Module: Gitlab::Kas
- Includes:
- JwtAuthenticatable
- Defined in:
- lib/gitlab/kas.rb,
lib/gitlab/kas/client.rb,
lib/gitlab/kas/user_access.rb
Defined Under Namespace
Classes: Client, UserAccess
Constant Summary collapse
- INTERNAL_API_REQUEST_HEADER =
'Gitlab-Kas-Api-Request'
- VERSION_FILE =
'GITLAB_KAS_VERSION'
- JWT_ISSUER =
'gitlab-kas'
- JWT_AUDIENCE =
'gitlab'
- K8S_PROXY_PATH =
'k8s-proxy'
- COOKIE_KEY =
The name of the cookie that will be used for the KAS cookie
'_gitlab_kas'
- DEFAULT_ENCRYPTED_COOKIE_CIPHER =
'aes-256-gcm'
Constants included from JwtAuthenticatable
JwtAuthenticatable::SECRET_LENGTH
Class Method Summary collapse
-
.enabled? ⇒ Boolean
Return whether GitLab KAS is enabled.
- .ensure_secret! ⇒ Object
-
.external_url ⇒ String
Return GitLab KAS external_url.
-
.internal_url ⇒ String
Return GitLab KAS internal_url.
- .secret_path ⇒ Object
- .tunnel_url ⇒ Object
- .tunnel_ws_url ⇒ Object
- .verify_api_request(request_headers) ⇒ Object
-
.version ⇒ String
Return GitLab KAS version.
- .version_info ⇒ Object
Methods included from JwtAuthenticatable
Class Method Details
.enabled? ⇒ Boolean
Return whether GitLab KAS is enabled
75 76 77 |
# File 'lib/gitlab/kas.rb', line 75 def enabled? !!Gitlab.config['gitlab_kas']&.fetch('enabled', false) end |
.ensure_secret! ⇒ Object
24 25 26 27 28 |
# File 'lib/gitlab/kas.rb', line 24 def ensure_secret! return if File.exist?(secret_path) write_secret end |
.external_url ⇒ String
Return GitLab KAS external_url
44 45 46 |
# File 'lib/gitlab/kas.rb', line 44 def external_url Gitlab.config.gitlab_kas.external_url end |
.internal_url ⇒ String
Return GitLab KAS internal_url
68 69 70 |
# File 'lib/gitlab/kas.rb', line 68 def internal_url Gitlab.config.gitlab_kas.internal_url end |
.secret_path ⇒ Object
20 21 22 |
# File 'lib/gitlab/kas.rb', line 20 def secret_path Gitlab.config.gitlab_kas.secret_file end |
.tunnel_url ⇒ Object
48 49 50 51 52 53 54 55 56 |
# File 'lib/gitlab/kas.rb', line 48 def tunnel_url configured = Gitlab.config.gitlab_kas['external_k8s_proxy_url'] return configured if configured.present? # Legacy code path. Will be removed when all distributions provide a sane default here uri = URI.join(external_url, K8S_PROXY_PATH) uri.scheme = uri.scheme.in?(%w[grpcs wss]) ? 'https' : 'http' uri.to_s end |
.tunnel_ws_url ⇒ Object
58 59 60 61 62 63 |
# File 'lib/gitlab/kas.rb', line 58 def tunnel_ws_url return tunnel_url if ws? return tunnel_url.sub('https', 'wss') if ssl? tunnel_url.sub('http', 'ws') end |
.verify_api_request(request_headers) ⇒ Object
14 15 16 17 18 |
# File 'lib/gitlab/kas.rb', line 14 def verify_api_request(request_headers) decode_jwt(request_headers[INTERNAL_API_REQUEST_HEADER], issuer: JWT_ISSUER, audience: JWT_AUDIENCE) rescue JWT::DecodeError nil end |
.version ⇒ String
Return GitLab KAS version
33 34 35 |
# File 'lib/gitlab/kas.rb', line 33 def version @_version ||= Rails.root.join(VERSION_FILE).read.chomp end |
.version_info ⇒ Object
37 38 39 |
# File 'lib/gitlab/kas.rb', line 37 def version_info Gitlab::VersionInfo.parse(version, parse_suffix: true) end |