Refactor GCP session token exchange scheme

e7a8564f · Matija Čupić · 15b5b91d · e7a8564f · e7a8564f · e7a8564f
Commit e7a8564f authored Jan 07, 2018 by Matija Čupić
3 changed files
--- a/app/controllers/projects/clusters/gcp_controller.rb
+++ b/app/controllers/projects/clusters/gcp_controller.rb
@@ -65,11 +65,7 @@ class Projects::Clusters::GcpController < Projects::ApplicationController
  end
  def authorize_google_project_billing
-    redis_token_key = CheckGcpProjectBillingWorker.generate_redis_token_key
+    redis_token_key = CheckGcpProjectBillingWorker.store_session_token(token_in_session)
-    Gitlab::Redis::SharedState.with do |redis|
-      redis.set(redis_token_key, token_in_session, ex: 5.minutes)
-    end
    CheckGcpProjectBillingWorker.perform_async(redis_token_key)
  end

--- a/app/workers/check_gcp_project_billing_worker.rb
+++ b/app/workers/check_gcp_project_billing_worker.rb
@@ -5,9 +5,20 @@ class CheckGcpProjectBillingWorker
  include ClusterQueue
  LEASE_TIMEOUT = 15.seconds.to_i
+  SESSION_KEY_TIMEOUT = 5.minutes
-  def self.generate_redis_token_key
+  def self.get_session_token(token_key)
-    SecureRandom.uuid
+    Gitlab::Redis::SharedState.with do |redis|
+      redis.get(get_redis_session_key(token_key))
+    end
+  end
+  def self.store_session_token(token)
+    generate_token_key.tap do |token_key|
+      Gitlab::Redis::SharedState.with do |redis|
+        redis.set(get_redis_session_key(token_key), token, ex: SESSION_KEY_TIMEOUT)
+      end
+    end
  end
  def self.redis_shared_state_key_for(token)
@@ -17,7 +28,7 @@ class CheckGcpProjectBillingWorker
  def perform(token_key)
    return unless token_key
-    token = get_token(token_key)
+    token = self.get_session_token(token_key)
    return unless token
    return unless try_obtain_lease_for(token)
@@ -29,8 +40,12 @@ class CheckGcpProjectBillingWorker
  private
-  def get_token(token_key)
+  def self.generate_token_key
-    Gitlab::Redis::SharedState.with { |redis| redis.get(token_key) }
+    SecureRandom.uuid
+  end
+  def self.get_redis_session_key(token_key)
+    "gitlab:gcp:session:#{token_key}"
  end
  def try_obtain_lease_for(token)

--- a/spec/workers/check_gcp_project_billing_worker_spec.rb
+++ b/spec/workers/check_gcp_project_billing_worker_spec.rb
@@ -8,7 +8,7 @@ describe CheckGcpProjectBillingWorker do
    context 'when there is a token in redis' do
      before do
-        allow_any_instance_of(described_class).to receive(:get_token).and_return(token)
+        allow_any_instance_of(described_class).to receive(:get_session_token).and_return(token)
      end
      context 'when there is no lease' do
@@ -48,7 +48,7 @@ describe CheckGcpProjectBillingWorker do
    context 'when there is no token in redis' do
      before do
-        allow_any_instance_of(described_class).to receive(:get_token).and_return(nil)
+        allow_any_instance_of(described_class).to receive(:get_session_token).and_return(nil)
      end
      it 'does not call the service' do