Use a JWT header to synchronize the default branch

parent a42f54a3
......@@ -93,15 +93,20 @@ module Geo
end
def fetch_geo_mirror(repository)
url = Gitlab::Geo.primary_node.url + repository.full_path + '.git'
# Fetch the repository, using a JWT header for authentication
authorization = ::Gitlab::Geo::RepoSyncRequest.new.authorization
header = { "http.#{url}.extraHeader" => "Authorization: #{authorization}" }
repository.with_config(jwt_authentication_header) do
repository.fetch_as_mirror(remote_url, remote_name: GEO_REMOTE_NAME, forced: true)
end
end
repository.with_config(header) do
repository.fetch_as_mirror(url, remote_name: GEO_REMOTE_NAME, forced: true)
# Build a JWT header for authentication
def jwt_authentication_header
authorization = ::Gitlab::Geo::RepoSyncRequest.new.authorization
{ "http.#{remote_url}.extraHeader" => "Authorization: #{authorization}" }
end
def remote_url
Gitlab::Geo.primary_node.url + repository.full_path + '.git'
end
# Use snapshotting for redownloads *only* when enabled.
......
......@@ -46,8 +46,11 @@ module Geo
end
def update_root_ref
# Find the remote root ref, using a JWT header for authentication
repository.with_config(jwt_authentication_header) do
project.update_root_ref(GEO_REMOTE_NAME)
end
end
def schedule_repack
GitGarbageCollectWorker.perform_async(@project.id, :full_repack, lease_key)
......
---
title: Geo - Find the remote root ref using a JWT header for authentication
merge_request: 7405
author:
type: fixed
......@@ -39,7 +39,11 @@ describe Geo::RepositorySyncService do
end
it 'fetches project repository with JWT credentials' do
expect(repository).to receive(:with_config).with("http.#{url_to_repo}.extraHeader" => anything).and_call_original
expect(repository).to receive(:with_config)
.with("http.#{url_to_repo}.extraHeader" => anything)
.twice
.and_call_original
expect(repository).to receive(:fetch_as_mirror)
.with(url_to_repo, remote_name: 'geo', forced: true)
.once
......@@ -229,7 +233,12 @@ describe Geo::RepositorySyncService do
subject.execute
end
it 'updates the default branch' do
it 'updates the default branch with JWT credentials' do
expect(repository).to receive(:with_config)
.with("http.#{url_to_repo}.extraHeader" => anything)
.twice
.and_call_original
expect(project).to receive(:change_head).with('feature').once
subject.execute
......@@ -250,7 +259,12 @@ describe Geo::RepositorySyncService do
subject.execute
end
it 'does not update the default branch' do
it 'updates the default branch with JWT credentials' do
expect(repository).to receive(:with_config)
.with("http.#{url_to_repo}.extraHeader" => anything)
.twice
.and_call_original
expect(project).not_to receive(:change_head)
subject.execute
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment