Commit 9ba79e43 authored by Nick Thomas's avatar Nick Thomas

Merge branch 'add-ip-address-to-call-to-rails-api' into 'master'

Extend group IP restriction to Git activity

See merge request gitlab-org/gitlab-shell!335
parents a29b48ed 41908439
...@@ -8,6 +8,7 @@ import ( ...@@ -8,6 +8,7 @@ import (
"gitlab.com/gitlab-org/gitlab-shell/go/internal/command/commandargs" "gitlab.com/gitlab-org/gitlab-shell/go/internal/command/commandargs"
"gitlab.com/gitlab-org/gitlab-shell/go/internal/config" "gitlab.com/gitlab-org/gitlab-shell/go/internal/config"
"gitlab.com/gitlab-org/gitlab-shell/go/internal/gitlabnet" "gitlab.com/gitlab-org/gitlab-shell/go/internal/gitlabnet"
"gitlab.com/gitlab-org/gitlab-shell/go/internal/sshenv"
) )
const ( const (
...@@ -26,6 +27,7 @@ type Request struct { ...@@ -26,6 +27,7 @@ type Request struct {
Protocol string `json:"protocol"` Protocol string `json:"protocol"`
KeyId string `json:"key_id,omitempty"` KeyId string `json:"key_id,omitempty"`
Username string `json:"username,omitempty"` Username string `json:"username,omitempty"`
CheckIp string `json:"check_ip,omitempty"`
} }
type Gitaly struct { type Gitaly struct {
...@@ -80,6 +82,8 @@ func (c *Client) Verify(args *commandargs.Shell, action commandargs.CommandType, ...@@ -80,6 +82,8 @@ func (c *Client) Verify(args *commandargs.Shell, action commandargs.CommandType,
request.KeyId = args.GitlabKeyId request.KeyId = args.GitlabKeyId
} }
request.CheckIp = sshenv.LocalAddr()
response, err := c.client.Post("/allowed", request) response, err := c.client.Post("/allowed", request)
if err != nil { if err != nil {
return nil, err return nil, err
......
package sshenv
import (
"os"
"strings"
)
func LocalAddr() string {
address := os.Getenv("SSH_CONNECTION")
if address != "" {
return strings.Fields(address)[0]
}
return ""
}
package sshenv
import (
"testing"
"github.com/stretchr/testify/require"
"gitlab.com/gitlab-org/gitlab-shell/go/internal/testhelper"
)
func TestLocalAddr(t *testing.T) {
cleanup, err := testhelper.Setenv("SSH_CONNECTION", "127.0.0.1 0")
require.NoError(t, err)
defer cleanup()
require.Equal(t, LocalAddr(), "127.0.0.1")
}
func TestEmptyLocalAddr(t *testing.T) {
require.Equal(t, LocalAddr(), "")
}
...@@ -85,3 +85,9 @@ func getTestDataDir() (string, error) { ...@@ -85,3 +85,9 @@ func getTestDataDir() (string, error) {
return path.Join(path.Dir(currentFile), "testdata"), nil return path.Join(path.Dir(currentFile), "testdata"), nil
} }
func Setenv(key, value string) (func(), error) {
oldValue := os.Getenv(key)
err := os.Setenv(key, value)
return func() { os.Setenv(key, oldValue) }, err
}
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment