Merge branch 'remote_user' into 'master'

translate gl_username -> REMOTE_USER

See merge request gitlab-org/gitlab-shell!158

5 files changed, 77 insertions, 19 deletions

diff --git a/lib/gitlab_access_status.rb b/lib/gitlab_access_status.rb
index 988ff7a..69d914e 100644
--- a/lib/gitlab_access_status.rb
+++ b/lib/gitlab_access_status.rb
@@ -1,12 +1,13 @@
 require 'json'
 
 class GitAccessStatus
-  attr_reader :message, :gl_repository, :repository_path, :gitaly, :geo_node
+  attr_reader :message, :gl_repository, :gl_username, :repository_path, :gitaly, :geo_node
 
-  def initialize(status, message, gl_repository, repository_path, gitaly, geo_node = false)
+  def initialize(status, message, gl_repository:, gl_username:, repository_path:, gitaly:, geo_node:)
     @status = status
     @message = message
     @gl_repository = gl_repository
+    @gl_username = gl_username
     @repository_path = repository_path
     @gitaly = gitaly
     @geo_node = geo_node
@@ -16,10 +17,11 @@ class GitAccessStatus
     values = JSON.parse(json)
     self.new(values["status"],
              values["message"],
-             values["gl_repository"],
-             values["repository_path"],
-             values["gitaly"],
-             values["geo_node"])
+             gl_repository: values["gl_repository"],
+             gl_username: values["gl_username"],
+             repository_path: values["repository_path"],
+             gitaly: values["gitaly"],
+             geo_node: values["geo_node"])
   end
 
   def allowed?
diff --git a/lib/gitlab_net.rb b/lib/gitlab_net.rb
index de0cc57..34f10c5 100644
--- a/lib/gitlab_net.rb
+++ b/lib/gitlab_net.rb
@@ -40,7 +40,13 @@ class GitlabNet
     if resp.code == '200'
       GitAccessStatus.create_from_json(resp.body)
     else
-      GitAccessStatus.new(false, 'API is not accessible', nil, nil, nil)
+      GitAccessStatus.new(false,
+                          'API is not accessible',
+                          gl_repository: nil,
+                          gl_username: nil,
+                          repository_path: nil,
+                          gitaly: nil,
+                          geo_node: false)
     end
   end
 
diff --git a/lib/gitlab_shell.rb b/lib/gitlab_shell.rb
index 243c629..e7e7f04 100644
--- a/lib/gitlab_shell.rb
+++ b/lib/gitlab_shell.rb
@@ -20,7 +20,7 @@ class GitlabShell
   # to undo an already set parameter: https://www.spinics.net/lists/git/msg256772.html
   GIT_CONFIG_SHOW_ALL_REFS = "transfer.hideRefs=!refs".freeze
 
-  attr_accessor :key_id, :gl_repository, :repo_name, :command, :git_access, :show_all_refs
+  attr_accessor :key_id, :gl_repository, :repo_name, :command, :git_access, :show_all_refs, :username
   attr_reader :repo_path
 
   def initialize(key_id)
@@ -113,6 +113,7 @@ class GitlabShell
     @gl_repository = status.gl_repository
     @gitaly = status.gitaly
     @show_all_refs = status.geo_node
+    @username = status.gl_username
   end
 
   def process_cmd(args)
@@ -139,7 +140,8 @@ class GitlabShell
       gitaly_request = {
         'repository' => @gitaly['repository'],
         'gl_repository' => @gl_repository,
-        'gl_id' => @key_id
+        'gl_id' => @key_id,
+        'gl_username' => @username
       }
 
       gitaly_request['git_config_options'] = [GIT_CONFIG_SHOW_ALL_REFS] if @show_all_refs
@@ -168,7 +170,8 @@ class GitlabShell
       'LANG' => ENV['LANG'],
       'GL_ID' => @key_id,
       'GL_PROTOCOL' => GL_PROTOCOL,
-      'GL_REPOSITORY' => @gl_repository
+      'GL_REPOSITORY' => @gl_repository,
+      'GL_USERNAME' => @username
     }
     if @gitaly && @gitaly.include?('token')
       env['GITALY_TOKEN'] = @gitaly['token']
diff --git a/spec/gitlab_access_spec.rb b/spec/gitlab_access_spec.rb
index f91a8a5..7aea779 100644
--- a/spec/gitlab_access_spec.rb
+++ b/spec/gitlab_access_spec.rb
@@ -7,7 +7,13 @@ describe GitlabAccess do
   let(:repo_path)  { File.join(repository_path, repo_name) + ".git" }
   let(:api) do
     double(GitlabNet).tap do |api|
-      api.stub(check_access: GitAccessStatus.new(true, 'ok', 'project-1', '/home/git/repositories', nil))
+      api.stub(check_access: GitAccessStatus.new(true,
+                                                 'ok',
+                                                 gl_repository: 'project-1',
+                                                 gl_username: 'testuser',
+                                                 repository_path: '/home/git/repositories',
+                                                 gitaly: nil,
+                                                 geo_node: nil))
     end
   end
   subject do
@@ -38,7 +44,15 @@ describe GitlabAccess do
     context "access is denied" do
 
       before do
-        api.stub(check_access: GitAccessStatus.new(false, 'denied', nil, nil, nil))
+        api.stub(check_access: GitAccessStatus.new(
+                  false,
+                  'denied',
+                  gl_repository: nil,
+                  gl_username: nil,
+                  repository_path: nil,
+                  gitaly: nil,
+                  geo_node: nil
+                ))
       end
 
       it "returns false" do
diff --git a/spec/gitlab_shell_spec.rb b/spec/gitlab_shell_spec.rb
index 8b72cdd..e4873c4 100644
--- a/spec/gitlab_shell_spec.rb
+++ b/spec/gitlab_shell_spec.rb
@@ -19,12 +19,28 @@ describe GitlabShell do
     end
   end
 
-  let(:gitaly_check_access) { GitAccessStatus.new(true, 'ok', gl_repository, repo_path, { 'repository' => { 'relative_path' => repo_name, 'storage_name' => 'default'} , 'address' => 'unix:gitaly.socket' }) }
+  let(:gitaly_check_access) { GitAccessStatus.new(
+    true,
+    'ok',
+    gl_repository: gl_repository,
+    gl_username: gl_username,
+    repository_path: repo_path,
+    gitaly: { 'repository' => { 'relative_path' => repo_name, 'storage_name' => 'default'} , 'address' => 'unix:gitaly.socket' },
+    geo_node: false
+  )
+  }
 
   let(:api) do
     double(GitlabNet).tap do |api|
       api.stub(discover: { 'name' => 'John Doe' })
-      api.stub(check_access: GitAccessStatus.new(true, 'ok', gl_repository, repo_path, nil))
+      api.stub(check_access: GitAccessStatus.new(
+                true,
+                'ok',
+                gl_repository: gl_repository,
+                gl_username: gl_username,
+                repository_path: repo_path,
+                gitaly: nil,
+                geo_node: nil))
       api.stub(two_factor_recovery_codes: {
         'success' => true,
         'recovery_codes' => ['f67c514de60c4953', '41278385fc00c1e0']
@@ -39,6 +55,7 @@ describe GitlabShell do
   let(:repo_name) { 'gitlab-ci.git' }
   let(:repo_path) { File.join(tmp_repos_path, repo_name) }
   let(:gl_repository) { 'project-1' }
+  let(:gl_username) { 'testuser' }
 
   before do
     GitlabConfig.any_instance.stub(audit_usernames: false)
@@ -130,7 +147,7 @@ describe GitlabShell do
   end
 
   describe :exec do
-    let(:gitaly_message) { JSON.dump({ 'repository' => { 'relative_path' => repo_name, 'storage_name' => 'default' }, 'gl_repository' => gl_repository , 'gl_id' => key_id}) }
+    let(:gitaly_message) { JSON.dump({ 'repository' => { 'relative_path' => repo_name, 'storage_name' => 'default' }, 'gl_repository' => gl_repository, 'gl_id' => key_id, 'gl_username' => gl_username}) }
 
     shared_examples_for 'upload-pack' do |command|
       let(:ssh_cmd) { "#{command} gitlab-ci.git" }
@@ -167,8 +184,15 @@ describe GitlabShell do
 
     context 'gitaly-upload-pack with GeoNode' do
       let(:ssh_cmd) { "git-upload-pack gitlab-ci.git" }
-      let(:gitaly_check_access_with_geo) { GitAccessStatus.new(true, 'ok', gl_repository, repo_path, { 'repository' => { 'relative_path' => repo_name, 'storage_name' => 'default'} , 'address' => 'unix:gitaly.socket' }, true) }
-      let(:gitaly_message_with_all_refs) { JSON.dump({ 'repository' => { 'relative_path' => repo_name, 'storage_name' => 'default' }, 'gl_repository' => gl_repository , 'gl_id' => key_id, 'git_config_options' => [GitlabShell::GIT_CONFIG_SHOW_ALL_REFS]}) }
+      let(:gitaly_check_access_with_geo) { GitAccessStatus.new(
+        true,
+        'ok',
+        gl_repository: gl_repository,
+        gl_username: gl_username,
+        repository_path: repo_path,
+        gitaly: { 'repository' => { 'relative_path' => repo_name, 'storage_name' => 'default'} , 'address' => 'unix:gitaly.socket' },
+        geo_node: true) }
+      let(:gitaly_message_with_all_refs) { JSON.dump({ 'repository' => { 'relative_path' => repo_name, 'storage_name' => 'default' }, 'gl_repository' => gl_repository , 'gl_id' => key_id, 'gl_username' => gl_username, 'git_config_options' => [GitlabShell::GIT_CONFIG_SHOW_ALL_REFS]}) }
       before { api.stub(check_access: gitaly_check_access_with_geo) }
       after { subject.exec(ssh_cmd) }
 
@@ -346,7 +370,14 @@ describe GitlabShell do
       end
 
       it "should disallow access and log the attempt if check_access returns false status" do
-        api.stub(check_access: GitAccessStatus.new(false, 'denied', nil, nil, nil))
+        api.stub(check_access: GitAccessStatus.new(
+                  false,
+                  'denied',
+                  gl_repository: nil,
+                  gl_username: nil,
+                  repository_path: nil,
+                  gitaly: nil,
+                  geo_node: nil))
         message = "gitlab-shell: Access denied for git command <git-upload-pack gitlab-ci.git> "
         message << "by user with key #{key_id}."
         $logger.should_receive(:warn).with(message)
@@ -383,13 +414,15 @@ describe GitlabShell do
         'LANG' => ENV['LANG'],
         'GL_ID' => key_id,
         'GL_PROTOCOL' => 'ssh',
-        'GL_REPOSITORY' => gl_repository
+        'GL_REPOSITORY' => gl_repository,
+        'GL_USERNAME' => 'testuser'
       }
     end
     let(:exec_options) { { unsetenv_others: true, chdir: ROOT_PATH } }
     before do
       Kernel.stub(:exec)
       shell.gl_repository = gl_repository
+      shell.username = gl_username
     end
 
     it "uses Kernel::exec method" do