delta/gitlab/gitlab-shell.git/internal, branch main gitlab.com: gitlab-org/gitlab-shell.git Configure a default ttl for personal access tokens 2023-05-11T20:38:36+00:00 Joe Woodward jwoodward@gitlab.com 2023-05-11T20:38:36+00:00 51b79bdb4ae60b1850989cca8eb4190d785408b0 Prior to this change personal access tokens without a ttl would never expire. In Gitlab 15.4 we deprecated non-expiring tokens and are scheduled for removal in 16.0. https://gitlab.com/gitlab-org/gitlab/-/issues/369122 This change alters the gitlab-shell command for creating tokens to ensure add a default limit of 30 days. Closes https://gitlab.com/gitlab-org/gitlab-shell/-/issues/640 
Prior to this change personal access tokens without a ttl would never
expire. In Gitlab 15.4 we deprecated non-expiring tokens and are
scheduled for removal in 16.0.

https://gitlab.com/gitlab-org/gitlab/-/issues/369122

This change alters the gitlab-shell command for creating tokens to
ensure add a default limit of 30 days.

Closes https://gitlab.com/gitlab-org/gitlab-shell/-/issues/640
Update golang-crypto fork version 2023-05-04T13:17:59+00:00 Igor Drozdov idrozdov@gitlab.com 2023-05-04T12:51:40+00:00 b4f79fd2f17180d84ce7ccae108d2f2d3f476dd5 It updates golang-crypto version and fixes the test that verifies the order of the supported algorithms 
It updates golang-crypto version and fixes the test that verifies
the order of the supported algorithms
Acceptance test for Geo push 2023-03-17T20:35:15+00:00 Igor Drozdov idrozdov@gitlab.com 2023-02-13T15:28:07+00:00 3bc0463c5b5db26d2ed61e5b1e884c75ef02a91c It imitates a push to the secondary and verifies that the push is redirected to the primary 
It imitates a push to the secondary and verifies that the push
is redirected to the primary
Configure Gitaly storage acceptance tests 2023-03-15T13:53:05+00:00 Patrick Cyiza jpcyiza@gitlab.com 2023-03-13T14:27:04+00:00 2cc92f02b8690368b004938e92f7cf4133745eb0 






Perform HTTP request to primary on Geo push
2023-03-03T06:18:39+00:00

Igor Drozdov
idrozdov@gitlab.com

2023-02-13T13:34:03+00:00

83a4e8e542e9f929e1c22b235b883ee67187c4c6

Currently, we perform a request to Gitlab Rails that proxies
the request to primary

However, it causes timeouts on big pushes and consumes large
amount of memory. We can perform an HTTP request directly
from Gitlab Shell instead and stream the response to the user





Currently, we perform a request to Gitlab Rails that proxies
the request to primary

However, it causes timeouts on big pushes and consumes large
amount of memory. We can perform an HTTP request directly
from Gitlab Shell instead and stream the response to the user







sshd: exclude gssapi when building without cgo
2023-02-23T19:37:05+00:00

Lorenz Brun
lorenz@brun.one

2023-02-23T19:37:05+00:00

c413f99cd6bb2df8465f1307c3e901626f11f4c2

MR #682 broke building without cgo enabled as it introduced a dependency
on a Kerberos library. This can only be disabled at runtime and thus
static builds of gitlab-sshd are no longer possible.

This change introduces an alternative implementation of the GSSAPI
structure which just rejects attempts to use it.
That alternative implementation gets automatically activated in case the
user is building without cgo.





MR #682 broke building without cgo enabled as it introduced a dependency
on a Kerberos library. This can only be disabled at runtime and thus
static builds of gitlab-sshd are no longer possible.

This change introduces an alternative implementation of the GSSAPI
structure which just rejects attempts to use it.
That alternative implementation gets automatically activated in case the
user is building without cgo.







Add DNS discovery support for Gitaly/Praefect
2023-02-14T09:16:13+00:00

Quang-Minh Nguyen
qmnguyen@gitlab.com

2023-02-14T09:16:13+00:00

11227dd8a136f8735fc2d3d434345f2c24112f87

All the implementations of DNS discovery were done in this epic:
https://gitlab.com/groups/gitlab-org/-/epics/8971. Gitaly allows clients
to configure DNS discovery via dial option. This MR adds the exposed
dial options to client connection creation in Gitlab-shell.

Issue: https://gitlab.com/gitlab-org/gitaly/-/issues/4722
Changelog: added





All the implementations of DNS discovery were done in this epic:
https://gitlab.com/groups/gitlab-org/-/epics/8971. Gitaly allows clients
to configure DNS discovery via dial option. This MR adds the exposed
dial options to client connection creation in Gitlab-shell.

Issue: https://gitlab.com/gitlab-org/gitaly/-/issues/4722
Changelog: added







feat: make retryable http default client
2023-01-30T08:54:42+00:00

Steve Azzopardi
sazzopardi@gitlab.com

2023-01-30T08:21:17+00:00

80f684e48eca2bf1ef2006d84f8c49bec7104344

What
---
Make the retryableHTTP client introduced in
https://gitlab.com/gitlab-org/gitlab-shell/-/merge_requests/703 the
default HTTP client.

Why
---
In
https://gitlab.com/gitlab-com/gl-infra/production/-/issues/7979#note_1254964426
we've seen a 99% error reduction on `git` commands from `gitlab-shell`
when the retryableHTTP client is used.

This has been running in production for over 2 weeks in `us-east1-b` and
5 days fleet-wide so we should be confident that this client works as
expected.

Reference: https://gitlab.com/gitlab-com/gl-infra/production/-/issues/7979
Signed-off-by: Steve Azzopardi <sazzopardi@gitlab.com>





What
---
Make the retryableHTTP client introduced in
https://gitlab.com/gitlab-org/gitlab-shell/-/merge_requests/703 the
default HTTP client.

Why
---
In
https://gitlab.com/gitlab-com/gl-infra/production/-/issues/7979#note_1254964426
we've seen a 99% error reduction on `git` commands from `gitlab-shell`
when the retryableHTTP client is used.

This has been running in production for over 2 weeks in `us-east1-b` and
5 days fleet-wide so we should be confident that this client works as
expected.

Reference: https://gitlab.com/gitlab-com/gl-infra/production/-/issues/7979
Signed-off-by: Steve Azzopardi <sazzopardi@gitlab.com>







Merge branch '196-add-kerberos-support' into 'main'
2023-01-23T07:54:09+00:00

Igor Drozdov
idrozdov@gitlab.com

2023-01-23T07:54:09+00:00

7750f56e0c42d619b2a6354d99601d4b4f311867

Add support for the gssapi-with-mic auth method

Closes #196

See merge request https://gitlab.com/gitlab-org/gitlab-shell/-/merge_requests/682

Merged-by: Igor Drozdov <idrozdov@gitlab.com>
Approved-by: Alejandro Rodríguez <alejandro@gitlab.com>
Approved-by: Patrick Bajao <ebajao@gitlab.com>
Approved-by: Costel Maxim <cmaxim@gitlab.com>
Approved-by: Igor Drozdov <idrozdov@gitlab.com>
Reviewed-by: Alejandro Rodríguez <alejandro@gitlab.com>
Reviewed-by: Igor Drozdov <idrozdov@gitlab.com>
Reviewed-by: Patrick Bajao <ebajao@gitlab.com>
Reviewed-by: Rohit Shambhuni <rshambhuni@gitlab.com>
Co-authored-by: Lee Tickett <ltickett@gitlab.com>
Co-authored-by: Marin Hannache <git@mareo.fr>




Add support for the gssapi-with-mic auth method

Closes #196

See merge request https://gitlab.com/gitlab-org/gitlab-shell/-/merge_requests/682

Merged-by: Igor Drozdov <idrozdov@gitlab.com>
Approved-by: Alejandro Rodríguez <alejandro@gitlab.com>
Approved-by: Patrick Bajao <ebajao@gitlab.com>
Approved-by: Costel Maxim <cmaxim@gitlab.com>
Approved-by: Igor Drozdov <idrozdov@gitlab.com>
Reviewed-by: Alejandro Rodríguez <alejandro@gitlab.com>
Reviewed-by: Igor Drozdov <idrozdov@gitlab.com>
Reviewed-by: Patrick Bajao <ebajao@gitlab.com>
Reviewed-by: Rohit Shambhuni <rshambhuni@gitlab.com>
Co-authored-by: Lee Tickett <ltickett@gitlab.com>
Co-authored-by: Marin Hannache <git@mareo.fr>






Add support for the gssapi-with-mic auth method
2023-01-23T07:54:09+00:00

Marin Hannache
git@mareo.fr

2023-01-23T07:54:09+00:00

51ea0f50f52d5d1dade02aadff3c163a0a792779