Merge branch 'add-domain-source-config' into 'master'

Add domain-config-source flag

See merge request gitlab-org/gitlab-pages!284

6 files changed, 50 insertions, 23 deletions

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 33f20858..c05e641b 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,5 +1,5 @@
 include:
-  - template: Security/License-Management.gitlab-ci.yml
+  - template: Security/License-Scanning.gitlab-ci.yml
   - template: Security/SAST.gitlab-ci.yml
   - template: Security/Dependency-Scanning.gitlab-ci.yml
 
@@ -50,13 +50,23 @@ default:
     paths:
       - bin/gitlab-pages
 
-license_management:
+license_scanning:
   stage: prepare
   variables:
     LICENSE_MANAGEMENT_SETUP_CMD: go mod vendor
+  rules:
+    - if: $CI_MERGE_REQUEST_ID
+      when: on_success
+    - if: $CI_COMMIT_BRANCH == 'master'
+      when: on_success
 
 sast:
   stage: prepare
+  rules:
+    - if: $CI_MERGE_REQUEST_ID
+      when: on_success
+    - if: $CI_COMMIT_BRANCH == 'master'
+      when: on_success
 
 download deps:
   extends: .go-mod-cache
diff --git a/app_config.go b/app_config.go
index 5d481bb6..3bc2197b 100644
--- a/app_config.go
+++ b/app_config.go
@@ -27,18 +27,19 @@ type appConfig struct {
 	LogFormat  string
 	LogVerbose bool
 
-	StoreSecret              string
-	GitLabServer             string
-	InternalGitLabServer     string
-	GitLabAPISecretKey       []byte
-	GitlabClientHTTPTimeout  time.Duration
-	GitlabJWTTokenExpiration time.Duration
-	ClientID                 string
-	ClientSecret             string
-	RedirectURI              string
-	SentryDSN                string
-	SentryEnvironment        string
-	CustomHeaders            []string
+	StoreSecret               string
+	GitLabServer              string
+	InternalGitLabServer      string
+	GitLabAPISecretKey        []byte
+	GitlabClientHTTPTimeout   time.Duration
+	GitlabJWTTokenExpiration  time.Duration
+	DomainConfigurationSource string
+	ClientID                  string
+	ClientSecret              string
+	RedirectURI               string
+	SentryDSN                 string
+	SentryEnvironment         string
+	CustomHeaders             []string
 }
 
 // InternalGitLabServerURL returns URL to a GitLab instance.
@@ -58,3 +59,7 @@ func (config appConfig) GitlabClientConnectionTimeout() time.Duration {
 func (config appConfig) GitlabJWTTokenExpiry() time.Duration {
 	return config.GitlabJWTTokenExpiration
 }
+
+func (config appConfig) DomainConfigSource() string {
+	return config.DomainConfigurationSource
+}
diff --git a/internal/source/domains.go b/internal/source/domains.go
index 8de7c574..7a376bc7 100644
--- a/internal/source/domains.go
+++ b/internal/source/domains.go
@@ -41,6 +41,9 @@ type Domains struct {
 // not initialize `dm` as we later check the readiness by comparing it with a
 // nil value.
 func NewDomains(config Config) (*Domains, error) {
+	// TODO: choose domain source config via config.DomainConfigSource()
+	// https://gitlab.com/gitlab-org/gitlab/-/issues/217912
+
 	if len(config.InternalGitLabServerURL()) == 0 || len(config.GitlabAPISecret()) == 0 {
 		return &Domains{disk: disk.New()}, nil
 	}
diff --git a/internal/source/domains_test.go b/internal/source/domains_test.go
index ebafb6fc..9fffe4a9 100644
--- a/internal/source/domains_test.go
+++ b/internal/source/domains_test.go
@@ -12,8 +12,9 @@ import (
 )
 
 type sourceConfig struct {
-	api    string
-	secret string
+	api          string
+	secret       string
+	domainSource string
 }
 
 func (c sourceConfig) InternalGitLabServerURL() string {
@@ -31,6 +32,10 @@ func (c sourceConfig) GitlabJWTTokenExpiry() time.Duration {
 	return 30 * time.Second
 }
 
+func (c sourceConfig) DomainConfigSource() string {
+	return c.domainSource
+}
+
 func TestDomainSources(t *testing.T) {
 	t.Run("when GitLab API URL has been provided", func(t *testing.T) {
 		domains, err := NewDomains(sourceConfig{api: "https://gitlab.com", secret: "abc"})
diff --git a/internal/source/gitlab/client/config.go b/internal/source/gitlab/client/config.go
index 19a87452..bd9aa061 100644
--- a/internal/source/gitlab/client/config.go
+++ b/internal/source/gitlab/client/config.go
@@ -9,4 +9,5 @@ type Config interface {
 	GitlabAPISecret() []byte
 	GitlabClientConnectionTimeout() time.Duration
 	GitlabJWTTokenExpiry() time.Duration
+	DomainConfigSource() string
 }
diff --git a/main.go b/main.go
index 2614fa0b..010fbbdd 100644
--- a/main.go
+++ b/main.go
@@ -65,13 +65,15 @@ var (
 	gitLabAPISecretKey      = flag.String("api-secret-key", "", "File with secret key used to authenticate with the GitLab API")
 	gitlabClientHTTPTimeout = flag.Duration("gitlab-client-http-timeout", 10*time.Second, "GitLab API HTTP client connection timeout in seconds (default: 10s)")
 	gitlabClientJWTExpiry   = flag.Duration("gitlab-client-jwt-expiry", 30*time.Second, "JWT Token expiry time in seconds (default: 30s)")
-	clientID                = flag.String("auth-client-id", "", "GitLab application Client ID")
-	clientSecret            = flag.String("auth-client-secret", "", "GitLab application Client Secret")
-	redirectURI             = flag.String("auth-redirect-uri", "", "GitLab application redirect URI")
-	maxConns                = flag.Uint("max-conns", 5000, "Limit on the number of concurrent connections to the HTTP, HTTPS or proxy listeners")
-	insecureCiphers         = flag.Bool("insecure-ciphers", false, "Use default list of cipher suites, may contain insecure ones like 3DES and RC4")
-	tlsMinVersion           = flag.String("tls-min-version", "tls1.2", tlsconfig.FlagUsage("min"))
-	tlsMaxVersion           = flag.String("tls-max-version", "", tlsconfig.FlagUsage("max"))
+	// TODO: implement functionality for disk, auto and gitlab https://gitlab.com/gitlab-org/gitlab/-/issues/217912
+	domainConfigSource = flag.String("domain-config-source", "disk", "Domain configuration source 'disk', 'auto' or 'gitlab' (default: 'disk')")
+	clientID           = flag.String("auth-client-id", "", "GitLab application Client ID")
+	clientSecret       = flag.String("auth-client-secret", "", "GitLab application Client Secret")
+	redirectURI        = flag.String("auth-redirect-uri", "", "GitLab application redirect URI")
+	maxConns           = flag.Uint("max-conns", 5000, "Limit on the number of concurrent connections to the HTTP, HTTPS or proxy listeners")
+	insecureCiphers    = flag.Bool("insecure-ciphers", false, "Use default list of cipher suites, may contain insecure ones like 3DES and RC4")
+	tlsMinVersion      = flag.String("tls-min-version", "tls1.2", tlsconfig.FlagUsage("min"))
+	tlsMaxVersion      = flag.String("tls-max-version", "", tlsconfig.FlagUsage("max"))
 
 	disableCrossOriginRequests = flag.Bool("disable-cross-origin-requests", false, "Disable cross-origin requests")
 
@@ -193,6 +195,7 @@ func configFromFlags() appConfig {
 	config.InternalGitLabServer = internalGitLabServerFromFlags()
 	config.GitlabClientHTTPTimeout = *gitlabClientHTTPTimeout
 	config.GitlabJWTTokenExpiration = *gitlabClientJWTExpiry
+	config.DomainConfigurationSource = *domainConfigSource
 	config.StoreSecret = *secret
 	config.ClientID = *clientID
 	config.ClientSecret = *clientSecret