Merge branch 'ash.mckenzie/display-feedback-git-push-ssh-proxy' into 'master'

Display helpful feedback when proxying an SSH git push to secondary request See merge request gitlab-org/gitlab-ee!7357

Merge branch 'ash.mckenzie/display-feedback-git-push-ssh-proxy' into 'master'
Display helpful feedback when proxying an SSH git push to secondary request See merge request gitlab-org/gitlab-ee!7357
b70a646f · Nick Thomas · 1a9affdc · 7b09309a · b70a646f · b70a646f
Commit b70a646f authored Oct 04, 2018 by Nick Thomas
9 changed files
--- a/ee/changelogs/unreleased/ash-mckenzie-display-feedback-git-push-ssh-proxy.yml
+++ b/ee/changelogs/unreleased/ash-mckenzie-display-feedback-git-push-ssh-proxy.yml
+---
+title: 'Geo: Display helpful feedback when proxying an SSH git push to secondary request'
+merge_request: 7357
+author:
+type: changed
--- a/ee/lib/api/geo.rb
+++ b/ee/lib/api/geo.rb
@@ -62,9 +62,9 @@ module API
          authenticate_by_gitlab_shell_token!
          params.delete(:secret_token)

-          resp = Gitlab::Geo::GitPushSSHProxy.new(params['data']).info_refs
-          status(resp.code.to_i)
-          { status: true, message: nil, result: Base64.encode64(resp.body.to_s) }
+          response = Gitlab::Geo::GitPushSSHProxy.new(params['data']).info_refs
+          status(response.code)
+          response.body
        end

        # Responsible for making HTTP POST /repo.git/git-receive-pack
@@ -82,9 +82,9 @@ module API
          authenticate_by_gitlab_shell_token!
          params.delete(:secret_token)

-          resp = Gitlab::Geo::GitPushSSHProxy.new(params['data']).push(Base64.decode64(params['output']))
-          status(resp.code.to_i)
-          { status: true, message: nil, result: Base64.encode64(resp.body.to_s) }
+          response = Gitlab::Geo::GitPushSSHProxy.new(params['data']).push(params['output'])
+          status(response.code)
+          response.body
        end
      end
    end

--- a/ee/lib/ee/gitlab/geo_git_access.rb
+++ b/ee/lib/ee/gitlab/geo_git_access.rb
@@ -37,8 +37,9 @@ module EE
        payload = {
          'action' => 'geo_proxy_to_primary',
          'data' => {
-            'api_endpoints' => [api_v4_geo_proxy_git_push_ssh_info_refs_path, api_v4_geo_proxy_git_push_ssh_push_path],
-            'primary_repo' => geo_primary_http_url_to_repo(project_or_wiki)
+            'info_message' => proxying_to_primary_message,
+            'api_endpoints' => custom_action_api_endpoints,
+            'primary_repo' => primary_http_repo_url
          }
        }

@@ -63,6 +64,25 @@ module EE
          geo_primary_http_url_to_repo(project_or_wiki)
        end
      end
+
+      def primary_http_repo_url
+        geo_primary_http_url_to_repo(project_or_wiki)
+      end
+
+      def primary_ssh_url_to_repo
+        geo_primary_ssh_url_to_repo(project_or_wiki)
+      end
+
+      def proxying_to_primary_message
+        ::Gitlab::Geo::GitPushSSHProxy.inform_client_message(primary_ssh_url_to_repo)
+      end
+
+      def custom_action_api_endpoints
+        [
+          api_v4_geo_proxy_git_push_ssh_info_refs_path,
+          api_v4_geo_proxy_git_push_ssh_push_path
+        ]
+      end
    end
  end
 end
--- a/ee/lib/gitlab/geo/git_push_ssh_proxy.rb
+++ b/ee/lib/gitlab/geo/git_push_ssh_proxy.rb
@@ -4,46 +4,96 @@ module Gitlab
  module Geo
    class GitPushSSHProxy
      HTTP_READ_TIMEOUT = 10
-      HTTP_SUCCESS_CODE = '200'.freeze
+
+      INFO_REFS_CONTENT_TYPE = 'application/x-git-upload-pack-request'.freeze
+      PUSH_CONTENT_TYPE = 'application/x-git-receive-pack-request'.freeze
+      PUSH_ACCEPT = 'application/x-git-receive-pack-result'.freeze

