Class: Terraform::StateUploader

Inherits:

GitlabUploader

• Object
• CarrierWave::Uploader::Base
• GitlabUploader
• Terraform::StateUploader

Includes:

ObjectStorage::Concern

Defined in:

app/uploaders/terraform/state_uploader.rb

Constant Summary

Constants inherited from GitlabUploader

GitlabUploader::ObjectNotReadyError, GitlabUploader::PROTECTED_METHODS

Class Method Summary

• .default_store ⇒ Object
• .direct_upload_enabled? ⇒ Boolean
• .proxy_download_enabled? ⇒ Boolean
• .workhorse_local_upload_path ⇒ Object

  On Cloud Native GitLab, /srv/gitlab/public/uploads/tmp is a shared mount.

Instance Method Summary

• #encrypt(file) ⇒ Object

  Override Lockbox’s encrypt to respect per-file encryption flag.

• #filename ⇒ Object
• #key ⇒ Object
• #lockbox_encrypt ⇒ Object
• #read ⇒ Object

  Override Lockbox’s read to respect per-file encryption flag.

• #store_dir ⇒ Object

Methods included from ObjectStorage::Concern

#cache!, #delete_migrated_file, #delete_tmp_file_after_storage, #direct_download_enabled?, #exclusive_lease_key, #exists?, #file_cache_storage?, #file_storage?, #filename=, #fog_attributes, #fog_credentials, #fog_directory, #fog_public, #migrate!, #object_store, #object_store=, #persist_object_store!, #persist_object_store?, #proxy_download_enabled?, #retrieve_from_store!, #store!, #store_dirs, #store_path, #upload_paths, #use_file, #use_open_file

Methods included from Gitlab::Utils::Override

#extended, extensions, #included, #method_added, #override, #prepended, #queue_verification, verify!

Methods inherited from GitlabUploader

absolute_path, base_dir, #cache_dir, #cached_size, #check_remote_file_existence_on_upload?, #empty_size?, #exists?, #file_cache_storage?, file_storage?, #initialize, #local_url, #model_valid?, #move_to_cache, #move_to_store, #multi_read, #open, #options, options, #relative_path, #replace_file_without_saving!, root, storage_location, #sync_model_object_store?, #url_or_file_path, version, #work_dir

Constructor Details

This class inherits a constructor from GitlabUploader

Class Method Details

.default_store ⇒ Object

# File 'app/uploaders/terraform/state_uploader.rb', line 80

def default_store
  object_store_enabled? ? ObjectStorage::Store::REMOTE : ObjectStorage::Store::LOCAL
end

.direct_upload_enabled? ⇒ Boolean

Returns:

• (Boolean)

# File 'app/uploaders/terraform/state_uploader.rb', line 72

def direct_upload_enabled?
  false
end

.proxy_download_enabled? ⇒ Boolean

Returns:

• (Boolean)

# File 'app/uploaders/terraform/state_uploader.rb', line 76

def proxy_download_enabled?
  true
end

.workhorse_local_upload_path ⇒ Object

On Cloud Native GitLab, /srv/gitlab/public/uploads/tmp is a shared mount. Use a subpath from that directory to ensure the gitlab-workhorse and webservice containers can both access this directory.

# File 'app/uploaders/terraform/state_uploader.rb', line 19

def self.workhorse_local_upload_path
  Rails.root.join('public/uploads/tmp/terraform_state').to_s
end

Instance Method Details

#encrypt(file) ⇒ Object

Override Lockbox’s encrypt to respect per-file encryption flag

# File 'app/uploaders/terraform/state_uploader.rb', line 24

def encrypt(file)
  return unless model.encryption_enabled?

  # Call lockbox's encrypt method to actually encrypt the file
  lockbox_encrypt(file)
end

#filename ⇒ Object

# File 'app/uploaders/terraform/state_uploader.rb', line 43

def filename
  # This check is required to maintain backwards compatibility with
  # states that were created prior to versioning being supported.
  # This can be removed in 14.0 when support for these states is dropped.
  # See https://gitlab.com/gitlab-org/gitlab/-/issues/258960
  if terraform_state.versioning_enabled?
    "#{model.version}.tfstate"
  else
    "#{model.uuid}.tfstate"
  end
end

#key ⇒ Object

# File 'app/uploaders/terraform/state_uploader.rb', line 67

def key
  OpenSSL::HMAC.digest('SHA256', Gitlab::Application.credentials.db_key_base, project_id.to_s)
end

#lockbox_encrypt ⇒ Object

# File 'app/uploaders/terraform/state_uploader.rb', line 14

alias_method :lockbox_encrypt, :encrypt

#read ⇒ Object

Override Lockbox’s read to respect per-file encryption flag

# File 'app/uploaders/terraform/state_uploader.rb', line 32

def read
  stored_data = super # Call CarrierWave's read method
  return unless stored_data

  if model.is_encrypted?
    lockbox_notify("decrypt_file") { lockbox.decrypt(stored_data) }
  else
    stored_data
  end
end

#store_dir ⇒ Object

# File 'app/uploaders/terraform/state_uploader.rb', line 55

def store_dir
  # This check is required to maintain backwards compatibility with
  # states that were created prior to versioning being supported.
  # This can be removed in 14.0 when support for these states is dropped.
  # See https://gitlab.com/gitlab-org/gitlab/-/issues/258960
  if terraform_state.versioning_enabled?
    Gitlab::HashedPath.new(model.uuid, root_hash: project_id)
  else
    project_id.to_s
  end
end