delta/gitlab/gitlab-shell.git/internal, branch master gitlab.com: gitlab-org/gitlab-shell.git Add 2fa_verify command 2020-12-10T14:23:44+00:00 Imre Farkas ifarkas@gitlab.com 2020-12-01T13:46:27+00:00 1293a33014c9cfc82b0bc1b9525987476b2aa857 






Include key ID and type in metadata
2020-11-19T23:59:19+00:00

Ash McKenzie
amckenzie@gitlab.com

2020-11-19T23:59:19+00:00

97bb3321f711a21a33d1b9e1f3975654e23660b4












use testhelper for SSH_CONNECTION
2020-11-19T13:32:14+00:00

Igor Wiedler
iwiedler@gitlab.com

2020-11-19T13:32:14+00:00

f558aa505cb2803cc0680e9176f1e78b1f1a711a












test for client identity propagation
2020-11-19T13:30:30+00:00

Igor Wiedler
iwiedler@gitlab.com

2020-11-19T13:30:30+00:00

cd3129c383d02aadbd8703a0483e85b444072205












Propagate client identity to gitaly
2020-11-17T14:22:51+00:00

Igor Wiedler
iwiedler@gitlab.com

2020-11-17T14:22:51+00:00

f9384a90497bedc0002633b21076336c29a2c406












GitLab API Client support for client certificates
2020-11-17T04:01:50+00:00

Paul Okstad
pokstad@gitlab.com

2020-11-17T04:01:50+00:00

b16898c348ad4c110a87695903f8189ffd314033












Fix incorrect actor used to check permissions for SSH receive-pack
2020-10-19T20:26:46+00:00

Stan Hu
stanhu@gmail.com

2020-10-19T20:06:59+00:00

354f5bf20c3d1b48481bd4e6f4d4219f830b986b

During a SSH receive-pack request (e.g. `git push`), gitlab-shell was
incorrectly using the user returned by the `/internal/allowed` API
endpoint to make an SSHReceivePack RPC call. This caused a number of
problems with deploy keys with write access:

1. Keys that were generated by a blocked user would be denied the
ability to write.

2. Keys that were generated by user that did not have write access to
the project would also be denied.

GitLab 12.4 removed the Ruby implementation of gitlab-shell in favor of
the Golang implementation, and these implementations worked slightly
differently. In
https://gitlab.com/gitlab-org/gitlab-shell/blob/v10.1.0/lib/gitlab_shell.rb,
the Ruby implementation would always use `@who` (e.g. `key-123`), but in
gitlab-shell v10.2.0 the Go implementation would always use the user
from the API response.

Reads did not have this issue because the user/deploy key is never
passed to Gitaly for additional permission checks. Writes need this
information for the pre-receive to check access to protected branches,
push rules, etc.

Relates to https://gitlab.com/gitlab-org/gitlab-shell/-/issues/479





During a SSH receive-pack request (e.g. `git push`), gitlab-shell was
incorrectly using the user returned by the `/internal/allowed` API
endpoint to make an SSHReceivePack RPC call. This caused a number of
problems with deploy keys with write access:

1. Keys that were generated by a blocked user would be denied the
ability to write.

2. Keys that were generated by user that did not have write access to
the project would also be denied.

GitLab 12.4 removed the Ruby implementation of gitlab-shell in favor of
the Golang implementation, and these implementations worked slightly
differently. In
https://gitlab.com/gitlab-org/gitlab-shell/blob/v10.1.0/lib/gitlab_shell.rb,
the Ruby implementation would always use `@who` (e.g. `key-123`), but in
gitlab-shell v10.2.0 the Go implementation would always use the user
from the API response.

Reads did not have this issue because the user/deploy key is never
passed to Gitaly for additional permission checks. Writes need this
information for the pre-receive to check access to protected branches,
push rules, etc.

Relates to https://gitlab.com/gitlab-org/gitlab-shell/-/issues/479







Set SSL_CERT_DIR env var when building command
2020-10-19T07:53:12+00:00

Ash McKenzie
amckenzie@gitlab.com

2020-10-19T03:29:12+00:00

0478ba97950bd6606f823c8a26eeeecf617df653












Remove prefixing with SSL_CERT_DIR
2020-10-19T07:53:11+00:00

Ash McKenzie
amckenzie@gitlab.com

2020-10-19T03:41:45+00:00

f5f9ffc086fe52e2651fb498a76673bda3392bfd












tests: Replace assert with require
2020-10-15T06:44:05+00:00

Zeger-Jan van de Weg
git@zjvandeweg.nl

2020-10-15T06:44:05+00:00

308948b3838c88621e738762241e8d1980881a17

Testify features sub packages `assert` and `require`. The difference is
subtle, and lost on novice Golang developers that don't read the docs.
To create a more consistent code base `assert` will no longer be used.

This change was generated by a running a sed command on all `_test.go`
files, followed by `goimports -w`.





Testify features sub packages `assert` and `require`. The difference is
subtle, and lost on novice Golang developers that don't read the docs.
To create a more consistent code base `assert` will no longer be used.

This change was generated by a running a sed command on all `_test.go`
files, followed by `goimports -w`.