delta/gitlab/gitlab-shell.git/internal/gitlabnet/accessverifier, branch main gitlab.com: gitlab-org/gitlab-shell.git Perform HTTP request to primary on Geo push 2023-03-03T06:18:39+00:00 Igor Drozdov idrozdov@gitlab.com 2023-02-13T13:34:03+00:00 83a4e8e542e9f929e1c22b235b883ee67187c4c6 Currently, we perform a request to Gitlab Rails that proxies the request to primary However, it causes timeouts on big pushes and consumes large amount of memory. We can perform an HTTP request directly from Gitlab Shell instead and stream the response to the user 
Currently, we perform a request to Gitlab Rails that proxies
the request to primary

However, it causes timeouts on big pushes and consumes large
amount of memory. We can perform an HTTP request directly
from Gitlab Shell instead and stream the response to the user
Add support for the gssapi-with-mic auth method 2023-01-23T07:54:09+00:00 Marin Hannache git@mareo.fr 2023-01-23T07:54:09+00:00 51ea0f50f52d5d1dade02aadff3c163a0a792779 






Update Gitaly to v15
2022-08-05T15:44:56+00:00

Igor Drozdov
idrozdov@gitlab.com

2022-08-05T13:51:41+00:00

2c18767176ff7bade7a2d745b0e95f1687c27b5d

This commit also excludes gitlab-shell from dependencies:

Gitaly specifies Gitlab Shell as a dependency as well in order
to use gitlabnet client to perform API endpoints to Gitlab Rails.
As a result, Gitlab Shell requires Gitaly -> Gitaly requires an
older version of Gitlab Shell -> that version requires an older
version of Gitlab Shell, etc. Let's use exclude to break the
chain earlier





This commit also excludes gitlab-shell from dependencies:

Gitaly specifies Gitlab Shell as a dependency as well in order
to use gitlabnet client to perform API endpoints to Gitlab Rails.
As a result, Gitlab Shell requires Gitaly -> Gitaly requires an
older version of Gitlab Shell -> that version requires an older
version of Gitlab Shell, etc. Let's use exclude to break the
chain earlier







go: Bump major version to v14
2022-07-05T06:44:14+00:00

Patrick Steinhardt
psteinhardt@gitlab.com

2022-07-05T06:43:54+00:00

822e49b34afbc2092ae189091d693ae7867a8e5a

While gitlab-shell currently has a major version of v14, the module path
it exposes is not using that major version like it is required by the Go
standard. This makes it impossible for dependents to import gitlab-shell
as a dependency without using a commit as version.

Fix this by changing the module path of gitlab-shell to instead be
`gitlab.com/gitlab-org/gitlab-shell/v14` and adjust all imports
accordingly.

Changelog: fixed





While gitlab-shell currently has a major version of v14, the module path
it exposes is not using that major version like it is required by the Go
standard. This makes it impossible for dependents to import gitlab-shell
as a dependency without using a commit as version.

Fix this by changing the module path of gitlab-shell to instead be
`gitlab.com/gitlab-org/gitlab-shell/v14` and adjust all imports
accordingly.

Changelog: fixed







Pass original IP from PROXY requests to internal API calls
2022-06-30T20:27:33+00:00

Alejandro Rodríguez
alejorro70@gmail.com

2022-06-30T19:37:31+00:00

9b60ce49460876d0e599f2fec65f02856930dbcd












Merge branch 'sh-fix-remote-addr-handling' into 'main'
2022-05-09T09:47:20+00:00

Igor Drozdov
idrozdov@gitlab.com

2022-05-09T09:47:20+00:00

733845f9abec43b6573ba3a1167cc27ff2bfc199

Fix check_ip argument when gitlab-sshd used with PROXY protocol

See merge request gitlab-org/gitlab-shell!616




Fix check_ip argument when gitlab-sshd used with PROXY protocol

See merge request gitlab-org/gitlab-shell!616






Fix check_ip argument when gitlab-sshd used with PROXY protocol
2022-05-09T07:01:41+00:00

Stan Hu
stanhu@gmail.com

2022-05-09T06:52:31+00:00

14a406a2f4c82ff42fc5a1a985f66dcd7a645381

When gitlab-sshd were used with the PROXY protocol, the `check_ip`
argument passed to `/api/v4/internal/allowed` was the Go remote
address, which is a host and port combination
(e.g. 127.0.0.1:12345). As a result, This prevents IP restrictions
from working properly on Rails. We fix this by stripping out the port
if it is present.

When OpenSSH is used, this is not an issue because the IP address
is extracted from `SSH_CONNECTION`.

Changelog: fixed





When gitlab-sshd were used with the PROXY protocol, the `check_ip`
argument passed to `/api/v4/internal/allowed` was the Go remote
address, which is a host and port combination
(e.g. 127.0.0.1:12345). As a result, This prevents IP restrictions
from working properly on Rails. We fix this by stripping out the port
if it is present.

When OpenSSH is used, this is not an issue because the IP address
is extracted from `SSH_CONNECTION`.

Changelog: fixed







Always use Gitaly sidechannel connections
2022-05-02T09:35:12+00:00

Jacob Vosmaer
jacob@gitlab.com

2022-05-02T09:34:52+00:00

b2b31cee4a27cccd100a5f0aa546d5a515576ada

Before this change, the GitLab internal API could use a boolean
response field to indicate whether gitlab-shell should make
sidechannel connections go Gitaly. We now ignore that response field
and always use sidechannel connections.





Before this change, the GitLab internal API could use a boolean
response field to indicate whether gitlab-shell should make
sidechannel connections go Gitaly. We now ignore that response field
and always use sidechannel connections.







Support parsing `use_sidechannel` API response field
2022-01-25T11:32:45+00:00

Jacob Vosmaer
jacob@gitlab.com

2022-01-21T10:37:27+00:00

c1eeb524b9beaeb64e447ab1296787546184eaae

This field will act as a feature flag that controls whether
gitlab-shell uses the old SSHUploadPack RPC or the new
SSHUploadPackWithSidechannel.





This field will act as a feature flag that controls whether
gitlab-shell uses the old SSHUploadPack RPC or the new
SSHUploadPackWithSidechannel.







Refactor client response tests
2022-01-20T16:32:59+00:00

Jacob Vosmaer
jacob@gitlab.com

2022-01-20T15:36:28+00:00

2cf1af8e042f7e30d1e9f81c368e00fa0348a51e

This reduces coupling between tests in
internal/gitlabnet/accessverifier/client_test.go, and will make it
easier to add new test cases in the future.

Note that the test server had a special behavior for the username
"second", but this was never used. So we removed that behavior in this
commit.





This reduces coupling between tests in
internal/gitlabnet/accessverifier/client_test.go, and will make it
easier to add new test cases in the future.

Note that the test server had a special behavior for the username
"second", but this was never used. So we removed that behavior in this
commit.