Merge branch 'ag-change-whitelist-to-allowlist-in-readonly-middleware' into 'master'

Change `whitelisted` to `allowlisted` in ReadOnly Middleware See merge request gitlab-org/gitlab!46542

Merge branch 'ag-change-whitelist-to-allowlist-in-readonly-middleware' into 'master'
Change `whitelisted` to `allowlisted` in ReadOnly Middleware See merge request gitlab-org/gitlab!46542
e3983e8a · Peter Leitzen · dc2041a6 · 47880945 · e3983e8a · e3983e8a
Commit e3983e8a authored Nov 02, 2020 by Peter Leitzen
Showing with 16 additions and 16 deletions

ee/lib/ee/gitlab/middleware/read_only/controller.rb ee/lib/ee/gitlab/middleware/read_only/controller.rb +6 -6

lib/gitlab/middleware/read_only/controller.rb lib/gitlab/middleware/read_only/controller.rb +10 -10

No files found.
--- a/ee/lib/ee/gitlab/middleware/read_only/controller.rb
+++ b/ee/lib/ee/gitlab/middleware/read_only/controller.rb
@@ -7,19 +7,19 @@ module EE
        module Controller
          extend ::Gitlab::Utils::Override

-          WHITELISTED_GEO_ROUTES = {
+          ALLOWLISTED_GEO_ROUTES = {
            'admin/geo/nodes' => %w{update}
          }.freeze

-          WHITELISTED_GEO_ROUTES_TRACKING_DB = {
+          ALLOWLISTED_GEO_ROUTES_TRACKING_DB = {
            'admin/geo/projects' => %w{destroy resync reverify force_redownload resync_all reverify_all},
            'admin/geo/uploads' => %w{destroy}
          }.freeze

          private

-          override :whitelisted_routes
-          def whitelisted_routes
+          override :allowlisted_routes
+          def allowlisted_routes
            super || geo_node_update_route? || geo_proxy_git_ssh_route? || geo_api_route?
          end

@@ -30,10 +30,10 @@ module EE
            controller = route_hash[:controller]
            action = route_hash[:action]

-            if WHITELISTED_GEO_ROUTES[controller]&.include?(action)
+            if ALLOWLISTED_GEO_ROUTES[controller]&.include?(action)
              ::Gitlab::Database.db_read_write?
            else
-              WHITELISTED_GEO_ROUTES_TRACKING_DB[controller]&.include?(action)
+              ALLOWLISTED_GEO_ROUTES_TRACKING_DB[controller]&.include?(action)
            end
          end


--- a/lib/gitlab/middleware/read_only/controller.rb
+++ b/lib/gitlab/middleware/read_only/controller.rb
@@ -9,20 +9,20 @@ module Gitlab
        APPLICATION_JSON_TYPES = %W{#{APPLICATION_JSON} application/vnd.git-lfs+json}.freeze
        ERROR_MESSAGE = 'You cannot perform write operations on a read-only instance'

-        WHITELISTED_GIT_ROUTES = {
+        ALLOWLISTED_GIT_ROUTES = {
          'repositories/git_http' => %w{git_upload_pack git_receive_pack}
        }.freeze

-        WHITELISTED_GIT_LFS_ROUTES = {
+        ALLOWLISTED_GIT_LFS_ROUTES = {
          'repositories/lfs_api' => %w{batch},
          'repositories/lfs_locks_api' => %w{verify create unlock}
        }.freeze

-        WHITELISTED_GIT_REVISION_ROUTES = {
+        ALLOWLISTED_GIT_REVISION_ROUTES = {
          'projects/compare' => %w{create}
        }.freeze

-        WHITELISTED_SESSION_ROUTES = {
+        ALLOWLISTED_SESSION_ROUTES = {
          'sessions' => %w{destroy},
          'admin/sessions' => %w{create destroy}
        }.freeze
@@ -55,7 +55,7 @@ module Gitlab

        def disallowed_request?
          DISALLOWED_METHODS.include?(@env['REQUEST_METHOD']) &&
-            !whitelisted_routes
+            !allowlisted_routes
        end

        def json_request?
@@ -87,7 +87,7 @@ module Gitlab
        end

        # Overridden in EE module
-        def whitelisted_routes
+        def allowlisted_routes
          workhorse_passthrough_route? || internal_route? || lfs_route? || compare_git_revisions_route? || sidekiq_route? || session_route? || graphql_query?
        end

@@ -98,7 +98,7 @@ module Gitlab
          return false unless request.post? &&
            request.path.end_with?('.git/git-upload-pack', '.git/git-receive-pack')

-          WHITELISTED_GIT_ROUTES[route_hash[:controller]]&.include?(route_hash[:action])
+          ALLOWLISTED_GIT_ROUTES[route_hash[:controller]]&.include?(route_hash[:action])
        end

        def internal_route?
@@ -109,7 +109,7 @@ module Gitlab
          # Calling route_hash may be expensive. Only do it if we think there's a possible match
          return false unless request.post? && request.path.end_with?('compare')

-          WHITELISTED_GIT_REVISION_ROUTES[route_hash[:controller]]&.include?(route_hash[:action])
+          ALLOWLISTED_GIT_REVISION_ROUTES[route_hash[:controller]]&.include?(route_hash[:action])
        end

        def lfs_route?
@@ -120,7 +120,7 @@ module Gitlab
            return false
          end

-          WHITELISTED_GIT_LFS_ROUTES[route_hash[:controller]]&.include?(route_hash[:action])
+          ALLOWLISTED_GIT_LFS_ROUTES[route_hash[:controller]]&.include?(route_hash[:action])
        end

        def session_route?
@@ -128,7 +128,7 @@ module Gitlab
          return false unless request.post? && request.path.end_with?('/users/sign_out',
            '/admin/session', '/admin/session/destroy')

-          WHITELISTED_SESSION_ROUTES[route_hash[:controller]]&.include?(route_hash[:action])
+          ALLOWLISTED_SESSION_ROUTES[route_hash[:controller]]&.include?(route_hash[:action])
        end

        def sidekiq_route?