Module: Gitlab::Kas

Includes:
JwtAuthenticatable
Defined in:
lib/gitlab/kas.rb,
lib/gitlab/kas/client.rb

Defined Under Namespace

Classes: Client

Constant Summary collapse

INTERNAL_API_REQUEST_HEADER =
'Gitlab-Kas-Api-Request'
VERSION_FILE =
'GITLAB_KAS_VERSION'
JWT_ISSUER =
'gitlab-kas'
K8S_PROXY_PATH =
'k8s-proxy'

Constants included from JwtAuthenticatable

JwtAuthenticatable::SECRET_LENGTH

Class Method Summary collapse

Methods included from JwtAuthenticatable

included

Class Method Details

.enabled?Boolean

Return whether GitLab KAS is enabled

Returns:

  • (Boolean)

    external_url


63
64
65
# File 'lib/gitlab/kas.rb', line 63

def enabled?
  !!Gitlab.config['gitlab_kas']&.fetch('enabled', false)
end

.ensure_secret!Object


23
24
25
26
27
# File 'lib/gitlab/kas.rb', line 23

def ensure_secret!
  return if File.exist?(secret_path)

  write_secret
end

.external_urlString

Return GitLab KAS external_url

Returns:

  • (String)

    external_url


39
40
41
# File 'lib/gitlab/kas.rb', line 39

def external_url
  Gitlab.config.gitlab_kas.external_url
end

.internal_urlString

Return GitLab KAS internal_url

Returns:

  • (String)

    internal_url


56
57
58
# File 'lib/gitlab/kas.rb', line 56

def internal_url
  Gitlab.config.gitlab_kas.internal_url
end

.secret_pathObject


19
20
21
# File 'lib/gitlab/kas.rb', line 19

def secret_path
  Gitlab.config.gitlab_kas.secret_file
end

.tunnel_urlObject


43
44
45
46
47
48
49
50
51
# File 'lib/gitlab/kas.rb', line 43

def tunnel_url
  configured = Gitlab.config.gitlab_kas['external_k8s_proxy_url']
  return configured if configured.present?

  # Legacy code path. Will be removed when all distributions provide a sane default here
  uri = URI.join(external_url, K8S_PROXY_PATH)
  uri.scheme = uri.scheme.in?(%w(grpcs wss)) ? 'https' : 'http'
  uri.to_s
end

.verify_api_request(request_headers) ⇒ Object


13
14
15
16
17
# File 'lib/gitlab/kas.rb', line 13

def verify_api_request(request_headers)
  decode_jwt(request_headers[INTERNAL_API_REQUEST_HEADER], issuer: JWT_ISSUER)
rescue JWT::DecodeError
  nil
end

.versionString

Return GitLab KAS version

Returns:

  • (String)

    version


32
33
34
# File 'lib/gitlab/kas.rb', line 32

def version
  @_version ||= Rails.root.join(VERSION_FILE).read.chomp
end