Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-shell
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-shell
Commits
2f92f124
Commit
2f92f124
authored
Aug 03, 2017
by
David Turner
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
pass gl_username through to hooks
parent
bee2bcc5
Changes
5
Show whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
77 additions
and
19 deletions
+77
-19
lib/gitlab_access_status.rb
lib/gitlab_access_status.rb
+8
-6
lib/gitlab_net.rb
lib/gitlab_net.rb
+7
-1
lib/gitlab_shell.rb
lib/gitlab_shell.rb
+6
-3
spec/gitlab_access_spec.rb
spec/gitlab_access_spec.rb
+16
-2
spec/gitlab_shell_spec.rb
spec/gitlab_shell_spec.rb
+40
-7
No files found.
lib/gitlab_access_status.rb
View file @
2f92f124
require
'json'
require
'json'
class
GitAccessStatus
class
GitAccessStatus
attr_reader
:message
,
:gl_repository
,
:repository_path
,
:gitaly
,
:geo_node
attr_reader
:message
,
:gl_repository
,
:
gl_username
,
:
repository_path
,
:gitaly
,
:geo_node
def
initialize
(
status
,
message
,
gl_repository
,
repository_path
,
gitaly
,
geo_node
=
false
)
def
initialize
(
status
,
message
,
gl_repository
:,
gl_username
:,
repository_path
:,
gitaly
:,
geo_node
:
)
@status
=
status
@status
=
status
@message
=
message
@message
=
message
@gl_repository
=
gl_repository
@gl_repository
=
gl_repository
@gl_username
=
gl_username
@repository_path
=
repository_path
@repository_path
=
repository_path
@gitaly
=
gitaly
@gitaly
=
gitaly
@geo_node
=
geo_node
@geo_node
=
geo_node
...
@@ -16,10 +17,11 @@ class GitAccessStatus
...
@@ -16,10 +17,11 @@ class GitAccessStatus
values
=
JSON
.
parse
(
json
)
values
=
JSON
.
parse
(
json
)
self
.
new
(
values
[
"status"
],
self
.
new
(
values
[
"status"
],
values
[
"message"
],
values
[
"message"
],
values
[
"gl_repository"
],
gl_repository:
values
[
"gl_repository"
],
values
[
"repository_path"
],
gl_username:
values
[
"gl_username"
],
values
[
"gitaly"
],
repository_path:
values
[
"repository_path"
],
values
[
"geo_node"
])
gitaly:
values
[
"gitaly"
],
geo_node:
values
[
"geo_node"
])
end
end
def
allowed?
def
allowed?
...
...
lib/gitlab_net.rb
View file @
2f92f124
...
@@ -40,7 +40,13 @@ class GitlabNet
...
@@ -40,7 +40,13 @@ class GitlabNet
if
resp
.
code
==
'200'
if
resp
.
code
==
'200'
GitAccessStatus
.
create_from_json
(
resp
.
body
)
GitAccessStatus
.
create_from_json
(
resp
.
body
)
else
else
GitAccessStatus
.
new
(
false
,
'API is not accessible'
,
nil
,
nil
,
nil
)
GitAccessStatus
.
new
(
false
,
'API is not accessible'
,
gl_repository:
nil
,
gl_username:
nil
,
repository_path:
nil
,
gitaly:
nil
,
geo_node:
false
)
end
end
end
end
...
...
lib/gitlab_shell.rb
View file @
2f92f124
...
@@ -20,7 +20,7 @@ class GitlabShell
...
@@ -20,7 +20,7 @@ class GitlabShell
# to undo an already set parameter: https://www.spinics.net/lists/git/msg256772.html
# to undo an already set parameter: https://www.spinics.net/lists/git/msg256772.html
GIT_CONFIG_SHOW_ALL_REFS
=
"transfer.hideRefs=!refs"
.
freeze
GIT_CONFIG_SHOW_ALL_REFS
=
"transfer.hideRefs=!refs"
.
freeze
attr_accessor
:key_id
,
:gl_repository
,
:repo_name
,
:command
,
:git_access
,
:show_all_refs
attr_accessor
:key_id
,
:gl_repository
,
:repo_name
,
:command
,
:git_access
,
:show_all_refs
,
:username
attr_reader
:repo_path
attr_reader
:repo_path
def
initialize
(
key_id
)
def
initialize
(
key_id
)
...
@@ -113,6 +113,7 @@ class GitlabShell
...
@@ -113,6 +113,7 @@ class GitlabShell
@gl_repository
=
status
.
gl_repository
@gl_repository
=
status
.
gl_repository
@gitaly
=
status
.
gitaly
@gitaly
=
status
.
gitaly
@show_all_refs
=
status
.
geo_node
@show_all_refs
=
status
.
geo_node
@username
=
status
.
gl_username
end
end
def
process_cmd
(
args
)
def
process_cmd
(
args
)
...
@@ -139,7 +140,8 @@ class GitlabShell
...
@@ -139,7 +140,8 @@ class GitlabShell
gitaly_request
=
{
gitaly_request
=
{
'repository'
=>
@gitaly
[
'repository'
],
'repository'
=>
@gitaly
[
'repository'
],
'gl_repository'
=>
@gl_repository
,
'gl_repository'
=>
@gl_repository
,
'gl_id'
=>
@key_id
'gl_id'
=>
@key_id
,
'gl_username'
=>
@username
}
}
gitaly_request
[
'git_config_options'
]
=
[
GIT_CONFIG_SHOW_ALL_REFS
]
if
@show_all_refs
gitaly_request
[
'git_config_options'
]
=
[
GIT_CONFIG_SHOW_ALL_REFS
]
if
@show_all_refs
...
@@ -168,7 +170,8 @@ class GitlabShell
...
@@ -168,7 +170,8 @@ class GitlabShell
'LANG'
=>
ENV
[
'LANG'
],
'LANG'
=>
ENV
[
'LANG'
],
'GL_ID'
=>
@key_id
,
'GL_ID'
=>
@key_id
,
'GL_PROTOCOL'
=>
GL_PROTOCOL
,
'GL_PROTOCOL'
=>
GL_PROTOCOL
,
'GL_REPOSITORY'
=>
@gl_repository
'GL_REPOSITORY'
=>
@gl_repository
,
'GL_USERNAME'
=>
@username
}
}
if
@gitaly
&&
@gitaly
.
include?
(
'token'
)
if
@gitaly
&&
@gitaly
.
include?
(
'token'
)
env
[
'GITALY_TOKEN'
]
=
@gitaly
[
'token'
]
env
[
'GITALY_TOKEN'
]
=
@gitaly
[
'token'
]
...
...
spec/gitlab_access_spec.rb
View file @
2f92f124
...
@@ -7,7 +7,13 @@ describe GitlabAccess do
...
@@ -7,7 +7,13 @@ describe GitlabAccess do
let
(
:repo_path
)
{
File
.
join
(
repository_path
,
repo_name
)
+
".git"
}
let
(
:repo_path
)
{
File
.
join
(
repository_path
,
repo_name
)
+
".git"
}
let
(
:api
)
do
let
(
:api
)
do
double
(
GitlabNet
).
tap
do
|
api
|
double
(
GitlabNet
).
tap
do
|
api
|
api
.
stub
(
check_access:
GitAccessStatus
.
new
(
true
,
'ok'
,
'project-1'
,
'/home/git/repositories'
,
nil
))
api
.
stub
(
check_access:
GitAccessStatus
.
new
(
true
,
'ok'
,
gl_repository:
'project-1'
,
gl_username:
'testuser'
,
repository_path:
'/home/git/repositories'
,
gitaly:
nil
,
geo_node:
nil
))
end
end
end
end
subject
do
subject
do
...
@@ -38,7 +44,15 @@ describe GitlabAccess do
...
@@ -38,7 +44,15 @@ describe GitlabAccess do
context
"access is denied"
do
context
"access is denied"
do
before
do
before
do
api
.
stub
(
check_access:
GitAccessStatus
.
new
(
false
,
'denied'
,
nil
,
nil
,
nil
))
api
.
stub
(
check_access:
GitAccessStatus
.
new
(
false
,
'denied'
,
gl_repository:
nil
,
gl_username:
nil
,
repository_path:
nil
,
gitaly:
nil
,
geo_node:
nil
))
end
end
it
"returns false"
do
it
"returns false"
do
...
...
spec/gitlab_shell_spec.rb
View file @
2f92f124
...
@@ -19,12 +19,28 @@ describe GitlabShell do
...
@@ -19,12 +19,28 @@ describe GitlabShell do
end
end
end
end
let
(
:gitaly_check_access
)
{
GitAccessStatus
.
new
(
true
,
'ok'
,
gl_repository
,
repo_path
,
{
'repository'
=>
{
'relative_path'
=>
repo_name
,
'storage_name'
=>
'default'
}
,
'address'
=>
'unix:gitaly.socket'
})
}
let
(
:gitaly_check_access
)
{
GitAccessStatus
.
new
(
true
,
'ok'
,
gl_repository:
gl_repository
,
gl_username:
gl_username
,
repository_path:
repo_path
,
gitaly:
{
'repository'
=>
{
'relative_path'
=>
repo_name
,
'storage_name'
=>
'default'
}
,
'address'
=>
'unix:gitaly.socket'
},
geo_node:
false
)
}
let
(
:api
)
do
let
(
:api
)
do
double
(
GitlabNet
).
tap
do
|
api
|
double
(
GitlabNet
).
tap
do
|
api
|
api
.
stub
(
discover:
{
'name'
=>
'John Doe'
})
api
.
stub
(
discover:
{
'name'
=>
'John Doe'
})
api
.
stub
(
check_access:
GitAccessStatus
.
new
(
true
,
'ok'
,
gl_repository
,
repo_path
,
nil
))
api
.
stub
(
check_access:
GitAccessStatus
.
new
(
true
,
'ok'
,
gl_repository:
gl_repository
,
gl_username:
gl_username
,
repository_path:
repo_path
,
gitaly:
nil
,
geo_node:
nil
))
api
.
stub
(
two_factor_recovery_codes:
{
api
.
stub
(
two_factor_recovery_codes:
{
'success'
=>
true
,
'success'
=>
true
,
'recovery_codes'
=>
[
'f67c514de60c4953'
,
'41278385fc00c1e0'
]
'recovery_codes'
=>
[
'f67c514de60c4953'
,
'41278385fc00c1e0'
]
...
@@ -39,6 +55,7 @@ describe GitlabShell do
...
@@ -39,6 +55,7 @@ describe GitlabShell do
let
(
:repo_name
)
{
'gitlab-ci.git'
}
let
(
:repo_name
)
{
'gitlab-ci.git'
}
let
(
:repo_path
)
{
File
.
join
(
tmp_repos_path
,
repo_name
)
}
let
(
:repo_path
)
{
File
.
join
(
tmp_repos_path
,
repo_name
)
}
let
(
:gl_repository
)
{
'project-1'
}
let
(
:gl_repository
)
{
'project-1'
}
let
(
:gl_username
)
{
'testuser'
}
before
do
before
do
GitlabConfig
.
any_instance
.
stub
(
audit_usernames:
false
)
GitlabConfig
.
any_instance
.
stub
(
audit_usernames:
false
)
...
@@ -130,7 +147,7 @@ describe GitlabShell do
...
@@ -130,7 +147,7 @@ describe GitlabShell do
end
end
describe
:exec
do
describe
:exec
do
let
(
:gitaly_message
)
{
JSON
.
dump
({
'repository'
=>
{
'relative_path'
=>
repo_name
,
'storage_name'
=>
'default'
},
'gl_repository'
=>
gl_repository
,
'gl_id'
=>
key_id
})
}
let
(
:gitaly_message
)
{
JSON
.
dump
({
'repository'
=>
{
'relative_path'
=>
repo_name
,
'storage_name'
=>
'default'
},
'gl_repository'
=>
gl_repository
,
'gl_id'
=>
key_id
,
'gl_username'
=>
gl_username
})
}
shared_examples_for
'upload-pack'
do
|
command
|
shared_examples_for
'upload-pack'
do
|
command
|
let
(
:ssh_cmd
)
{
"
#{
command
}
gitlab-ci.git"
}
let
(
:ssh_cmd
)
{
"
#{
command
}
gitlab-ci.git"
}
...
@@ -167,8 +184,15 @@ describe GitlabShell do
...
@@ -167,8 +184,15 @@ describe GitlabShell do
context
'gitaly-upload-pack with GeoNode'
do
context
'gitaly-upload-pack with GeoNode'
do
let
(
:ssh_cmd
)
{
"git-upload-pack gitlab-ci.git"
}
let
(
:ssh_cmd
)
{
"git-upload-pack gitlab-ci.git"
}
let
(
:gitaly_check_access_with_geo
)
{
GitAccessStatus
.
new
(
true
,
'ok'
,
gl_repository
,
repo_path
,
{
'repository'
=>
{
'relative_path'
=>
repo_name
,
'storage_name'
=>
'default'
}
,
'address'
=>
'unix:gitaly.socket'
},
true
)
}
let
(
:gitaly_check_access_with_geo
)
{
GitAccessStatus
.
new
(
let
(
:gitaly_message_with_all_refs
)
{
JSON
.
dump
({
'repository'
=>
{
'relative_path'
=>
repo_name
,
'storage_name'
=>
'default'
},
'gl_repository'
=>
gl_repository
,
'gl_id'
=>
key_id
,
'git_config_options'
=>
[
GitlabShell
::
GIT_CONFIG_SHOW_ALL_REFS
]})
}
true
,
'ok'
,
gl_repository:
gl_repository
,
gl_username:
gl_username
,
repository_path:
repo_path
,
gitaly:
{
'repository'
=>
{
'relative_path'
=>
repo_name
,
'storage_name'
=>
'default'
}
,
'address'
=>
'unix:gitaly.socket'
},
geo_node:
true
)
}
let
(
:gitaly_message_with_all_refs
)
{
JSON
.
dump
({
'repository'
=>
{
'relative_path'
=>
repo_name
,
'storage_name'
=>
'default'
},
'gl_repository'
=>
gl_repository
,
'gl_id'
=>
key_id
,
'gl_username'
=>
gl_username
,
'git_config_options'
=>
[
GitlabShell
::
GIT_CONFIG_SHOW_ALL_REFS
]})
}
before
{
api
.
stub
(
check_access:
gitaly_check_access_with_geo
)
}
before
{
api
.
stub
(
check_access:
gitaly_check_access_with_geo
)
}
after
{
subject
.
exec
(
ssh_cmd
)
}
after
{
subject
.
exec
(
ssh_cmd
)
}
...
@@ -346,7 +370,14 @@ describe GitlabShell do
...
@@ -346,7 +370,14 @@ describe GitlabShell do
end
end
it
"should disallow access and log the attempt if check_access returns false status"
do
it
"should disallow access and log the attempt if check_access returns false status"
do
api
.
stub
(
check_access:
GitAccessStatus
.
new
(
false
,
'denied'
,
nil
,
nil
,
nil
))
api
.
stub
(
check_access:
GitAccessStatus
.
new
(
false
,
'denied'
,
gl_repository:
nil
,
gl_username:
nil
,
repository_path:
nil
,
gitaly:
nil
,
geo_node:
nil
))
message
=
"gitlab-shell: Access denied for git command <git-upload-pack gitlab-ci.git> "
message
=
"gitlab-shell: Access denied for git command <git-upload-pack gitlab-ci.git> "
message
<<
"by user with key
#{
key_id
}
."
message
<<
"by user with key
#{
key_id
}
."
$logger
.
should_receive
(
:warn
).
with
(
message
)
$logger
.
should_receive
(
:warn
).
with
(
message
)
...
@@ -383,13 +414,15 @@ describe GitlabShell do
...
@@ -383,13 +414,15 @@ describe GitlabShell do
'LANG'
=>
ENV
[
'LANG'
],
'LANG'
=>
ENV
[
'LANG'
],
'GL_ID'
=>
key_id
,
'GL_ID'
=>
key_id
,
'GL_PROTOCOL'
=>
'ssh'
,
'GL_PROTOCOL'
=>
'ssh'
,
'GL_REPOSITORY'
=>
gl_repository
'GL_REPOSITORY'
=>
gl_repository
,
'GL_USERNAME'
=>
'testuser'
}
}
end
end
let
(
:exec_options
)
{
{
unsetenv_others:
true
,
chdir:
ROOT_PATH
}
}
let
(
:exec_options
)
{
{
unsetenv_others:
true
,
chdir:
ROOT_PATH
}
}
before
do
before
do
Kernel
.
stub
(
:exec
)
Kernel
.
stub
(
:exec
)
shell
.
gl_repository
=
gl_repository
shell
.
gl_repository
=
gl_repository
shell
.
username
=
gl_username
end
end
it
"uses Kernel::exec method"
do
it
"uses Kernel::exec method"
do
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment