Commit 0d297a21 authored by Marius Bobin's avatar Marius Bobin

Keep external service validation backwards compatible

Changes reject code values only for GitLab.com
parent 353fcd1c
...@@ -11,9 +11,12 @@ module Gitlab ...@@ -11,9 +11,12 @@ module Gitlab
InvalidResponseCode = Class.new(StandardError) InvalidResponseCode = Class.new(StandardError)
VALIDATION_REQUEST_TIMEOUT = 5 VALIDATION_REQUEST_TIMEOUT = 5
ACCEPTED_STATUS = 200
DOT_COM_REJECTED_STATUS = 406
GENERAL_REJECTED_STATUS = (400..499).freeze
def perform! def perform!
return unless ::Feature.enabled?(:ci_external_validation_service, @pipeline.project, default_enabled: :yaml) return unless enabled?
pipeline_authorized = validate_external pipeline_authorized = validate_external
...@@ -29,27 +32,42 @@ module Gitlab ...@@ -29,27 +32,42 @@ module Gitlab
private private
def enabled?
return true unless Gitlab.com?
::Feature.enabled?(:ci_external_validation_service, project, default_enabled: :yaml)
end
def validate_external def validate_external
return true unless validation_service_url return true unless validation_service_url
# 200 - accepted # 200 - accepted
# 406 - not accepted # 406 - not accepted on GitLab.com
# 4XX - not accepted for other installations
# everything else - accepted and logged # everything else - accepted and logged
response_code = validate_service_request.code response_code = validate_service_request.code
case response_code case response_code
when 200 when ACCEPTED_STATUS
true true
when 406 when rejected_status
false false
else else
raise InvalidResponseCode, "Unsupported response code received from Validation Service: #{response_code}" raise InvalidResponseCode, "Unsupported response code received from Validation Service: #{response_code}"
end end
rescue => ex rescue => ex
Gitlab::ErrorTracking.track_exception(ex, project_id: @pipeline.project.id) Gitlab::ErrorTracking.track_exception(ex, project_id: project.id)
true true
end end
def rejected_status
if Gitlab.com?
DOT_COM_REJECTED_STATUS
else
GENERAL_REJECTED_STATUS
end
end
def validate_service_request def validate_service_request
Gitlab::HTTP.post( Gitlab::HTTP.post(
validation_service_url, timeout: VALIDATION_REQUEST_TIMEOUT, validation_service_url, timeout: VALIDATION_REQUEST_TIMEOUT,
......
...@@ -42,6 +42,7 @@ RSpec.describe Gitlab::Ci::Pipeline::Chain::Validate::External do ...@@ -42,6 +42,7 @@ RSpec.describe Gitlab::Ci::Pipeline::Chain::Validate::External do
end end
let(:save_incompleted) { true } let(:save_incompleted) { true }
let(:dot_com) { true }
let(:command) do let(:command) do
Gitlab::Ci::Pipeline::Chain::Command.new( Gitlab::Ci::Pipeline::Chain::Command.new(
project: project, current_user: user, yaml_processor_result: yaml_processor_result, save_incompleted: save_incompleted project: project, current_user: user, yaml_processor_result: yaml_processor_result, save_incompleted: save_incompleted
...@@ -55,6 +56,7 @@ RSpec.describe Gitlab::Ci::Pipeline::Chain::Validate::External do ...@@ -55,6 +56,7 @@ RSpec.describe Gitlab::Ci::Pipeline::Chain::Validate::External do
before do before do
stub_env('EXTERNAL_VALIDATION_SERVICE_URL', validation_service_url) stub_env('EXTERNAL_VALIDATION_SERVICE_URL', validation_service_url)
allow(Gitlab).to receive(:com?).and_return(dot_com)
end end
shared_examples 'successful external authorization' do shared_examples 'successful external authorization' do
...@@ -143,6 +145,35 @@ RSpec.describe Gitlab::Ci::Pipeline::Chain::Validate::External do ...@@ -143,6 +145,35 @@ RSpec.describe Gitlab::Ci::Pipeline::Chain::Validate::External do
end end
end end
context 'when not on .com' do
let(:dot_com) { false }
before do
stub_feature_flags(ci_external_validation_service: false)
stub_request(:post, validation_service_url).to_return(status: 404, body: "{}")
end
it 'drops the pipeline' do
perform!
expect(pipeline.status).to eq('failed')
expect(pipeline).to be_persisted
expect(pipeline.errors.to_a).to include('External validation failed')
end
it 'breaks the chain' do
perform!
expect(step.break?).to be true
end
it 'logs the authorization' do
expect(Gitlab::AppLogger).to receive(:info).with(message: 'Pipeline not authorized', project_id: project.id, user_id: user.id)
perform!
end
end
context 'when validation returns 406 Not Acceptable' do context 'when validation returns 406 Not Acceptable' do
before do before do
stub_request(:post, validation_service_url).to_return(status: 406, body: "{}") stub_request(:post, validation_service_url).to_return(status: 406, body: "{}")
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment