Commit d7111269 authored by Catalin Irimie's avatar Catalin Irimie

Change Geo SSH proxy to internal primary URL

As Geo SSH proxying traffic happens between gitlab-shell on the
secondary site and the primary site, this should go through the
internal URL if present.

Not doing so can cause problems with unified URLs, as it can
end up in a loop if both external_urls point to the same URL.

Changelog: changed
EE: true
parent e1d2685e
...@@ -2,8 +2,14 @@ ...@@ -2,8 +2,14 @@
module EE module EE
module GitlabRoutingHelper module GitlabRoutingHelper
def geo_primary_web_url(container) def geo_primary_web_url(container, internal: false)
File.join(::Gitlab::Geo.primary_node.url, container.full_path) primary_base_url = if internal
::Gitlab::Geo.primary_node.internal_url
else
::Gitlab::Geo.primary_node.url
end
File.join(primary_base_url, container.full_path)
end end
def geo_primary_ssh_url_to_repo(container) def geo_primary_ssh_url_to_repo(container)
...@@ -14,6 +20,10 @@ module EE ...@@ -14,6 +20,10 @@ module EE
geo_primary_web_url(container) + '.git' geo_primary_web_url(container) + '.git'
end end
def geo_primary_http_internal_url_to_repo(container)
geo_primary_web_url(container, internal: true) + '.git'
end
def geo_primary_default_url_to_repo(container) def geo_primary_default_url_to_repo(container)
case default_clone_protocol case default_clone_protocol
when 'ssh' when 'ssh'
......
...@@ -17,7 +17,7 @@ module EE ...@@ -17,7 +17,7 @@ module EE
'action' => 'geo_proxy_to_primary', 'action' => 'geo_proxy_to_primary',
'data' => { 'data' => {
'api_endpoints' => custom_action_api_endpoints_for(cmd), 'api_endpoints' => custom_action_api_endpoints_for(cmd),
'primary_repo' => primary_http_repo_url 'primary_repo' => primary_http_repo_internal_url
} }
} }
...@@ -46,8 +46,8 @@ module EE ...@@ -46,8 +46,8 @@ module EE
messages + ['', lag_message] messages + ['', lag_message]
end end
def primary_http_repo_url def primary_http_repo_internal_url
geo_primary_http_url_to_repo(container) geo_primary_http_internal_url_to_repo(container)
end end
def primary_ssh_url_to_repo def primary_ssh_url_to_repo
......
...@@ -6,7 +6,16 @@ RSpec.describe EE::GitlabRoutingHelper do ...@@ -6,7 +6,16 @@ RSpec.describe EE::GitlabRoutingHelper do
include ProjectsHelper include ProjectsHelper
include ApplicationSettingsHelper include ApplicationSettingsHelper
let_it_be(:primary, reload: true) { create(:geo_node, :primary, url: 'http://localhost:123/relative', clone_url_prefix: 'git@localhost:') } let_it_be(:primary, reload: true) do
create(
:geo_node,
:primary,
url: 'http://localhost:123/relative',
internal_url: 'http://internal:321/relative',
clone_url_prefix: 'git@localhost:'
)
end
let_it_be(:group, reload: true) { create(:group, path: 'foo') } let_it_be(:group, reload: true) { create(:group, path: 'foo') }
let_it_be(:project, reload: true) { create(:project, namespace: group, path: 'bar') } let_it_be(:project, reload: true) { create(:project, namespace: group, path: 'bar') }
...@@ -15,16 +24,32 @@ RSpec.describe EE::GitlabRoutingHelper do ...@@ -15,16 +24,32 @@ RSpec.describe EE::GitlabRoutingHelper do
allow(helper).to receive(:default_clone_protocol).and_return('http') allow(helper).to receive(:default_clone_protocol).and_return('http')
end end
it 'generates a path to the project' do context 'public / default URL' do
result = helper.geo_primary_web_url(project) it 'generates a path to the project' do
result = helper.geo_primary_web_url(project)
expect(result).to eq('http://localhost:123/relative/foo/bar')
end
it 'generates a path to the wiki' do
result = helper.geo_primary_web_url(project.wiki)
expect(result).to eq('http://localhost:123/relative/foo/bar') expect(result).to eq('http://localhost:123/relative/foo/bar.wiki')
end
end end
it 'generates a path to the wiki' do context 'internal URL' do
result = helper.geo_primary_web_url(project.wiki) it 'generates a path to the project' do
result = helper.geo_primary_web_url(project, internal: true)
expect(result).to eq('http://internal:321/relative/foo/bar')
end
expect(result).to eq('http://localhost:123/relative/foo/bar.wiki') it 'generates a path to the wiki' do
result = helper.geo_primary_web_url(project.wiki, internal: true)
expect(result).to eq('http://internal:321/relative/foo/bar.wiki')
end
end end
end end
......
...@@ -27,7 +27,7 @@ RSpec.describe Gitlab::Geo::GitSSHProxy, :geo do ...@@ -27,7 +27,7 @@ RSpec.describe Gitlab::Geo::GitSSHProxy, :geo do
