delta/gitlab/gitlab-shell.git/internal/gitlabnet, branch main gitlab.com: gitlab-org/gitlab-shell.git Perform HTTP request to primary on Geo push 2023-03-03T06:18:39+00:00 Igor Drozdov idrozdov@gitlab.com 2023-02-13T13:34:03+00:00 83a4e8e542e9f929e1c22b235b883ee67187c4c6 Currently, we perform a request to Gitlab Rails that proxies the request to primary However, it causes timeouts on big pushes and consumes large amount of memory. We can perform an HTTP request directly from Gitlab Shell instead and stream the response to the user 
Currently, we perform a request to Gitlab Rails that proxies
the request to primary

However, it causes timeouts on big pushes and consumes large
amount of memory. We can perform an HTTP request directly
from Gitlab Shell instead and stream the response to the user
feat: make retryable http default client 2023-01-30T08:54:42+00:00 Steve Azzopardi sazzopardi@gitlab.com 2023-01-30T08:21:17+00:00 80f684e48eca2bf1ef2006d84f8c49bec7104344 What --- Make the retryableHTTP client introduced in https://gitlab.com/gitlab-org/gitlab-shell/-/merge_requests/703 the default HTTP client. Why --- In https://gitlab.com/gitlab-com/gl-infra/production/-/issues/7979#note_1254964426 we've seen a 99% error reduction on `git` commands from `gitlab-shell` when the retryableHTTP client is used. This has been running in production for over 2 weeks in `us-east1-b` and 5 days fleet-wide so we should be confident that this client works as expected. Reference: https://gitlab.com/gitlab-com/gl-infra/production/-/issues/7979 Signed-off-by: Steve Azzopardi <sazzopardi@gitlab.com> 
What
---
Make the retryableHTTP client introduced in
https://gitlab.com/gitlab-org/gitlab-shell/-/merge_requests/703 the
default HTTP client.

Why
---
In
https://gitlab.com/gitlab-com/gl-infra/production/-/issues/7979#note_1254964426
we've seen a 99% error reduction on `git` commands from `gitlab-shell`
when the retryableHTTP client is used.

This has been running in production for over 2 weeks in `us-east1-b` and
5 days fleet-wide so we should be confident that this client works as
expected.

Reference: https://gitlab.com/gitlab-com/gl-infra/production/-/issues/7979
Signed-off-by: Steve Azzopardi <sazzopardi@gitlab.com>
Add support for the gssapi-with-mic auth method 2023-01-23T07:54:09+00:00 Marin Hannache git@mareo.fr 2023-01-23T07:54:09+00:00 51ea0f50f52d5d1dade02aadff3c163a0a792779 






Update Gitaly to v15
2022-08-05T15:44:56+00:00

Igor Drozdov
idrozdov@gitlab.com

2022-08-05T13:51:41+00:00

2c18767176ff7bade7a2d745b0e95f1687c27b5d

This commit also excludes gitlab-shell from dependencies:

Gitaly specifies Gitlab Shell as a dependency as well in order
to use gitlabnet client to perform API endpoints to Gitlab Rails.
As a result, Gitlab Shell requires Gitaly -> Gitaly requires an
older version of Gitlab Shell -> that version requires an older
version of Gitlab Shell, etc. Let's use exclude to break the
chain earlier





This commit also excludes gitlab-shell from dependencies:

Gitaly specifies Gitlab Shell as a dependency as well in order
to use gitlabnet client to perform API endpoints to Gitlab Rails.
As a result, Gitlab Shell requires Gitaly -> Gitaly requires an
older version of Gitlab Shell -> that version requires an older
version of Gitlab Shell, etc. Let's use exclude to break the
chain earlier







Simplify 2FA Push auth processing
2022-07-20T14:24:51+00:00

Igor Drozdov
idrozdov@gitlab.com

2022-07-16T13:15:06+00:00

f6feedf9008aff0713e4ff40bba3617fc724032a

Use a single channel to handle both Push Auth and OTP results





Use a single channel to handle both Push Auth and OTP results







Implement Push Auth support for 2FA verification
2022-07-18T05:28:32+00:00

kmcknight
kmcknight@gitlab.com

2021-02-26T01:17:25+00:00

fe5feeea22a639a4835724cf42b337773b54d83c

When `2fa_verify` command is executed:

