Support an ssh user different from the GitLab user

External configuration may make the preferred SSH username different from the GitLab username. Support this distinction and also support empty SSH usernames by conditionally dropping the '@' in the path_prefix.

Support an ssh user different from the GitLab user
External configuration may make the preferred SSH username different from the GitLab username. Support this distinction and also support empty SSH usernames by conditionally dropping the '@' in the path_prefix.
cc146ef3 · GitLab Development · da2ab608 · cc146ef3 · cc146ef3 · cc146ef3
Commit cc146ef3 authored Feb 07, 2020 by GitLab Development
5 changed files
--- a/config/initializers/1_settings.rb
+++ b/config/initializers/1_settings.rb
@@ -179,6 +179,8 @@ Settings.gitlab['email_smime'] = SmimeSignatureSettings.parse(Settings.gitlab['e
 Settings.gitlab['base_url'] ||= Settings.__send__(:build_base_gitlab_url)
 Settings.gitlab['url'] ||= Settings.__send__(:build_gitlab_url)
 Settings.gitlab['user'] ||= 'git'
+# External configuration may cause the ssh user to differ from the GitLab user
+Settings.gitlab['ssh_user'] ||= Settings.gitlab.user
 Settings.gitlab['user_home'] ||= begin
  Etc.getpwnam(Settings.gitlab['user']).dir
 rescue ArgumentError # no user configured
@@ -560,7 +562,7 @@ Settings.gitlab_shell['receive_pack']   = true if Settings.gitlab_shell['receive
 Settings.gitlab_shell['upload_pack']    = true if Settings.gitlab_shell['upload_pack'].nil?
 Settings.gitlab_shell['ssh_host']     ||= Settings.gitlab.ssh_host
 Settings.gitlab_shell['ssh_port']     ||= 22
-Settings.gitlab_shell['ssh_user']     ||= Settings.gitlab.user
+Settings.gitlab_shell['ssh_user']       = Settings.gitlab.ssh_user
 Settings.gitlab_shell['owner_group']  ||= Settings.gitlab.user
 Settings.gitlab_shell['ssh_path_prefix'] ||= Settings.__send__(:build_gitlab_shell_ssh_path_prefix)
 Settings.gitlab_shell['git_timeout'] ||= 10800

--- a/config/settings.rb
+++ b/config/settings.rb
@@ -44,7 +44,8 @@ class Settings < Settingslogic
    end

    def build_gitlab_shell_ssh_path_prefix
-      user_host = "#{gitlab_shell.ssh_user}@#{gitlab_shell.ssh_host}"
+      user = "#{gitlab_shell.ssh_user}@" unless gitlab_shell.ssh_user.empty?
+      user_host = "#{user}#{gitlab_shell.ssh_host}"

      if gitlab_shell.ssh_port != 22
        "ssh://#{user_host}:#{gitlab_shell.ssh_port}/"

--- a/lib/gitlab/middleware/go.rb
+++ b/lib/gitlab/middleware/go.rb
@@ -53,8 +53,9 @@ module Gitlab

        repository_url = if Gitlab::CurrentSettings.enabled_git_access_protocol == 'ssh'
                           shell = config.gitlab_shell
+                           user = "#{shell.ssh_user}@" unless shell.ssh_user.empty?
                           port = ":#{shell.ssh_port}" unless shell.ssh_port == 22
-                           "ssh://#{shell.ssh_user}@#{shell.ssh_host}#{port}/#{path}.git"
+                           "ssh://#{user}#{shell.ssh_host}#{port}/#{path}.git"
                         else
                           "#{project_url}.git"
                         end

--- a/spec/helpers/submodule_helper_spec.rb
+++ b/spec/helpers/submodule_helper_spec.rb
@@ -23,14 +23,30 @@ describe SubmoduleHelper do
      it 'detects ssh on standard port' do
        allow(Gitlab.config.gitlab_shell).to receive(:ssh_port).and_return(22) # set this just to be sure
        allow(Gitlab.config.gitlab_shell).to receive(:ssh_path_prefix).and_return(Settings.send(:build_gitlab_shell_ssh_path_prefix))
-        stub_url([config.user, '@', config.host, ':gitlab-org/gitlab-foss.git'].join(''))
+        stub_url([config.ssh_user, '@', config.host, ':gitlab-org/gitlab-foss.git'].join(''))
+        expect(subject).to eq([namespace_project_path('gitlab-org', 'gitlab-foss'), namespace_project_tree_path('gitlab-org', 'gitlab-foss', 'hash')])
+      end
+
+      it 'detects ssh on standard port without a username' do
+        allow(Gitlab.config.gitlab_shell).to receive(:ssh_port).and_return(22) # set this just to be sure
+        allow(Gitlab.config.gitlab_shell).to receive(:ssh_user).and_return('')
+        allow(Gitlab.config.gitlab_shell).to receive(:ssh_path_prefix).and_return(Settings.send(:build_gitlab_shell_ssh_path_prefix))
+        stub_url([config.host, ':gitlab-org/gitlab-foss.git'].join(''))
        expect(subject).to eq([namespace_project_path('gitlab-org', 'gitlab-foss'), namespace_project_tree_path('gitlab-org', 'gitlab-foss', 'hash')])
      end

      it 'detects ssh on non-standard port' do
        allow(Gitlab.config.gitlab_shell).to receive(:ssh_port).and_return(2222)
        allow(Gitlab.config.gitlab_shell).to receive(:ssh_path_prefix).and_return(Settings.send(:build_gitlab_shell_ssh_path_prefix))
-        stub_url(['ssh://', config.user, '@', config.host, ':2222/gitlab-org/gitlab-foss.git'].join(''))
+        stub_url(['ssh://', config.ssh_user, '@', config.host, ':2222/gitlab-org/gitlab-foss.git'].join(''))
+        expect(subject).to eq([namespace_project_path('gitlab-org', 'gitlab-foss'), namespace_project_tree_path('gitlab-org', 'gitlab-foss', 'hash')])
+      end
+
+      it 'detects ssh on non-standard port without a username' do
+        allow(Gitlab.config.gitlab_shell).to receive(:ssh_port).and_return(2222)
+        allow(Gitlab.config.gitlab_shell).to receive(:ssh_user).and_return('')
+        allow(Gitlab.config.gitlab_shell).to receive(:ssh_path_prefix).and_return(Settings.send(:build_gitlab_shell_ssh_path_prefix))
+        stub_url(['ssh://', config.host, ':2222/gitlab-org/gitlab-foss.git'].join(''))
        expect(subject).to eq([namespace_project_path('gitlab-org', 'gitlab-foss'), namespace_project_tree_path('gitlab-org', 'gitlab-foss', 'hash')])
      end


--- a/spec/lib/gitlab/middleware/go_spec.rb
+++ b/spec/lib/gitlab/middleware/go_spec.rb
@@ -89,6 +89,13 @@ describe Gitlab::Middleware::Go do
                    it 'returns the full project path' do
                      expect_response_with_path(go, enabled_protocol, project.full_path, project.default_branch)
                    end
+
+                    context 'with an empty ssh_user' do
+                      it 'returns the full project path' do
+                        allow(Gitlab.config.gitlab_shell).to receive(:ssh_user).and_return('')
+                        expect_response_with_path(go, enabled_protocol, project.full_path, project.default_branch)
+                      end
+                    end
                  end

                  context 'without access to the project' do
@@ -234,7 +241,9 @@ describe Gitlab::Middleware::Go do
    def expect_response_with_path(response, protocol, path, branch)
      repository_url = case protocol
                       when :ssh
-                         "ssh://#{Gitlab.config.gitlab.user}@#{Gitlab.config.gitlab.host}/#{path}.git"
+                         shell = Gitlab.config.gitlab_shell
+                         user = "#{shell.ssh_user}@" unless shell.ssh_user.empty?
+                         "ssh://#{user}#{shell.ssh_host}/#{path}.git"
                       when :http, nil
                         "http://#{Gitlab.config.gitlab.host}/#{path}.git"
                       end