Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
87934901
Commit
87934901
authored
7 years ago
by
Douglas Barbosa Alexandre
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Authenticate Geo node status endpoint by Geo node token
parent
6c308a02
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
61 additions
and
18 deletions
+61
-18
app/services/geo/node_status_service.rb
app/services/geo/node_status_service.rb
+6
-10
lib/api/geo.rb
lib/api/geo.rb
+11
-3
spec/requests/api/geo_spec.rb
spec/requests/api/geo_spec.rb
+44
-5
No files found.
app/services/geo/node_status_service.rb
View file @
87934901
...
...
@@ -2,18 +2,15 @@ module Geo
class
NodeStatusService
include
HTTParty
KEYS
=
%w(health repositories repositories_synced repositories_failed)
.
freeze
# HTTParty timeout
default_timeout
Gitlab
.
config
.
gitlab
.
geo_status_timeout
def
call
(
status_url
)
keys
=
%w(health repositories repositories_synced repositories_failed)
values
=
begin
response
=
self
.
class
.
get
(
status_url
,
headers:
{
'Content-Type'
=>
'application/json'
,
'PRIVATE-TOKEN'
=>
private_token
})
response
=
self
.
class
.
get
(
status_url
,
headers:
headers
)
if
response
.
success?
||
response
.
redirection?
response
.
parsed_response
.
values_at
(
*
keys
)
...
...
@@ -24,14 +21,13 @@ module Geo
[
e
.
message
]
end
GeoNodeStatus
.
new
(
keys
.
zip
(
values
).
to_h
)
GeoNodeStatus
.
new
(
KEYS
.
zip
(
values
).
to_h
)
end
private
def
private_token
# TODO: should we ask admin user to be defined as part of configuration?
@private_token
||=
User
.
find_by
(
admin:
true
).
authentication_token
def
headers
Gitlab
::
Geo
::
BaseRequest
.
new
.
headers
end
end
end
This diff is collapsed.
Click to expand it.
lib/api/geo.rb
View file @
87934901
...
...
@@ -33,7 +33,7 @@ module API
# Example request:
# GET /geo/status
get
'status'
do
authenticate
d_as_admi
n!
authenticate
_by_gitlab_geo_node_toke
n!
require_node_to_be_secondary!
present
GeoNodeStatus
.
new
,
with:
Entities
::
GeoNodeStatus
...
...
@@ -90,12 +90,20 @@ module API
end
helpers
do
def
authenticate_by_gitlab_geo_node_token!
auth_header
=
headers
[
'Authorization'
]
unless
auth_header
&&
Gitlab
::
Geo
::
JwtRequestDecoder
.
new
(
auth_header
).
decode
unauthorized!
end
end
def
require_node_to_be_enabled!
forbidden!
'Geo node is disabled.'
unless
Gitlab
::
Geo
.
current_node
.
enabled?
forbidden!
'Geo node is disabled.'
unless
Gitlab
::
Geo
.
current_node
&
.
enabled?
end
def
require_node_to_be_secondary!
forbidden!
'Geo node is
disabled.'
unless
Gitlab
::
Geo
.
current_node
.
secondary?
forbidden!
'Geo node is
not secondary node.'
unless
Gitlab
::
Geo
.
current_node
&
.
secondary?
end
end
end
...
...
This diff is collapsed.
Click to expand it.
spec/requests/api/geo_spec.rb
View file @
87934901
...
...
@@ -2,11 +2,12 @@ require 'spec_helper'
describe
API
::
Geo
,
api:
true
do
include
ApiHelpers
let
(
:admin
)
{
create
(
:admin
)
}
let
(
:user
)
{
create
(
:user
)
}
let!
(
:
geo
_node
)
{
create
(
:geo_node
,
:primary
)
}
let!
(
:
primary
_node
)
{
create
(
:geo_node
,
:primary
)
}
let
(
:geo_token_header
)
do
{
'X-Gitlab-Token'
=>
geo
_node
.
system_hook
.
token
}
{
'X-Gitlab-Token'
=>
primary
_node
.
system_hook
.
token
}
end
before
(
:each
)
do
...
...
@@ -27,7 +28,7 @@ describe API::Geo, api: true do
describe
'POST /geo/refresh_wikis disabled node'
do
it
'responds with forbidden'
do
geo
_node
.
enabled
=
false
primary
_node
.
enabled
=
false
post
api
(
'/geo/refresh_wikis'
,
admin
),
nil
...
...
@@ -37,7 +38,7 @@ describe API::Geo, api: true do
describe
'POST /geo/receive_events disabled node'
do
it
'responds with forbidden'
do
geo
_node
.
enabled
=
false
primary
_node
.
enabled
=
false
post
api
(
'/geo/receive_events'
),
nil
,
geo_token_header
...
...
@@ -125,7 +126,7 @@ describe API::Geo, api: true do
let
(
:lfs_object
)
{
create
(
:lfs_object
,
:with_file
)
}
let
(
:req_header
)
do
transfer
=
Gitlab
::
Geo
::
LfsTransfer
.
new
(
lfs_object
)
Gitlab
::
Geo
::
TransferRequest
.
new
(
transfer
.
request_data
).
header
Gitlab
::
Geo
::
TransferRequest
.
new
(
transfer
.
request_data
).
header
s
end
before
do
...
...
@@ -156,4 +157,42 @@ describe API::Geo, api: true do
end
end
end
describe
'GET /geo/status'
do
let!
(
:secondary_node
)
{
create
(
:geo_node
)
}
let
(
:request
)
{
Gitlab
::
Geo
::
BaseRequest
.
new
}
it
'responds with 401 with invalid auth header'
do
get
api
(
'/geo/status'
),
nil
,
Authorization
:
'Test'
expect
(
response
.
status
).
to
eq
401
end
context
'when requesting secondary node with valid auth header'
do
before
(
:each
)
do
allow
(
Gitlab
::
Geo
).
to
receive
(
:current_node
)
{
secondary_node
}
allow
(
request
).
to
receive
(
:requesting_node
)
{
primary_node
}
end
it
'responds with 200'
do
get
api
(
'/geo/status'
),
nil
,
request
.
headers
expect
(
response
.
status
).
to
eq
200
expect
(
response
.
headers
[
'Content-Type'
]).
to
eq
(
'application/json'
)
end
end
context
'when requesting primary node with valid auth header'
do
before
(
:each
)
do
allow
(
Gitlab
::
Geo
).
to
receive
(
:current_node
)
{
primary_node
}
allow
(
request
).
to
receive
(
:requesting_node
)
{
secondary_node
}
end
it
'responds with 403'
do
get
api
(
'/geo/status'
),
nil
,
request
.
headers
expect
(
response
).
to
have_http_status
(
403
)
end
end
end
end
This diff is collapsed.
Click to expand it.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment