blob: 5b6503494c49f016bacf70b97f2ba36051e498d0 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
# frozen_string_literal: true
module Groups
class ObservabilityController < Groups::ApplicationController
feature_category :tracing
content_security_policy do |p|
next if p.directives.blank?
default_frame_src = p.directives['frame-src'] || p.directives['default-src']
# When ObservabilityUI is not authenticated, it needs to be able to redirect to the GL sign-in page, hence 'self'
frame_src_values = Array.wrap(default_frame_src) | [ObservabilityController.observability_url, "'self'"]
p.frame_src(*frame_src_values)
end
before_action :check_observability_allowed, only: :index
def index
# Format: https://observe.gitlab.com/-/GROUP_ID
@observability_iframe_src = "#{ObservabilityController.observability_url}/-/#{@group.id}"
# Uncomment below for testing with local GDK
# @observability_iframe_src = "#{ObservabilityController.observability_url}/9970?groupId=14485840"
render layout: 'group', locals: { base_layout: 'layouts/fullscreen' }
end
private
def self.observability_url
return ENV['OVERRIDE_OBSERVABILITY_URL'] if ENV['OVERRIDE_OBSERVABILITY_URL']
# TODO Make observability URL configurable https://gitlab.com/gitlab-org/opstrace/opstrace-ui/-/issues/80
return "https://staging.observe.gitlab.com" if Gitlab.staging?
"https://observe.gitlab.com"
end
def check_observability_allowed
return render_404 unless self.class.observability_url.present?
render_404 unless can?(current_user, :read_observability, @group)
end
end
end
|
