From 5d3816652e13cde6bf5e9de814d2c9d1e6593601 Mon Sep 17 00:00:00 2001
From: Adam Niedzielski <adamsunday@gmail.com>
Date: Thu, 26 Jan 2017 19:16:50 +0100
Subject: Introduce maximum session time for terminal websocket connection

Store the value in application settings.
Expose the value to Workhorse.
---
 app/models/application_setting.rb                 |  7 ++++++-
 app/models/project_services/kubernetes_service.rb | 11 ++++++++++-
 2 files changed, 16 insertions(+), 2 deletions(-)

(limited to 'app/models')

diff --git a/app/models/application_setting.rb b/app/models/application_setting.rb
index 2df8b071e13..9a4557524c4 100644
--- a/app/models/application_setting.rb
+++ b/app/models/application_setting.rb
@@ -111,6 +111,10 @@ class ApplicationSetting < ActiveRecord::Base
             presence: true,
             numericality: { only_integer: true, greater_than: :housekeeping_full_repack_period }
 
+  validates :terminal_max_session_time,
+            presence: true,
+            numericality: { only_integer: true, greater_than_or_equal_to: 0 }
+
   validates_each :restricted_visibility_levels do |record, attr, value|
     unless value.nil?
       value.each do |level|
@@ -204,7 +208,8 @@ class ApplicationSetting < ActiveRecord::Base
       signin_enabled: Settings.gitlab['signin_enabled'],
       signup_enabled: Settings.gitlab['signup_enabled'],
       two_factor_grace_period: 48,
-      user_default_external: false
+      user_default_external: false,
+      terminal_max_session_time: 0
     }
   end
 
diff --git a/app/models/project_services/kubernetes_service.rb b/app/models/project_services/kubernetes_service.rb
index fa3cedc4354..f2f019c43bb 100644
--- a/app/models/project_services/kubernetes_service.rb
+++ b/app/models/project_services/kubernetes_service.rb
@@ -1,4 +1,5 @@
 class KubernetesService < DeploymentService
+  include Gitlab::CurrentSettings
   include Gitlab::Kubernetes
   include ReactiveCaching
 
@@ -110,7 +111,7 @@ class KubernetesService < DeploymentService
       pods = data.fetch(:pods, nil)
       filter_pods(pods, app: environment.slug).
         flat_map { |pod| terminals_for_pod(api_url, namespace, pod) }.
-        map { |terminal| add_terminal_auth(terminal, token, ca_pem) }
+        each { |terminal| add_terminal_auth(terminal, terminal_auth) }
     end
   end
 
@@ -170,4 +171,12 @@ class KubernetesService < DeploymentService
 
     url.to_s
   end
+
+  def terminal_auth
+    {
+      token: token,
+      ca_pem: ca_pem,
+      max_session_time: current_application_settings.terminal_max_session_time
+    }
+  end
 end
-- 
cgit v1.2.1