Commit 31cdfc78 authored by Clement Ho's avatar Clement Ho

Merge branch '30525-iframe_jaeger' into 'master'

Embed Jaeger tracing in iframe

Closes #30525

See merge request gitlab-org/gitlab!17912
parents 6704a27c 338939ce
---
title: Embed Jaeger in Gitlab UI
merge_request:
author:
type: changed
...@@ -2,12 +2,6 @@ ...@@ -2,12 +2,6 @@
- if project_nav_tab? :settings - if project_nav_tab? :settings
= nav_link(controller: :tracings, action: [:show]) do = nav_link(controller: :tracings, action: [:show]) do
- if @project.tracing_external_url.present?
= link_to sanitize(@project.tracing_external_url, scrubber: Rails::Html::TextOnlyScrubber.new), target: "_blank", rel: 'noopener noreferrer' do
%span
= _('Tracing')
%i.strong.ml-1.fa.fa-external-link
- else
= link_to project_tracing_path(@project), title: _('Tracing') do = link_to project_tracing_path(@project), title: _('Tracing') do
%span %span
= _('Tracing') = _('Tracing')
- @content_class = "limit-container-width" unless fluid_layout - @content_class = "limit-container-width" unless fluid_layout
- page_title _("Tracing") - page_title _("Tracing")
.row.empty-state - if @project.tracing_external_url.present?
%h3.page-title= _('Tracing')
- jaeger_link = link_to('Jaeger tracing', 'https://www.jaegertracing.io/', target: "_blank", rel: "noreferrer")
%p.light= _("GitLab uses %{jaeger_link} to monitor distributed systems.").html_safe % { jaeger_link: jaeger_link }
= content_for :flash_message do
.alert.alert-warning.flex-alert
.alert-message
= _("Your password isn't required to view this page. If a password or any other personal details are requested, please contact your administrator to report abuse.")
.card
- iframe_permissions = "allow-forms allow-scripts allow-same-origin allow-popups"
%iframe.border-0{ src: sanitize(@project.tracing_external_url, scrubber: Rails::Html::TextOnlyScrubber.new), width: '100%', height: 970, sandbox: iframe_permissions }
- else
.row.empty-state
.col-12 .col-12
.svg-content .svg-content
= image_tag 'illustrations/monitoring/tracing.svg', style: 'max-height: 254px' = image_tag 'illustrations/monitoring/tracing.svg'
.col-12 .col-12
.text-content .text-content
......
...@@ -73,40 +73,12 @@ describe 'layouts/nav/sidebar/_project' do ...@@ -73,40 +73,12 @@ describe 'layouts/nav/sidebar/_project' do
expect(rendered).not_to have_text 'Tracing' expect(rendered).not_to have_text 'Tracing'
end end
context 'with project.tracing_external_url' do it 'links to Tracing page' do
let(:tracing_url) { 'https://tracing.url' }
let(:tracing_settings) { create(:project_tracing_setting, project: project, external_url: tracing_url) }
before do
allow(view).to receive(:can?).and_return(true) allow(view).to receive(:can?).and_return(true)
end
it 'links to project.tracing_external_url' do
expect(tracing_settings.external_url).to eq(tracing_url)
expect(project.tracing_external_url).to eq(tracing_url)
render render
expect(rendered).to have_link('Tracing', href: tracing_url) expect(rendered).to have_link('Tracing', href: project_tracing_path(project))
end
context 'with malicious external_url' do
let(:malicious_tracing_url) { "https://replaceme.com/'><script>alert(document.cookie)</script>" }
let(:cleaned_url) { "https://replaceme.com/'>" }
before do
tracing_settings.update_column(:external_url, malicious_tracing_url)
end
it 'sanitizes external_url' do
expect(project.tracing_external_url).to eq(malicious_tracing_url)
render
expect(tracing_settings.external_url).to eq(malicious_tracing_url)
expect(rendered).to have_link('Tracing', href: cleaned_url)
end
end
end end
context 'without project.tracing_external_url' do context 'without project.tracing_external_url' do
......
# frozen_string_literal: true
require 'spec_helper'
describe 'projects/tracings/show' do
let(:project) { create(:project, :repository) }
let(:error_tracking_setting) { create(:project_error_tracking_setting, project: project) }
before do
assign(:project, project)
assign(:repository, project.repository)
allow(view).to receive(:current_ref).and_return('master')
allow(view).to receive(:error_tracking_setting).and_return(error_tracking_setting)
allow(view).to receive(:incident_management_available?) { false }
stub_licensed_features(tracing: true)
end
context 'with project.tracing_external_url' do
let(:tracing_url) { 'https://tracing.url' }
let(:tracing_setting) { create(:project_tracing_setting, project: project, external_url: tracing_url) }
before do
allow(view).to receive(:can?).and_return(true)
allow(view).to receive(:tracing_setting).and_return(tracing_setting)
end
it 'renders iframe' do
render
expect(rendered).to match(/iframe/)
end
context 'with malicious external_url' do
let(:malicious_tracing_url) { "https://replaceme.com/'><script>alert(document.cookie)</script>" }
let(:cleaned_url) { "https://replaceme.com/'&gt;" }
before do
tracing_setting.update_column(:external_url, malicious_tracing_url)
end
it 'sanitizes external_url' do
render
expect(tracing_setting.external_url).to eq(malicious_tracing_url)
expect(rendered).to have_xpath("//iframe[@src=\"#{cleaned_url}\"]")
end
end
end
context 'without project.tracing_external_url' do
before do
allow(view).to receive(:can?).and_return(true)
end
it 'renders empty state' do
render
expect(rendered).to have_link('Add Jaeger URL')
expect(rendered).not_to match(/iframe/)
end
end
end
...@@ -7922,6 +7922,9 @@ msgstr "" ...@@ -7922,6 +7922,9 @@ msgstr ""
msgid "GitLab single sign on URL" msgid "GitLab single sign on URL"
msgstr "" msgstr ""
msgid "GitLab uses %{jaeger_link} to monitor distributed systems."
msgstr ""
msgid "GitLab will run a background job that will produce pseudonymized CSVs of the GitLab database that will be uploaded to your configured object storage directory." msgid "GitLab will run a background job that will produce pseudonymized CSVs of the GitLab database that will be uploaded to your configured object storage directory."
msgstr "" msgstr ""
...@@ -19289,6 +19292,9 @@ msgstr "" ...@@ -19289,6 +19292,9 @@ msgstr ""
msgid "Your new personal access token has been created." msgid "Your new personal access token has been created."
msgstr "" msgstr ""
msgid "Your password isn't required to view this page. If a password or any other personal details are requested, please contact your administrator to report abuse."
msgstr ""
msgid "Your password reset token has expired." msgid "Your password reset token has expired."
msgstr "" msgstr ""
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment