diff options
author | Ahmad Hassan <ahmad.hassan612@gmail.com> | 2018-10-25 17:35:04 +0300 |
---|---|---|
committer | Ahmad Hassan <ahmad.hassan612@gmail.com> | 2018-10-30 17:10:29 +0300 |
commit | c6979035c114b40e3b49f5ff3572cdf5fe19bb0b (patch) | |
tree | cfb31adf14eb7a1b509f9359f75f764b2dee77be /lib/gitlab/gitaly_client.rb | |
parent | 4845401f36bd4ad53c6864e7aceb6577752c0731 (diff) |
Support tls communication in gitaly
Diffstat (limited to 'lib/gitlab/gitaly_client.rb')
-rw-r--r-- | lib/gitlab/gitaly_client.rb | 21 |
1 files changed, 17 insertions, 4 deletions
diff --git a/lib/gitlab/gitaly_client.rb b/lib/gitlab/gitaly_client.rb index d99a9f15371..c39b75c7fba 100644 --- a/lib/gitlab/gitaly_client.rb +++ b/lib/gitlab/gitaly_client.rb @@ -53,6 +53,10 @@ module Gitlab base_labels Gitlab::Metrics::Transaction::BASE_LABELS.merge(gitaly_service: nil, rpc: nil) end + def self.creds + Gitlab.config.gitaly.tls.credentials + end + def self.stub(name, storage) MUTEX.synchronize do @stubs ||= {} @@ -60,11 +64,20 @@ module Gitlab @stubs[storage][name] ||= begin klass = stub_class(name) addr = stub_address(storage) - klass.new(addr, :this_channel_is_insecure) + creds = stub_creds(storage) + klass.new(addr, creds) end end end + def self.stub_creds(storage) + if URI(address(storage)).scheme == 'tls' + GRPC::Code::ChannelCredentials.new + else + :this_channel_is_insecure + end + end + def self.stub_class(name) if name == :health_check Grpc::Health::V1::Health::Stub @@ -75,7 +88,7 @@ module Gitlab def self.stub_address(storage) addr = address(storage) - addr = addr.sub(%r{^tcp://}, '') if URI(addr).scheme == 'tcp' + addr = addr.sub(%r{^tcp://|^tls://}, '') if %w(tcp tls).include? URI(addr).scheme addr end @@ -98,8 +111,8 @@ module Gitlab raise "storage #{storage.inspect} is missing a gitaly_address" end - unless URI(address).scheme.in?(%w(tcp unix)) - raise "Unsupported Gitaly address: #{address.inspect} does not use URL scheme 'tcp' or 'unix'" + unless URI(address).scheme.in?(%w(tcp unix tls)) + raise "Unsupported Gitaly address: #{address.inspect} does not use URL scheme 'tcp' or 'unix' or 'tls'" end address |