Change Geo SSH proxy to internal primary URL

As Geo SSH proxying traffic happens between gitlab-shell on the secondary site and the primary site, this should go through the internal URL if present. Not doing so can cause problems with unified URLs, as it can end up in a loop if both external_urls point to the same URL. Changelog: changed EE: true

Change Geo SSH proxy to internal primary URL
As Geo SSH proxying traffic happens between gitlab-shell on the secondary site and the primary site, this should go through the internal URL if present. Not doing so can cause problems with unified URLs, as it can end up in a loop if both external_urls point to the same URL. Changelog: changed EE: true
d7111269 · Catalin Irimie · e1d2685e · d7111269 · d7111269 · d7111269
Commit d7111269 authored Nov 04, 2021 by Catalin Irimie
7 changed files
--- a/ee/app/helpers/ee/gitlab_routing_helper.rb
+++ b/ee/app/helpers/ee/gitlab_routing_helper.rb
@@ -2,8 +2,14 @@

 module EE
  module GitlabRoutingHelper
-    def geo_primary_web_url(container)
-      File.join(::Gitlab::Geo.primary_node.url, container.full_path)
+    def geo_primary_web_url(container, internal: false)
+      primary_base_url = if internal
+                           ::Gitlab::Geo.primary_node.internal_url
+                         else
+                           ::Gitlab::Geo.primary_node.url
+                         end
+
+      File.join(primary_base_url, container.full_path)
    end

    def geo_primary_ssh_url_to_repo(container)
@@ -14,6 +20,10 @@ module EE
      geo_primary_web_url(container) + '.git'
    end

+    def geo_primary_http_internal_url_to_repo(container)
+      geo_primary_web_url(container, internal: true) + '.git'
+    end
+
    def geo_primary_default_url_to_repo(container)
      case default_clone_protocol
      when 'ssh'

--- a/ee/lib/ee/gitlab/geo_git_access.rb
+++ b/ee/lib/ee/gitlab/geo_git_access.rb
@@ -17,7 +17,7 @@ module EE
          'action' => 'geo_proxy_to_primary',
          'data' => {
            'api_endpoints' => custom_action_api_endpoints_for(cmd),
-            'primary_repo' => primary_http_repo_url
+            'primary_repo' => primary_http_repo_internal_url
          }
        }

@@ -46,8 +46,8 @@ module EE
        messages + ['', lag_message]
      end

-      def primary_http_repo_url
-        geo_primary_http_url_to_repo(container)
+      def primary_http_repo_internal_url
+        geo_primary_http_internal_url_to_repo(container)
      end

      def primary_ssh_url_to_repo

--- a/ee/spec/helpers/ee/gitlab_routing_helper_spec.rb
+++ b/ee/spec/helpers/ee/gitlab_routing_helper_spec.rb
@@ -6,7 +6,16 @@ RSpec.describe EE::GitlabRoutingHelper do
  include ProjectsHelper
  include ApplicationSettingsHelper

-  let_it_be(:primary, reload: true) { create(:geo_node, :primary, url: 'http://localhost:123/relative', clone_url_prefix: 'git@localhost:') }
+  let_it_be(:primary, reload: true) do
+    create(
+      :geo_node,
+      :primary,
+      url: 'http://localhost:123/relative',
+      internal_url: 'http://internal:321/relative',
+      clone_url_prefix: 'git@localhost:'
+    )
+  end
+
  let_it_be(:group, reload: true) { create(:group, path: 'foo') }
  let_it_be(:project, reload: true) { create(:project, namespace: group, path: 'bar') }

@@ -15,6 +24,7 @@ RSpec.describe EE::GitlabRoutingHelper do
      allow(helper).to receive(:default_clone_protocol).and_return('http')
    end

+    context 'public / default URL' do
      it 'generates a path to the project' do
        result = helper.geo_primary_web_url(project)

@@ -28,6 +38,21 @@ RSpec.describe EE::GitlabRoutingHelper do
      end
    end

+    context 'internal URL' do
+      it 'generates a path to the project' do
+        result = helper.geo_primary_web_url(project, internal: true)
+
+        expect(result).to eq('http://internal:321/relative/foo/bar')
+      end
+
+      it 'generates a path to the wiki' do
+        result = helper.geo_primary_web_url(project.wiki, internal: true)
+
+        expect(result).to eq('http://internal:321/relative/foo/bar.wiki')
+      end
+    end
+  end
+
  describe '#geo_primary_default_url_to_repo' do
    subject { helper.geo_primary_default_url_to_repo(repo) }


--- a/ee/spec/lib/gitlab/geo/git_ssh_proxy_spec.rb
+++ b/ee/spec/lib/gitlab/geo/git_ssh_proxy_spec.rb
@@ -27,7 +27,7 @@ RSpec.describe Gitlab::Geo::GitSSHProxy, :geo do
    }
  end

-  let(:primary_repo_http) { geo_primary_http_url_to_repo(project) }
+  let(:primary_repo_http) { geo_primary_http_internal_url_to_repo(project) }
  let(:primary_repo_ssh) { geo_primary_ssh_url_to_repo(project) }

  let(:data) do

--- a/ee/spec/lib/gitlab/git_access_spec.rb
+++ b/ee/spec/lib/gitlab/git_access_spec.rb
@@ -35,7 +35,7 @@ RSpec.describe Gitlab::GitAccess do
      allow(Gitlab::Database).to receive(:read_only?) { true }
    end

-    let(:primary_repo_url) { geo_primary_http_url_to_repo(project) }
+    let(:primary_repo_url) { geo_primary_http_internal_url_to_repo(project) }
    let(:primary_repo_ssh_url) { geo_primary_ssh_url_to_repo(project) }

    it_behaves_like 'git access for a read-only GitLab instance'
@@ -370,7 +370,7 @@ RSpec.describe Gitlab::GitAccess do
          end

          it 'returns a custom action' do
-            expected_payload = { "action" => "geo_proxy_to_primary", "data" => { "api_endpoints" => ["/api/v4/geo/proxy_git_ssh/info_refs_upload_pack", "/api/v4/geo/proxy_git_ssh/upload_pack"], "primary_repo" => geo_primary_http_url_to_repo(project) } }
+            expected_payload = { "action" => "geo_proxy_to_primary", "data" => { "api_endpoints" => ["/api/v4/geo/proxy_git_ssh/info_refs_upload_pack", "/api/v4/geo/proxy_git_ssh/upload_pack"], "primary_repo" => geo_primary_http_internal_url_to_repo(project) } }
            expected_console_messages = ["This request to a Geo secondary node will be forwarded to the", "Geo primary node:", "", "  #{geo_primary_ssh_url_to_repo(project)}"]

            response = pull_changes
@@ -394,7 +394,7 @@ RSpec.describe Gitlab::GitAccess do
        end

        it 'returns a custom action' do
-          expected_payload = { "action" => "geo_proxy_to_primary", "data" => { "api_endpoints" => ["/api/v4/geo/proxy_git_ssh/info_refs_receive_pack", "/api/v4/geo/proxy_git_ssh/receive_pack"], "primary_repo" => geo_primary_http_url_to_repo(project) } }
+          expected_payload = { "action" => "geo_proxy_to_primary", "data" => { "api_endpoints" => ["/api/v4/geo/proxy_git_ssh/info_refs_receive_pack", "/api/v4/geo/proxy_git_ssh/receive_pack"], "primary_repo" => geo_primary_http_internal_url_to_repo(project) } }
          expected_console_messages = ["This request to a Geo secondary node will be forwarded to the", "Geo primary node:", "", "  #{geo_primary_ssh_url_to_repo(project)}"]

          response = push_changes

--- a/ee/spec/lib/gitlab/git_access_wiki_spec.rb
+++ b/ee/spec/lib/gitlab/git_access_wiki_spec.rb
@@ -156,7 +156,7 @@ RSpec.describe Gitlab::GitAccessWiki do
      allow(Gitlab::Database).to receive(:read_only?) { true }
    end

-    let(:primary_repo_url) { geo_primary_http_url_to_repo(project.wiki) }
+    let(:primary_repo_url) { geo_primary_http_internal_url_to_repo(project.wiki) }
    let(:primary_repo_ssh_url) { geo_primary_ssh_url_to_repo(project.wiki) }

    it_behaves_like 'git access for a read-only GitLab instance'

--- a/ee/spec/support/shared_examples/lib/gitlab/git_access_shared_examples.rb
+++ b/ee/spec/support/shared_examples/lib/gitlab/git_access_shared_examples.rb
@@ -8,7 +8,14 @@ RSpec.shared_examples 'git access for a read-only GitLab instance' do
  end

  context 'for a Geo setup' do
-    let(:primary_node) { create(:geo_node, :primary, url: 'https://localhost:3000/gitlab') }
+    let(:primary_node) do
+      create(
+        :geo_node,
+        :primary,
+        url: 'https://localhost:3000/gitlab',
+        internal_url: 'https://localhost:3001/gitlab'
+      )
+    end

    before do
      allow(Gitlab::Geo).to receive(:primary).and_return(primary_node)