- A user is asked to enter OTP
- A blocking call for push auth is performed

Then:

- If the push auth request fails, the user is still able to enter
OTP
- If OTP is invalid, the `2fa_verify` command ends the execution
- If OTP is valid or push auth request succeeded, then the user is
successfully authenticated
- If 30 seconds passed while no OTP or Push have been provided,
then the `2fa_verify` command ends the execution





When `2fa_verify` command is executed:

- A user is asked to enter OTP
- A blocking call for push auth is performed

Then:

- If the push auth request fails, the user is still able to enter
OTP
- If OTP is invalid, the `2fa_verify` command ends the execution
- If OTP is valid or push auth request succeeded, then the user is
successfully authenticated
- If 30 seconds passed while no OTP or Push have been provided,
then the `2fa_verify` command ends the execution







go: Bump major version to v14
2022-07-05T06:44:14+00:00

Patrick Steinhardt
psteinhardt@gitlab.com

2022-07-05T06:43:54+00:00

822e49b34afbc2092ae189091d693ae7867a8e5a

While gitlab-shell currently has a major version of v14, the module path
it exposes is not using that major version like it is required by the Go
standard. This makes it impossible for dependents to import gitlab-shell
as a dependency without using a commit as version.

Fix this by changing the module path of gitlab-shell to instead be
`gitlab.com/gitlab-org/gitlab-shell/v14` and adjust all imports
accordingly.

Changelog: fixed





While gitlab-shell currently has a major version of v14, the module path
it exposes is not using that major version like it is required by the Go
standard. This makes it impossible for dependents to import gitlab-shell
as a dependency without using a commit as version.

Fix this by changing the module path of gitlab-shell to instead be
`gitlab.com/gitlab-org/gitlab-shell/v14` and adjust all imports
accordingly.

Changelog: fixed







Pass original IP from PROXY requests to internal API calls
2022-06-30T20:27:33+00:00

Alejandro Rodríguez
alejorro70@gmail.com

2022-06-30T19:37:31+00:00

9b60ce49460876d0e599f2fec65f02856930dbcd












Merge branch 'sh-fix-remote-addr-handling' into 'main'
2022-05-09T09:47:20+00:00

Igor Drozdov
idrozdov@gitlab.com

2022-05-09T09:47:20+00:00

733845f9abec43b6573ba3a1167cc27ff2bfc199

Fix check_ip argument when gitlab-sshd used with PROXY protocol

See merge request gitlab-org/gitlab-shell!616




Fix check_ip argument when gitlab-sshd used with PROXY protocol

See merge request gitlab-org/gitlab-shell!616






Fix check_ip argument when gitlab-sshd used with PROXY protocol
2022-05-09T07:01:41+00:00

Stan Hu
stanhu@gmail.com

2022-05-09T06:52:31+00:00

14a406a2f4c82ff42fc5a1a985f66dcd7a645381

When gitlab-sshd were used with the PROXY protocol, the `check_ip`
argument passed to `/api/v4/internal/allowed` was the Go remote
address, which is a host and port combination
(e.g. 127.0.0.1:12345). As a result, This prevents IP restrictions
from working properly on Rails. We fix this by stripping out the port
if it is present.

When OpenSSH is used, this is not an issue because the IP address
is extracted from `SSH_CONNECTION`.

Changelog: fixed





When gitlab-sshd were used with the PROXY protocol, the `check_ip`
argument passed to `/api/v4/internal/allowed` was the Go remote
address, which is a host and port combination
(e.g. 127.0.0.1:12345). As a result, This prevents IP restrictions
from working properly on Rails. We fix this by stripping out the port
if it is present.

When OpenSSH is used, this is not an issue because the IP address
is extracted from `SSH_CONNECTION`.

Changelog: fixed