delta/gitlab/gitlab-shell.git/cmd, branch rate-limiting-docs gitlab.com: gitlab-org/gitlab-shell.git Suppress internal errors in client output 2021-12-28T21:06:19+00:00 Will Chandler wchandler@gitlab.com 2021-12-10T14:55:07+00:00 3a8bab437d8d0fd9bfa29bc5edd07ae5903af84d Until recently, Gitaly was silently swallowing any errors returned by SSH `git upload-pack` processes. Clients would still receive stderr output and a non-zero return code, but Gitlab-Shell would receive error as nil and log success. With 9deaf47f1ecb00f0f36d18ee4a0fb1576f5a0efe Gitaly will now return an error when git fails, but this causes Gitlab-Shell to print out the GRPC error code as a message to the client: > fatal: couldn't find remote ref not-a-real-ref > fatal: the remote end hung up unexpectedly > remote: > remote: > ======================================================================== > remote: > remote: rpc error: code = Internal desc = SSHUploadPack: exit status 128 > remote: > remote: > ======================================================================== > remote: The `remote:` text gives no additional context for the user and adds clutter. This commit suppresses the additional message added by Gitlab-Shell on failure when the error type is `Internal`, returning client output to the format it was prior to the Gitaly change. 
Until recently, Gitaly was silently swallowing any errors returned by
SSH `git upload-pack` processes. Clients would still receive stderr
output and a non-zero return code, but Gitlab-Shell would receive error
as nil and log success.

With 9deaf47f1ecb00f0f36d18ee4a0fb1576f5a0efe Gitaly will now return an
error when git fails, but this causes Gitlab-Shell to print out the
GRPC error code as a message to the client:

> fatal: couldn't find remote ref not-a-real-ref
> fatal: the remote end hung up unexpectedly
> remote:
> remote:
> ========================================================================
> remote:
> remote: rpc error: code = Internal desc = SSHUploadPack: exit status 128
> remote:
> remote:
> ========================================================================
> remote:

The `remote:` text gives no additional context for the user and adds
clutter.

This commit suppresses the additional message added by Gitlab-Shell on
failure when the error type is `Internal`, returning client output to
the format it was prior to the Gitaly change.
Send full git request/response in SSHD tests 2021-12-22T19:00:15+00:00 Will Chandler wchandler@gitlab.com 2021-12-22T18:30:21+00:00 922bb8ff61578a68126ba215e94e0c3d4c34bbf9 Before 9deaf47f1ecb00f0f36d18ee4a0fb1576f5a0efe, Gitaly would return success for `SSHUploadPack` and `SSHUploadArchive` regardless of the exit code of the `git upload-pack|archive` process. As a result, the gitlab-sshd acceptance tests could rely on no errors being returned from Gitaly. Currently these tests send the minimum request needed to start a session, causing the server git process to fail as the `0000` flush packet to end the session is never sent. This commit fixes the tests by sending the full request/response needed for a successful git operation. 
Before 9deaf47f1ecb00f0f36d18ee4a0fb1576f5a0efe, Gitaly would return
success for `SSHUploadPack` and `SSHUploadArchive` regardless of the
exit code of the `git upload-pack|archive` process. As a result, the
gitlab-sshd acceptance tests could rely on no errors being returned from
Gitaly.

Currently these tests send the minimum request needed to start a
session, causing the server git process to fail as the `0000` flush
packet to end the session is never sent.

This commit fixes the tests by sending the full request/response needed
for a successful git operation.
Relax key and username matching for sshd 2021-11-11T00:48:26+00:00 Stan Hu stanhu@gmail.com 2021-11-10T20:31:58+00:00 672013e702cb44c3bc1b46807703295448dc0afc Due to the way sshd works, gitlab-shell could be called with a single string in the form: ``` /path/to/gitlab-shell -c key-id ``` However, due to the tightening of the regular expressions in fcff692b this string no longer matches, so logins would fail with: ``` Failed to get username: who='' is invalid ``` This can be reproduced by changing the user's shell to point to gitlab-shell. For example: ``` usermod git -s /opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell ``` While setting gitlab-shell as the user's shell isn't officially supported, gitlab-shell still should be able to cope with the key being specified as the last argument. We now split the argument list and use the last value. Relates to https://gitlab.com/gitlab-org/gitlab-shell/-/issues/530 
Due to the way sshd works, gitlab-shell could be called with a single
string in the form:

```
/path/to/gitlab-shell -c key-id
```

However, due to the tightening of the regular expressions in fcff692b
this string no longer matches, so logins would fail with:

```
Failed to get username: who='' is invalid
```

This can be reproduced by changing the user's shell to point to
gitlab-shell. For example:

```
usermod git -s /opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell
```

While setting gitlab-shell as the user's shell isn't officially
supported, gitlab-shell still should be able to cope with the key being
specified as the last argument. We now split the argument list and use
the last value.

Relates to https://gitlab.com/gitlab-org/gitlab-shell/-/issues/530
Log command invocation 2021-10-07T09:43:27+00:00 Nick Thomas nick@gitlab.com 2021-10-07T09:43:27+00:00 e77f0d0603d622d3a2554e55fe62bc1615fca55b Use reflection to log the command we are about to execute, both in gitlab-shell and gitlab-sshd. Include the environment, which has all the context we need to understand what the command is expected to do. Changelog: added 
Use reflection to log the command we are about to execute, both in
gitlab-shell and gitlab-sshd. Include the environment, which has all
the context we need to understand what the command is expected to do.

Changelog: added
Don't swallow an error parsing SSH_ORIGINAL_COMMAND 2021-09-27T19:25:10+00:00 Nick Thomas nick@gitlab.com 2021-09-27T18:28:06+00:00 5564ea9ca23217687a6e6c091f3b4fc11e375a2f 






refactor: unify instantiation of command.Shell
2021-09-20T08:19:41+00:00

feistel
6742251-feistel@users.noreply.gitlab.com

2021-09-20T08:19:41+00:00

65dadb7e51e206b6411a4518f8a26471d586bc6f












Add context fields to logging
2021-09-15T17:46:08+00:00

Igor Drozdov
idrozdov@gitlab.com

2021-09-15T17:46:00+00:00

af3aac6b459791fabd8ebc306cdff47c609fbf53

It adds correlation ids wherever possible





It adds correlation ids wherever possible







refactor: fix style issues
2021-09-08T15:45:06+00:00

feistel
6742251-feistel@users.noreply.gitlab.com

2021-09-08T15:45:06+00:00

515bfeb98c87e04d36650939aa99e48f28555f85












refactor: cleanup func signature and remove unused args
2021-09-08T15:04:21+00:00

feistel
6742251-feistel@users.noreply.gitlab.com

2021-09-08T15:04:21+00:00

d0e09b414a9b069ec7bcbed2880b93c27cf3727c












refactor: rearchitect command and executable Go modules
2021-09-08T14:41:57+00:00

feistel
6742251-feistel@users.noreply.gitlab.com

2021-09-08T14:40:35+00:00

67415dc4f6f293460517d4281b5e4e80e66ffb91