diff options
author | Pawel Chojnacki <pawel@chojnacki.ws> | 2017-07-03 17:09:34 +0200 |
---|---|---|
committer | Pawel Chojnacki <pawel@chojnacki.ws> | 2017-07-05 00:46:11 +0200 |
commit | 18521584bd6cfc8de9511722696e87aef59795c5 (patch) | |
tree | fa5b83fca15ff3d6f7a70fd9b87bc31ad575a08a /app | |
parent | 5af1fcd6f329858d757bab0d67cb50af6c820160 (diff) | |
download | gitlab-ce-18521584bd6cfc8de9511722696e87aef59795c5.tar.gz |
Remove the need to use health check token
in favor of whitelist that will be used to
control the access to monitoring resources
Diffstat (limited to 'app')
-rw-r--r-- | app/controllers/concerns/requires_health_token.rb | 25 | ||||
-rw-r--r-- | app/controllers/concerns/requires_whitelisted_monitoring_client.rb | 20 | ||||
-rw-r--r-- | app/controllers/health_check_controller.rb | 2 | ||||
-rw-r--r-- | app/controllers/health_controller.rb | 2 | ||||
-rw-r--r-- | app/controllers/metrics_controller.rb | 4 |
5 files changed, 24 insertions, 29 deletions
diff --git a/app/controllers/concerns/requires_health_token.rb b/app/controllers/concerns/requires_health_token.rb deleted file mode 100644 index 34ab1a97649..00000000000 --- a/app/controllers/concerns/requires_health_token.rb +++ /dev/null @@ -1,25 +0,0 @@ -module RequiresHealthToken - extend ActiveSupport::Concern - included do - before_action :validate_health_check_access! - end - - private - - def validate_health_check_access! - render_404 unless token_valid? - end - - def token_valid? - token = params[:token].presence || request.headers['TOKEN'] - token.present? && - ActiveSupport::SecurityUtils.variable_size_secure_compare( - token, - current_application_settings.health_check_access_token - ) - end - - def render_404 - render file: Rails.root.join('public', '404'), layout: false, status: '404' - end -end diff --git a/app/controllers/concerns/requires_whitelisted_monitoring_client.rb b/app/controllers/concerns/requires_whitelisted_monitoring_client.rb new file mode 100644 index 00000000000..92ed559ba8a --- /dev/null +++ b/app/controllers/concerns/requires_whitelisted_monitoring_client.rb @@ -0,0 +1,20 @@ +module RequiresWhitelistedMonitoringClient + extend ActiveSupport::Concern + included do + before_action :validate_ip_whitelisted! + end + + private + + def validate_ip_whitelisted! + render_404 unless client_ip_whitelisted? + end + + def client_ip_whitelisted? + Settings.monitoring.ip_whitelist.any? {|e| e.include?(Gitlab::RequestContext.client_ip) } + end + + def render_404 + render file: Rails.root.join('public', '404'), layout: false, status: '404' + end +end diff --git a/app/controllers/health_check_controller.rb b/app/controllers/health_check_controller.rb index 5d3109b7187..c3d18991fd4 100644 --- a/app/controllers/health_check_controller.rb +++ b/app/controllers/health_check_controller.rb @@ -1,3 +1,3 @@ class HealthCheckController < HealthCheck::HealthCheckController - include RequiresHealthToken + include RequiresWhitelistedMonitoringClient end diff --git a/app/controllers/health_controller.rb b/app/controllers/health_controller.rb index abc832e6ddc..b140092eef2 100644 --- a/app/controllers/health_controller.rb +++ b/app/controllers/health_controller.rb @@ -1,6 +1,6 @@ class HealthController < ActionController::Base protect_from_forgery with: :exception - include RequiresHealthToken + include RequiresWhitelistedMonitoringClient CHECKS = [ Gitlab::HealthChecks::DbCheck, diff --git a/app/controllers/metrics_controller.rb b/app/controllers/metrics_controller.rb index 0e9a19c0b6f..37587a52eaf 100644 --- a/app/controllers/metrics_controller.rb +++ b/app/controllers/metrics_controller.rb @@ -1,12 +1,12 @@ class MetricsController < ActionController::Base - include RequiresHealthToken + include RequiresWhitelistedMonitoringClient protect_from_forgery with: :exception before_action :validate_prometheus_metrics def index - render text: metrics_service.metrics_text, content_type: 'text/plain; verssion=0.0.4' + render text: metrics_service.metrics_text, content_type: 'text/plain; version=0.0.4' end private |