diff options
author | Patrick Steinhardt <psteinhardt@gitlab.com> | 2020-04-14 08:35:21 +0300 |
---|---|---|
committer | Patrick Steinhardt <psteinhardt@gitlab.com> | 2020-04-14 08:35:21 +0300 |
commit | 64b6bd113578fa72f470a93a1df7c35919aebf49 (patch) | |
tree | 70d8599ddd86513ea8cd52cf7b2ff854465349b4 | |
parent | 88859ee2bf2e20846f54cecde36376bc471a2aa9 (diff) | |
parent | 60122beca6b8289c0ca0c9390245f72dfda1a560 (diff) |
Merge branch 'jc-pass-token-into-hook' into 'master'
Pass gitaly token into gitaly-hooks
See merge request gitlab-org/gitaly!2035
-rw-r--r-- | changelogs/unreleased/jc-pass-token-into-hook.yml | 5 | ||||
-rw-r--r-- | cmd/gitaly-hooks/hooks.go | 7 | ||||
-rw-r--r-- | cmd/gitaly-hooks/hooks_test.go | 52 | ||||
-rw-r--r-- | internal/git/receivepack.go | 1 | ||||
-rw-r--r-- | internal/service/smarthttp/receive_pack_test.go | 5 | ||||
-rw-r--r-- | internal/service/smarthttp/testhelper_test.go | 4 | ||||
-rw-r--r-- | internal/testhelper/testserver.go | 3 |
7 files changed, 46 insertions, 31 deletions
diff --git a/changelogs/unreleased/jc-pass-token-into-hook.yml b/changelogs/unreleased/jc-pass-token-into-hook.yml new file mode 100644 index 000000000..bee806f51 --- /dev/null +++ b/changelogs/unreleased/jc-pass-token-into-hook.yml @@ -0,0 +1,5 @@ +--- +title: Pass gitaly token into gitaly-hooks +merge_request: 2035 +author: +type: fixed diff --git a/cmd/gitaly-hooks/hooks.go b/cmd/gitaly-hooks/hooks.go index 552b9a663..e95c16c6a 100644 --- a/cmd/gitaly-hooks/hooks.go +++ b/cmd/gitaly-hooks/hooks.go @@ -65,7 +65,12 @@ func main() { logger.Fatal(errors.New("GITALY_SOCKET not set")) } - conn, err := client.Dial("unix://"+gitalySocket, dialOpts(os.Getenv("GITALY_TOKEN"))) + gitalyToken, ok := os.LookupEnv("GITALY_TOKEN") + if !ok { + logger.Fatal(errors.New("GITALY_TOKEN not set")) + } + + conn, err := client.Dial("unix://"+gitalySocket, dialOpts(gitalyToken)) if err != nil { logger.Fatalf("error when dialing: %v", err) } diff --git a/cmd/gitaly-hooks/hooks_test.go b/cmd/gitaly-hooks/hooks_test.go index 152da93fd..f9f247512 100644 --- a/cmd/gitaly-hooks/hooks_test.go +++ b/cmd/gitaly-hooks/hooks_test.go @@ -5,7 +5,6 @@ import ( "encoding/json" "fmt" "io/ioutil" - "net" "os" "os/exec" "path/filepath" @@ -20,7 +19,6 @@ import ( hook "gitlab.com/gitlab-org/gitaly/internal/service/hooks" "gitlab.com/gitlab-org/gitaly/internal/testhelper" "gitlab.com/gitlab-org/gitaly/proto/go/gitalypb" - "google.golang.org/grpc" "google.golang.org/grpc/reflection" ) @@ -86,8 +84,9 @@ func TestHooksPrePostReceive(t *testing.T) { gitObjectDirRegex := regexp.MustCompile(`(?m)^GIT_OBJECT_DIRECTORY=(.*)$`) gitAlternateObjectDirRegex := regexp.MustCompile(`(?m)^GIT_ALTERNATE_OBJECT_DIRECTORIES=(.*)$`) - srv, socket := runHookServiceServer(t) - defer srv.Stop() + token := "abc123" + socket, stop := runHookServiceServer(t, token) + defer stop() testCases := []struct { hookName string @@ -128,6 +127,7 @@ func TestHooksPrePostReceive(t *testing.T) { t, tempGitlabShellDir, socket, + token, testRepo, testhelper.GlHookValues{ GLID: glID, @@ -191,15 +191,16 @@ func TestHooksUpdate(t *testing.T) { config.Config.GitlabShell.Dir = tempGitlabShellDir - srv, socket := runHookServiceServer(t) - defer srv.Stop() + token := "abc123" + socket, stop := runHookServiceServer(t, token) + defer stop() require.NoError(t, os.MkdirAll(filepath.Join(tempGitlabShellDir, "hooks", "update.d"), 0755)) testhelper.MustRunCommand(t, nil, "cp", "testdata/update", filepath.Join(tempGitlabShellDir, "hooks", "update.d", "update")) for _, callRPC := range []bool{true, false} { t.Run(fmt.Sprintf("call rpc: %t", callRPC), func(t *testing.T) { - testHooksUpdate(t, tempGitlabShellDir, socket, testhelper.GlHookValues{ + testHooksUpdate(t, tempGitlabShellDir, socket, token, testhelper.GlHookValues{ GLID: glID, GLUsername: glUsername, GLRepo: glRepository, @@ -209,7 +210,7 @@ func TestHooksUpdate(t *testing.T) { } } -func testHooksUpdate(t *testing.T, gitlabShellDir, socket string, glValues testhelper.GlHookValues, callRPC bool) { +func testHooksUpdate(t *testing.T, gitlabShellDir, socket, token string, glValues testhelper.GlHookValues, callRPC bool) { testRepo, testRepoPath, cleanupFn := testhelper.NewTestRepo(t) defer cleanupFn() @@ -217,7 +218,7 @@ func testHooksUpdate(t *testing.T, gitlabShellDir, socket string, glValues testh updateHookPath, err := filepath.Abs("../../ruby/git-hooks/update") require.NoError(t, err) cmd := exec.Command(updateHookPath, refval, oldval, newval) - cmd.Env = testhelper.EnvForHooks(t, gitlabShellDir, socket, testRepo, glValues) + cmd.Env = testhelper.EnvForHooks(t, gitlabShellDir, socket, token, testRepo, glValues) cmd.Dir = testRepoPath tempFilePath := filepath.Join(testRepoPath, "tempfile") @@ -297,15 +298,16 @@ func TestHooksPostReceiveFailed(t *testing.T) { customHookOutputPath, cleanup := testhelper.WriteEnvToCustomHook(t, testRepoPath, "post-receive") defer cleanup() - srv, socket := runHookServiceServer(t) - defer srv.Stop() + token := "abc123" + socket, stop := runHookServiceServer(t, token) + defer stop() var stdout, stderr bytes.Buffer postReceiveHookPath, err := filepath.Abs("../../ruby/git-hooks/post-receive") require.NoError(t, err) cmd := exec.Command(postReceiveHookPath) - cmd.Env = testhelper.EnvForHooks(t, tempGitlabShellDir, socket, testRepo, testhelper.GlHookValues{ + cmd.Env = testhelper.EnvForHooks(t, tempGitlabShellDir, socket, token, testRepo, testhelper.GlHookValues{ GLID: glID, GLUsername: glUsername, GLRepo: glRepository, @@ -367,8 +369,9 @@ func TestHooksNotAllowed(t *testing.T) { defer cleanup() config.Config.GitlabShell.Dir = tempGitlabShellDir - srv, socket := runHookServiceServer(t) - defer srv.Stop() + token := "abc123" + socket, stop := runHookServiceServer(t, token) + defer stop() var stderr, stdout bytes.Buffer @@ -378,7 +381,7 @@ func TestHooksNotAllowed(t *testing.T) { cmd.Stderr = &stderr cmd.Stdout = &stdout cmd.Stdin = strings.NewReader(changes) - cmd.Env = testhelper.EnvForHooks(t, tempGitlabShellDir, socket, testRepo, testhelper.GlHookValues{ + cmd.Env = testhelper.EnvForHooks(t, tempGitlabShellDir, socket, token, testRepo, testhelper.GlHookValues{ GLID: glID, GLUsername: glUsername, GLRepo: glRepository, @@ -488,19 +491,12 @@ func TestCheckBadCreds(t *testing.T) { require.Equal(t, "FAILED. code: 401\n", stderr.String()) } -func runHookServiceServer(t *testing.T) (*grpc.Server, string) { - server := testhelper.NewTestGrpcServer(t, nil, nil) +func runHookServiceServer(t *testing.T, token string) (string, func()) { + server := testhelper.NewServerWithAuth(t, nil, nil, token) - serverSocketPath := testhelper.GetTemporaryGitalySocketFileName() - listener, err := net.Listen("unix", serverSocketPath) - if err != nil { - t.Fatal(err) - } - - gitalypb.RegisterHookServiceServer(server, hook.NewServer()) - reflection.Register(server) - - go server.Serve(listener) + gitalypb.RegisterHookServiceServer(server.GrpcServer(), hook.NewServer()) + reflection.Register(server.GrpcServer()) + require.NoError(t, server.Start()) - return server, serverSocketPath + return server.Socket(), server.Stop } diff --git a/internal/git/receivepack.go b/internal/git/receivepack.go index b321a83b1..4e65e1e1b 100644 --- a/internal/git/receivepack.go +++ b/internal/git/receivepack.go @@ -35,6 +35,7 @@ func HookEnv(req ReceivePackRequest) ([]string, error) { fmt.Sprintf("GL_REPOSITORY=%s", req.GetGlRepository()), fmt.Sprintf("GITALY_SOCKET=" + config.GitalyInternalSocketPath()), fmt.Sprintf("GITALY_REPO=%s", repo), + fmt.Sprintf("GITALY_TOKEN=%s", config.Config.Auth.Token), }, gitlabshell.Env()...), nil } diff --git a/internal/service/smarthttp/receive_pack_test.go b/internal/service/smarthttp/receive_pack_test.go index d79233b27..d8c9e0a45 100644 --- a/internal/service/smarthttp/receive_pack_test.go +++ b/internal/service/smarthttp/receive_pack_test.go @@ -353,6 +353,11 @@ func testPostReceivePackToHooks(t *testing.T, callRPC bool) { glRepository := "some_repo" glID := "key-123" + defer func(token string) { + config.Config.Auth.Token = token + }(config.Config.Auth.Token) + config.Config.Auth.Token = "abc123" + server, socket := runSmartHTTPHookServiceServer(t) defer server.Stop() diff --git a/internal/service/smarthttp/testhelper_test.go b/internal/service/smarthttp/testhelper_test.go index 212ff9a4c..34ad47776 100644 --- a/internal/service/smarthttp/testhelper_test.go +++ b/internal/service/smarthttp/testhelper_test.go @@ -7,6 +7,7 @@ import ( "testing" "github.com/stretchr/testify/require" + gitalyauth "gitlab.com/gitlab-org/gitaly/auth" "gitlab.com/gitlab-org/gitaly/internal/config" "gitlab.com/gitlab-org/gitaly/internal/git/hooks" "gitlab.com/gitlab-org/gitaly/internal/testhelper" @@ -40,7 +41,7 @@ func testMain(m *testing.M) int { } func runSmartHTTPServer(t *testing.T, serverOpts ...ServerOpt) (string, func()) { - srv := testhelper.NewServer(t, nil, nil) + srv := testhelper.NewServerWithAuth(t, nil, nil, config.Config.Auth.Token) gitalypb.RegisterSmartHTTPServiceServer(srv.GrpcServer(), NewServer(serverOpts...)) reflection.Register(srv.GrpcServer()) @@ -53,6 +54,7 @@ func runSmartHTTPServer(t *testing.T, serverOpts ...ServerOpt) (string, func()) func newSmartHTTPClient(t *testing.T, serverSocketPath string) (gitalypb.SmartHTTPServiceClient, *grpc.ClientConn) { connOpts := []grpc.DialOption{ grpc.WithInsecure(), + grpc.WithPerRPCCredentials(gitalyauth.RPCCredentials(config.Config.Auth.Token)), } conn, err := grpc.Dial(serverSocketPath, connOpts...) if err != nil { diff --git a/internal/testhelper/testserver.go b/internal/testhelper/testserver.go index 11ca87255..175b4c7b7 100644 --- a/internal/testhelper/testserver.go +++ b/internal/testhelper/testserver.go @@ -467,7 +467,7 @@ type GlHookValues struct { var jsonpbMarshaller jsonpb.Marshaler // EnvForHooks generates a set of environment variables for gitaly hooks -func EnvForHooks(t TB, gitlabShellDir, gitalySocket string, repo *gitalypb.Repository, glHookValues GlHookValues, gitPushOptions ...string) []string { +func EnvForHooks(t TB, gitlabShellDir, gitalySocket, gitalyToken string, repo *gitalypb.Repository, glHookValues GlHookValues, gitPushOptions ...string) []string { rubyDir, err := filepath.Abs("../../ruby") require.NoError(t, err) @@ -482,6 +482,7 @@ func EnvForHooks(t TB, gitlabShellDir, gitalySocket string, repo *gitalypb.Repos fmt.Sprintf("GL_PROTOCOL=%s", glHookValues.GLProtocol), fmt.Sprintf("GL_USERNAME=%s", glHookValues.GLUsername), fmt.Sprintf("GITALY_SOCKET=%s", gitalySocket), + fmt.Sprintf("GITALY_TOKEN=%s", gitalyToken), fmt.Sprintf("GITALY_REPO=%v", repoString), fmt.Sprintf("GITALY_GITLAB_SHELL_DIR=%s", gitlabShellDir), fmt.Sprintf("GITALY_LOG_DIR=%s", gitlabShellDir), |