Merge branch 'gitaly-124-gitaly-ssh' into 'master'

Gitaly SSH Client

See merge request !139

.gitlab-ci.yml

@@ -59,18 +59,6 @@ go:1.8:
   <<: *go_definition
   image: golang:1.8
 
-go:1.7:
-  <<: *go_definition
-  image: golang:1.7
-
-go:1.6:
-  <<: *go_definition
-  image: golang:1.6
-
-go:1.5:
-  <<: *go_definition
-  image: golang:1.5
-
 codeclimate:
   before_script: []
   image: docker:latest

README.md

@@ -66,7 +66,7 @@ make
 sudo make install
 ```
 
-To install gitlab-shell you also need a Go compiler version 1.5 or newer. https://golang.org/dl/
+To install gitlab-shell you also need a Go compiler version 1.8 or newer. https://golang.org/dl/
 
 ## Setup
 

go/cmd/gitaly-receive-pack/main.go

@@ -29,7 +29,9 @@ func main() {
 		logger.Fatal("unmarshaling request json failed", err)
 	}
 
-	if err := handler.ReceivePack(os.Args[1], &request); err != nil {
+	code, err := handler.ReceivePack(os.Args[1], &request)
+	if err != nil {
 		logger.Fatal("receive-pack failed", err)
 	}
+	os.Exit(int(code))
 }

go/cmd/gitaly-upload-pack/main.go

@@ -29,7 +29,9 @@ func main() {
 		logger.Fatal("unmarshaling request json failed", err)
 	}
 
-	if err := handler.UploadPack(os.Args[1], &request); err != nil {
+	code, err := handler.UploadPack(os.Args[1], &request)
+	if err != nil {
 		logger.Fatal("upload-pack failed", err)
 	}
+	os.Exit(int(code))
 }

go/internal/handler/handler.go

@@ -5,6 +5,10 @@ import (
 	"os/exec"
 	"syscall"
 
+	"google.golang.org/grpc"
+
+	"gitlab.com/gitlab-org/gitaly/auth"
+	"gitlab.com/gitlab-org/gitaly/client"
 	"gitlab.com/gitlab-org/gitlab-shell/go/internal/config"
 	"gitlab.com/gitlab-org/gitlab-shell/go/internal/logger"
 )
@@ -36,3 +40,12 @@ func execCommand(command string, args ...string) error {
 	args = append([]string{binPath}, args...)
 	return syscall.Exec(binPath, args, os.Environ())
 }
+
+func dialOpts() []grpc.DialOption {
+	connOpts := client.DefaultDialOpts
+	if token := os.Getenv("GITALY_TOKEN"); token != "" {
+		connOpts = append(client.DefaultDialOpts, grpc.WithPerRPCCredentials(gitalyauth.RPCCredentials(token)))
+	}
+
+	return connOpts
+}

go/internal/handler/receive_pack.go

 package handler
 
 import (
+	"context"
 	"fmt"
+	"os"
 
 	pb "gitlab.com/gitlab-org/gitaly-proto/go"
+	"gitlab.com/gitlab-org/gitaly/client"
 )
 
-func ReceivePack(gitalyAddress string, request *pb.SSHReceivePackRequest) error {
-	repoPath := request.Repository.Path
-	if repoPath == "" {
-		return fmt.Errorf("empty path in repository message")
+func ReceivePack(gitalyAddress string, request *pb.SSHReceivePackRequest) (int32, error) {
+	if gitalyAddress == "" {
+		return 0, fmt.Errorf("no gitaly_address given")
 	}
 
-	return execCommand("git-receive-pack", repoPath)
+	conn, err := client.Dial(gitalyAddress, dialOpts())
+	if err != nil {
+		return 0, err
+	}
+	defer conn.Close()
+
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+	return client.ReceivePack(ctx, conn, os.Stdin, os.Stdout, os.Stderr, request)
 }

go/internal/handler/upload_pack.go

 package handler
 
 import (
+	"context"
 	"fmt"
+	"os"
 
 	pb "gitlab.com/gitlab-org/gitaly-proto/go"
+	"gitlab.com/gitlab-org/gitaly/client"
 )
 
-func UploadPack(gitalyAddress string, request *pb.SSHUploadPackRequest) error {
-	repoPath := request.Repository.Path
-	if repoPath == "" {
-		return fmt.Errorf("empty path in repository message")
+func UploadPack(gitalyAddress string, request *pb.SSHUploadPackRequest) (int32, error) {
+	if gitalyAddress == "" {
+		return 0, fmt.Errorf("no gitaly_address given")
 	}
 
-	return execCommand("git-upload-pack", repoPath)
+	conn, err := client.Dial(gitalyAddress, dialOpts())
+	if err != nil {
+		return 0, err
+	}
+	defer conn.Close()
+
+	ctx, cancel := context.WithCancel(context.Background())
+	defer cancel()
+	return client.UploadPack(ctx, conn, os.Stdin, os.Stdout, os.Stderr, request)
 }

go/vendor/gitlab.com/gitlab-org/gitaly-proto/go/VERSION

-0.5.0
+0.14.0

go/vendor/gitlab.com/gitlab-org/gitaly-proto/go/blob.pb.go

+// Code generated by protoc-gen-go. DO NOT EDIT.
+// source: blob.proto
+
+/*
+Package gitaly is a generated protocol buffer package.
+
+It is generated from these files:
+	blob.proto
+	commit.proto
+	deprecated-services.proto
+	diff.proto
+	notifications.proto
+	ref.proto
+	repository-service.proto
+	shared.proto
+	smarthttp.proto
+	ssh.proto
+
+It has these top-level messages:
+	GetBlobRequest
+	GetBlobResponse
+	CommitIsAncestorRequest
+	CommitIsAncestorResponse
+	TreeEntryRequest
+	TreeEntryResponse
+	CommitsBetweenRequest
+	CommitsBetweenResponse
+	CountCommitsRequest
+	CountCommitsResponse
+	CommitDiffRequest
+	CommitDiffResponse
+	CommitDeltaRequest
+	CommitDelta
+	CommitDeltaResponse
+	PostReceiveRequest
+	PostReceiveResponse
+	FindDefaultBranchNameRequest
+	FindDefaultBranchNameResponse
+	FindAllBranchNamesRequest
+	FindAllBranchNamesResponse
+	FindAllTagNamesRequest
+	FindAllTagNamesResponse
+	FindRefNameRequest
+	FindRefNameResponse
+	FindLocalBranchesRequest
+	FindLocalBranchesResponse
+	FindLocalBranchResponse
+	FindLocalBranchCommitAuthor
+	RepositoryExistsRequest
+	RepositoryExistsResponse
+	Repository
+	GitCommit
+	CommitAuthor
+	ExitStatus
+	InfoRefsRequest
+	InfoRefsResponse
+	PostUploadPackRequest
+	PostUploadPackResponse
+	PostReceivePackRequest
+	PostReceivePackResponse
+	SSHUploadPackRequest
+	SSHUploadPackResponse
+	SSHReceivePackRequest
+	SSHReceivePackResponse
+*/
+package gitaly
+
+import proto "github.com/golang/protobuf/proto"
+import fmt "fmt"
+import math "math"
+
+import (
+	context "golang.org/x/net/context"
+	grpc "google.golang.org/grpc"
+)
+
+// Reference imports to suppress errors if they are not otherwise used.
+var _ = proto.Marshal
+var _ = fmt.Errorf
+var _ = math.Inf
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the proto package it is being compiled against.
+// A compilation error at this line likely means your copy of the
+// proto package needs to be updated.
+const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package
+
+type GetBlobRequest struct {
+	Repository *Repository `protobuf:"bytes,1,opt,name=repository" json:"repository,omitempty"`
+	// Object ID (SHA1) of the blob we want to get
+	Oid string `protobuf:"bytes,2,opt,name=oid" json:"oid,omitempty"`
+	// Maximum number of bytes we want to receive. Use '-1' to get the full blob no matter how big.
+	Limit int64 `protobuf:"varint,3,opt,name=limit" json:"limit,omitempty"`
+}
+
+func (m *GetBlobRequest) Reset()                    { *m = GetBlobRequest{} }
+func (m *GetBlobRequest) String() string            { return proto.CompactTextString(m) }
+func (*GetBlobRequest) ProtoMessage()               {}
+func (*GetBlobRequest) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{0} }
+
+func (m *GetBlobRequest) GetRepository() *Repository {
+	if m != nil {
+		return m.Repository
+	}
+	return nil
+}
+
+func (m *GetBlobRequest) GetOid() string {
+	if m != nil {
+		return m.Oid
+	}
+	return ""
+}
+
+func (m *GetBlobRequest) GetLimit() int64 {
+	if m != nil {
+		return m.Limit
+	}
+	return 0
+}
+
+type GetBlobResponse struct {
+	// Blob size; present only in first response message
+	Size int64 `protobuf:"varint,1,opt,name=size" json:"size,omitempty"`
+	// Chunk of blob data
+	Data []byte `protobuf:"bytes,2,opt,name=data,proto3" json:"data,omitempty"`
+	// Object ID of the actual blob returned. Empty if no blob was found.
+	Oid string `protobuf:"bytes,3,opt,name=oid" json:"oid,omitempty"`
+}
+
+func (m *GetBlobResponse) Reset()                    { *m = GetBlobResponse{} }
+func (m *GetBlobResponse) String() string            { return proto.CompactTextString(m) }
+func (*GetBlobResponse) ProtoMessage()               {}
+func (*GetBlobResponse) Descriptor() ([]byte, []int) { return fileDescriptor0, []int{1} }
+
+func (m *GetBlobResponse) GetSize() int64 {
+	if m != nil {
+		return m.Size
+	}
+	return 0
+}
+
+func (m *GetBlobResponse) GetData() []byte {
+	if m != nil {
+		return m.Data
+	}
+	return nil
+}
+
+func (m *GetBlobResponse) GetOid() string {
+	if m != nil {
+		return m.Oid
+	}
+	return ""
+}
+
+func init() {
+	proto.RegisterType((*GetBlobRequest)(nil), "gitaly.GetBlobRequest")
+	proto.RegisterType((*GetBlobResponse)(nil), "gitaly.GetBlobResponse")
+}
+
+// Reference imports to suppress errors if they are not otherwise used.
+var _ context.Context
+var _ grpc.ClientConn
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the grpc package it is being compiled against.
+const _ = grpc.SupportPackageIsVersion4
+
+// Client API for BlobService service
+
+type BlobServiceClient interface {
+	// GetBlob returns the contents of a blob object referenced by its object
+	// ID. We use a stream to return a chunked arbitrarily large binary
+	// response
+	GetBlob(ctx context.Context, in *GetBlobRequest, opts ...grpc.CallOption) (BlobService_GetBlobClient, error)
+}
+
+type blobServiceClient struct {
+	cc *grpc.ClientConn
+}
+
+func NewBlobServiceClient(cc *grpc.ClientConn) BlobServiceClient {
+	return &blobServiceClient{cc}
+}
+
+func (c *blobServiceClient) GetBlob(ctx context.Context, in *GetBlobRequest, opts ...grpc.CallOption) (BlobService_GetBlobClient, error) {
+	stream, err := grpc.NewClientStream(ctx, &_BlobService_serviceDesc.Streams[0], c.cc, "/gitaly.BlobService/GetBlob", opts...)
+	if err != nil {
+		return nil, err
+	}
+	x := &blobServiceGetBlobClient{stream}
+	if err := x.ClientStream.SendMsg(in); err != nil {
+		return nil, err
+	}
+	if err := x.ClientStream.CloseSend(); err != nil {
+		return nil, err
+	}
+	return x, nil
+}
+
+type BlobService_GetBlobClient interface {
+	Recv() (*GetBlobResponse, error)
+	grpc.ClientStream
+}
+
+type blobServiceGetBlobClient struct {
+	grpc.ClientStream
+}
+
+func (x *blobServiceGetBlobClient) Recv() (*GetBlobResponse, error) {
+	m := new(GetBlobResponse)
+	if err := x.ClientStream.RecvMsg(m); err != nil {
+		return nil, err
+	}
+	return m, nil
+}
+
+// Server API for BlobService service
+
+type BlobServiceServer interface {
+	// GetBlob returns the contents of a blob object referenced by its object
+	// ID. We use a stream to return a chunked arbitrarily large binary
+	// response
+	GetBlob(*GetBlobRequest, BlobService_GetBlobServer) error
+}
+
+func RegisterBlobServiceServer(s *grpc.Server, srv BlobServiceServer) {
+	s.RegisterService(&_BlobService_serviceDesc, srv)
+}
+
+func _BlobService_GetBlob_Handler(srv interface{}, stream grpc.ServerStream) error {
+	m := new(GetBlobRequest)
+	if err := stream.RecvMsg(m); err != nil {
+		return err
+	}
+	return srv.(BlobServiceServer).GetBlob(m, &blobServiceGetBlobServer{stream})
+}
+
+type BlobService_GetBlobServer interface {
+	Send(*GetBlobResponse) error
+	grpc.ServerStream
+}
+
+type blobServiceGetBlobServer struct {
+	grpc.ServerStream
+}
+
+func (x *blobServiceGetBlobServer) Send(m *GetBlobResponse) error {
+	return x.ServerStream.SendMsg(m)
+}
+
+var _BlobService_serviceDesc = grpc.ServiceDesc{
+	ServiceName: "gitaly.BlobService",
+	HandlerType: (*BlobServiceServer)(nil),
+	Methods:     []grpc.MethodDesc{},
+	Streams: []grpc.StreamDesc{
+		{
+			StreamName:    "GetBlob",
+			Handler:       _BlobService_GetBlob_Handler,
+			ServerStreams: true,
+		},
+	},
+	Metadata: "blob.proto",
+}
+
+func init() { proto.RegisterFile("blob.proto", fileDescriptor0) }
+
+var fileDescriptor0 = []byte{
+	// 217 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x64, 0x90, 0x31, 0x4b, 0xc7, 0x30,
+	0x10, 0xc5, 0x8d, 0xd1, 0xbf, 0x78, 0x2d, 0x2a, 0x87, 0x68, 0xe9, 0x54, 0x3a, 0x75, 0x2a, 0x52,
+	0x77, 0x07, 0x17, 0x07, 0x71, 0x89, 0x9f, 0x20, 0xb1, 0x87, 0x06, 0xa2, 0x57, 0x93, 0x28, 0xd4,
+	0x4f, 0x2f, 0x4d, 0x6c, 0x51, 0xdc, 0x5e, 0x5e, 0x92, 0xf7, 0x7b, 0x77, 0x00, 0xc6, 0xb1, 0xe9,
+	0x27, 0xcf, 0x91, 0x71, 0xf7, 0x6c, 0xa3, 0x76, 0x73, 0x5d, 0x86, 0x17, 0xed, 0x69, 0xcc, 0x6e,
+	0xeb, 0xe0, 0xe4, 0x8e, 0xe2, 0xad, 0x63, 0xa3, 0xe8, 0xfd, 0x83, 0x42, 0xc4, 0x01, 0xc0, 0xd3,
+	0xc4, 0xc1, 0x46, 0xf6, 0x73, 0x25, 0x1a, 0xd1, 0x15, 0x03, 0xf6, 0xf9, 0x73, 0xaf, 0xb6, 0x1b,
+	0xf5, 0xeb, 0x15, 0x9e, 0x81, 0x64, 0x3b, 0x56, 0xfb, 0x8d, 0xe8, 0x8e, 0xd5, 0x22, 0xf1, 0x1c,
+	0x0e, 0x9d, 0x7d, 0xb5, 0xb1, 0x92, 0x8d, 0xe8, 0xa4, 0xca, 0x87, 0xf6, 0x1e, 0x4e, 0x37, 0x5a,
+	0x98, 0xf8, 0x2d, 0x10, 0x22, 0x1c, 0x04, 0xfb, 0x45, 0x09, 0x24, 0x55, 0xd2, 0x8b, 0x37, 0xea,
+	0xa8, 0x53, 0x5e, 0xa9, 0x92, 0x5e, 0x11, 0x72, 0x43, 0x0c, 0x0f, 0x50, 0x2c, 0x49, 0x8f, 0xe4,
+	0x3f, 0xed, 0x13, 0xe1, 0x0d, 0x1c, 0xfd, 0x64, 0xe3, 0xc5, 0x5a, 0xf7, 0xef, 0x68, 0xf5, 0xe5,
+	0x3f, 0x3f, 0x97, 0x68, 0xf7, 0xae, 0x84, 0xd9, 0xa5, 0x85, 0x5c, 0x7f, 0x07, 0x00, 0x00, 0xff,
+	0xff, 0xab, 0x77, 0x1a, 0x6d, 0x34, 0x01, 0x00, 0x00,
+}

go/vendor/gitlab.com/gitlab-org/gitaly-proto/go/helper/stream.go

+package helper
+
+import (
+	"io"
+)
+
+// NewReceiveReader turns receiver into an io.Reader. Errors from the
+// receiver function are passed on unmodified. This means receiver should
+// emit io.EOF when done.
+func NewReceiveReader(receiver func() ([]byte, error)) io.Reader {
+	return &receiveReader{receiver: receiver}
+}
+
+type receiveReader struct {
+	receiver func() ([]byte, error)
+	data     []byte
+	err      error
+}
+
+func (rr *receiveReader) Read(p []byte) (int, error) {
+	if len(rr.data) == 0 {
+		rr.data, rr.err = rr.receiver()
+	}
+	n := copy(p, rr.data)
+	rr.data = rr.data[n:]
+	if len(rr.data) == 0 {
+		return n, rr.err
+	}
+	return n, nil
+}
+
+// NewSendWriter turns sender into an io.Writer. The number of 'bytes
+// written' reported back is always len(p).
+func NewSendWriter(sender func(p []byte) error) io.Writer {
+	return &sendWriter{sender: sender}
+}
+
+type sendWriter struct {
+	sender func([]byte) error
+}
+
+func (sw *sendWriter) Write(p []byte) (int, error) {
+	return len(p), sw.sender(p)
+}

go/vendor/gitlab.com/gitlab-org/gitaly-proto/go/notifications.pb.go

-// Code generated by protoc-gen-go.
+// Code generated by protoc-gen-go. DO NOT EDIT.
 // source: notifications.proto
-// DO NOT EDIT!
 
 package gitaly
 
@@ -25,7 +24,7 @@ type PostReceiveRequest struct {
 func (m *PostReceiveRequest) Reset()                    { *m = PostReceiveRequest{} }
 func (m *PostReceiveRequest) String() string            { return proto.CompactTextString(m) }
 func (*PostReceiveRequest) ProtoMessage()               {}
-func (*PostReceiveRequest) Descriptor() ([]byte, []int) { return fileDescriptor2, []int{0} }
+func (*PostReceiveRequest) Descriptor() ([]byte, []int) { return fileDescriptor4, []int{0} }
 
 func (m *PostReceiveRequest) GetRepository() *Repository {
 	if m != nil {
@@ -40,7 +39,7 @@ type PostReceiveResponse struct {
 func (m *PostReceiveResponse) Reset()                    { *m = PostReceiveResponse{} }
 func (m *PostReceiveResponse) String() string            { return proto.CompactTextString(m) }
 func (*PostReceiveResponse) ProtoMessage()               {}
-func (*PostReceiveResponse) Descriptor() ([]byte, []int) { return fileDescriptor2, []int{1} }
+func (*PostReceiveResponse) Descriptor() ([]byte, []int) { return fileDescriptor4, []int{1} }
 
 func init() {
 	proto.RegisterType((*PostReceiveRequest)(nil), "gitaly.PostReceiveRequest")
@@ -55,74 +54,74 @@ var _ grpc.ClientConn
 // is compatible with the grpc package it is being compiled against.
 const _ = grpc.SupportPackageIsVersion4
 
-// Client API for Notifications service
+// Client API for NotificationService service
 
-type NotificationsClient interface {
+type NotificationServiceClient interface {
 	PostReceive(ctx context.Context, in *PostReceiveRequest, opts ...grpc.CallOption) (*PostReceiveResponse, error)
 }
 
-type notificationsClient struct {
+type notificationServiceClient struct {
 	cc *grpc.ClientConn
 }
 
-func NewNotificationsClient(cc *grpc.ClientConn) NotificationsClient {
-	return &notificationsClient{cc}
+func NewNotificationServiceClient(cc *grpc.ClientConn) NotificationServiceClient {
+	return &notificationServiceClient{cc}
 }
 
-func (c *notificationsClient) PostReceive(ctx context.Context, in *PostReceiveRequest, opts ...grpc.CallOption) (*PostReceiveResponse, error) {
+func (c *notificationServiceClient) PostReceive(ctx context.Context, in *PostReceiveRequest, opts ...grpc.CallOption) (*PostReceiveResponse, error) {
 	out := new(PostReceiveResponse)
-	err := grpc.Invoke(ctx, "/gitaly.Notifications/PostReceive", in, out, c.cc, opts...)
+	err := grpc.Invoke(ctx, "/gitaly.NotificationService/PostReceive", in, out, c.cc, opts...)
 	if err != nil {
 		return nil, err
 	}
 	return out, nil
 }
 
-// Server API for Notifications service
+// Server API for NotificationService service
 
-type NotificationsServer interface {
+type NotificationServiceServer interface {
 	PostReceive(context.Context, *PostReceiveRequest) (*PostReceiveResponse, error)
 }
 
-func RegisterNotificationsServer(s *grpc.Server, srv NotificationsServer) {
-	s.RegisterService(&_Notifications_serviceDesc, srv)
+func RegisterNotificationServiceServer(s *grpc.Server, srv NotificationServiceServer) {
+	s.RegisterService(&_NotificationService_serviceDesc, srv)
 }
 
-func _Notifications_PostReceive_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+func _NotificationService_PostReceive_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
 	in := new(PostReceiveRequest)
 	if err := dec(in); err != nil {
 		return nil, err
 	}
 	if interceptor == nil {
-		return srv.(NotificationsServer).PostReceive(ctx, in)
+		return srv.(NotificationServiceServer).PostReceive(ctx, in)
 	}
 	info := &grpc.UnaryServerInfo{
 		Server:     srv,
-		FullMethod: "/gitaly.Notifications/PostReceive",
+		FullMethod: "/gitaly.NotificationService/PostReceive",
 	}
 	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
-		return srv.(NotificationsServer).PostReceive(ctx, req.(*PostReceiveRequest))
+		return srv.(NotificationServiceServer).PostReceive(ctx, req.(*PostReceiveRequest))
 	}
 	return interceptor(ctx, in, info, handler)
 }
 
-var _Notifications_serviceDesc = grpc.ServiceDesc{
-	ServiceName: "gitaly.Notifications",
-	HandlerType: (*NotificationsServer)(nil),
+var _NotificationService_serviceDesc = grpc.ServiceDesc{
+	ServiceName: "gitaly.NotificationService",
+	HandlerType: (*NotificationServiceServer)(nil),
 	Methods: []grpc.MethodDesc{
 		{
 			MethodName: "PostReceive",
-			Handler:    _Notifications_PostReceive_Handler,
+			Handler:    _NotificationService_PostReceive_Handler,
 		},
 	},
 	Streams:  []grpc.StreamDesc{},
 	Metadata: "notifications.proto",
 }
 
-func init() { proto.RegisterFile("notifications.proto", fileDescriptor2) }
+func init() { proto.RegisterFile("notifications.proto", fileDescriptor4) }
 
-var fileDescriptor2 = []byte{
-	// 163 bytes of a gzipped FileDescriptorProto
+var fileDescriptor4 = []byte{
+	// 170 bytes of a gzipped FileDescriptorProto
 	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0x12, 0xce, 0xcb, 0x2f, 0xc9,
 	0x4c, 0xcb, 0x4c, 0x4e, 0x2c, 0xc9, 0xcc, 0xcf, 0x2b, 0xd6, 0x2b, 0x28, 0xca, 0x2f, 0xc9, 0x17,
 	0x62, 0x4b, 0xcf, 0x2c, 0x49, 0xcc, 0xa9, 0x94, 0xe2, 0x29, 0xce, 0x48, 0x2c, 0x4a, 0x4d, 0x81,
@@ -130,8 +129,8 @@ var fileDescriptor2 = []byte{
 	0x06, 0xa5, 0x16, 0x96, 0xa6, 0x16, 0x97, 0x08, 0x19, 0x71, 0x71, 0x15, 0xa5, 0x16, 0xe4, 0x17,
 	0x67, 0x96, 0xe4, 0x17, 0x55, 0x4a, 0x30, 0x2a, 0x30, 0x6a, 0x70, 0x1b, 0x09, 0xe9, 0x41, 0x0c,
 	0xd0, 0x0b, 0x82, 0xcb, 0x04, 0x21, 0xa9, 0x52, 0x12, 0xe5, 0x12, 0x46, 0x31, 0xa9, 0xb8, 0x20,
-	0x3f, 0xaf, 0x38, 0xd5, 0x28, 0x92, 0x8b, 0xd7, 0x0f, 0xd9, 0x35, 0x42, 0x1e, 0x5c, 0xdc, 0x48,
-	0xea, 0x84, 0xa4, 0x60, 0xc6, 0x62, 0x3a, 0x43, 0x4a, 0x1a, 0xab, 0x1c, 0xc4, 0x60, 0x25, 0x86,
-	0x24, 0x36, 0xb0, 0x17, 0x8c, 0x01, 0x01, 0x00, 0x00, 0xff, 0xff, 0xf2, 0x5e, 0x1f, 0x64, 0xef,
-	0x00, 0x00, 0x00,
+	0x3f, 0xaf, 0x38, 0xd5, 0x28, 0x9e, 0x4b, 0xd8, 0x0f, 0xc9, 0x35, 0xc1, 0xa9, 0x45, 0x65, 0x99,
+	0xc9, 0xa9, 0x42, 0x1e, 0x5c, 0xdc, 0x48, 0xaa, 0x85, 0xa4, 0x60, 0x86, 0x63, 0x3a, 0x46, 0x4a,
+	0x1a, 0xab, 0x1c, 0xc4, 0x78, 0x25, 0x86, 0x24, 0x36, 0xb0, 0x47, 0x8c, 0x01, 0x01, 0x00, 0x00,
+	0xff, 0xff, 0x98, 0xea, 0xcc, 0xff, 0xf5, 0x00, 0x00, 0x00,
 }

go/vendor/gitlab.com/gitlab-org/gitaly-proto/go/repository-service.pb.go

+// Code generated by protoc-gen-go. DO NOT EDIT.
+// source: repository-service.proto
+
+package gitaly
+
+import proto "github.com/golang/protobuf/proto"
+import fmt "fmt"
+import math "math"
+
+import (
+	context "golang.org/x/net/context"
+	grpc "google.golang.org/grpc"
+)
+
+// Reference imports to suppress errors if they are not otherwise used.
+var _ = proto.Marshal
+var _ = fmt.Errorf
+var _ = math.Inf
+
+type RepositoryExistsRequest struct {
+	Repository *Repository `protobuf:"bytes,1,opt,name=repository" json:"repository,omitempty"`
+}
+
+func (m *RepositoryExistsRequest) Reset()                    { *m = RepositoryExistsRequest{} }
+func (m *RepositoryExistsRequest) String() string            { return proto.CompactTextString(m) }
+func (*RepositoryExistsRequest) ProtoMessage()               {}
+func (*RepositoryExistsRequest) Descriptor() ([]byte, []int) { return fileDescriptor6, []int{0} }
+
+func (m *RepositoryExistsRequest) GetRepository() *Repository {
+	if m != nil {
+		return m.Repository
+	}
+	return nil
+}
+
+type RepositoryExistsResponse struct {
+	Exists bool `protobuf:"varint,1,opt,name=exists" json:"exists,omitempty"`
+}
+
+func (m *RepositoryExistsResponse) Reset()                    { *m = RepositoryExistsResponse{} }
+func (m *RepositoryExistsResponse) String() string            { return proto.CompactTextString(m) }
+func (*RepositoryExistsResponse) ProtoMessage()               {}
+func (*RepositoryExistsResponse) Descriptor() ([]byte, []int) { return fileDescriptor6, []int{1} }
+
+func (m *RepositoryExistsResponse) GetExists() bool {
+	if m != nil {
+		return m.Exists
+	}
+	return false
+}
+
+func init() {
+	proto.RegisterType((*RepositoryExistsRequest)(nil), "gitaly.RepositoryExistsRequest")
+	proto.RegisterType((*RepositoryExistsResponse)(nil), "gitaly.RepositoryExistsResponse")
+}
+
+// Reference imports to suppress errors if they are not otherwise used.
+var _ context.Context
+var _ grpc.ClientConn
+
+// This is a compile-time assertion to ensure that this generated file
+// is compatible with the grpc package it is being compiled against.
+const _ = grpc.SupportPackageIsVersion4
+
+// Client API for RepositoryService service
+
+type RepositoryServiceClient interface {
+	Exists(ctx context.Context, in *RepositoryExistsRequest, opts ...grpc.CallOption) (*RepositoryExistsResponse, error)
+}
+
+type repositoryServiceClient struct {
+	cc *grpc.ClientConn
+}
+
+func NewRepositoryServiceClient(cc *grpc.ClientConn) RepositoryServiceClient {
+	return &repositoryServiceClient{cc}
+}
+
+func (c *repositoryServiceClient) Exists(ctx context.Context, in *RepositoryExistsRequest, opts ...grpc.CallOption) (*RepositoryExistsResponse, error) {
+	out := new(RepositoryExistsResponse)
+	err := grpc.Invoke(ctx, "/gitaly.RepositoryService/Exists", in, out, c.cc, opts...)
+	if err != nil {
+		return nil, err
+	}
+	return out, nil
+}
+
+// Server API for RepositoryService service
+
+type RepositoryServiceServer interface {
+	Exists(context.Context, *RepositoryExistsRequest) (*RepositoryExistsResponse, error)
+}
+
+func RegisterRepositoryServiceServer(s *grpc.Server, srv RepositoryServiceServer) {
+	s.RegisterService(&_RepositoryService_serviceDesc, srv)
+}
+
+func _RepositoryService_Exists_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
+	in := new(RepositoryExistsRequest)
+	if err := dec(in); err != nil {
+		return nil, err
+	}
+	if interceptor == nil {
+		return srv.(RepositoryServiceServer).Exists(ctx, in)
+	}
+	info := &grpc.UnaryServerInfo{
+		Server:     srv,
+		FullMethod: "/gitaly.RepositoryService/Exists",
+	}
+	handler := func(ctx context.Context, req interface{}) (interface{}, error) {
+		return srv.(RepositoryServiceServer).Exists(ctx, req.(*RepositoryExistsRequest))
+	}
+	return interceptor(ctx, in, info, handler)
+}
+
+var _RepositoryService_serviceDesc = grpc.ServiceDesc{
+	ServiceName: "gitaly.RepositoryService",
+	HandlerType: (*RepositoryServiceServer)(nil),
+	Methods: []grpc.MethodDesc{
+		{
+			MethodName: "Exists",
+			Handler:    _RepositoryService_Exists_Handler,
+		},
+	},
+	Streams:  []grpc.StreamDesc{},
+	Metadata: "repository-service.proto",
+}
+
+func init() { proto.RegisterFile("repository-service.proto", fileDescriptor6) }
+
+var fileDescriptor6 = []byte{
+	// 172 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0x92, 0x28, 0x4a, 0x2d, 0xc8,
+	0x2f, 0xce, 0x2c, 0xc9, 0x2f, 0xaa, 0xd4, 0x2d, 0x4e, 0x2d, 0x2a, 0xcb, 0x4c, 0x4e, 0xd5, 0x2b,
+	0x28, 0xca, 0x2f, 0xc9, 0x17, 0x62, 0x4b, 0xcf, 0x2c, 0x49, 0xcc, 0xa9, 0x94, 0xe2, 0x29, 0xce,
+	0x48, 0x2c, 0x4a, 0x4d, 0x81, 0x88, 0x2a, 0xf9, 0x72, 0x89, 0x07, 0xc1, 0x75, 0xb8, 0x56, 0x64,
+	0x16, 0x97, 0x14, 0x07, 0xa5, 0x16, 0x96, 0xa6, 0x16, 0x97, 0x08, 0x19, 0x71, 0x71, 0x21, 0x0c,
+	0x93, 0x60, 0x54, 0x60, 0xd4, 0xe0, 0x36, 0x12, 0xd2, 0x83, 0x98, 0xa2, 0x87, 0xd0, 0x14, 0x84,
+	0xa4, 0x4a, 0xc9, 0x88, 0x4b, 0x02, 0xd3, 0xb8, 0xe2, 0x82, 0xfc, 0xbc, 0xe2, 0x54, 0x21, 0x31,
+	0x2e, 0xb6, 0x54, 0xb0, 0x08, 0xd8, 0x2c, 0x8e, 0x20, 0x28, 0xcf, 0x28, 0x89, 0x4b, 0x10, 0xa1,
+	0x27, 0x18, 0xe2, 0x66, 0x21, 0x5f, 0x2e, 0x36, 0x88, 0x76, 0x21, 0x79, 0x4c, 0x2b, 0x51, 0xdc,
+	0x29, 0xa5, 0x80, 0x5b, 0x01, 0xc4, 0x66, 0x25, 0x86, 0x24, 0x36, 0xb0, 0x6f, 0x8d, 0x01, 0x01,
+	0x00, 0x00, 0xff, 0xff, 0x7e, 0xc1, 0x7d, 0x44, 0x1f, 0x01, 0x00, 0x00,
+}

go/vendor/gitlab.com/gitlab-org/gitaly-proto/go/shared.pb.go

-// Code generated by protoc-gen-go.
+// Code generated by protoc-gen-go. DO NOT EDIT.
 // source: shared.proto
-// DO NOT EDIT!
 
 package gitaly
 
 import proto "github.com/golang/protobuf/proto"
 import fmt "fmt"
 import math "math"
+import google_protobuf "github.com/golang/protobuf/ptypes/timestamp"
 
 // Reference imports to suppress errors if they are not otherwise used.
 var _ = proto.Marshal
@@ -14,7 +14,6 @@ var _ = fmt.Errorf
 var _ = math.Inf
 
 type Repository struct {
-	Path         string `protobuf:"bytes,1,opt,name=path" json:"path,omitempty"`
 	StorageName  string `protobuf:"bytes,2,opt,name=storage_name,json=storageName" json:"storage_name,omitempty"`
 	RelativePath string `protobuf:"bytes,3,opt,name=relative_path,json=relativePath" json:"relative_path,omitempty"`
 }
@@ -22,29 +21,110 @@ type Repository struct {
 func (m *Repository) Reset()                    { *m = Repository{} }
 func (m *Repository) String() string            { return proto.CompactTextString(m) }
 func (*Repository) ProtoMessage()               {}
-func (*Repository) Descriptor() ([]byte, []int) { return fileDescriptor4, []int{0} }
+func (*Repository) Descriptor() ([]byte, []int) { return fileDescriptor7, []int{0} }
 
-func (m *Repository) GetPath() string {
+func (m *Repository) GetStorageName() string {
 	if m != nil {
-		return m.Path
+		return m.StorageName
 	}
 	return ""
 }
 
-func (m *Repository) GetStorageName() string {
+func (m *Repository) GetRelativePath() string {
 	if m != nil {
-		return m.StorageName
+		return m.RelativePath
 	}
 	return ""
 }
 
-func (m *Repository) GetRelativePath() string {
+type GitCommit struct {
+	Id        string        `protobuf:"bytes,1,opt,name=id" json:"id,omitempty"`
+	Subject   []byte        `protobuf:"bytes,2,opt,name=subject,proto3" json:"subject,omitempty"`
+	Body      []byte        `protobuf:"bytes,3,opt,name=body,proto3" json:"body,omitempty"`
+	Author    *CommitAuthor `protobuf:"bytes,4,opt,name=author" json:"author,omitempty"`
+	Committer *CommitAuthor `protobuf:"bytes,5,opt,name=committer" json:"committer,omitempty"`
+	ParentIds []string      `protobuf:"bytes,6,rep,name=parent_ids,json=parentIds" json:"parent_ids,omitempty"`
+}
+
+func (m *GitCommit) Reset()                    { *m = GitCommit{} }
+func (m *GitCommit) String() string            { return proto.CompactTextString(m) }
+func (*GitCommit) ProtoMessage()               {}
+func (*GitCommit) Descriptor() ([]byte, []int) { return fileDescriptor7, []int{1} }
+
+func (m *GitCommit) GetId() string {
 	if m != nil {
-		return m.RelativePath
+		return m.Id
 	}
 	return ""
 }
 
+func (m *GitCommit) GetSubject() []byte {
+	if m != nil {
+		return m.Subject
+	}
+	return nil
+}
+
+func (m *GitCommit) GetBody() []byte {
+	if m != nil {
+		return m.Body
+	}
+	return nil
+}
+
+func (m *GitCommit) GetAuthor() *CommitAuthor {
+	if m != nil {
+		return m.Author
+	}
+	return nil
+}
+
+func (m *GitCommit) GetCommitter() *CommitAuthor {
+	if m != nil {
+		return m.Committer
+	}
+	return nil
+}
+
+func (m *GitCommit) GetParentIds() []string {
+	if m != nil {
+		return m.ParentIds
+	}
+	return nil
+}
+
+type CommitAuthor struct {
+	Name  []byte                     `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
+	Email []byte                     `protobuf:"bytes,2,opt,name=email,proto3" json:"email,omitempty"`
+	Date  *google_protobuf.Timestamp `protobuf:"bytes,3,opt,name=date" json:"date,omitempty"`
+}
+
+func (m *CommitAuthor) Reset()                    { *m = CommitAuthor{} }
+func (m *CommitAuthor) String() string            { return proto.CompactTextString(m) }
+func (*CommitAuthor) ProtoMessage()               {}
+func (*CommitAuthor) Descriptor() ([]byte, []int) { return fileDescriptor7, []int{2} }
+
+func (m *CommitAuthor) GetName() []byte {
+	if m != nil {
+		return m.Name
+	}
+	return nil
+}
+
+func (m *CommitAuthor) GetEmail() []byte {
+	if m != nil {
+		return m.Email
+	}
+	return nil
+}
+
+func (m *CommitAuthor) GetDate() *google_protobuf.Timestamp {
+	if m != nil {
+		return m.Date
+	}
+	return nil
+}
+
 type ExitStatus struct {
 	Value int32 `protobuf:"varint,1,opt,name=value" json:"value,omitempty"`
 }
@@ -52,7 +132,7 @@ type ExitStatus struct {
 func (m *ExitStatus) Reset()                    { *m = ExitStatus{} }
 func (m *ExitStatus) String() string            { return proto.CompactTextString(m) }
 func (*ExitStatus) ProtoMessage()               {}
-func (*ExitStatus) Descriptor() ([]byte, []int) { return fileDescriptor4, []int{1} }
+func (*ExitStatus) Descriptor() ([]byte, []int) { return fileDescriptor7, []int{3} }
 
 func (m *ExitStatus) GetValue() int32 {
 	if m != nil {
@@ -63,22 +143,34 @@ func (m *ExitStatus) GetValue() int32 {
 
 func init() {
 	proto.RegisterType((*Repository)(nil), "gitaly.Repository")
+	proto.RegisterType((*GitCommit)(nil), "gitaly.GitCommit")
+	proto.RegisterType((*CommitAuthor)(nil), "gitaly.CommitAuthor")
 	proto.RegisterType((*ExitStatus)(nil), "gitaly.ExitStatus")
