As we reevaluate how to best support and maintain Staging Ref in the future, we encourage development teams using this environment to highlight their use cases in the following issue: https://gitlab.com/gitlab-com/gl-infra/software-delivery/framework/software-delivery-framework-issue-tracker/-/issues/36.

Skip to content
Snippets Groups Projects
Commit 688dde61 authored by Ahmad Hassan's avatar Ahmad Hassan
Browse files

Add support for gitaly tls

parent 9cf3334c
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
go/internal/handler/handler.go
+ 20
1
View file @ 688dde61
package handler
import (
"crypto/x509"
"os"
"os/exec"
"strings"
"syscall"
"google.golang.org/grpc"
"google.golang.org/grpc/credentials"
"gitlab.com/gitlab-org/gitaly/auth"
"gitlab.com/gitlab-org/gitaly/client"
@@ -31,6 +34,14 @@ func Prepare() error {
return nil
}
func transFormTls(gitalyAddress string) (string, bool) {
if !strings.HasPrefix(gitalyAddress, "tls://") {
return gitalyAddress, false
}
return strings.Replace(gitalyAddress, "tls://", "tcp://", 1), true
}
func execCommand(command string, args ...string) error {
binPath, err := exec.LookPath(command)
if err != nil {
@@ -41,11 +52,19 @@ func execCommand(command string, args ...string) error {
return syscall.Exec(binPath, args, os.Environ())
}
func dialOpts() []grpc.DialOption {
func dialOpts(tls bool) []grpc.DialOption {
connOpts := client.DefaultDialOpts
if token := os.Getenv("GITALY_TOKEN"); token != "" {
connOpts = append(client.DefaultDialOpts, grpc.WithPerRPCCredentials(gitalyauth.RPCCredentialsV2(token)))
}
if tls {
certPool, err := x509.SystemCertPool()
if err == nil {
creds := credentials.NewClientTLSFromCert(certPool, "")
connOpts = append(connOpts, grpc.WithTransportCredentials(creds))
}
}
return connOpts
}
go/internal/handler/receive_pack.go
+ 3
1
View file @ 688dde61
@@ -14,7 +14,9 @@ func ReceivePack(gitalyAddress string, request *pb.SSHReceivePackRequest) (int32
return 0, fmt.Errorf("no gitaly_address given")
}
conn, err := client.Dial(gitalyAddress, dialOpts())
gitalyAddress, isTls := transFormTls(gitalyAddress)
conn, err := client.Dial(gitalyAddress, dialOpts(isTls))
if err != nil {
return 0, err
}
go/internal/handler/upload_archive.go
+ 3
1
View file @ 688dde61
@@ -14,7 +14,9 @@ func UploadArchive(gitalyAddress string, request *pb.SSHUploadArchiveRequest) (i
return 0, fmt.Errorf("no gitaly_address given")
}
conn, err := client.Dial(gitalyAddress, dialOpts())
gitalyAddress, isTls := transFormTls(gitalyAddress)
conn, err := client.Dial(gitalyAddress, dialOpts(isTls))
if err != nil {
return 0, err
}
go/internal/handler/upload_pack.go
+ 2
1
View file @ 688dde61
@@ -14,7 +14,8 @@ func UploadPack(gitalyAddress string, request *pb.SSHUploadPackRequest) (int32,
return 0, fmt.Errorf("no gitaly_address given")
}
conn, err := client.Dial(gitalyAddress, dialOpts())
gitalyAddress, isTls := transFormTls(gitalyAddress)
conn, err := client.Dial(gitalyAddress, dialOpts(isTls))
if err != nil {
return 0, err
}
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

As we reevaluate how to best support and maintain Staging Ref in the future, we encourage development teams using this environment to highlight their use cases in the following issue: https://gitlab.com/gitlab-com/gl-infra/software-delivery/framework/software-delivery-framework-issue-tracker/-/issues/36.