add -gitlab-client-http-timeout -gitlab-client-jwt-expiry config flags

1 files changed, 37 insertions, 34 deletions

diff --git a/main.go b/main.go
index c4a6a4e2..4ec5ef96 100644
--- a/main.go
+++ b/main.go
@@ -33,39 +33,41 @@ func init() {
 }
 
 var (
-	pagesRootCert          = flag.String("root-cert", "", "The default path to file certificate to serve static pages")
-	pagesRootKey           = flag.String("root-key", "", "The default path to file certificate to serve static pages")
-	redirectHTTP           = flag.Bool("redirect-http", false, "Redirect pages from HTTP to HTTPS")
-	useHTTP2               = flag.Bool("use-http2", true, "Enable HTTP2 support")
-	pagesRoot              = flag.String("pages-root", "shared/pages", "The directory where pages are stored")
-	pagesDomain            = flag.String("pages-domain", "gitlab-example.com", "The domain to serve static pages")
-	artifactsServer        = flag.String("artifacts-server", "", "API URL to proxy artifact requests to, e.g.: 'https://gitlab.com/api/v4'")
-	artifactsServerTimeout = flag.Int("artifacts-server-timeout", 10, "Timeout (in seconds) for a proxied request to the artifacts server")
-	pagesStatus            = flag.String("pages-status", "", "The url path for a status page, e.g., /@status")
-	metricsAddress         = flag.String("metrics-address", "", "The address to listen on for metrics requests")
-	sentryDSN              = flag.String("sentry-dsn", "", "The address for sending sentry crash reporting to")
-	sentryEnvironment      = flag.String("sentry-environment", "", "The environment for sentry crash reporting")
-	daemonUID              = flag.Uint("daemon-uid", 0, "Drop privileges to this user")
-	daemonGID              = flag.Uint("daemon-gid", 0, "Drop privileges to this group")
-	daemonInplaceChroot    = flag.Bool("daemon-inplace-chroot", false, "Fall back to a non-bind-mount chroot of -pages-root when daemonizing")
-	logFormat              = flag.String("log-format", "text", "The log output format: 'text' or 'json'")
-	logVerbose             = flag.Bool("log-verbose", false, "Verbose logging")
-	_                      = flag.String("admin-secret-path", "", "DEPRECATED")
-	_                      = flag.String("admin-unix-listener", "", "DEPRECATED")
-	_                      = flag.String("admin-https-listener", "", "DEPRECATED")
-	_                      = flag.String("admin-https-cert", "", "DEPRECATED")
-	_                      = flag.String("admin-https-key", "", "DEPRECATED")
-	secret                 = flag.String("auth-secret", "", "Cookie store hash key, should be at least 32 bytes long.")
-	gitLabAuthServer       = flag.String("auth-server", "", "DEPRECATED, use gitlab-server instead. GitLab server, for example https://www.gitlab.com")
-	gitLabServer           = flag.String("gitlab-server", "", "GitLab server, for example https://www.gitlab.com")
-	gitLabAPISecretKey     = flag.String("api-secret-key", "", "File with secret key used to authenticate with the GitLab API")
-	clientID               = flag.String("auth-client-id", "", "GitLab application Client ID")
-	clientSecret           = flag.String("auth-client-secret", "", "GitLab application Client Secret")
-	redirectURI            = flag.String("auth-redirect-uri", "", "GitLab application redirect URI")
-	maxConns               = flag.Uint("max-conns", 5000, "Limit on the number of concurrent connections to the HTTP, HTTPS or proxy listeners")
-	insecureCiphers        = flag.Bool("insecure-ciphers", false, "Use default list of cipher suites, may contain insecure ones like 3DES and RC4")
-	tlsMinVersion          = flag.String("tls-min-version", "tls1.2", tlsconfig.FlagUsage("min"))
-	tlsMaxVersion          = flag.String("tls-max-version", "", tlsconfig.FlagUsage("max"))
+	pagesRootCert           = flag.String("root-cert", "", "The default path to file certificate to serve static pages")
+	pagesRootKey            = flag.String("root-key", "", "The default path to file certificate to serve static pages")
+	redirectHTTP            = flag.Bool("redirect-http", false, "Redirect pages from HTTP to HTTPS")
+	useHTTP2                = flag.Bool("use-http2", true, "Enable HTTP2 support")
+	pagesRoot               = flag.String("pages-root", "shared/pages", "The directory where pages are stored")
+	pagesDomain             = flag.String("pages-domain", "gitlab-example.com", "The domain to serve static pages")
+	artifactsServer         = flag.String("artifacts-server", "", "API URL to proxy artifact requests to, e.g.: 'https://gitlab.com/api/v4'")
+	artifactsServerTimeout  = flag.Int("artifacts-server-timeout", 10, "Timeout (in seconds) for a proxied request to the artifacts server")
+	pagesStatus             = flag.String("pages-status", "", "The url path for a status page, e.g., /@status")
+	metricsAddress          = flag.String("metrics-address", "", "The address to listen on for metrics requests")
+	sentryDSN               = flag.String("sentry-dsn", "", "The address for sending sentry crash reporting to")
+	sentryEnvironment       = flag.String("sentry-environment", "", "The environment for sentry crash reporting")
+	daemonUID               = flag.Uint("daemon-uid", 0, "Drop privileges to this user")
+	daemonGID               = flag.Uint("daemon-gid", 0, "Drop privileges to this group")
+	daemonInplaceChroot     = flag.Bool("daemon-inplace-chroot", false, "Fall back to a non-bind-mount chroot of -pages-root when daemonizing")
+	logFormat               = flag.String("log-format", "text", "The log output format: 'text' or 'json'")
+	logVerbose              = flag.Bool("log-verbose", false, "Verbose logging")
+	_                       = flag.String("admin-secret-path", "", "DEPRECATED")
+	_                       = flag.String("admin-unix-listener", "", "DEPRECATED")
+	_                       = flag.String("admin-https-listener", "", "DEPRECATED")
+	_                       = flag.String("admin-https-cert", "", "DEPRECATED")
+	_                       = flag.String("admin-https-key", "", "DEPRECATED")
+	secret                  = flag.String("auth-secret", "", "Cookie store hash key, should be at least 32 bytes long.")
+	gitLabAuthServer        = flag.String("auth-server", "", "DEPRECATED, use gitlab-server instead. GitLab server, for example https://www.gitlab.com")
+	gitLabServer            = flag.String("gitlab-server", "", "GitLab server, for example https://www.gitlab.com")
+	gitLabAPISecretKey      = flag.String("api-secret-key", "", "File with secret key used to authenticate with the GitLab API")
+	gitlabClientHTTPTimeout = flag.Int64("gitlab-client-http-timeout", 10, "GitLab API HTTP client connection timeout in seconds (default: 10s)")
+	gitlabClientJWTExpiry   = flag.Int64("gitlab-client-jwt-expiry", 30, "JWT Token expiry time in seconds (default: 30s)")
+	clientID                = flag.String("auth-client-id", "", "GitLab application Client ID")
+	clientSecret            = flag.String("auth-client-secret", "", "GitLab application Client Secret")
+	redirectURI             = flag.String("auth-redirect-uri", "", "GitLab application redirect URI")
+	maxConns                = flag.Uint("max-conns", 5000, "Limit on the number of concurrent connections to the HTTP, HTTPS or proxy listeners")
+	insecureCiphers         = flag.Bool("insecure-ciphers", false, "Use default list of cipher suites, may contain insecure ones like 3DES and RC4")
+	tlsMinVersion           = flag.String("tls-min-version", "tls1.2", tlsconfig.FlagUsage("min"))
+	tlsMaxVersion           = flag.String("tls-max-version", "", tlsconfig.FlagUsage("max"))
 
 	disableCrossOriginRequests = flag.Bool("disable-cross-origin-requests", false, "Disable cross-origin requests")
 
@@ -176,7 +178,8 @@ func configFromFlags() appConfig {
 	}
 
 	config.GitLabServer = gitlabServerFromFlags()
-
+	config.GitlabClientTimeout = *gitlabClientHTTPTimeout
+	config.GitlbaJWTTokenExpiry = *gitlabClientJWTExpiry
 	config.StoreSecret = *secret
 	config.ClientID = *clientID
 	config.ClientSecret = *clientSecret