 }
 
-func init() { proto.RegisterFile("shared.proto", fileDescriptor4) }
-
-var fileDescriptor4 = []byte{
-	// 161 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x34, 0x8e, 0xb1, 0xca, 0xc2, 0x40,
-	0x10, 0x84, 0xc9, 0xff, 0x9b, 0x80, 0x6b, 0x6c, 0x16, 0x8b, 0x94, 0x1a, 0x1b, 0x2b, 0x1b, 0x9f,
-	0xc1, 0x56, 0xe4, 0x7c, 0x80, 0xb0, 0xe2, 0x92, 0x3b, 0xb8, 0x78, 0xc7, 0xdd, 0x26, 0x98, 0xb7,
-	0x17, 0x56, 0xed, 0x76, 0xbf, 0x99, 0x61, 0x06, 0xea, 0x6c, 0x29, 0xf1, 0xe3, 0x18, 0x53, 0x90,
-	0x80, 0x55, 0xef, 0x84, 0xfc, 0xdc, 0x5a, 0x00, 0xc3, 0x31, 0x64, 0x27, 0x21, 0xcd, 0x88, 0xb0,
-	0x88, 0x24, 0xb6, 0x29, 0xb6, 0xc5, 0x61, 0x69, 0xf4, 0xc6, 0x1d, 0xd4, 0x59, 0x42, 0xa2, 0x9e,
-	0xbb, 0x27, 0x0d, 0xdc, 0xfc, 0xa9, 0xb6, 0xfa, 0xb2, 0x0b, 0x0d, 0x8c, 0x7b, 0x58, 0x27, 0xf6,
-	0x24, 0x6e, 0xe2, 0x4e, 0xf3, 0xff, 0xea, 0xa9, 0x7f, 0xf0, 0x4a, 0x62, 0xdb, 0x16, 0xe0, 0xfc,
-	0x72, 0x72, 0x13, 0x92, 0x31, 0xe3, 0x06, 0xca, 0x89, 0xfc, 0xc8, 0x5a, 0x55, 0x9a, 0xcf, 0x73,
-	0xaf, 0x74, 0xdc, 0xe9, 0x1d, 0x00, 0x00, 0xff, 0xff, 0xbd, 0xf7, 0x56, 0x73, 0xac, 0x00, 0x00,
-	0x00,
+func init() { proto.RegisterFile("shared.proto", fileDescriptor7) }
+
+var fileDescriptor7 = []byte{
+	// 335 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x7c, 0x51, 0xc1, 0x4a, 0xc3, 0x40,
+	0x10, 0x25, 0x69, 0x1a, 0xcd, 0x34, 0x8a, 0x2c, 0x3d, 0x84, 0x82, 0x58, 0xe3, 0xa5, 0x07, 0x49,
+	0xa1, 0x7e, 0x81, 0x88, 0x88, 0x1e, 0x44, 0x56, 0xef, 0x75, 0xd2, 0xac, 0xc9, 0x4a, 0xd2, 0x0d,
+	0xbb, 0x93, 0x62, 0x7f, 0xd1, 0xaf, 0x92, 0xec, 0x36, 0xe8, 0xc9, 0xdb, 0xce, 0x9b, 0xf7, 0x66,
+	0xe6, 0xed, 0x83, 0xd8, 0x54, 0xa8, 0x45, 0x91, 0xb5, 0x5a, 0x91, 0x62, 0x61, 0x29, 0x09, 0xeb,
+	0xfd, 0xec, 0xa2, 0x54, 0xaa, 0xac, 0xc5, 0xd2, 0xa2, 0x79, 0xf7, 0xb1, 0x24, 0xd9, 0x08, 0x43,
+	0xd8, 0xb4, 0x8e, 0x98, 0xbe, 0x03, 0x70, 0xd1, 0x2a, 0x23, 0x49, 0xe9, 0x3d, 0xbb, 0x84, 0xd8,
+	0x90, 0xd2, 0x58, 0x8a, 0xf5, 0x16, 0x1b, 0x91, 0xf8, 0x73, 0x6f, 0x11, 0xf1, 0xc9, 0x01, 0x7b,
+	0xc6, 0x46, 0xb0, 0x2b, 0x38, 0xd1, 0xa2, 0x46, 0x92, 0x3b, 0xb1, 0x6e, 0x91, 0xaa, 0x64, 0x64,
+	0x39, 0xf1, 0x00, 0xbe, 0x20, 0x55, 0x4f, 0xc1, 0xb1, 0x77, 0xe6, 0xf3, 0xa0, 0xef, 0xa7, 0xdf,
+	0x1e, 0x44, 0x0f, 0x92, 0xee, 0x54, 0xd3, 0x48, 0x62, 0xa7, 0xe0, 0xcb, 0x22, 0xf1, 0xac, 0xc6,
+	0x97, 0x05, 0x4b, 0xe0, 0xc8, 0x74, 0xf9, 0xa7, 0xd8, 0x90, 0x5d, 0x16, 0xf3, 0xa1, 0x64, 0x0c,
+	0x82, 0x5c, 0x15, 0x7b, 0x3b, 0x3f, 0xe6, 0xf6, 0xcd, 0xae, 0x21, 0xc4, 0x8e, 0x2a, 0xa5, 0x93,
+	0x60, 0xee, 0x2d, 0x26, 0xab, 0x69, 0xe6, 0x7c, 0x66, 0x6e, 0xfa, 0xad, 0xed, 0xf1, 0x03, 0x87,
+	0xad, 0x20, 0xda, 0x58, 0x9c, 0x84, 0x4e, 0xc6, 0xff, 0x08, 0x7e, 0x69, 0xec, 0x1c, 0xa0, 0x45,
+	0x2d, 0xb6, 0xb4, 0x96, 0x85, 0x49, 0xc2, 0xf9, 0x68, 0x11, 0xf1, 0xc8, 0x21, 0x8f, 0x85, 0x49,
+	0x2b, 0x88, 0xff, 0x2a, 0xfb, 0x23, 0xed, 0x47, 0x79, 0xee, 0xc8, 0xfe, 0xcd, 0xa6, 0x30, 0x16,
+	0x0d, 0xca, 0xfa, 0x60, 0xc8, 0x15, 0x2c, 0x83, 0xa0, 0x40, 0x12, 0xd6, 0xce, 0x64, 0x35, 0xcb,
+	0x5c, 0x30, 0xd9, 0x10, 0x4c, 0xf6, 0x36, 0x04, 0xc3, 0x2d, 0x2f, 0x4d, 0x01, 0xee, 0xbf, 0x24,
+	0xbd, 0x12, 0x52, 0x67, 0xfa, 0x99, 0x3b, 0xac, 0x3b, 0xb7, 0x68, 0xcc, 0x5d, 0x91, 0x87, 0x56,
+	0x7d, 0xf3, 0x13, 0x00, 0x00, 0xff, 0xff, 0x0a, 0x87, 0xe3, 0xb7, 0xfc, 0x01, 0x00, 0x00,
 }

go/vendor/gitlab.com/gitlab-org/gitaly/LICENSE

+The MIT License (MIT)
+
+Copyright (c) 2016-2017 GitLab B.V.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

go/vendor/gitlab.com/gitlab-org/gitaly/auth/rpccredentials.go

+package gitalyauth
+
+import (
+	"encoding/base64"
+
+	"golang.org/x/net/context"
+	"google.golang.org/grpc/credentials"
+)
+
+// RPCCredentials can be used with grpc.WithPerRPCCredentials to create a
+// grpc.DialOption that inserts the supplied token for authentication
+// with a Gitaly server.
+func RPCCredentials(token string) credentials.PerRPCCredentials {
+	return &rpcCredentials{token: base64.StdEncoding.EncodeToString([]byte(token))}
+}
+
+type rpcCredentials struct {
+	token string
+}
+
+func (*rpcCredentials) RequireTransportSecurity() bool { return false }
+
+func (rc *rpcCredentials) GetRequestMetadata(context.Context, ...string) (map[string]string, error) {
+	return map[string]string{"authorization": "Bearer " + rc.token}, nil
+}

go/vendor/gitlab.com/gitlab-org/gitaly/client/dial.go

+package client
+
+import (
+	"fmt"
+	"net"
+	"net/url"
+	"strings"
+	"time"
+
+	"google.golang.org/grpc"
+)
+
+// DefaultDialOpts hold the default DialOptions for connection to Gitaly over UNIX-socket
+var DefaultDialOpts = []grpc.DialOption{
+	grpc.WithInsecure(),
+}
+
+// Dial gitaly
+func Dial(rawAddress string, connOpts []grpc.DialOption) (*grpc.ClientConn, error) {
+	network, addr, err := parseAddress(rawAddress)
+	if err != nil {
+		return nil, err
+	}
+
+	connOpts = append(connOpts,
+		grpc.WithDialer(func(a string, _ time.Duration) (net.Conn, error) {
+			return net.Dial(network, a)
+		}))
+	conn, err := grpc.Dial(addr, connOpts...)
+	if err != nil {
+		return nil, err
+	}
+
+	return conn, nil
+}
+
+func parseAddress(rawAddress string) (network, addr string, err error) {
+	// Parsing unix:// URL's with url.Parse does not give the result we want
+	// so we do it manually.
+	for _, prefix := range []string{"unix://", "unix:"} {
+		if strings.HasPrefix(rawAddress, prefix) {
+			return "unix", strings.TrimPrefix(rawAddress, prefix), nil
+		}
+	}
+
+	u, err := url.Parse(rawAddress)
+	if err != nil {
+		return "", "", err
+	}
+
+	if u.Scheme != "tcp" {
+		return "", "", fmt.Errorf("unknown scheme: %q", rawAddress)
+	}
+	if u.Host == "" {
+		return "", "", fmt.Errorf("network tcp requires host: %q", rawAddress)
+	}
+	if u.Path != "" {
+		return "", "", fmt.Errorf("network tcp should have no path: %q", rawAddress)
+	}
+	return "tcp", u.Host, nil
+}

go/vendor/gitlab.com/gitlab-org/gitaly/client/receive_pack.go

+package client
+
+import (
+	"io"
+
+	"google.golang.org/grpc"
+
+	"golang.org/x/net/context"
+
+	pb "gitlab.com/gitlab-org/gitaly-proto/go"
+	pbhelper "gitlab.com/gitlab-org/gitaly-proto/go/helper"
+)
+
+// ReceivePack proxies an SSH git-receive-pack (git push) session to Gitaly
+func ReceivePack(ctx context.Context, conn *grpc.ClientConn, stdin io.Reader, stdout, stderr io.Writer, req *pb.SSHReceivePackRequest) (int32, error) {
+	ctx2, cancel := context.WithCancel(ctx)
+	defer cancel()
+
+	ssh := pb.NewSSHClient(conn)
+	stream, err := ssh.SSHReceivePack(ctx2)
+	if err != nil {
+		return 0, err
+	}
+
+	if err = stream.Send(req); err != nil {
+		return 0, err
+	}
+
+	inWriter := pbhelper.NewSendWriter(func(p []byte) error {
+		return stream.Send(&pb.SSHReceivePackRequest{Stdin: p})
+	})
+
+	return streamHandler(func() (stdoutStderrResponse, error) {
+		return stream.Recv()
+	}, func(errC chan error) {
+		_, errRecv := io.Copy(inWriter, stdin)
+		stream.CloseSend()
+		errC <- errRecv
+	}, stdout, stderr)
+}

go/vendor/gitlab.com/gitlab-org/gitaly/client/std_stream.go

+package client
+
+import (
+	"fmt"
+	"io"
+
+	pb "gitlab.com/gitlab-org/gitaly-proto/go"
+)
+
+type stdoutStderrResponse interface {
+	GetExitStatus() *pb.ExitStatus
+	GetStderr() []byte
+	GetStdout() []byte
+}
+
+func streamHandler(recv func() (stdoutStderrResponse, error), send func(chan error), stdout, stderr io.Writer) (int32, error) {
+	var (
+		exitStatus int32
+		err        error
+		resp       stdoutStderrResponse
+	)
+
+	errC := make(chan error, 1)
+
+	go send(errC)
+
+	for {
+		resp, err = recv()
+		if err != nil {
+			break
+		}
+		if resp.GetExitStatus() != nil {
+			exitStatus = resp.GetExitStatus().GetValue()
+		}
+
+		if len(resp.GetStderr()) > 0 {
+			if _, err = stderr.Write(resp.GetStderr()); err != nil {
+				break
+			}
+		}
+
+		if len(resp.GetStdout()) > 0 {
+			if _, err = stdout.Write(resp.GetStdout()); err != nil {
+				break
+			}
+		}
+	}
+	if err == io.EOF {
+		err = nil
+	}
+
+	if err != nil {
+		return exitStatus, err
+	}
+
+	select {
+	case errSend := <-errC:
+		if errSend != nil {
+			// This should not happen
+			errSend = fmt.Errorf("stdin send error: %v", errSend)
+		}
+		return exitStatus, errSend
+	default:
+		return exitStatus, nil
+	}
+}

go/vendor/gitlab.com/gitlab-org/gitaly/client/upload_pack.go

+package client
+
+import (
+	"io"
+
+	"google.golang.org/grpc"
+
+	"golang.org/x/net/context"
+
+	pb "gitlab.com/gitlab-org/gitaly-proto/go"
+	pbhelper "gitlab.com/gitlab-org/gitaly-proto/go/helper"
+)
+
+// UploadPack proxies an SSH git-upload-pack (git fetch) session to Gitaly
+func UploadPack(ctx context.Context, conn *grpc.ClientConn, stdin io.Reader, stdout, stderr io.Writer, req *pb.SSHUploadPackRequest) (int32, error) {
+	ctx2, cancel := context.WithCancel(ctx)
+	defer cancel()
+
+	ssh := pb.NewSSHClient(conn)
+	stream, err := ssh.SSHUploadPack(ctx2)
+	if err != nil {
+		return 0, err
+	}
+
+	if err = stream.Send(req); err != nil {
+		return 0, err
+	}
+
+	inWriter := pbhelper.NewSendWriter(func(p []byte) error {
+		return stream.Send(&pb.SSHUploadPackRequest{Stdin: p})
+	})
+
+	return streamHandler(func() (stdoutStderrResponse, error) {
+		return stream.Recv()
+	}, func(errC chan error) {
+		_, errRecv := io.Copy(inWriter, stdin)
+		stream.CloseSend()
+		errC <- errRecv
+	}, stdout, stderr)
+}

go/vendor/vendor.json

@@ -21,13 +21,29 @@
 			"revisionTime": "2017-03-31T03:19:02Z"
 		},
 		{
-			"checksumSHA1": "EE3twlbq1QkQ5J9dor9QFDR5LX4=",
+			"checksumSHA1": "FPNHA80Wu9QTcNcjbuw0kdLOg5Q=",
 			"path": "gitlab.com/gitlab-org/gitaly-proto/go",
-			"revision": "52f77b23166e640a932e50223472d761404afb42",
-			"revisionTime": "2017-03-29T16:52:58Z",
+			"revision": "e73c809c669748d0f49e257a249c4c12b59f7968",
+			"revisionTime": "2017-07-07T12:10:40Z",
 			"tree": true,
-			"version": "v0.5.0",
-			"versionExact": "v0.5.0"
+			"version": "v0.14.0",
+			"versionExact": "v0.14.0"
+		},
+		{
+			"checksumSHA1": "dUHJbKas746n5fLzlwxHb6FOCxs=",
+			"path": "gitlab.com/gitlab-org/gitaly/auth",
+			"revision": "e4f8d3d14cc3fe673cb511fb4d0189b68a158ccd",
+			"revisionTime": "2017-06-30T12:58:40Z",
+			"version": "v0.14.0",
+			"versionExact": "v0.14.0"
+		},
+		{
+			"checksumSHA1": "Z/BteCm3WErBI8bBmSN9gD+3EbU=",
+			"path": "gitlab.com/gitlab-org/gitaly/client",
+			"revision": "e4f8d3d14cc3fe673cb511fb4d0189b68a158ccd",
+			"revisionTime": "2017-06-30T12:58:40Z",
+			"version": "v0.14.0",
+			"versionExact": "v0.14.0"
 		},
 		{
 			"checksumSHA1": "Y+HGqEkYM15ir+J93MEaHdyFy0c=",

lib/gitlab_access_status.rb

 require 'json'
 
 class GitAccessStatus
-  attr_reader :message, :gl_repository, :repository_path
+  attr_reader :message, :gl_repository, :repository_path, :gitaly
 
-  def initialize(status, message, gl_repository, repository_path)
+  def initialize(status, message, gl_repository, repository_path, gitaly)
     @status = status
     @message = message
     @gl_repository = gl_repository
     @repository_path = repository_path
+    @gitaly = gitaly
   end
 
   def self.create_from_json(json)
     values = JSON.parse(json)
-    self.new(values["status"], values["message"], values["gl_repository"], values["repository_path"])
+    self.new(values["status"], values["message"], values["gl_repository"], values["repository_path"], values["gitaly"])
   end
 
   def allowed?

lib/gitlab_shell.rb

@@ -99,6 +99,7 @@ class GitlabShell
 
     self.repo_path = status.repository_path
     @gl_repository = status.gl_repository
+    @gitaly = status.gitaly
   end
 
   def process_cmd(args)
@@ -115,15 +116,16 @@ class GitlabShell
     executable = @command
     args = [repo_path]
 
-    if GITALY_MIGRATED_COMMANDS.has_key?(executable)
+    if GITALY_MIGRATED_COMMANDS.has_key?(executable) && @gitaly
       executable = GITALY_MIGRATED_COMMANDS[executable]
 
-      gitaly_address = '' # would be returned by gitlab-rails internal API
+      gitaly_address = @gitaly['address']
 
       # The entire gitaly_request hash should be built in gitlab-ce and passed
       # on as-is. For now we build a fake one on the spot.
       gitaly_request = JSON.dump({
-        'repository' => { 'path' => repo_path },
+        'repository' => @gitaly['repository'],
+        'gl_repository' => @gl_repository,
         'gl_id' => @key_id,
       })
 
@@ -153,6 +155,9 @@ class GitlabShell
       'GL_PROTOCOL' => GL_PROTOCOL,
       'GL_REPOSITORY' => @gl_repository
     }
+    if @gitaly && @gitaly.include?('token')
+      env['GITALY_TOKEN'] = @gitaly['token']
+    end
 
     if git_trace_available?
       env.merge!({

spec/gitlab_access_spec.rb

@@ -7,7 +7,7 @@ describe GitlabAccess do
   let(:repo_path)  { File.join(repository_path, repo_name) + ".git" }
   let(:api) do
     double(GitlabNet).tap do |api|
-      api.stub(check_access: GitAccessStatus.new(true, 'ok', 'project-1', '/home/git/repositories'))
+      api.stub(check_access: GitAccessStatus.new(true, 'ok', 'project-1', '/home/git/repositories', nil))
     end
   end
   subject do
@@ -38,7 +38,7 @@ describe GitlabAccess do
     context "access is denied" do
 
       before do
-        api.stub(check_access: GitAccessStatus.new(false, 'denied', nil, nil))
+        api.stub(check_access: GitAccessStatus.new(false, 'denied', nil, nil, nil))
       end
 
       it "returns false" do

spec/gitlab_shell_spec.rb

@@ -19,10 +19,12 @@ describe GitlabShell do
     end
   end
 
+  let(:gitaly_check_access) { GitAccessStatus.new(true, 'ok', gl_repository, repo_path, { 'repository' => { 'relative_path' => repo_name, 'storage_name' => 'default'} , 'address' => 'unix:gitaly.socket' })}
+
   let(:api) do
     double(GitlabNet).tap do |api|
       api.stub(discover: { 'name' => 'John Doe' })
-      api.stub(check_access: GitAccessStatus.new(true, 'ok', gl_repository, repo_path))
+      api.stub(check_access: GitAccessStatus.new(true, 'ok', gl_repository, repo_path, nil))
       api.stub(two_factor_recovery_codes: {
         'success' => true,
         'recovery_codes' => ['f67c514de60c4953', '41278385fc00c1e0']
@@ -128,7 +130,7 @@ describe GitlabShell do
   end
 
   describe :exec do
-    let(:gitaly_message) { JSON.dump({ 'repository' => { 'path' => repo_path }, 'gl_id' => key_id }) }
+    let(:gitaly_message) { JSON.dump({ 'repository' => { 'relative_path' => repo_name, 'storage_name' => 'default' }, 'gl_repository' => gl_repository , 'gl_id' => key_id}) }
 
     context 'git-upload-pack' do
       let(:ssh_cmd) { "git-upload-pack gitlab-ci.git" }
@@ -139,12 +141,40 @@ describe GitlabShell do
       end
 
       it "should execute the command" do
-        subject.should_receive(:exec_cmd).with(File.join(ROOT_PATH, "bin/gitaly-upload-pack"), '', gitaly_message)
+        subject.should_receive(:exec_cmd).with('git-upload-pack', repo_path)
+      end
+
+      it "should log the command execution" do
+        message = "gitlab-shell: executing git command "
+        message << "<git-upload-pack #{repo_path}> "
+        message << "for user with key #{key_id}."
+        $logger.should_receive(:info).with(message)
+      end
+
+      it "should use usernames if configured to do so" do
+        GitlabConfig.any_instance.stub(audit_usernames: true)
+        $logger.should_receive(:info).with(/for John Doe/)
+      end
+    end
+
+    context 'gitaly-upload-pack' do
+      let(:ssh_cmd) { "git-upload-pack gitlab-ci.git" }
+      before {
+        api.stub(check_access: gitaly_check_access)
+      }
+      after { subject.exec(ssh_cmd) }
+
+      it "should process the command" do
+        subject.should_receive(:process_cmd).with(%W(git-upload-pack gitlab-ci.git))
+      end
+
+      it "should execute the command" do
+        subject.should_receive(:exec_cmd).with(File.join(ROOT_PATH, "bin/gitaly-upload-pack"), 'unix:gitaly.socket', gitaly_message)
       end
 
       it "should log the command execution" do
         message = "gitlab-shell: executing git command "
-        message << "<gitaly-upload-pack  #{gitaly_message}> "
+        message << "<gitaly-upload-pack unix:gitaly.socket #{gitaly_message}> "
         message << "for user with key #{key_id}."
         $logger.should_receive(:info).with(message)
       end
@@ -164,17 +194,45 @@ describe GitlabShell do
       end
 
       it "should execute the command" do
-        subject.should_receive(:exec_cmd).with(File.join(ROOT_PATH, "bin/gitaly-receive-pack"), '', gitaly_message)
+        subject.should_receive(:exec_cmd).with('git-receive-pack', repo_path)
       end
 
       it "should log the command execution" do
         message = "gitlab-shell: executing git command "
-        message << "<gitaly-receive-pack  #{gitaly_message}> "
+        message << "<git-receive-pack #{repo_path}> "
         message << "for user with key #{key_id}."
         $logger.should_receive(:info).with(message)
       end
     end
 
+    context 'gitaly-receive-pack' do
+      let(:ssh_cmd) { "git-receive-pack gitlab-ci.git" }
+      before {
+        api.stub(check_access: gitaly_check_access)
+      }
+      after { subject.exec(ssh_cmd) }
+
+      it "should process the command" do
+        subject.should_receive(:process_cmd).with(%W(git-receive-pack gitlab-ci.git))
+      end
+
+      it "should execute the command" do
+        subject.should_receive(:exec_cmd).with(File.join(ROOT_PATH, "bin/gitaly-receive-pack"), 'unix:gitaly.socket', gitaly_message)
+      end
+
+      it "should log the command execution" do
+        message = "gitlab-shell: executing git command "
+        message << "<gitaly-receive-pack unix:gitaly.socket #{gitaly_message}> "
+        message << "for user with key #{key_id}."
+        $logger.should_receive(:info).with(message)
+      end
+
+      it "should use usernames if configured to do so" do
+        GitlabConfig.any_instance.stub(audit_usernames: true)
+        $logger.should_receive(:info).with(/for John Doe/)
+      end
+    end
+
     context 'arbitrary command' do
       let(:ssh_cmd) { 'arbitrary command' }
       after { subject.exec(ssh_cmd) }
@@ -268,7 +326,7 @@ describe GitlabShell do
       end
 
       it "should disallow access and log the attempt if check_access returns false status" do
-        api.stub(check_access: GitAccessStatus.new(false, 'denied', nil, nil))
+        api.stub(check_access: GitAccessStatus.new(false, 'denied', nil, nil, nil))
         message = "gitlab-shell: Access denied for git command <git-upload-pack gitlab-ci.git> "
         message << "by user with key #{key_id}."
         $logger.should_receive(:warn).with(message)