| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
It adds correlation ids wherever possible
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
Gitaly project now properly respects module release flow
and includes a module suffix in the package name. It requires
to re-write all non-suffixed imports with suffixed of a specific
version of tha module. With proper module versioning we don't
need to use a 'replace' directive to point to specific commit
and can use semantic versioning for the gitaly dependency.
Part of: https://gitlab.com/gitlab-org/gitaly/-/issues/3177
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, opentracing (if configured) was initialized late in the
gitlab-shell process's lifespan, coming just before making a gRPC
call to Gitaly.
By moving the opentracing initialization to be at process startup, we
make it available for the whole process lifecycle, which is very useful
to gitlab-sshd, as it means we'll only call tracing.Initialize() once
on process startup, rather than once per SSH connection.
To get this working, we need to introduce a context to gitlab-sshd.
This carries the client/service name, but also carries an initial
correlation ID. The main outcome of this is that all calls to the
authorized_keys endpoint from a given gitlab-sshd process will now
share a correlation ID. I don't have a strong opinion about this either
way.
Changelog: fixed
|
| |\
| |
| |
| |
| | |
Respect parent context for Gitaly calls
See merge request gitlab-org/gitlab-shell!469
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Without these changes, Gitaly calls would not be linked to a parent
context. This means that they would have an unassociated correlationID,
and Gitaly RPC calls would not be cancel()ed by parent context
cancellation.
Changelog: fixed
|
| |/
|
|
|
|
|
|
|
|
|
| |
This behaviour dates from when Gitaly RPCs were executed in Ruby by a
Go subprocess. It's not needed for gitlab-shell now that it's in Go,
and it's a very strange thing for gitlab-sshd. Best just to remove it.
If we wanted to retain this behaviour, we could have an `os.Chdir` call
in the gitlab-shell binary, but I just don't think it's needed.
Changelog: fixed
|
| |
|
|
|
|
|
| |
Refactors introspection of execution environment to rely on
per-connection state (`gitlab-shell`) or per request (`gitlab-sshd`)
Relates to https://gitlab.com/gitlab-org/gitlab-shell/-/issues/496
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Testify features sub packages `assert` and `require`. The difference is
subtle, and lost on novice Golang developers that don't read the docs.
To create a more consistent code base `assert` will no longer be used.
This change was generated by a running a sed command on all `_test.go`
files, followed by `goimports -w`.
|
| |
|
|
|
| |
This will make it easier to tie an SSH access request to Rails API and
Gitaly requests.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Right now when a client such as gitlab-shell calls the
`/api/v4/internal/allowed` API, the response only tells the client what
user has been granted access, and it's impossible to tell which deploy
key/token was used in the authentication request.
This commit adds logs for the following when available:
1. `gl_key_type` (e.g. `deploy_key` or `key`)
2. `gl_key_id`
These fields make it possible for admins to identify the exact record
that was used to authenticate the user.
API changes in the `/internal/allowed` endpoint in
https://gitlab.com/gitlab-org/gitlab/-/merge_requests/37289 are needed
to support this.
Relates to https://gitlab.com/gitlab-org/gitlab-shell/-/issues/203
|
| |
|
|
|
|
|
|
| |
Admins may want to know what client IP originated the request. This
commit adds a `remote_ip` field to the log that extracts the IP address
from the `SSH_CONNECTION` environment variable.
Closes https://gitlab.com/gitlab-org/gitlab-shell/-/issues/199
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
Add support for Gitaly feature flags
See merge request gitlab-org/gitlab-shell!351
|
| | |
|
| |
|
