Fix 404 on Commit Signature API when using Rugged

2fc165a7 · Kerri Miller · Heinrich Lee Yu · d99e0b64 · 2fc165a7 · 2fc165a7
Commit 2fc165a7 authored Nov 09, 2020 by Kerri Miller Committed by Heinrich Lee Yu Nov 09, 2020
6 changed files
--- a/app/models/commit.rb
+++ b/app/models/commit.rb
@@ -335,7 +335,11 @@ class Commit
    strong_memoize(:raw_signature_type) do
      next unless @raw.instance_of?(Gitlab::Git::Commit)
-      @raw.raw_commit.signature_type if defined? @raw.raw_commit.signature_type
+      if raw_commit_from_rugged? && gpg_commit.signature_text.present?
+        :PGP
+      elsif defined? @raw.raw_commit.signature_type
+        @raw.raw_commit.signature_type
+      end
    end
  end
@@ -347,7 +351,7 @@ class Commit
    strong_memoize(:signature) do
      case signature_type
      when :PGP
-        Gitlab::Gpg::Commit.new(self).signature
+        gpg_commit.signature
      when :X509
        Gitlab::X509::Commit.new(self).signature
      else
@@ -356,6 +360,14 @@ class Commit
    end
  end
+  def raw_commit_from_rugged?
+    @raw.raw_commit.is_a?(Rugged::Commit)
+  end
+  def gpg_commit
+    @gpg_commit ||= Gitlab::Gpg::Commit.new(self)
+  end
  def revert_branch_name
    "revert-#{short_id}"
  end

--- a/changelogs/unreleased/211357-api-endpoint-to-get-the-gpg-signature-of-a-commit-always-returns-4.yml
+++ b/changelogs/unreleased/211357-api-endpoint-to-get-the-gpg-signature-of-a-commit-always-returns-4.yml
+---
+title: Fix 404 error from Commit Signature API when using Rugged
+merge_request: 46736
+author:
+type: fixed
--- a/doc/api/commits.md
+++ b/doc/api/commits.md
@@ -842,7 +842,8 @@ Example response if commit is GPG signed:
  "gpg_key_primary_keyid": "8254AAB3FBD54AC9",
  "gpg_key_user_name": "John Doe",
  "gpg_key_user_email": "johndoe@example.com",
-  "gpg_key_subkey_id": null
+  "gpg_key_subkey_id": null,
+  "commit_source": "gitaly"
 }
 ```
@@ -865,7 +866,8 @@ Example response if commit is X.509 signed:
      "subject_key_identifier": "AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB:AB",
      "crl_url": "http://example.com/pki.crl"
    }
-  }
+  },
+  "commit_source": "gitaly"
 }
 ```

--- a/lib/api/entities/commit_signature.rb
+++ b/lib/api/entities/commit_signature.rb
@@ -4,13 +4,28 @@ module API
  module Entities
    class CommitSignature < Grape::Entity
      expose :signature_type
      expose :signature, merge: true do |commit, options|
-        if commit.signature.is_a?(GpgSignature)
+        if commit.signature.is_a?(GpgSignature) || commit.raw_commit_from_rugged?
-          ::API::Entities::GpgCommitSignature.represent commit.signature, options
+          ::API::Entities::GpgCommitSignature.represent commit_signature(commit), options
        elsif commit.signature.is_a?(X509CommitSignature)
          ::API::Entities::X509Signature.represent commit.signature, options
        end
      end
+      expose :commit_source do |commit, _|
+        commit.raw_commit_from_rugged? ? "rugged" : "gitaly"
+      end
+      private
+      def commit_signature(commit)
+        if commit.raw_commit_from_rugged?
+          commit.gpg_commit.signature
+        else
+          commit.signature
+        end
+      end
    end
  end
 end
--- a/scripts/lint-rugged
+++ b/scripts/lint-rugged
@@ -18,6 +18,11 @@ ALLOWED = [
  # Needed to detect Rugged enabled: https://gitlab.com/gitlab-org/gitlab/issues/35371
  'lib/gitlab/config_checker/puma_rugged_checker.rb',
+  # Needed for GPG/X509 commit signature API
+  #
+  'app/models/commit.rb',
+  'lib/api/entities/commit_signature.rb',
  # Needed for logging
  'config/initializers/peek.rb',
  'config/initializers/lograge.rb',

--- a/spec/requests/api/commits_spec.rb
+++ b/spec/requests/api/commits_spec.rb
@@ -1991,6 +1991,17 @@ RSpec.describe API::Commits do
        expect(json_response['x509_certificate']['x509_issuer']['subject']).to eq(commit.signature.x509_certificate.x509_issuer.subject)
        expect(json_response['x509_certificate']['x509_issuer']['subject_key_identifier']).to eq(commit.signature.x509_certificate.x509_issuer.subject_key_identifier)
        expect(json_response['x509_certificate']['x509_issuer']['crl_url']).to eq(commit.signature.x509_certificate.x509_issuer.crl_url)
+        expect(json_response['commit_source']).to eq('gitaly')
+      end
+      context 'with Rugged enabled', :enable_rugged do
+        it 'returns correct JSON' do
+          get api(route, current_user)
+          expect(response).to have_gitlab_http_status(:ok)
+          expect(json_response['signature_type']).to eq('PGP')
+          expect(json_response['commit_source']).to eq('rugged')
+        end
      end
    end
  end