Module: Gitlab::Kas

Includes:
JwtAuthenticatable
Defined in:
lib/gitlab/kas.rb,
lib/gitlab/kas/client.rb,
lib/gitlab/kas/user_access.rb

Defined Under Namespace

Classes: Client, UserAccess

Constant Summary collapse

INTERNAL_API_REQUEST_HEADER =
'Gitlab-Kas-Api-Request'
VERSION_FILE =
'GITLAB_KAS_VERSION'
JWT_ISSUER =
'gitlab-kas'
JWT_AUDIENCE =
'gitlab'
K8S_PROXY_PATH =
'k8s-proxy'
'_gitlab_kas'
'aes-256-gcm'

Constants included from JwtAuthenticatable

JwtAuthenticatable::SECRET_LENGTH

Class Method Summary collapse

Methods included from JwtAuthenticatable

included

Class Method Details

.enabled?Boolean

Return whether GitLab KAS is enabled

Returns:

  • (Boolean)

    external_url



75
76
77
# File 'lib/gitlab/kas.rb', line 75

def enabled?
  !!Gitlab.config['gitlab_kas']&.fetch('enabled', false)
end

.ensure_secret!Object



24
25
26
27
28
# File 'lib/gitlab/kas.rb', line 24

def ensure_secret!
  return if File.exist?(secret_path)

  write_secret
end

.external_urlString

Return GitLab KAS external_url

Returns:

  • (String)

    external_url



44
45
46
# File 'lib/gitlab/kas.rb', line 44

def external_url
  Gitlab.config.gitlab_kas.external_url
end

.internal_urlString

Return GitLab KAS internal_url

Returns:

  • (String)

    internal_url



68
69
70
# File 'lib/gitlab/kas.rb', line 68

def internal_url
  Gitlab.config.gitlab_kas.internal_url
end

.secret_pathObject



20
21
22
# File 'lib/gitlab/kas.rb', line 20

def secret_path
  Gitlab.config.gitlab_kas.secret_file
end

.tunnel_urlObject



48
49
50
51
52
53
54
55
56
# File 'lib/gitlab/kas.rb', line 48

def tunnel_url
  configured = Gitlab.config.gitlab_kas['external_k8s_proxy_url']
  return configured if configured.present?

  # Legacy code path. Will be removed when all distributions provide a sane default here
  uri = URI.join(external_url, K8S_PROXY_PATH)
  uri.scheme = uri.scheme.in?(%w[grpcs wss]) ? 'https' : 'http'
  uri.to_s
end

.tunnel_ws_urlObject



58
59
60
61
62
63
# File 'lib/gitlab/kas.rb', line 58

def tunnel_ws_url
  return tunnel_url if ws?
  return tunnel_url.sub('https', 'wss') if ssl?

  tunnel_url.sub('http', 'ws')
end

.verify_api_request(request_headers) ⇒ Object



14
15
16
17
18
# File 'lib/gitlab/kas.rb', line 14

def verify_api_request(request_headers)
  decode_jwt(request_headers[INTERNAL_API_REQUEST_HEADER], issuer: JWT_ISSUER, audience: JWT_AUDIENCE)
rescue JWT::DecodeError
  nil
end

.versionString

Return GitLab KAS version

Returns:

  • (String)

    version



33
34
35
# File 'lib/gitlab/kas.rb', line 33

def version
  @_version ||= Rails.root.join(VERSION_FILE).read.chomp
end

.version_infoObject



37
38
39
# File 'lib/gitlab/kas.rb', line 37

def version_info
  Gitlab::VersionInfo.parse(version, parse_suffix: true)
end