Commit 338939ce authored by Ryan Cobb's avatar Ryan Cobb Committed by Clement Ho

Embed Jaeger tracing in iframe

parent 6704a27c
---
title: Embed Jaeger in Gitlab UI
merge_request:
author:
type: changed
......@@ -2,12 +2,6 @@
- if project_nav_tab? :settings
= nav_link(controller: :tracings, action: [:show]) do
- if @project.tracing_external_url.present?
= link_to sanitize(@project.tracing_external_url, scrubber: Rails::Html::TextOnlyScrubber.new), target: "_blank", rel: 'noopener noreferrer' do
%span
= _('Tracing')
%i.strong.ml-1.fa.fa-external-link
- else
= link_to project_tracing_path(@project), title: _('Tracing') do
%span
= _('Tracing')
- @content_class = "limit-container-width" unless fluid_layout
- page_title _("Tracing")
.row.empty-state
- if @project.tracing_external_url.present?
%h3.page-title= _('Tracing')
- jaeger_link = link_to('Jaeger tracing', 'https://www.jaegertracing.io/', target: "_blank", rel: "noreferrer")
%p.light= _("GitLab uses %{jaeger_link} to monitor distributed systems.").html_safe % { jaeger_link: jaeger_link }
= content_for :flash_message do
.alert.alert-warning.flex-alert
.alert-message
= _("Your password isn't required to view this page. If a password or any other personal details are requested, please contact your administrator to report abuse.")
.card
- iframe_permissions = "allow-forms allow-scripts allow-same-origin allow-popups"
%iframe.border-0{ src: sanitize(@project.tracing_external_url, scrubber: Rails::Html::TextOnlyScrubber.new), width: '100%', height: 970, sandbox: iframe_permissions }
- else
.row.empty-state
.col-12
.svg-content
= image_tag 'illustrations/monitoring/tracing.svg', style: 'max-height: 254px'
= image_tag 'illustrations/monitoring/tracing.svg'
.col-12
.text-content
......
......@@ -73,40 +73,12 @@ describe 'layouts/nav/sidebar/_project' do
expect(rendered).not_to have_text 'Tracing'
end
context 'with project.tracing_external_url' do
let(:tracing_url) { 'https://tracing.url' }
let(:tracing_settings) { create(:project_tracing_setting, project: project, external_url: tracing_url) }
before do
it 'links to Tracing page' do
allow(view).to receive(:can?).and_return(true)
end
it 'links to project.tracing_external_url' do
expect(tracing_settings.external_url).to eq(tracing_url)
expect(project.tracing_external_url).to eq(tracing_url)
render
expect(rendered).to have_link('Tracing', href: tracing_url)
end
context 'with malicious external_url' do
let(:malicious_tracing_url) { "https://replaceme.com/'><script>alert(document.cookie)</script>" }
let(:cleaned_url) { "https://replaceme.com/'>" }
before do
tracing_settings.update_column(:external_url, malicious_tracing_url)
end
it 'sanitizes external_url' do
expect(project.tracing_external_url).to eq(malicious_tracing_url)
render
expect(tracing_settings.external_url).to eq(malicious_tracing_url)
expect(rendered).to have_link('Tracing', href: cleaned_url)
end
end
expect(rendered).to have_link('Tracing', href: project_tracing_path(project))
end
context 'without project.tracing_external_url' do
......
# frozen_string_literal: true
require 'spec_helper'
describe 'projects/tracings/show' do
let(:project) { create(:project, :repository) }
let(:error_tracking_setting) { create(:project_error_tracking_setting, project: project) }
before do
assign(:project, project)
assign(:repository, project.repository)
allow(view).to receive(:current_ref).and_return('master')
allow(view).to receive(:error_tracking_setting).and_return(error_tracking_setting)
allow(view).to receive(:incident_management_available?) { false }
stub_licensed_features(tracing: true)
end
context 'with project.tracing_external_url' do
let(:tracing_url) { 'https://tracing.url' }
let(:tracing_setting) { create(:project_tracing_setting, project: project, external_url: tracing_url) }
before do
allow(view).to receive(:can?).and_return(true)
allow(view).to receive(:tracing_setting).and_return(tracing_setting)
end
it 'renders iframe' do
render
expect(rendered).to match(/iframe/)
end
context 'with malicious external_url' do
let(:malicious_tracing_url) { "https://replaceme.com/'><script>alert(document.cookie)</script>" }
let(:cleaned_url) { "https://replaceme.com/'&gt;" }
before do
tracing_setting.update_column(:external_url, malicious_tracing_url)
end
it 'sanitizes external_url' do
render
expect(tracing_setting.external_url).to eq(malicious_tracing_url)
expect(rendered).to have_xpath("//iframe[@src=\"#{cleaned_url}\"]")
end
end
end
context 'without project.tracing_external_url' do
before do
allow(view).to receive(:can?).and_return(true)
end
it 'renders empty state' do
render
expect(rendered).to have_link('Add Jaeger URL')
expect(rendered).not_to match(/iframe/)
end
end
end
......@@ -7922,6 +7922,9 @@ msgstr ""
msgid "GitLab single sign on URL"
msgstr ""
msgid "GitLab uses %{jaeger_link} to monitor distributed systems."
msgstr ""
msgid "GitLab will run a background job that will produce pseudonymized CSVs of the GitLab database that will be uploaded to your configured object storage directory."
msgstr ""
......@@ -19289,6 +19292,9 @@ msgstr ""
msgid "Your new personal access token has been created."
msgstr ""
msgid "Your password isn't required to view this page. If a password or any other personal details are requested, please contact your administrator to report abuse."
msgstr ""
msgid "Your password reset token has expired."
msgstr ""
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment