Module: API::Helpers::Kubernetes::AgentHelpers
- Includes:
- Gitlab::Utils::StrongMemoize
- Defined in:
- lib/api/helpers/kubernetes/agent_helpers.rb
Instance Method Summary collapse
- #access_token ⇒ Object
- #agent ⇒ Object
- #agent_has_access_to_project?(project) ⇒ Boolean
- #agent_token ⇒ Object
- #authenticate_gitlab_kas_request! ⇒ Object
- #check_agent_token ⇒ Object
- #check_feature_enabled ⇒ Object
- #gitaly_info(project) ⇒ Object
- #gitaly_repository(project) ⇒ Object
- #increment_count_events ⇒ Object
- #increment_unique_events ⇒ Object
- #retrieve_user_from_personal_access_token ⇒ Object
- #retrieve_user_from_session_cookie ⇒ Object
- #update_configuration(agent:, config:) ⇒ Object
Instance Method Details
#access_token ⇒ Object
110 111 112 113 114 |
# File 'lib/api/helpers/kubernetes/agent_helpers.rb', line 110 def access_token return unless params[:access_key].present? PersonalAccessToken.find_by_token(params[:access_key]) end |
#agent ⇒ Object
18 19 20 |
# File 'lib/api/helpers/kubernetes/agent_helpers.rb', line 18 def agent agent_token.agent end |
#agent_has_access_to_project?(project) ⇒ Boolean
43 44 45 |
# File 'lib/api/helpers/kubernetes/agent_helpers.rb', line 43 def agent_has_access_to_project?(project) Guest.can?(:download_code, project) || agent.has_access_to?(project) end |
#agent_token ⇒ Object
13 14 15 |
# File 'lib/api/helpers/kubernetes/agent_helpers.rb', line 13 def agent_token end |
#authenticate_gitlab_kas_request! ⇒ Object
9 10 11 |
# File 'lib/api/helpers/kubernetes/agent_helpers.rb', line 9 def authenticate_gitlab_kas_request! render_api_error!('KAS JWT authentication invalid', 401) unless Gitlab::Kas.verify_api_request(headers) end |
#check_agent_token ⇒ Object
37 38 39 40 41 |
# File 'lib/api/helpers/kubernetes/agent_helpers.rb', line 37 def check_agent_token unless agent_token ::Clusters::AgentTokens::TrackUsageService.new(agent_token).execute end |
#check_feature_enabled ⇒ Object
33 34 35 |
# File 'lib/api/helpers/kubernetes/agent_helpers.rb', line 33 def check_feature_enabled not_found!('Internal API not found') unless Feature.enabled?(:kubernetes_agent_internal_api, type: :ops) end |
#gitaly_info(project) ⇒ Object
23 24 25 26 27 |
# File 'lib/api/helpers/kubernetes/agent_helpers.rb', line 23 def gitaly_info(project) gitaly_features = Feature::Gitaly.server_feature_flags Gitlab::GitalyClient.connection_data(project.repository_storage).merge(features: gitaly_features) end |
#gitaly_repository(project) ⇒ Object
29 30 31 |
# File 'lib/api/helpers/kubernetes/agent_helpers.rb', line 29 def gitaly_repository(project) project.repository.gitaly_repository.to_h end |
#increment_count_events ⇒ Object
61 62 63 64 65 66 67 68 69 |
# File 'lib/api/helpers/kubernetes/agent_helpers.rb', line 61 def increment_count_events events = params[:counters]&.slice( :gitops_sync, :k8s_api_proxy_request, :flux_git_push_notifications_total, :k8s_api_proxy_requests_via_ci_access, :k8s_api_proxy_requests_via_user_access, :k8s_api_proxy_requests_via_pat_access ) Gitlab::UsageDataCounters::KubernetesAgentCounter.increment_event_counts(events) end |
#increment_unique_events ⇒ Object
47 48 49 50 51 52 53 54 55 56 57 58 59 |
# File 'lib/api/helpers/kubernetes/agent_helpers.rb', line 47 def increment_unique_events events = params[:unique_counters]&.slice( :agent_users_using_ci_tunnel, :k8s_api_proxy_requests_unique_users_via_ci_access, :k8s_api_proxy_requests_unique_agents_via_ci_access, :k8s_api_proxy_requests_unique_users_via_user_access, :k8s_api_proxy_requests_unique_agents_via_user_access, :k8s_api_proxy_requests_unique_users_via_pat_access, :k8s_api_proxy_requests_unique_agents_via_pat_access, :flux_git_push_notified_unique_projects ) events&.each do |event, entity_ids| increment_unique_values(event, entity_ids) end end |
#retrieve_user_from_personal_access_token ⇒ Object
100 101 102 103 104 105 106 107 108 |
# File 'lib/api/helpers/kubernetes/agent_helpers.rb', line 100 def retrieve_user_from_personal_access_token return unless access_token.present? validate_access_token!(scopes: [Gitlab::Auth::K8S_PROXY_SCOPE]) ::PersonalAccessTokens::LastUsedService.new(access_token).execute access_token.user || raise(UnauthorizedError) end |
#retrieve_user_from_session_cookie ⇒ Object
76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 |
# File 'lib/api/helpers/kubernetes/agent_helpers.rb', line 76 def # Load session public_session_id_string = begin Gitlab::Kas::UserAccess.decrypt_public_session_id(params[:access_key]) rescue StandardError bad_request!('Invalid access_key') end session_id = Rack::Session::SessionId.new(public_session_id_string) session = ActiveSession.sessions_from_ids([session_id.private_id]).first ('Invalid session') unless session # CSRF check unless ::Gitlab::Kas::UserAccess.valid_authenticity_token?(session.symbolize_keys, params[:csrf_token]) ('CSRF token does not match') end # Load user user = Warden::SessionSerializer.new('rack.session' => session).fetch(:user) ('Invalid user in session') unless user user end |
#update_configuration(agent:, config:) ⇒ Object
71 72 73 74 |
# File 'lib/api/helpers/kubernetes/agent_helpers.rb', line 71 def update_configuration(agent:, config:) ::Clusters::Agents::Authorizations::CiAccess::RefreshService.new(agent, config: config).execute ::Clusters::Agents::Authorizations::UserAccess::RefreshService.new(agent, config: config).execute end |