diff options
author | GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> | 2023-03-02 14:46:43 +0000 |
---|---|---|
committer | GitLab Release Tools Bot <delivery-team+release-tools@gitlab.com> | 2023-03-02 14:46:43 +0000 |
commit | 623e40c9bbb8b9c8cbca620ad3a663b33c15abcf (patch) | |
tree | 08272c8e5eca9e4f680868d8dcd3794f764d287a /app/models/integrations/prometheus.rb | |
parent | 6b75388b67c35271bc18f2dbd41a72accd927808 (diff) | |
parent | d5a415f1e66f24f55e70a37f18c6e9e81d2b73ee (diff) | |
download | gitlab-ce-623e40c9bbb8b9c8cbca620ad3a663b33c15abcf.tar.gz |
Merge remote-tracking branch 'dev/15-9-stable' into 15-9-stable
Diffstat (limited to 'app/models/integrations/prometheus.rb')
-rw-r--r-- | app/models/integrations/prometheus.rb | 31 |
1 files changed, 26 insertions, 5 deletions
diff --git a/app/models/integrations/prometheus.rb b/app/models/integrations/prometheus.rb index 142f466018b..2f0995e9ab0 100644 --- a/app/models/integrations/prometheus.rb +++ b/app/models/integrations/prometheus.rb @@ -3,6 +3,7 @@ module Integrations class Prometheus < BaseMonitoring include PrometheusAdapter + include Gitlab::Utils::StrongMemoize field :manual_configuration, type: 'checkbox', @@ -81,7 +82,7 @@ module Integrations allow_local_requests: allow_local_api_url? ) - if behind_iap? + if behind_iap? && iap_client # Adds the Authorization header options[:headers] = iap_client.apply({}) end @@ -106,6 +107,22 @@ module Integrations should_return_client? end + alias_method :google_iap_service_account_json_raw, :google_iap_service_account_json + private :google_iap_service_account_json_raw + + MASKED_VALUE = '*' * 8 + + def google_iap_service_account_json + json = google_iap_service_account_json_raw + return json unless json.present? + + Gitlab::Json.parse(json) + .then { |hash| hash.transform_values { MASKED_VALUE } } + .then { |hash| Gitlab::Json.generate(hash) } + rescue Gitlab::Json.parser_error + json + end + private delegate :allow_local_requests_from_web_hooks_and_services?, to: :current_settings, private: true @@ -155,17 +172,21 @@ module Integrations end def clean_google_iap_service_account - return unless google_iap_service_account_json + json = google_iap_service_account_json_raw + return unless json.present? - google_iap_service_account_json - .then { |json| Gitlab::Json.parse(json) } - .except('token_credential_uri') + Gitlab::Json.parse(json).except('token_credential_uri') + rescue Gitlab::Json.parser_error + {} end def iap_client @iap_client ||= Google::Auth::Credentials .new(clean_google_iap_service_account, target_audience: google_iap_audience_client_id) .client + rescue StandardError + nil end + strong_memoize_attr :iap_client end end |