Module: API::Helpers::Kubernetes::AgentHelpers

Includes:
Gitlab::Utils::StrongMemoize
Defined in:
lib/api/helpers/kubernetes/agent_helpers.rb

Constant Summary collapse

COUNTERS_EVENTS_MAPPING =
{
  'flux_git_push_notifications_total' => 'create_flux_git_push_notification',
  'k8s_api_proxy_request' => 'request_api_proxy_access',
  'k8s_api_proxy_requests_via_ci_access' => 'request_api_proxy_access_via_ci',
  'k8s_api_proxy_requests_via_user_access' => 'request_api_proxy_access_via_user',
  'k8s_api_proxy_requests_via_pat_access' => 'request_api_proxy_access_via_pat'
}.freeze

Instance Method Summary collapse

Instance Method Details

#access_tokenObject



149
150
151
152
153
# File 'lib/api/helpers/kubernetes/agent_helpers.rb', line 149

def access_token
  return unless params[:access_key].present?

  PersonalAccessToken.find_by_token(params[:access_key])
end

#agentObject



22
23
24
# File 'lib/api/helpers/kubernetes/agent_helpers.rb', line 22

def agent
  agent_token.agent
end

#agent_has_access_to_project?(project) ⇒ Boolean

Returns:

  • (Boolean)


33
34
35
# File 'lib/api/helpers/kubernetes/agent_helpers.rb', line 33

def agent_has_access_to_project?(project)
  ::Users::Anonymous.can?(:download_code, project) || agent.has_access_to?(project)
end

#agent_tokenObject



17
18
19
# File 'lib/api/helpers/kubernetes/agent_helpers.rb', line 17

def agent_token
  cluster_agent_token_from_authorization_token
end

#check_agent_tokenObject



27
28
29
30
31
# File 'lib/api/helpers/kubernetes/agent_helpers.rb', line 27

def check_agent_token
  unauthorized! unless agent_token

  ::Clusters::AgentTokens::TrackUsageService.new(agent_token).execute
end

#increment_count_eventsObject



92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
# File 'lib/api/helpers/kubernetes/agent_helpers.rb', line 92

def increment_count_events
  counters = params[:counters]&.slice(*COUNTERS_EVENTS_MAPPING.keys)

  return unless counters.present?

  counters.each do |counter, incr|
    next if incr == 0

    event = COUNTERS_EVENTS_MAPPING[counter]

    Gitlab::InternalEvents.with_batched_redis_writes do
      incr.times { Gitlab::InternalEvents.track_event(event) }
    end
  end
end

#increment_unique_eventsObject



37
38
39
40
41
42
43
44
45
46
47
48
# File 'lib/api/helpers/kubernetes/agent_helpers.rb', line 37

def increment_unique_events
  events = params[:unique_counters]&.slice(
    :k8s_api_proxy_requests_unique_agents_via_ci_access,
    :k8s_api_proxy_requests_unique_agents_via_user_access,
    :k8s_api_proxy_requests_unique_agents_via_pat_access,
    :flux_git_push_notified_unique_projects
  )

  events&.each do |event, entity_ids|
    increment_unique_values(event, entity_ids)
  end
end

#retrieve_user_from_personal_access_tokenObject



139
140
141
142
143
144
145
146
147
# File 'lib/api/helpers/kubernetes/agent_helpers.rb', line 139

def retrieve_user_from_personal_access_token
  return unless access_token.present?

  validate_and_save_access_token!(scopes: [Gitlab::Auth::K8S_PROXY_SCOPE])

  ::PersonalAccessTokens::LastUsedService.new(access_token).execute

  access_token.user || raise(UnauthorizedError)
end


113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
# File 'lib/api/helpers/kubernetes/agent_helpers.rb', line 113

def retrieve_user_from_session_cookie
  # Load session
  public_session_id_string =
    begin
      Gitlab::Kas::UserAccess.decrypt_public_session_id(params[:access_key])
    rescue StandardError
      bad_request!('Invalid access_key')
    end

  session_id = Rack::Session::SessionId.new(public_session_id_string)
  session = ActiveSession.sessions_from_ids([session_id.private_id]).first
  unauthorized!('Invalid session') unless session

  # CSRF check
  unless ::Gitlab::Kas::UserAccess.valid_authenticity_token?(
    request, session.symbolize_keys, params[:csrf_token]
  )
    unauthorized!('CSRF token does not match')
  end

  # Load user
  user = Warden::SessionSerializer.new('rack.session' => session).fetch(:user)
  unauthorized!('Invalid user in session') unless user
  user
end

#track_eventsObject



50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
# File 'lib/api/helpers/kubernetes/agent_helpers.rb', line 50

def track_events
  event_lists = params[:events]&.slice(
    :k8s_api_proxy_requests_unique_users_via_ci_access,
    :k8s_api_proxy_requests_unique_users_via_user_access,
    :k8s_api_proxy_requests_unique_users_via_pat_access,
    :register_agent_at_kas
  )
  return if event_lists.blank?

  event_lists[:agent_users_using_ci_tunnel] = event_lists.slice(
    :k8s_api_proxy_requests_unique_users_via_ci_access,
    :k8s_api_proxy_requests_unique_users_via_user_access,
    :k8s_api_proxy_requests_unique_users_via_pat_access
  ).values.compact.flatten

  users, projects = load_users_and_projects(event_lists)
  event_lists.each do |event_name, events|
    track_events_for(event_name, events, users, projects) if events
  end
end

#track_unique_user_eventsObject



71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
# File 'lib/api/helpers/kubernetes/agent_helpers.rb', line 71

def track_unique_user_events
  events = params[:unique_counters]&.slice(
    :k8s_api_proxy_requests_unique_users_via_ci_access,
    :k8s_api_proxy_requests_unique_users_via_user_access,
    :k8s_api_proxy_requests_unique_users_via_pat_access
  )
  return if events.blank?

  unique_user_ids = events.values.flatten.uniq
  users = User.id_in(unique_user_ids).index_by(&:id)

  events.each do |event, user_ids|
    user_ids.each do |user_id|
      user = users[user_id]
      next if user.nil?

      Gitlab::InternalEvents.track_event(event, user: user)
    end
  end
end

#update_configuration(agent:, config:) ⇒ Object



108
109
110
111
# File 'lib/api/helpers/kubernetes/agent_helpers.rb', line 108

def update_configuration(agent:, config:)
  ::Clusters::Agents::Authorizations::CiAccess::RefreshService.new(agent, config: config).execute
  ::Clusters::Agents::Authorizations::UserAccess::RefreshService.new(agent, config: config).execute
end