      MustBeASecondaryNode = Class.new(StandardError)

+      class APIResponse
+        attr_reader :code, :body
+
+        def initialize(code, body)
+          @code = code
+          @body = body
+        end
+
+        def self.from_http_response(response, primary_repo)
+          success = response.is_a?(Net::HTTPSuccess)
+          body = response.body.to_s
+
+          if success
+            result = Base64.encode64(body)
+          else
+            message = failed_message(body, primary_repo)
+          end
+
+          new(response.code.to_i, status: success, message: message, result: result)
+        end
+
+        def self.failed_message(str, primary_repo)
+          "Failed to contact primary #{primary_repo}\nError: #{str}"
+        end
+      end
+
+      class FailedAPIResponse < APIResponse
+        def self.from_exception(ex_message, primary_repo, code: 500)
+          new(code.to_i,
+              status: false,
+              message: failed_message(ex_message, primary_repo),
+              result: nil)
+        end
+      end
+
      def initialize(data)
        @data = data
      end

+      def self.inform_client_message(primary_repo_ssh)
+        "You're pushing to a Geo secondary.\nWe'll help you by proxying this request to the primary: #{primary_repo_ssh}"
+      end
+
      def info_refs
        ensure_secondary!

        url = "#{primary_repo}/info/refs?service=git-receive-pack"
-        headers = {
-          'Content-Type' => 'application/x-git-upload-pack-request'
-        }
+        headers = { 'Content-Type' => INFO_REFS_CONTENT_TYPE }

        resp = get(url, headers)
-        return resp unless resp.code == HTTP_SUCCESS_CODE
+        resp.body = remove_http_service_fragment_from(resp.body) if resp.is_a?(Net::HTTPSuccess)

-        resp.body = remove_http_service_fragment_from(resp.body)
-
-        resp
+        APIResponse.from_http_response(resp, primary_repo)
+      rescue => e
+        handle_exception(e)
      end

-      def push(info_refs_response)
+      def push(encoded_info_refs_response)
        ensure_secondary!

        url = "#{primary_repo}/git-receive-pack"
-        headers = {
-          'Content-Type' => 'application/x-git-receive-pack-request',
-          'Accept' => 'application/x-git-receive-pack-result'
-        }
+        headers = { 'Content-Type' => PUSH_CONTENT_TYPE, 'Accept' => PUSH_ACCEPT }
+        info_refs_response = Base64.decode64(encoded_info_refs_response)

-        post(url, info_refs_response, headers)
+        resp = post(url, info_refs_response, headers)
+        APIResponse.from_http_response(resp, primary_repo)
+      rescue => e
+        handle_exception(e)
      end

      private

      attr_reader :data

+      def handle_exception(ex)
+        case ex
+        when MustBeASecondaryNode
+          raise(ex)
+        else
+          FailedAPIResponse.from_exception(ex.message, primary_repo)
+        end
+      end
+
      def primary_repo
        @primary_repo ||= data['primary_repo']
      end

--- a/ee/spec/lib/gitlab/geo/git_push_ssh_proxy_spec.rb
+++ b/ee/spec/lib/gitlab/geo/git_push_ssh_proxy_spec.rb
--- a/ee/spec/lib/gitlab/git_access_spec.rb
+++ b/ee/spec/lib/gitlab/git_access_spec.rb
@@ -18,7 +18,8 @@ describe Gitlab::GitAccess do
      allow(Gitlab::Database).to receive(:read_only?) { true }
    end

-    let(:primary_repo_url) { "https://localhost:3000/gitlab/#{project.full_path}.git" }
+    let(:primary_repo_url) { geo_primary_http_url_to_repo(project) }
+    let(:primary_repo_ssh_url) { geo_primary_ssh_url_to_repo(project) }

    it_behaves_like 'a read-only GitLab instance'
  end

--- a/ee/spec/lib/gitlab/git_access_wiki_spec.rb
+++ b/ee/spec/lib/gitlab/git_access_wiki_spec.rb
@@ -2,7 +2,7 @@ require 'spec_helper'

 describe Gitlab::GitAccessWiki do
  let(:user) { create(:user) }
-  let(:project) { create(:project, :repository) }
+  let(:project) { create(:project, :wiki_repo) }
  let(:changes) { ['6f6d7e7ed 570e7b2ab refs/heads/master'] }
  let(:authentication_abilities) { %i[read_project download_code push_code] }
  let(:redirected_path) { nil }
@@ -17,7 +17,8 @@ describe Gitlab::GitAccessWiki do
      allow(Gitlab::Database).to receive(:read_only?) { true }
    end

-    let(:primary_repo_url) { "https://localhost:3000/gitlab/#{project.full_path}.wiki.git" }
+    let(:primary_repo_url) { geo_primary_http_url_to_repo(project.wiki) }
+    let(:primary_repo_ssh_url) { geo_primary_ssh_url_to_repo(project.wiki) }

    it_behaves_like 'a read-only GitLab instance'
  end

--- a/ee/spec/requests/api/geo_spec.rb
+++ b/ee/spec/requests/api/geo_spec.rb
@@ -290,7 +290,8 @@ describe API::Geo do

  describe '/geo/proxy_git_push_ssh' do
    let(:secret_token) { Gitlab::Shell.secret_token }
-    let(:data) { { primary_repo: 'http://localhost:3001/testuser/repo.git', gl_id: 'key-1', gl_username: 'testuser' } }
+    let(:primary_repo) { 'http://localhost:3001/testuser/repo.git' }
+    let(:data) { { primary_repo: primary_repo, gl_id: 'key-1', gl_username: 'testuser' } }

    before do
      stub_current_geo_node(secondary_node)
@@ -335,10 +336,17 @@ describe API::Geo do
        end

        context 'with a valid secret token' do
-          let(:http_response) { double(Net::HTTPResponse, code: 200, body: 'something here') }
+          let(:http_response) { double(Net::HTTPOK, code: 200, body: 'something here') }
+          let(:api_response) { Gitlab::Geo::GitPushSSHProxy::APIResponse.from_http_response(http_response, primary_repo) }
+
+          before do
+            # Mocking a real Net::HTTPSuccess is very difficult as it's not
+            # easy to instantiate the class due to the way it sets the body
+            expect(http_response).to receive(:is_a?).with(Net::HTTPSuccess).and_return(true)
+          end

          it 'responds with 200' do
-            expect(git_push_ssh_proxy).to receive(:info_refs).and_return(http_response)
+            expect(git_push_ssh_proxy).to receive(:info_refs).and_return(api_response)

            post api('/geo/proxy_git_push_ssh/info_refs'), { secret_token: secret_token, data: data }

@@ -360,8 +368,7 @@ describe API::Geo do
      end

      context 'with all required params' do
-        let(:text) { 'output text' }
-        let(:output) { Base64.encode64(text) }
+        let(:output) { Base64.encode64('info_refs content') }
        let(:git_push_ssh_proxy) { double(Gitlab::Geo::GitPushSSHProxy) }

        before do
@@ -389,10 +396,17 @@ describe API::Geo do
        end

        context 'with a valid secret token' do
-          let(:http_response) { double(Net::HTTPResponse, code: 201, body: 'something here') }
+          let(:http_response) { double(Net::HTTPCreated, code: 201, body: 'something here', class: Net::HTTPCreated) }
+          let(:api_response) { Gitlab::Geo::GitPushSSHProxy::APIResponse.from_http_response(http_response, primary_repo) }
+
+          before do
+            # Mocking a real Net::HTTPSuccess is very difficult as it's not
+            # easy to instantiate the class due to the way it sets the body
+            expect(http_response).to receive(:is_a?).with(Net::HTTPSuccess).and_return(true)
+          end

          it 'responds with 201' do
-            expect(git_push_ssh_proxy).to receive(:push).with(text).and_return(http_response)
+            expect(git_push_ssh_proxy).to receive(:push).with(output).and_return(api_response)

            post api('/geo/proxy_git_push_ssh/push'), { secret_token: secret_token, data: data, output: output }


--- a/ee/spec/support/shared_examples/git_access_shared_examples.rb
+++ b/ee/spec/support/shared_examples/git_access_shared_examples.rb
@@ -31,6 +31,7 @@ shared_examples 'a read-only GitLab instance' do
        {
          'action' => 'geo_proxy_to_primary',
          'data' => {
+            'info_message' => "You're pushing to a Geo secondary.\nWe'll help you by proxying this request to the primary: #{primary_repo_ssh_url}",
            'api_endpoints' => %w{/api/v4/geo/proxy_git_push_ssh/info_refs /api/v4/geo/proxy_git_push_ssh/push},
            'primary_repo' => primary_repo_url
          }