Use a JWT header to synchronize the default branch

2310f437 · Douglas Barbosa Alexandre · a42f54a3 · 2310f437 · 2310f437 · 2310f437
Commit 2310f437 authored Sep 18, 2018 by Douglas Barbosa Alexandre
4 changed files
--- a/ee/app/services/geo/base_sync_service.rb
+++ b/ee/app/services/geo/base_sync_service.rb
@@ -93,15 +93,20 @@ module Geo
    end
    def fetch_geo_mirror(repository)
-      url = Gitlab::Geo.primary_node.url + repository.full_path + '.git'
      # Fetch the repository, using a JWT header for authentication
+      repository.with_config(jwt_authentication_header) do
+        repository.fetch_as_mirror(remote_url, remote_name: GEO_REMOTE_NAME, forced: true)
+      end
+    end
+    # Build a JWT header for authentication
+    def jwt_authentication_header
      authorization = ::Gitlab::Geo::RepoSyncRequest.new.authorization
-      header = { "http.#{url}.extraHeader" => "Authorization: #{authorization}" }
+      { "http.#{remote_url}.extraHeader" => "Authorization: #{authorization}" }
+    end
-      repository.with_config(header) do
+    def remote_url
-        repository.fetch_as_mirror(url, remote_name: GEO_REMOTE_NAME, forced: true)
+      Gitlab::Geo.primary_node.url + repository.full_path + '.git'
-      end
    end
    # Use snapshotting for redownloads *only* when enabled.

--- a/ee/app/services/geo/repository_sync_service.rb
+++ b/ee/app/services/geo/repository_sync_service.rb
@@ -46,7 +46,10 @@ module Geo
    end
    def update_root_ref
-      project.update_root_ref(GEO_REMOTE_NAME)
+      # Find the remote root ref, using a JWT header for authentication
+      repository.with_config(jwt_authentication_header) do
+        project.update_root_ref(GEO_REMOTE_NAME)
+      end
    end
    def schedule_repack

--- a/ee/changelogs/unreleased/7619-geo-fails-to-sync-with-gitaly-error-fatal-could-not-read-username.yml
+++ b/ee/changelogs/unreleased/7619-geo-fails-to-sync-with-gitaly-error-fatal-could-not-read-username.yml
+---
+title: Geo - Find the remote root ref using a JWT header for authentication
+merge_request: 7405
+author:
+type: fixed
--- a/ee/spec/services/geo/repository_sync_service_spec.rb
+++ b/ee/spec/services/geo/repository_sync_service_spec.rb
@@ -39,7 +39,11 @@ describe Geo::RepositorySyncService do
    end
    it 'fetches project repository with JWT credentials' do
-      expect(repository).to receive(:with_config).with("http.#{url_to_repo}.extraHeader" => anything).and_call_original
+      expect(repository).to receive(:with_config)
+        .with("http.#{url_to_repo}.extraHeader" => anything)
+        .twice
+        .and_call_original
      expect(repository).to receive(:fetch_as_mirror)
        .with(url_to_repo, remote_name: 'geo', forced: true)
        .once
@@ -229,7 +233,12 @@ describe Geo::RepositorySyncService do
              subject.execute
            end
-            it 'updates the default branch' do
+            it 'updates the default branch with JWT credentials' do
+              expect(repository).to receive(:with_config)
+                .with("http.#{url_to_repo}.extraHeader" => anything)
+                .twice
+                .and_call_original
              expect(project).to receive(:change_head).with('feature').once
              subject.execute
@@ -250,7 +259,12 @@ describe Geo::RepositorySyncService do
              subject.execute
            end
-            it 'does not update the default branch' do
+            it 'updates the default branch with JWT credentials' do
+              expect(repository).to receive(:with_config)
+                .with("http.#{url_to_repo}.extraHeader" => anything)
+                .twice
+                .and_call_original
              expect(project).not_to receive(:change_head)
              subject.execute