Module: Gitlab::Kas

Includes:

JwtAuthenticatable

Defined in:

lib/gitlab/kas.rb,
lib/gitlab/kas/client.rb

Defined Under Namespace

Classes: Client

Constant Summary

INTERNAL_API_REQUEST_HEADER =

'Gitlab-Kas-Api-Request'

VERSION_FILE =

'GITLAB_KAS_VERSION'

JWT_ISSUER =

'gitlab-kas'

K8S_PROXY_PATH =

'k8s-proxy'

Constants included from JwtAuthenticatable

JwtAuthenticatable::SECRET_LENGTH

Class Method Summary

• .enabled? ⇒ Boolean

  Return whether GitLab KAS is enabled.

• .ensure_secret! ⇒ Object
• .external_url ⇒ String

  Return GitLab KAS external_url.

• .internal_url ⇒ String

  Return GitLab KAS internal_url.

• .secret_path ⇒ Object
• .tunnel_url ⇒ Object
• .verify_api_request(request_headers) ⇒ Object
• .version ⇒ String

  Return GitLab KAS version.

Methods included from JwtAuthenticatable

included

Class Method Details

.enabled? ⇒ Boolean

Return whether GitLab KAS is enabled

Returns:

• (Boolean) —

  external_url

# File 'lib/gitlab/kas.rb', line 63

def enabled?
  !!Gitlab.config['gitlab_kas']&.fetch('enabled', false)
end

.ensure_secret! ⇒ Object

# File 'lib/gitlab/kas.rb', line 23

def ensure_secret!
  return if File.exist?(secret_path)

  write_secret
end

.external_url ⇒ String

Return GitLab KAS external_url

Returns:

• (String) —

  external_url

# File 'lib/gitlab/kas.rb', line 39

def external_url
  Gitlab.config.gitlab_kas.external_url
end

.internal_url ⇒ String

Return GitLab KAS internal_url

Returns:

• (String) —

  internal_url

# File 'lib/gitlab/kas.rb', line 56

def internal_url
  Gitlab.config.gitlab_kas.internal_url
end

.secret_path ⇒ Object

# File 'lib/gitlab/kas.rb', line 19

def secret_path
  Gitlab.config.gitlab_kas.secret_file
end

.tunnel_url ⇒ Object

# File 'lib/gitlab/kas.rb', line 43

def tunnel_url
  configured = Gitlab.config.gitlab_kas['external_k8s_proxy_url']
  return configured if configured.present?

  # Legacy code path. Will be removed when all distributions provide a sane default here
  uri = URI.join(external_url, K8S_PROXY_PATH)
  uri.scheme = uri.scheme.in?(%w(grpcs wss)) ? 'https' : 'http'
  uri.to_s
end

.verify_api_request(request_headers) ⇒ Object

# File 'lib/gitlab/kas.rb', line 13

def verify_api_request(request_headers)
  decode_jwt(request_headers[INTERNAL_API_REQUEST_HEADER], issuer: JWT_ISSUER)
rescue JWT::DecodeError
  nil
end

.version ⇒ String

Return GitLab KAS version

Returns:

• (String) —

  version

# File 'lib/gitlab/kas.rb', line 32

def version
  @_version ||= Rails.root.join(VERSION_FILE).read.chomp
end