_name
=
project_name
.
gsub
(
/\.git\Z/
,
""
)
...
...
@@ -97,7 +99,11 @@ class GitlabNet
http
=
http_client_for
(
uri
)
request
=
http_request_for
(
method
,
uri
,
params
)
response
=
http
.
start
{
http
.
request
(
request
)
}
begin
response
=
http
.
start
{
http
.
request
(
request
)
}
rescue
raise
ApiUnreachableError
end
if
response
.
code
==
"200"
$logger
.
debug
"Received response
#{
response
.
code
}
=> <
#{
response
.
body
}
>."
...
...
lib/gitlab_post_receive.rb
View file @
562d7eb4
...
...
@@ -18,9 +18,13 @@ class GitlabPostReceive
update_redis
if
broadcast_message
=
GitlabNet
.
new
.
broadcast_message
puts
print_broadcast_message
(
broadcast_message
[
"message"
])
begin
broadcast_message
=
GitlabNet
.
new
.
broadcast_message
if
broadcast_message
puts
print_broadcast_message
(
broadcast_message
[
"message"
])
end
rescue
GitlabNet
::
ApiUnreachableError
end
end
...
...
lib/gitlab_shell.rb
View file @
562d7eb4
...
...
@@ -21,12 +21,13 @@ class GitlabShell
if
git_cmds
.
include?
(
@git_cmd
)
ENV
[
'GL_ID'
]
=
@key_id
if
validate_access
access
=
api
.
check_access
(
@git_cmd
,
@repo_name
,
@key_id
,
'_any'
)
if
access
.
allowed?
process_cmd
else
message
=
"gitlab-shell: Access denied for git command <
#{
@origin_cmd
}
> by
#{
log_username
}
."
$logger
.
warn
message
$stderr
.
puts
"Access denied."
puts
access
.
message
end
else
raise
DisallowedCommandError
...
...
@@ -34,10 +35,13 @@ class GitlabShell
else
puts
"Welcome to GitLab,
#{
username
}
!"
end
rescue
GitlabNet
::
ApiUnreachableError
=>
ex
$logger
.
warn
"gitlab-shell: Failed to connect to internal API"
puts
"Failed to authorize your Git request: internal API unreachable"
rescue
DisallowedCommandError
=>
ex
message
=
"gitlab-shell: Attempt to execute disallowed command <
#{
@origin_cmd
}
> by
#{
log_username
}
."
$logger
.
warn
message
puts
'
Not
allowed command'
puts
'
Dis
allowed command'
end
protected
...
...
@@ -59,10 +63,6 @@ class GitlabShell
exec_cmd
(
@git_cmd
,
repo_full_path
)
end
def
validate_access
api
.
check_access
(
@git_cmd
,
@repo_name
,
@key_id
,
'_any'
).
allowed?
end
# This method is not covered by Rspec because it ends the current Ruby process.
def
exec_cmd
(
*
args
)
Kernel
::
exec
({
'PATH'
=>
ENV
[
'PATH'
],
'LD_LIBRARY_PATH'
=>
ENV
[
'LD_LIBRARY_PATH'
],
'GL_ID'
=>
ENV
[
'GL_ID'
]},
*
args
,
unsetenv_others:
true
)
...
...
@@ -73,11 +73,12 @@ class GitlabShell
end
def
user
# Can't use "@user ||=" because that will keep hitting the API when @user is really nil!
if
instance_variable_defined?
(
'@user'
)
@user
else
return
@user
if
defined?
(
@user
)
begin
@user
=
api
.
discover
(
@key_id
)
rescue
GitlabNet
::
ApiUnreachableError
@user
=
nil
end
end
...
...
spec/gitlab_access_spec.rb
View file @
562d7eb4
...
...
