Use a JWT header to synchronize the default branch

parent a42f54a3
...@@ -93,15 +93,20 @@ module Geo ...@@ -93,15 +93,20 @@ module Geo
end end
def fetch_geo_mirror(repository) def fetch_geo_mirror(repository)
url = Gitlab::Geo.primary_node.url + repository.full_path + '.git'
# Fetch the repository, using a JWT header for authentication # Fetch the repository, using a JWT header for authentication
authorization = ::Gitlab::Geo::RepoSyncRequest.new.authorization repository.with_config(jwt_authentication_header) do
header = { "http.#{url}.extraHeader" => "Authorization: #{authorization}" } repository.fetch_as_mirror(remote_url, remote_name: GEO_REMOTE_NAME, forced: true)
end
end
repository.with_config(header) do # Build a JWT header for authentication
repository.fetch_as_mirror(url, remote_name: GEO_REMOTE_NAME, forced: true) def jwt_authentication_header
authorization = ::Gitlab::Geo::RepoSyncRequest.new.authorization
{ "http.#{remote_url}.extraHeader" => "Authorization: #{authorization}" }
end end
def remote_url
Gitlab::Geo.primary_node.url + repository.full_path + '.git'
end end
# Use snapshotting for redownloads *only* when enabled. # Use snapshotting for redownloads *only* when enabled.
......
...@@ -46,8 +46,11 @@ module Geo ...@@ -46,8 +46,11 @@ module Geo
end end
def update_root_ref def update_root_ref
# Find the remote root ref, using a JWT header for authentication
repository.with_config(jwt_authentication_header) do
project.update_root_ref(GEO_REMOTE_NAME) project.update_root_ref(GEO_REMOTE_NAME)
end end
end
def schedule_repack def schedule_repack
GitGarbageCollectWorker.perform_async(@project.id, :full_repack, lease_key) GitGarbageCollectWorker.perform_async(@project.id, :full_repack, lease_key)
......
---
title: Geo - Find the remote root ref using a JWT header for authentication
merge_request: 7405
author:
type: fixed
...@@ -39,7 +39,11 @@ describe Geo::RepositorySyncService do ...@@ -39,7 +39,11 @@ describe Geo::RepositorySyncService do
end end
it 'fetches project repository with JWT credentials' do it 'fetches project repository with JWT credentials' do
expect(repository).to receive(:with_config).with("http.#{url_to_repo}.extraHeader" => anything).and_call_original expect(repository).to receive(:with_config)
.with("http.#{url_to_repo}.extraHeader" => anything)
.twice
.and_call_original
expect(repository).to receive(:fetch_as_mirror) expect(repository).to receive(:fetch_as_mirror)
.with(url_to_repo, remote_name: 'geo', forced: true) .with(url_to_repo, remote_name: 'geo', forced: true)
.once .once
...@@ -229,7 +233,12 @@ describe Geo::RepositorySyncService do ...@@ -229,7 +233,12 @@ describe Geo::RepositorySyncService do
subject.execute subject.execute
end end
it 'updates the default branch' do it 'updates the default branch with JWT credentials' do
expect(repository).to receive(:with_config)
.with("http.#{url_to_repo}.extraHeader" => anything)
.twice
.and_call_original
expect(project).to receive(:change_head).with('feature').once expect(project).to receive(:change_head).with('feature').once
subject.execute subject.execute
...@@ -250,7 +259,12 @@ describe Geo::RepositorySyncService do ...@@ -250,7 +259,12 @@ describe Geo::RepositorySyncService do
subject.execute subject.execute
end end
it 'does not update the default branch' do it 'updates the default branch with JWT credentials' do
expect(repository).to receive(:with_config)
.with("http.#{url_to_repo}.extraHeader" => anything)
.twice
.and_call_original
expect(project).not_to receive(:change_head) expect(project).not_to receive(:change_head)
subject.execute subject.execute
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment