From 70c910b8ca7ed57251b1bd043793430e4e9f4052 Mon Sep 17 00:00:00 2001 From: Jaime Martinez Date: Fri, 15 May 2020 16:21:26 +1000 Subject: Add domain-source config flag This is an incremental step for adding `-domain-source` as described in https://gitlab.com/gitlab-org/gitlab/-/issues/217912. We are only adding the flag here but it's not doing anything at the moment. Add TODO for implementation --- app_config.go | 5 +++++ internal/source/domains.go | 3 +++ internal/source/domains_test.go | 9 +++++++-- internal/source/gitlab/client/config.go | 1 + main.go | 17 ++++++++++------- 5 files changed, 26 insertions(+), 9 deletions(-) diff --git a/app_config.go b/app_config.go index 5d481bb6..9e10b4aa 100644 --- a/app_config.go +++ b/app_config.go @@ -33,6 +33,7 @@ type appConfig struct { GitLabAPISecretKey []byte GitlabClientHTTPTimeout time.Duration GitlabJWTTokenExpiration time.Duration + DomainSource string ClientID string ClientSecret string RedirectURI string @@ -58,3 +59,7 @@ func (config appConfig) GitlabClientConnectionTimeout() time.Duration { func (config appConfig) GitlabJWTTokenExpiry() time.Duration { return config.GitlabJWTTokenExpiration } + +func (config appConfig) DomainSourceConfig() string { + return config.DomainSource +} diff --git a/internal/source/domains.go b/internal/source/domains.go index 8de7c574..e2d24a67 100644 --- a/internal/source/domains.go +++ b/internal/source/domains.go @@ -41,6 +41,9 @@ type Domains struct { // not initialize `dm` as we later check the readiness by comparing it with a // nil value. func NewDomains(config Config) (*Domains, error) { + // TODO: choose domain source config via config.DomainSourceConfig() + // https://gitlab.com/gitlab-org/gitlab/-/issues/217912 + if len(config.InternalGitLabServerURL()) == 0 || len(config.GitlabAPISecret()) == 0 { return &Domains{disk: disk.New()}, nil } diff --git a/internal/source/domains_test.go b/internal/source/domains_test.go index ebafb6fc..4a328a3c 100644 --- a/internal/source/domains_test.go +++ b/internal/source/domains_test.go @@ -12,8 +12,9 @@ import ( ) type sourceConfig struct { - api string - secret string + api string + secret string + domainSource string } func (c sourceConfig) InternalGitLabServerURL() string { @@ -31,6 +32,10 @@ func (c sourceConfig) GitlabJWTTokenExpiry() time.Duration { return 30 * time.Second } +func (c sourceConfig) DomainSourceConfig() string { + return c.domainSource +} + func TestDomainSources(t *testing.T) { t.Run("when GitLab API URL has been provided", func(t *testing.T) { domains, err := NewDomains(sourceConfig{api: "https://gitlab.com", secret: "abc"}) diff --git a/internal/source/gitlab/client/config.go b/internal/source/gitlab/client/config.go index 19a87452..51b75025 100644 --- a/internal/source/gitlab/client/config.go +++ b/internal/source/gitlab/client/config.go @@ -9,4 +9,5 @@ type Config interface { GitlabAPISecret() []byte GitlabClientConnectionTimeout() time.Duration GitlabJWTTokenExpiry() time.Duration + DomainSourceConfig() string } diff --git a/main.go b/main.go index 2614fa0b..17cce4a2 100644 --- a/main.go +++ b/main.go @@ -65,13 +65,15 @@ var ( gitLabAPISecretKey = flag.String("api-secret-key", "", "File with secret key used to authenticate with the GitLab API") gitlabClientHTTPTimeout = flag.Duration("gitlab-client-http-timeout", 10*time.Second, "GitLab API HTTP client connection timeout in seconds (default: 10s)") gitlabClientJWTExpiry = flag.Duration("gitlab-client-jwt-expiry", 30*time.Second, "JWT Token expiry time in seconds (default: 30s)") - clientID = flag.String("auth-client-id", "", "GitLab application Client ID") - clientSecret = flag.String("auth-client-secret", "", "GitLab application Client Secret") - redirectURI = flag.String("auth-redirect-uri", "", "GitLab application redirect URI") - maxConns = flag.Uint("max-conns", 5000, "Limit on the number of concurrent connections to the HTTP, HTTPS or proxy listeners") - insecureCiphers = flag.Bool("insecure-ciphers", false, "Use default list of cipher suites, may contain insecure ones like 3DES and RC4") - tlsMinVersion = flag.String("tls-min-version", "tls1.2", tlsconfig.FlagUsage("min")) - tlsMaxVersion = flag.String("tls-max-version", "", tlsconfig.FlagUsage("max")) + // TODO: implement functionality for disk, auto and gitlab https://gitlab.com/gitlab-org/gitlab/-/issues/217912 + domainSource = flag.String("domain-source", "disk", "Domain configuration source 'disk', 'auto' or 'gitlab' (default: 'disk')") + clientID = flag.String("auth-client-id", "", "GitLab application Client ID") + clientSecret = flag.String("auth-client-secret", "", "GitLab application Client Secret") + redirectURI = flag.String("auth-redirect-uri", "", "GitLab application redirect URI") + maxConns = flag.Uint("max-conns", 5000, "Limit on the number of concurrent connections to the HTTP, HTTPS or proxy listeners") + insecureCiphers = flag.Bool("insecure-ciphers", false, "Use default list of cipher suites, may contain insecure ones like 3DES and RC4") + tlsMinVersion = flag.String("tls-min-version", "tls1.2", tlsconfig.FlagUsage("min")) + tlsMaxVersion = flag.String("tls-max-version", "", tlsconfig.FlagUsage("max")) disableCrossOriginRequests = flag.Bool("disable-cross-origin-requests", false, "Disable cross-origin requests") @@ -193,6 +195,7 @@ func configFromFlags() appConfig { config.InternalGitLabServer = internalGitLabServerFromFlags() config.GitlabClientHTTPTimeout = *gitlabClientHTTPTimeout config.GitlabJWTTokenExpiration = *gitlabClientJWTExpiry + config.DomainSource = *domainSource config.StoreSecret = *secret config.ClientID = *clientID config.ClientSecret = *clientSecret -- cgit v1.2.3 From 08f2aef1fdb04adc4da7c85b376dacf79207746c Mon Sep 17 00:00:00 2001 From: Jaime Martinez Date: Tue, 19 May 2020 10:34:55 +1000 Subject: Rename flag to domain-config-source --- app_config.go | 30 +++++++++++++++--------------- internal/source/domains.go | 2 +- internal/source/domains_test.go | 2 +- internal/source/gitlab/client/config.go | 2 +- main.go | 18 +++++++++--------- 5 files changed, 27 insertions(+), 27 deletions(-) diff --git a/app_config.go b/app_config.go index 9e10b4aa..3bc2197b 100644 --- a/app_config.go +++ b/app_config.go @@ -27,19 +27,19 @@ type appConfig struct { LogFormat string LogVerbose bool - StoreSecret string - GitLabServer string - InternalGitLabServer string - GitLabAPISecretKey []byte - GitlabClientHTTPTimeout time.Duration - GitlabJWTTokenExpiration time.Duration - DomainSource string - ClientID string - ClientSecret string - RedirectURI string - SentryDSN string - SentryEnvironment string - CustomHeaders []string + StoreSecret string + GitLabServer string + InternalGitLabServer string + GitLabAPISecretKey []byte + GitlabClientHTTPTimeout time.Duration + GitlabJWTTokenExpiration time.Duration + DomainConfigurationSource string + ClientID string + ClientSecret string + RedirectURI string + SentryDSN string + SentryEnvironment string + CustomHeaders []string } // InternalGitLabServerURL returns URL to a GitLab instance. @@ -60,6 +60,6 @@ func (config appConfig) GitlabJWTTokenExpiry() time.Duration { return config.GitlabJWTTokenExpiration } -func (config appConfig) DomainSourceConfig() string { - return config.DomainSource +func (config appConfig) DomainConfigSource() string { + return config.DomainConfigurationSource } diff --git a/internal/source/domains.go b/internal/source/domains.go index e2d24a67..7a376bc7 100644 --- a/internal/source/domains.go +++ b/internal/source/domains.go @@ -41,7 +41,7 @@ type Domains struct { // not initialize `dm` as we later check the readiness by comparing it with a // nil value. func NewDomains(config Config) (*Domains, error) { - // TODO: choose domain source config via config.DomainSourceConfig() + // TODO: choose domain source config via config.DomainConfigSource() // https://gitlab.com/gitlab-org/gitlab/-/issues/217912 if len(config.InternalGitLabServerURL()) == 0 || len(config.GitlabAPISecret()) == 0 { diff --git a/internal/source/domains_test.go b/internal/source/domains_test.go index 4a328a3c..9fffe4a9 100644 --- a/internal/source/domains_test.go +++ b/internal/source/domains_test.go @@ -32,7 +32,7 @@ func (c sourceConfig) GitlabJWTTokenExpiry() time.Duration { return 30 * time.Second } -func (c sourceConfig) DomainSourceConfig() string { +func (c sourceConfig) DomainConfigSource() string { return c.domainSource } diff --git a/internal/source/gitlab/client/config.go b/internal/source/gitlab/client/config.go index 51b75025..bd9aa061 100644 --- a/internal/source/gitlab/client/config.go +++ b/internal/source/gitlab/client/config.go @@ -9,5 +9,5 @@ type Config interface { GitlabAPISecret() []byte GitlabClientConnectionTimeout() time.Duration GitlabJWTTokenExpiry() time.Duration - DomainSourceConfig() string + DomainConfigSource() string } diff --git a/main.go b/main.go index 17cce4a2..010fbbdd 100644 --- a/main.go +++ b/main.go @@ -66,14 +66,14 @@ var ( gitlabClientHTTPTimeout = flag.Duration("gitlab-client-http-timeout", 10*time.Second, "GitLab API HTTP client connection timeout in seconds (default: 10s)") gitlabClientJWTExpiry = flag.Duration("gitlab-client-jwt-expiry", 30*time.Second, "JWT Token expiry time in seconds (default: 30s)") // TODO: implement functionality for disk, auto and gitlab https://gitlab.com/gitlab-org/gitlab/-/issues/217912 - domainSource = flag.String("domain-source", "disk", "Domain configuration source 'disk', 'auto' or 'gitlab' (default: 'disk')") - clientID = flag.String("auth-client-id", "", "GitLab application Client ID") - clientSecret = flag.String("auth-client-secret", "", "GitLab application Client Secret") - redirectURI = flag.String("auth-redirect-uri", "", "GitLab application redirect URI") - maxConns = flag.Uint("max-conns", 5000, "Limit on the number of concurrent connections to the HTTP, HTTPS or proxy listeners") - insecureCiphers = flag.Bool("insecure-ciphers", false, "Use default list of cipher suites, may contain insecure ones like 3DES and RC4") - tlsMinVersion = flag.String("tls-min-version", "tls1.2", tlsconfig.FlagUsage("min")) - tlsMaxVersion = flag.String("tls-max-version", "", tlsconfig.FlagUsage("max")) + domainConfigSource = flag.String("domain-config-source", "disk", "Domain configuration source 'disk', 'auto' or 'gitlab' (default: 'disk')") + clientID = flag.String("auth-client-id", "", "GitLab application Client ID") + clientSecret = flag.String("auth-client-secret", "", "GitLab application Client Secret") + redirectURI = flag.String("auth-redirect-uri", "", "GitLab application redirect URI") + maxConns = flag.Uint("max-conns", 5000, "Limit on the number of concurrent connections to the HTTP, HTTPS or proxy listeners") + insecureCiphers = flag.Bool("insecure-ciphers", false, "Use default list of cipher suites, may contain insecure ones like 3DES and RC4") + tlsMinVersion = flag.String("tls-min-version", "tls1.2", tlsconfig.FlagUsage("min")) + tlsMaxVersion = flag.String("tls-max-version", "", tlsconfig.FlagUsage("max")) disableCrossOriginRequests = flag.Bool("disable-cross-origin-requests", false, "Disable cross-origin requests") @@ -195,7 +195,7 @@ func configFromFlags() appConfig { config.InternalGitLabServer = internalGitLabServerFromFlags() config.GitlabClientHTTPTimeout = *gitlabClientHTTPTimeout config.GitlabJWTTokenExpiration = *gitlabClientJWTExpiry - config.DomainSource = *domainSource + config.DomainConfigurationSource = *domainConfigSource config.StoreSecret = *secret config.ClientID = *clientID config.ClientSecret = *clientSecret -- cgit v1.2.3 From 9d1b594d3accafa63c879a2c7796cfd5a44cefec Mon Sep 17 00:00:00 2001 From: Jaime Martinez Date: Tue, 19 May 2020 13:31:03 +1000 Subject: Replace license_management with license_scanning --- .gitlab-ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 3b166537..dce2ccfc 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,5 +1,5 @@ include: - - template: Security/License-Management.gitlab-ci.yml + - template: Security/License-Scanning.gitlab-ci.yml - template: Security/SAST.gitlab-ci.yml - template: Security/Dependency-Scanning.gitlab-ci.yml @@ -50,7 +50,7 @@ default: paths: - bin/gitlab-pages -license_management: +license_scanning: stage: prepare variables: LICENSE_MANAGEMENT_SETUP_CMD: go mod vendor -- cgit v1.2.3 From e7aaafad18934d57c8046fd641834fac344854ae Mon Sep 17 00:00:00 2001 From: Jaime Martinez Date: Tue, 19 May 2020 13:35:30 +1000 Subject: Override prepare stage With latest changes to autodevops templates it is now needed to override rules so that the jobs run on pipelines for merge requests. --- .gitlab-ci.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index dce2ccfc..bcb3c3d7 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -54,9 +54,19 @@ license_scanning: stage: prepare variables: LICENSE_MANAGEMENT_SETUP_CMD: go mod vendor + rules: + - if: $CI_MERGE_REQUEST_ID + when: on_success + - if: $CI_COMMIT_BRANCH == 'master' + when: on_success sast: stage: prepare + rules: + - if: $CI_MERGE_REQUEST_ID + when: on_success + - if: $CI_COMMIT_BRANCH == 'master' + when: on_success download deps: extends: .go-mod-cache -- cgit v1.2.3