Commit 4306182b authored by Dmitriy Zaporozhets (DZ)'s avatar Dmitriy Zaporozhets (DZ)

Merge branch 'fix-kas-grpc-credentials' into 'master'

Allow cleartext communication with KAS in production

See merge request gitlab-org/gitlab!66135
parents 8de2fc1e 81c5fdae
...@@ -49,14 +49,14 @@ module Gitlab ...@@ -49,14 +49,14 @@ module Gitlab
end end
def kas_endpoint_url def kas_endpoint_url
Gitlab::Kas.internal_url.delete_prefix('grpc://') Gitlab::Kas.internal_url.sub(%r{^grpc://|^grpcs://}, '')
end end
def credentials def credentials
if Rails.env.test? || Rails.env.development? if URI(Gitlab::Kas.internal_url).scheme == 'grpcs'
:this_channel_is_insecure
else
GRPC::Core::ChannelCredentials.new GRPC::Core::ChannelCredentials.new
else
:this_channel_is_insecure
end end
end end
......
...@@ -30,10 +30,11 @@ RSpec.describe Gitlab::Kas::Client do ...@@ -30,10 +30,11 @@ RSpec.describe Gitlab::Kas::Client do
describe 'gRPC calls' do describe 'gRPC calls' do
let(:token) { instance_double(JSONWebToken::HMACToken, encoded: 'test-token') } let(:token) { instance_double(JSONWebToken::HMACToken, encoded: 'test-token') }
let(:kas_url) { 'grpc://example.kas.internal' }
before do before do
allow(Gitlab::Kas).to receive(:enabled?).and_return(true) allow(Gitlab::Kas).to receive(:enabled?).and_return(true)
allow(Gitlab::Kas).to receive(:internal_url).and_return('grpc://example.kas.internal') allow(Gitlab::Kas).to receive(:internal_url).and_return(kas_url)
expect(JSONWebToken::HMACToken).to receive(:new) expect(JSONWebToken::HMACToken).to receive(:new)
.with(Gitlab::Kas.secret) .with(Gitlab::Kas.secret)
...@@ -80,5 +81,21 @@ RSpec.describe Gitlab::Kas::Client do ...@@ -80,5 +81,21 @@ RSpec.describe Gitlab::Kas::Client do
it { expect(subject).to eq(agent_configurations) } it { expect(subject).to eq(agent_configurations) }
end end
describe 'with grpcs' do
let(:stub) { instance_double(Gitlab::Agent::ConfigurationProject::Rpc::ConfigurationProject::Stub) }
let(:kas_url) { 'grpcs://example.kas.internal' }
it 'uses a ChannelCredentials object' do
expect(Gitlab::Agent::ConfigurationProject::Rpc::ConfigurationProject::Stub).to receive(:new)
.with('example.kas.internal', instance_of(GRPC::Core::ChannelCredentials), timeout: described_class::TIMEOUT)
.and_return(stub)
allow(stub).to receive(:list_agent_config_files)
.and_return(double(config_files: []))
described_class.new.list_agent_config_files(project: project)
end
end
end end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment