diff options
author | Jaime Martinez <jmartinez@gitlab.com> | 2021-04-08 09:06:49 +0300 |
---|---|---|
committer | Jaime Martinez <jmartinez@gitlab.com> | 2021-04-13 04:14:16 +0300 |
commit | 34e1518038a8164c090ccfbfc30ebc7850e62cf0 (patch) | |
tree | 7cc8b5eb8c9b1c18eb106d7bd274f50a99d51f01 | |
parent | bda06683de6d93aeaff8d3c7357983ed7f0ccfc7 (diff) |
Allow serving zip from disk in chroot
This is a temporary workaround for https://gitlab.com/gitlab-org/gitlab/-/issues/326117#note_546346101
where daemon-inplace-chroot=true fails to serve zip archives when pages_serve_with_zip_file_protocol is enabled
To be removed after we roll-out zip architecture completely https://gitlab.com/gitlab-org/gitlab-pages/-/issues/561
Changelog: fixed
-rw-r--r-- | internal/config/config.go | 12 | ||||
-rw-r--r-- | internal/httpfs/http_fs.go | 7 | ||||
-rw-r--r-- | internal/vfs/zip/vfs.go | 20 | ||||
-rw-r--r-- | test/acceptance/zip_test.go | 22 |
4 files changed, 54 insertions, 7 deletions
diff --git a/internal/config/config.go b/internal/config/config.go index 0842a195..6de66bcf 100644 --- a/internal/config/config.go +++ b/internal/config/config.go @@ -146,6 +146,10 @@ type ZipServing struct { RefreshInterval time.Duration OpenTimeout time.Duration AllowedPaths []string + // TODO: this is a temporary workaround for https://gitlab.com/gitlab-org/gitlab/-/issues/326117#note_546346101 + // where daemon-inplace-chroot=true fails to serve zip archives when pages_serve_with_zip_file_protocol is enabled + // To be removed after we roll-out zip architecture completely https://gitlab.com/gitlab-org/gitlab-pages/-/issues/561 + ChrootPath string } func gitlabServerFromFlags() string { @@ -329,6 +333,14 @@ func loadConfig() *Config { setGitLabAPISecretKey(*gitLabAPISecretKey, config) } + // TODO: this is a temporary workaround for https://gitlab.com/gitlab-org/gitlab/-/issues/326117#note_546346101 + // where daemon-inplace-chroot=true fails to serve zip archives when pages_serve_with_zip_file_protocol is enabled + // To be removed after we roll-out zip architecture completely https://gitlab.com/gitlab-org/gitlab-pages/-/issues/561 + if config.Daemon.InplaceChroot { + config.Zip.ChrootPath = *pagesRoot + config.Zip.AllowedPaths = append(config.Zip.AllowedPaths, "/") + } + validateConfig(config) return config diff --git a/internal/httpfs/http_fs.go b/internal/httpfs/http_fs.go index cd2edb83..1ce90057 100644 --- a/internal/httpfs/http_fs.go +++ b/internal/httpfs/http_fs.go @@ -55,6 +55,13 @@ func (p *fileSystemPaths) Open(name string) (http.File, error) { return nil, err } for _, allowedPath := range p.allowedPaths { + // TODO: this is a temporary workaround for https://gitlab.com/gitlab-org/gitlab/-/issues/326117#note_546346101 + // where daemon-inplace-chroot=true fails to serve zip archives when pages_serve_with_zip_file_protocol is enabled + // To be removed after we roll-out zip architecture completely https://gitlab.com/gitlab-org/gitlab-pages/-/issues/561 + if allowedPath == "/" { + return os.Open(absPath) + } + if strings.HasPrefix(absPath, allowedPath+"/") { return os.Open(absPath) } diff --git a/internal/vfs/zip/vfs.go b/internal/vfs/zip/vfs.go index b69522f9..fc83fca2 100644 --- a/internal/vfs/zip/vfs.go +++ b/internal/vfs/zip/vfs.go @@ -5,6 +5,7 @@ import ( "errors" "net/http" "net/url" + "strings" "sync" "time" @@ -50,6 +51,11 @@ type zipVFS struct { archiveCount int64 httpClient *http.Client + + // TODO: this is a temporary workaround for https://gitlab.com/gitlab-org/gitlab/-/issues/326117#note_546346101 + // where daemon-inplace-chroot=true fails to serve zip archives when pages_serve_with_zip_file_protocol is enabled + // To be removed after we roll-out zip architecture completely https://gitlab.com/gitlab-org/gitlab-pages/-/issues/561 + chrootPath string } // New creates a zipVFS instance that can be used by a serving request @@ -93,6 +99,7 @@ func (fs *zipVFS) Reconfigure(cfg *config.Config) error { fs.cacheExpirationInterval = cfg.Zip.ExpirationInterval fs.cacheRefreshInterval = cfg.Zip.RefreshInterval fs.cacheCleanupInterval = cfg.Zip.CleanupInterval + fs.chrootPath = cfg.Zip.ChrootPath if err := fs.reconfigureTransport(cfg); err != nil { return err @@ -239,10 +246,21 @@ func (fs *zipVFS) findOrOpenArchive(ctx context.Context, key, path string) (*zip return nil, err } - err = zipArchive.openArchive(ctx, path) + err = zipArchive.openArchive(ctx, fs.removeChrootPath(path)) if err != nil { return nil, err } return zipArchive, nil } + +// TODO: this is a temporary workaround for https://gitlab.com/gitlab-org/gitlab/-/issues/326117#note_546346101 +// where daemon-inplace-chroot=true fails to serve zip archives when pages_serve_with_zip_file_protocol is enabled +// To be removed after we roll-out zip architecture completely https://gitlab.com/gitlab-org/gitlab-pages/-/issues/561 +func (fs *zipVFS) removeChrootPath(path string) string { + if fs.chrootPath == "" || strings.HasPrefix(path, "http") { + return path + } + + return strings.ReplaceAll(path, fs.chrootPath, "") +} diff --git a/test/acceptance/zip_test.go b/test/acceptance/zip_test.go index a7e82d27..008ccc4b 100644 --- a/test/acceptance/zip_test.go +++ b/test/acceptance/zip_test.go @@ -107,8 +107,6 @@ func TestZipServing(t *testing.T) { } func TestZipServingFromDisk(t *testing.T) { - skipUnlessEnabled(t, "not-inplace-chroot") - chdir := false defer testhelpers.ChdirInPath(t, "../../shared/pages", &chdir)() @@ -185,10 +183,22 @@ func TestZipServingFromDisk(t *testing.T) { expectedContent: "The page you're looking for could not be found", }, "file_not_allowed_in_path": { - host: "zip-not-allowed-path.gitlab.io", - urlSuffix: "/", - expectedStatusCode: http.StatusInternalServerError, - expectedContent: "Whoops, something went wrong on our end.", + host: "zip-not-allowed-path.gitlab.io", + urlSuffix: "/", + expectedStatusCode: func() int { + if os.Getenv("TEST_DAEMONIZE") == "inplace" { + return http.StatusNotFound + } + + return http.StatusInternalServerError + }(), + expectedContent: func() string { + if os.Getenv("TEST_DAEMONIZE") == "inplace" { + return "The page you're looking for could not be found" + } + + return "Whoops, something went wrong on our end." + }(), }, } |