@@ -5,15 +5,56 @@ describe GitlabAccess do
let
(
:repository_path
)
{
"/home/git/repositories"
}
let
(
:repo_name
)
{
'dzaporozhets/gitlab-ci'
}
let
(
:repo_path
)
{
File
.
join
(
repository_path
,
repo_name
)
+
".git"
}
let
(
:gitlab_access
)
{
GitlabAccess
.
new
(
repo_path
,
'key-123'
,
'wow'
)
}
let
(
:api
)
do
double
(
GitlabNet
).
tap
do
|
api
|
api
.
stub
(
check_access:
GitAccessStatus
.
new
(
true
))
end
end
subject
do
GitlabAccess
.
new
(
repo_path
,
'key-123'
,
'wow'
).
tap
do
|
access
|
access
.
stub
(
exec_cmd: :exec_called
)
access
.
stub
(
api:
api
)
end
end
before
do
GitlabConfig
.
any_instance
.
stub
(
repos_path:
repository_path
)
end
describe
:initialize
do
it
{
gitlab_access
.
repo_name
.
should
==
repo_name
}
it
{
gitlab_access
.
repo_path
.
should
==
repo_path
}
it
{
gitlab_access
.
changes
.
should
==
[
'wow'
]
}
it
{
subject
.
repo_name
.
should
==
repo_name
}
it
{
subject
.
repo_path
.
should
==
repo_path
}
it
{
subject
.
changes
.
should
==
[
'wow'
]
}
end
describe
"#exec"
do
context
"access is granted"
do
it
"returns true"
do
expect
(
subject
.
exec
).
to
be_true
end
end
context
"access is denied"
do
before
do
api
.
stub
(
check_access:
GitAccessStatus
.
new
(
false
))
end
it
"returns false"
do
expect
(
subject
.
exec
).
to
be_false
end
end
context
"API connection fails"
do
before
do
api
.
stub
(
:check_access
).
and_raise
(
GitlabNet
::
ApiUnreachableError
)
end
it
"returns false"
do
expect
(
subject
.
exec
).
to
be_false
end
end
end
end
spec/gitlab_net_spec.rb
View file @
562d7eb4
...
...
@@ -26,6 +26,11 @@ describe GitlabNet, vcr: true do
gitlab_net
.
check
end
end
it
"raises an exception if the connection fails"
do
Net
::
HTTP
.
any_instance
.
stub
(
:request
).
and_raise
(
StandardError
)
expect
{
gitlab_net
.
check
}.
to
raise_error
(
GitlabNet
::
ApiUnreachableError
)
end
end
describe
:discover
do
...
...
@@ -42,6 +47,13 @@ describe GitlabNet, vcr: true do
gitlab_net
.
discover
(
'key-126'
)
end
end
it
"raises an exception if the connection fails"
do
VCR
.
use_cassette
(
"discover-ok"
)
do
Net
::
HTTP
.
any_instance
.
stub
(
:request
).
and_raise
(
StandardError
)
expect
{
gitlab_net
.
discover
(
'key-126'
)
}.
to
raise_error
(
GitlabNet
::
ApiUnreachableError
)
end
end
end
describe
:broadcast_message
do
...
...
@@ -110,6 +122,13 @@ describe GitlabNet, vcr: true do
end
end
end
it
"raises an exception if the connection fails"
do
Net
::
HTTP
.
any_instance
.
stub
(
:request
).
and_raise
(
StandardError
)
expect
{
gitlab_net
.
check_access
(
'git-upload-pack'
,
'gitlab/gitlabhq.git'
,
'user-1'
,
changes
)
}.
to
raise_error
(
GitlabNet
::
ApiUnreachableError
)
end
end
describe
:host
do
...
...
spec/gitlab_shell_spec.rb
View file @
562d7eb4
...
...
@@ -135,6 +135,27 @@ describe GitlabShell do
api
.
should_receive
(
:discover
).
with
(
key_id
)
end
end
context
"failed connection"
do
before
{
ssh_cmd
'git-upload-pack gitlab-ci.git'
api
.
stub
(
:check_access
).
and_raise
(
GitlabNet
::
ApiUnreachableError
)
}
after
{
subject
.
exec
}
it
"should not process the command"
do
subject
.
should_not_receive
(
:process_cmd
)
end
it
"should not execute the command"
do
subject
.
should_not_receive
(
:exec_cmd
)
end
it
"should log the failed connection"
do
message
=
"gitlab-shell: Failed to connect to internal API"
$logger
.
should_receive
(
:warn
).
with
(
message
)
end
end
end
describe
:validate_access
do
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment