Module: API::Helpers::Kubernetes::AgentHelpers
- Includes:
- Gitlab::Utils::StrongMemoize
- Defined in:
- lib/api/helpers/kubernetes/agent_helpers.rb
Constant Summary collapse
- COUNTERS_EVENTS_MAPPING =
{ 'flux_git_push_notifications_total' => 'create_flux_git_push_notification', 'k8s_api_proxy_request' => 'request_api_proxy_access', 'k8s_api_proxy_requests_via_ci_access' => 'request_api_proxy_access_via_ci', 'k8s_api_proxy_requests_via_user_access' => 'request_api_proxy_access_via_user', 'k8s_api_proxy_requests_via_pat_access' => 'request_api_proxy_access_via_pat' }.freeze
Instance Method Summary collapse
- #access_token ⇒ Object
- #agent ⇒ Object
- #agent_has_access_to_project?(project) ⇒ Boolean
- #agent_token ⇒ Object
- #check_agent_token ⇒ Object
- #increment_count_events ⇒ Object
- #increment_unique_events ⇒ Object
- #retrieve_user_from_personal_access_token ⇒ Object
- #retrieve_user_from_session_cookie ⇒ Object
- #track_events ⇒ Object
- #track_unique_user_events ⇒ Object
- #update_configuration(agent:, config:) ⇒ Object
Instance Method Details
#access_token ⇒ Object
149 150 151 152 153 |
# File 'lib/api/helpers/kubernetes/agent_helpers.rb', line 149 def access_token return unless params[:access_key].present? PersonalAccessToken.find_by_token(params[:access_key]) end |
#agent ⇒ Object
22 23 24 |
# File 'lib/api/helpers/kubernetes/agent_helpers.rb', line 22 def agent agent_token.agent end |
#agent_has_access_to_project?(project) ⇒ Boolean
33 34 35 |
# File 'lib/api/helpers/kubernetes/agent_helpers.rb', line 33 def agent_has_access_to_project?(project) ::Users::Anonymous.can?(:download_code, project) || agent.has_access_to?(project) end |
#agent_token ⇒ Object
17 18 19 |
# File 'lib/api/helpers/kubernetes/agent_helpers.rb', line 17 def agent_token end |
#check_agent_token ⇒ Object
27 28 29 30 31 |
# File 'lib/api/helpers/kubernetes/agent_helpers.rb', line 27 def check_agent_token unless agent_token ::Clusters::AgentTokens::TrackUsageService.new(agent_token).execute end |
#increment_count_events ⇒ Object
92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 |
# File 'lib/api/helpers/kubernetes/agent_helpers.rb', line 92 def increment_count_events counters = params[:counters]&.slice(*COUNTERS_EVENTS_MAPPING.keys) return unless counters.present? counters.each do |counter, incr| next if incr == 0 event = COUNTERS_EVENTS_MAPPING[counter] Gitlab::InternalEvents.with_batched_redis_writes do incr.times { Gitlab::InternalEvents.track_event(event) } end end end |
#increment_unique_events ⇒ Object
37 38 39 40 41 42 43 44 45 46 47 48 |
# File 'lib/api/helpers/kubernetes/agent_helpers.rb', line 37 def increment_unique_events events = params[:unique_counters]&.slice( :k8s_api_proxy_requests_unique_agents_via_ci_access, :k8s_api_proxy_requests_unique_agents_via_user_access, :k8s_api_proxy_requests_unique_agents_via_pat_access, :flux_git_push_notified_unique_projects ) events&.each do |event, entity_ids| increment_unique_values(event, entity_ids) end end |
#retrieve_user_from_personal_access_token ⇒ Object
139 140 141 142 143 144 145 146 147 |
# File 'lib/api/helpers/kubernetes/agent_helpers.rb', line 139 def retrieve_user_from_personal_access_token return unless access_token.present? validate_and_save_access_token!(scopes: [Gitlab::Auth::K8S_PROXY_SCOPE]) ::PersonalAccessTokens::LastUsedService.new(access_token).execute access_token.user || raise(UnauthorizedError) end |
#retrieve_user_from_session_cookie ⇒ Object
113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 |
# File 'lib/api/helpers/kubernetes/agent_helpers.rb', line 113 def # Load session public_session_id_string = begin Gitlab::Kas::UserAccess.decrypt_public_session_id(params[:access_key]) rescue StandardError bad_request!('Invalid access_key') end session_id = Rack::Session::SessionId.new(public_session_id_string) session = ActiveSession.sessions_from_ids([session_id.private_id]).first ('Invalid session') unless session # CSRF check unless ::Gitlab::Kas::UserAccess.valid_authenticity_token?( request, session.symbolize_keys, params[:csrf_token] ) ('CSRF token does not match') end # Load user user = Warden::SessionSerializer.new('rack.session' => session).fetch(:user) ('Invalid user in session') unless user user end |
#track_events ⇒ Object
50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 |
# File 'lib/api/helpers/kubernetes/agent_helpers.rb', line 50 def track_events event_lists = params[:events]&.slice( :k8s_api_proxy_requests_unique_users_via_ci_access, :k8s_api_proxy_requests_unique_users_via_user_access, :k8s_api_proxy_requests_unique_users_via_pat_access, :register_agent_at_kas ) return if event_lists.blank? event_lists[:agent_users_using_ci_tunnel] = event_lists.slice( :k8s_api_proxy_requests_unique_users_via_ci_access, :k8s_api_proxy_requests_unique_users_via_user_access, :k8s_api_proxy_requests_unique_users_via_pat_access ).values.compact.flatten users, projects = load_users_and_projects(event_lists) event_lists.each do |event_name, events| track_events_for(event_name, events, users, projects) if events end end |
#track_unique_user_events ⇒ Object
71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 |
# File 'lib/api/helpers/kubernetes/agent_helpers.rb', line 71 def track_unique_user_events events = params[:unique_counters]&.slice( :k8s_api_proxy_requests_unique_users_via_ci_access, :k8s_api_proxy_requests_unique_users_via_user_access, :k8s_api_proxy_requests_unique_users_via_pat_access ) return if events.blank? unique_user_ids = events.values.flatten.uniq users = User.id_in(unique_user_ids).index_by(&:id) events.each do |event, user_ids| user_ids.each do |user_id| user = users[user_id] next if user.nil? Gitlab::InternalEvents.track_event(event, user: user) end end end |
#update_configuration(agent:, config:) ⇒ Object
108 109 110 111 |
# File 'lib/api/helpers/kubernetes/agent_helpers.rb', line 108 def update_configuration(agent:, config:) ::Clusters::Agents::Authorizations::CiAccess::RefreshService.new(agent, config: config).execute ::Clusters::Agents::Authorizations::UserAccess::RefreshService.new(agent, config: config).execute end |