} }
end end
let(:primary_repo_http) { geo_primary_http_url_to_repo(project) } let(:primary_repo_http) { geo_primary_http_internal_url_to_repo(project) }
let(:primary_repo_ssh) { geo_primary_ssh_url_to_repo(project) } let(:primary_repo_ssh) { geo_primary_ssh_url_to_repo(project) }
let(:data) do let(:data) do
......
...@@ -35,7 +35,7 @@ RSpec.describe Gitlab::GitAccess do ...@@ -35,7 +35,7 @@ RSpec.describe Gitlab::GitAccess do
allow(Gitlab::Database).to receive(:read_only?) { true } allow(Gitlab::Database).to receive(:read_only?) { true }
end end
let(:primary_repo_url) { geo_primary_http_url_to_repo(project) } let(:primary_repo_url) { geo_primary_http_internal_url_to_repo(project) }
let(:primary_repo_ssh_url) { geo_primary_ssh_url_to_repo(project) } let(:primary_repo_ssh_url) { geo_primary_ssh_url_to_repo(project) }
it_behaves_like 'git access for a read-only GitLab instance' it_behaves_like 'git access for a read-only GitLab instance'
...@@ -370,7 +370,7 @@ RSpec.describe Gitlab::GitAccess do ...@@ -370,7 +370,7 @@ RSpec.describe Gitlab::GitAccess do
end end
it 'returns a custom action' do it 'returns a custom action' do
expected_payload = { "action" => "geo_proxy_to_primary", "data" => { "api_endpoints" => ["/api/v4/geo/proxy_git_ssh/info_refs_upload_pack", "/api/v4/geo/proxy_git_ssh/upload_pack"], "primary_repo" => geo_primary_http_url_to_repo(project) } } expected_payload = { "action" => "geo_proxy_to_primary", "data" => { "api_endpoints" => ["/api/v4/geo/proxy_git_ssh/info_refs_upload_pack", "/api/v4/geo/proxy_git_ssh/upload_pack"], "primary_repo" => geo_primary_http_internal_url_to_repo(project) } }
expected_console_messages = ["This request to a Geo secondary node will be forwarded to the", "Geo primary node:", "", " #{geo_primary_ssh_url_to_repo(project)}"] expected_console_messages = ["This request to a Geo secondary node will be forwarded to the", "Geo primary node:", "", " #{geo_primary_ssh_url_to_repo(project)}"]
response = pull_changes response = pull_changes
...@@ -394,7 +394,7 @@ RSpec.describe Gitlab::GitAccess do ...@@ -394,7 +394,7 @@ RSpec.describe Gitlab::GitAccess do
end end
it 'returns a custom action' do it 'returns a custom action' do
expected_payload = { "action" => "geo_proxy_to_primary", "data" => { "api_endpoints" => ["/api/v4/geo/proxy_git_ssh/info_refs_receive_pack", "/api/v4/geo/proxy_git_ssh/receive_pack"], "primary_repo" => geo_primary_http_url_to_repo(project) } } expected_payload = { "action" => "geo_proxy_to_primary", "data" => { "api_endpoints" => ["/api/v4/geo/proxy_git_ssh/info_refs_receive_pack", "/api/v4/geo/proxy_git_ssh/receive_pack"], "primary_repo" => geo_primary_http_internal_url_to_repo(project) } }
expected_console_messages = ["This request to a Geo secondary node will be forwarded to the", "Geo primary node:", "", " #{geo_primary_ssh_url_to_repo(project)}"] expected_console_messages = ["This request to a Geo secondary node will be forwarded to the", "Geo primary node:", "", " #{geo_primary_ssh_url_to_repo(project)}"]
response = push_changes response = push_changes
......
...@@ -156,7 +156,7 @@ RSpec.describe Gitlab::GitAccessWiki do ...@@ -156,7 +156,7 @@ RSpec.describe Gitlab::GitAccessWiki do
allow(Gitlab::Database).to receive(:read_only?) { true } allow(Gitlab::Database).to receive(:read_only?) { true }
end end
let(:primary_repo_url) { geo_primary_http_url_to_repo(project.wiki) } let(:primary_repo_url) { geo_primary_http_internal_url_to_repo(project.wiki) }
let(:primary_repo_ssh_url) { geo_primary_ssh_url_to_repo(project.wiki) } let(:primary_repo_ssh_url) { geo_primary_ssh_url_to_repo(project.wiki) }
it_behaves_like 'git access for a read-only GitLab instance' it_behaves_like 'git access for a read-only GitLab instance'
......
...@@ -8,7 +8,14 @@ RSpec.shared_examples 'git access for a read-only GitLab instance' do ...@@ -8,7 +8,14 @@ RSpec.shared_examples 'git access for a read-only GitLab instance' do
end end
context 'for a Geo setup' do context 'for a Geo setup' do
let(:primary_node) { create(:geo_node, :primary, url: 'https://localhost:3000/gitlab') } let(:primary_node) do
create(
:geo_node,
:primary,
url: 'https://localhost:3000/gitlab',
internal_url: 'https://localhost:3001/gitlab'
)
end
before do before do
allow(Gitlab::Geo).to receive(:primary).and_return(primary_node) allow(Gitlab::Geo).to receive(:primary).and_return(primary_node)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment