Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
0d297a21
Commit
0d297a21
authored
Mar 22, 2021
by
Marius Bobin
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Keep external service validation backwards compatible
Changes reject code values only for GitLab.com
parent
353fcd1c
Changes
2
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
54 additions
and
5 deletions
+54
-5
lib/gitlab/ci/pipeline/chain/validate/external.rb
lib/gitlab/ci/pipeline/chain/validate/external.rb
+23
-5
spec/lib/gitlab/ci/pipeline/chain/validate/external_spec.rb
spec/lib/gitlab/ci/pipeline/chain/validate/external_spec.rb
+31
-0
No files found.
lib/gitlab/ci/pipeline/chain/validate/external.rb
View file @
0d297a21
...
@@ -11,9 +11,12 @@ module Gitlab
...
@@ -11,9 +11,12 @@ module Gitlab
InvalidResponseCode
=
Class
.
new
(
StandardError
)
InvalidResponseCode
=
Class
.
new
(
StandardError
)
VALIDATION_REQUEST_TIMEOUT
=
5
VALIDATION_REQUEST_TIMEOUT
=
5
ACCEPTED_STATUS
=
200
DOT_COM_REJECTED_STATUS
=
406
GENERAL_REJECTED_STATUS
=
(
400
..
499
).
freeze
def
perform!
def
perform!
return
unless
::
Feature
.
enabled?
(
:ci_external_validation_service
,
@pipeline
.
project
,
default_enabled: :yaml
)
return
unless
enabled?
pipeline_authorized
=
validate_external
pipeline_authorized
=
validate_external
...
@@ -29,27 +32,42 @@ module Gitlab
...
@@ -29,27 +32,42 @@ module Gitlab
private
private
def
enabled?
return
true
unless
Gitlab
.
com?
::
Feature
.
enabled?
(
:ci_external_validation_service
,
project
,
default_enabled: :yaml
)
end
def
validate_external
def
validate_external
return
true
unless
validation_service_url
return
true
unless
validation_service_url
# 200 - accepted
# 200 - accepted
# 406 - not accepted
# 406 - not accepted on GitLab.com
# 4XX - not accepted for other installations
# everything else - accepted and logged
# everything else - accepted and logged
response_code
=
validate_service_request
.
code
response_code
=
validate_service_request
.
code
case
response_code
case
response_code
when
200
when
ACCEPTED_STATUS
true
true
when
406
when
rejected_status
false
false
else
else
raise
InvalidResponseCode
,
"Unsupported response code received from Validation Service:
#{
response_code
}
"
raise
InvalidResponseCode
,
"Unsupported response code received from Validation Service:
#{
response_code
}
"
end
end
rescue
=>
ex
rescue
=>
ex
Gitlab
::
ErrorTracking
.
track_exception
(
ex
,
project_id:
@pipeline
.
project
.
id
)
Gitlab
::
ErrorTracking
.
track_exception
(
ex
,
project_id:
project
.
id
)
true
true
end
end
def
rejected_status
if
Gitlab
.
com?
DOT_COM_REJECTED_STATUS
else
GENERAL_REJECTED_STATUS
end
end
def
validate_service_request
def
validate_service_request
Gitlab
::
HTTP
.
post
(
Gitlab
::
HTTP
.
post
(
validation_service_url
,
timeout:
VALIDATION_REQUEST_TIMEOUT
,
validation_service_url
,
timeout:
VALIDATION_REQUEST_TIMEOUT
,
...
...
spec/lib/gitlab/ci/pipeline/chain/validate/external_spec.rb
View file @
0d297a21
...
@@ -42,6 +42,7 @@ RSpec.describe Gitlab::Ci::Pipeline::Chain::Validate::External do
...
@@ -42,6 +42,7 @@ RSpec.describe Gitlab::Ci::Pipeline::Chain::Validate::External do
end
end
let
(
:save_incompleted
)
{
true
}
let
(
:save_incompleted
)
{
true
}
let
(
:dot_com
)
{
true
}
let
(
:command
)
do
let
(
:command
)
do
Gitlab
::
Ci
::
Pipeline
::
Chain
::
Command
.
new
(
Gitlab
::
Ci
::
Pipeline
::
Chain
::
Command
.
new
(
project:
project
,
current_user:
user
,
yaml_processor_result:
yaml_processor_result
,
save_incompleted:
save_incompleted
project:
project
,
current_user:
user
,
yaml_processor_result:
yaml_processor_result
,
save_incompleted:
save_incompleted
...
@@ -55,6 +56,7 @@ RSpec.describe Gitlab::Ci::Pipeline::Chain::Validate::External do
...
@@ -55,6 +56,7 @@ RSpec.describe Gitlab::Ci::Pipeline::Chain::Validate::External do
before
do
before
do
stub_env
(
'EXTERNAL_VALIDATION_SERVICE_URL'
,
validation_service_url
)
stub_env
(
'EXTERNAL_VALIDATION_SERVICE_URL'
,
validation_service_url
)
allow
(
Gitlab
).
to
receive
(
:com?
).
and_return
(
dot_com
)
end
end
shared_examples
'successful external authorization'
do
shared_examples
'successful external authorization'
do
...
@@ -143,6 +145,35 @@ RSpec.describe Gitlab::Ci::Pipeline::Chain::Validate::External do
...
@@ -143,6 +145,35 @@ RSpec.describe Gitlab::Ci::Pipeline::Chain::Validate::External do
end
end
end
end
context
'when not on .com'
do
let
(
:dot_com
)
{
false
}
before
do
stub_feature_flags
(
ci_external_validation_service:
false
)
stub_request
(
:post
,
validation_service_url
).
to_return
(
status:
404
,
body:
"{}"
)
end
it
'drops the pipeline'
do
perform!
expect
(
pipeline
.
status
).
to
eq
(
'failed'
)
expect
(
pipeline
).
to
be_persisted
expect
(
pipeline
.
errors
.
to_a
).
to
include
(
'External validation failed'
)
end
it
'breaks the chain'
do
perform!
expect
(
step
.
break?
).
to
be
true
end
it
'logs the authorization'
do
expect
(
Gitlab
::
AppLogger
).
to
receive
(
:info
).
with
(
message:
'Pipeline not authorized'
,
project_id:
project
.
id
,
user_id:
user
.
id
)
perform!
end
end
context
'when validation returns 406 Not Acceptable'
do
context
'when validation returns 406 Not Acceptable'
do
before
do
before
do
stub_request
(
:post
,
validation_service_url
).
to_return
(
status:
406
,
body:
"{}"
)
stub_request
(
:post
,
validation_service_url
).
to_return
(
status:
406
,
body:
"{}"
)
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment