diff options
| author | Douwe Maan <douwe@gitlab.com> | 2017-10-11 10:02:36 +0000 |
|---|---|---|
| committer | Douwe Maan <douwe@gitlab.com> | 2017-10-11 10:02:36 +0000 |
| commit | 76e75549b9bec9dee1e856969ef169a4450b3f30 (patch) | |
| tree | b6df18df77b4582e3719973dfb229332dd94f806 | |
| parent | bbda5bd1dd2e841410d73a68fa8cd3a8425159c5 (diff) | |
| parent | de1446d3a34c110c9cea0c6b8fb0c76826201426 (diff) | |
| download | gitlab-shell-76e75549b9bec9dee1e856969ef169a4450b3f30.tar.gz | |
Merge branch 'feature/add-pwd-envvar-to-check-access-request' into 'master'v5.9.4
Add relative git object dir envvars to check access request
See merge request gitlab-org/gitlab-shell!171
| -rw-r--r-- | CHANGELOG | 3 | ||||
| -rw-r--r-- | VERSION | 2 | ||||
| -rw-r--r-- | lib/gitlab_access.rb | 8 | ||||
| -rw-r--r-- | lib/object_dirs_helper.rb | 39 | ||||
| -rw-r--r-- | spec/object_dirs_helper_spec.rb | 95 |
5 files changed, 140 insertions, 7 deletions
@@ -1,3 +1,6 @@ +v5.9.4 + - Add relative git object dir envvars to check access request + v5.9.3 - Expose GitLab username to hooks in `GL_USERNAME` environment variable @@ -1 +1 @@ -5.9.3 +5.9.4 diff --git a/lib/gitlab_access.rb b/lib/gitlab_access.rb index 3cdeb3e..e1a5e35 100644 --- a/lib/gitlab_access.rb +++ b/lib/gitlab_access.rb @@ -3,6 +3,7 @@ require_relative 'gitlab_net' require_relative 'gitlab_access_status' require_relative 'names_helper' require_relative 'gitlab_metrics' +require_relative 'object_dirs_helper' require 'json' class GitlabAccess @@ -23,12 +24,7 @@ class GitlabAccess def exec status = GitlabMetrics.measure('check-access:git-receive-pack') do - env = { - "GIT_ALTERNATE_OBJECT_DIRECTORIES" => ENV["GIT_ALTERNATE_OBJECT_DIRECTORIES"], - "GIT_OBJECT_DIRECTORY" => ENV["GIT_OBJECT_DIRECTORY"] - } - - api.check_access('git-receive-pack', @gl_repository, @repo_path, @actor, @changes, @protocol, env: env.to_json) + api.check_access('git-receive-pack', @gl_repository, @repo_path, @actor, @changes, @protocol, env: ObjectDirsHelper.all_attributes.to_json) end raise AccessDeniedError, status.message unless status.allowed? diff --git a/lib/object_dirs_helper.rb b/lib/object_dirs_helper.rb new file mode 100644 index 0000000..e175a03 --- /dev/null +++ b/lib/object_dirs_helper.rb @@ -0,0 +1,39 @@ +require 'pathname' + +class ObjectDirsHelper + class << self + def all_attributes + { + "GIT_ALTERNATE_OBJECT_DIRECTORIES" => absolute_alt_object_dirs, + "GIT_ALTERNATE_OBJECT_DIRECTORIES_RELATIVE" => relative_alt_object_dirs, + "GIT_OBJECT_DIRECTORY" => absolute_object_dir, + "GIT_OBJECT_DIRECTORY_RELATIVE" => relative_object_dir + } + end + + def absolute_object_dir + ENV['GIT_OBJECT_DIRECTORY'] + end + + def relative_object_dir + relative_path(absolute_object_dir) + end + + def absolute_alt_object_dirs + ENV['GIT_ALTERNATE_OBJECT_DIRECTORIES'].to_s.split(File::PATH_SEPARATOR) + end + + def relative_alt_object_dirs + absolute_alt_object_dirs.map { |dir| relative_path(dir) }.compact + end + + private + + def relative_path(absolute_path) + return if absolute_path.nil? + + repo_dir = Dir.pwd + Pathname.new(absolute_path).relative_path_from(Pathname.new(repo_dir)).to_s + end + end +end diff --git a/spec/object_dirs_helper_spec.rb b/spec/object_dirs_helper_spec.rb new file mode 100644 index 0000000..c2d0db7 --- /dev/null +++ b/spec/object_dirs_helper_spec.rb @@ -0,0 +1,95 @@ +require_relative 'spec_helper' +require_relative '../lib/object_dirs_helper' + +describe ObjectDirsHelper do + before do + allow(Dir).to receive(:pwd).and_return('/home/git/repositories/foo/bar.git') + end + + describe '.all_attributes' do + it do + expect(described_class.all_attributes.keys).to include(*%w[ + GIT_OBJECT_DIRECTORY + GIT_OBJECT_DIRECTORY_RELATIVE + GIT_ALTERNATE_OBJECT_DIRECTORIES + GIT_ALTERNATE_OBJECT_DIRECTORIES_RELATIVE + ]) + end + end + + describe '.absolute_object_dir' do + subject { described_class.absolute_object_dir } + + context 'when GIT_OBJECT_DIRECTORY is set' do + let(:dir) { '/home/git/repositories/foo/bar.git/./objects' } + + before do + allow(ENV).to receive(:[]).with('GIT_OBJECT_DIRECTORY').and_return(dir) + end + + it { expect(subject).to eq(dir) } + end + + context 'when GIT_OBJECT_DIRECTORY is not set' do + it { expect(subject).to be_nil } + end + end + + describe '.absolute_alt_object_dirs' do + subject { described_class.absolute_alt_object_dirs } + + context 'when GIT_ALTERNATE_OBJECT_DIRECTORIES is set' do + let(:dirs) { [ + '/home/git/repositories/foo/bar.git/./incoming-UKU6Gl', + '/home/git/repositories/foo/bar.git/./incoming-AcU7Qr' + ] } + + before do + allow(ENV).to receive(:[]).with('GIT_ALTERNATE_OBJECT_DIRECTORIES').and_return(dirs.join(File::PATH_SEPARATOR)) + end + + it { expect(subject).to eq(dirs) } + end + + context 'when GIT_ALTERNATE_OBJECT_DIRECTORIES is not set' do + it { expect(subject).to eq([]) } + end + end + + describe '.relative_alt_object_dirs' do + subject { described_class.relative_alt_object_dirs } + + context 'when GIT_ALTERNATE_OBJECT_DIRECTORIES is set' do + let(:dirs) { [ + '/home/git/repositories/foo/bar.git/./objects/incoming-UKU6Gl', + '/home/git/repositories/foo/bar.git/./objects/incoming-AcU7Qr' + ] } + + before do + allow(ENV).to receive(:[]).with('GIT_ALTERNATE_OBJECT_DIRECTORIES').and_return(dirs.join(File::PATH_SEPARATOR)) + end + + it { expect(subject).to eq(['objects/incoming-UKU6Gl', 'objects/incoming-AcU7Qr']) } + end + + context 'when GIT_ALTERNATE_OBJECT_DIRECTORIES is not set' do + it { expect(subject).to eq([]) } + end + end + + describe '.relative_object_dir' do + subject { described_class.relative_object_dir } + + context 'when GIT_OBJECT_DIRECTORY is set' do + before do + allow(ENV).to receive(:[]).with('GIT_OBJECT_DIRECTORY').and_return('/home/git/repositories/foo/bar.git/./objects') + end + + it { expect(subject).to eq('objects') } + end + + context 'when GIT_OBJECT_DIRECTORY is not set' do + it { expect(subject).to be_nil } + end + end +end |