diff options
Diffstat (limited to 'app/models')
-rw-r--r-- | app/models/ci/build.rb | 10 | ||||
-rw-r--r-- | app/models/integration.rb | 2 | ||||
-rw-r--r-- | app/models/integrations/datadog.rb | 1 | ||||
-rw-r--r-- | app/models/integrations/prometheus.rb | 31 |
4 files changed, 33 insertions, 11 deletions
diff --git a/app/models/ci/build.rb b/app/models/ci/build.rb index 0139b025d98..d58ebbcaa32 100644 --- a/app/models/ci/build.rb +++ b/app/models/ci/build.rb @@ -72,6 +72,7 @@ module Ci delegate :trigger_short_token, to: :trigger_request, allow_nil: true delegate :ensure_persistent_ref, to: :pipeline delegate :enable_debug_trace!, to: :metadata + delegate :debug_trace_enabled?, to: :metadata serialize :options # rubocop:disable Cop/ActiveRecordSerialize serialize :yaml_variables, Gitlab::Serializer::Ci::Variables # rubocop:disable Cop/ActiveRecordSerialize @@ -1059,11 +1060,10 @@ module Ci end def debug_mode? - # TODO: Have `debug_mode?` check against data on sent back from runner - # to capture all the ways that variables can be set. - # See (https://gitlab.com/gitlab-org/gitlab/-/issues/290955) - variables['CI_DEBUG_TRACE']&.value&.casecmp('true') == 0 || - variables['CI_DEBUG_SERVICES']&.value&.casecmp('true') == 0 + # perform the check on both sides in case the runner version is old + debug_trace_enabled? || + Gitlab::Utils.to_boolean(variables['CI_DEBUG_SERVICES']&.value, default: false) || + Gitlab::Utils.to_boolean(variables['CI_DEBUG_TRACE']&.value, default: false) end def drop_with_exit_code!(failure_reason, exit_code) diff --git a/app/models/integration.rb b/app/models/integration.rb index 54eeab10360..4e5c90bffa1 100644 --- a/app/models/integration.rb +++ b/app/models/integration.rb @@ -510,7 +510,7 @@ class Integration < ApplicationRecord end def api_field_names - fields.reject { _1[:type] == 'password' }.pluck(:name) + fields.reject { _1[:type] == 'password' || _1[:name] == 'webhook' }.pluck(:name) end def form_fields diff --git a/app/models/integrations/datadog.rb b/app/models/integrations/datadog.rb index 80eecc14d0f..3b3c7d8f2cd 100644 --- a/app/models/integrations/datadog.rb +++ b/app/models/integrations/datadog.rb @@ -15,6 +15,7 @@ module Integrations TAG_KEY_VALUE_RE = %r{\A [\w-]+ : .*\S.* \z}x.freeze field :datadog_site, + exposes_secrets: true, placeholder: DEFAULT_DOMAIN, help: -> do ERB::Util.html_escape( diff --git a/app/models/integrations/prometheus.rb b/app/models/integrations/prometheus.rb index 142f466018b..2f0995e9ab0 100644 --- a/app/models/integrations/prometheus.rb +++ b/app/models/integrations/prometheus.rb @@ -3,6 +3,7 @@ module Integrations class Prometheus < BaseMonitoring include PrometheusAdapter + include Gitlab::Utils::StrongMemoize field :manual_configuration, type: 'checkbox', @@ -81,7 +82,7 @@ module Integrations allow_local_requests: allow_local_api_url? ) - if behind_iap? + if behind_iap? && iap_client # Adds the Authorization header options[:headers] = iap_client.apply({}) end @@ -106,6 +107,22 @@ module Integrations should_return_client? end + alias_method :google_iap_service_account_json_raw, :google_iap_service_account_json + private :google_iap_service_account_json_raw + + MASKED_VALUE = '*' * 8 + + def google_iap_service_account_json + json = google_iap_service_account_json_raw + return json unless json.present? + + Gitlab::Json.parse(json) + .then { |hash| hash.transform_values { MASKED_VALUE } } + .then { |hash| Gitlab::Json.generate(hash) } + rescue Gitlab::Json.parser_error + json + end + private delegate :allow_local_requests_from_web_hooks_and_services?, to: :current_settings, private: true @@ -155,17 +172,21 @@ module Integrations end def clean_google_iap_service_account - return unless google_iap_service_account_json + json = google_iap_service_account_json_raw + return unless json.present? - google_iap_service_account_json - .then { |json| Gitlab::Json.parse(json) } - .except('token_credential_uri') + Gitlab::Json.parse(json).except('token_credential_uri') + rescue Gitlab::Json.parser_error + {} end def iap_client @iap_client ||= Google::Auth::Credentials .new(clean_google_iap_service_account, target_audience: google_iap_audience_client_id) .client + rescue StandardError + nil end + strong_memoize_attr :iap_client end end |