Merge branch 'ngala/pages_namespace_in_path_custom_auth_redirect_uri' into 'master'
Support custom auth_redirect_uri when namespace_in_path is enabled See merge request https://gitlab.com/gitlab-org/omnibus-gitlab/-/merge_requests/7516 Merged-by: Robert Marshall <rmarshall@gitlab.com> Approved-by: Mitchell Nielsen <mnielsen@gitlab.com> Approved-by: Robert Marshall <rmarshall@gitlab.com> Co-authored-by: ngala <ngala@gitlab.com>
This commit is contained in:
commit
8ea9c2a973
|
@ -145,18 +145,19 @@ module GitlabPages
|
|||
url_scheme = Gitlab['gitlab_rails']['pages_https'] ? 'https' : 'http'
|
||||
|
||||
pages_port = Gitlab['gitlab_rails']['pages_port']
|
||||
redirect_uri = Gitlab['gitlab_pages']['auth_redirect_uri'].gsub('.', '\.')
|
||||
# Add the following when pages_port is not 80 or 443
|
||||
Gitlab['pages_nginx']['proxy_redirect'] =
|
||||
if [80, 443].include?(pages_port)
|
||||
{
|
||||
"~^#{url_scheme}://(projects\\.#{Gitlab['pages_nginx']['fqdn_regex']})/(.*)$" => "#{url_scheme}://$1/$2",
|
||||
"~^(#{redirect_uri})(.*)$" => "$1$2",
|
||||
"~^#{url_scheme}://([^/]*)\\.(#{Gitlab['pages_nginx']['fqdn_regex']})/(.*)$" => "#{url_scheme}://$2/$1/$3",
|
||||
"~^//([^/]*)\\.(#{Gitlab['pages_nginx']['fqdn_regex']})/(.*)$" => "/$1/$3",
|
||||
"~^/(.*)$" => "/$namespace/$1",
|
||||
}
|
||||
else
|
||||
{
|
||||
"~^#{url_scheme}://(projects\\.#{Gitlab['pages_nginx']['fqdn_regex']}:#{pages_port})/(.*)$" => "#{url_scheme}://$1/$2",
|
||||
"~^(#{redirect_uri})(.*)$" => "$1$2",
|
||||
"~^#{url_scheme}://([^/]*)\\.(#{Gitlab['pages_nginx']['fqdn_regex']}:#{pages_port})/(.*)$" => "#{url_scheme}://$2/$1/$3",
|
||||
"~^//([^/]*)\\.(#{Gitlab['pages_nginx']['fqdn_regex']}:#{pages_port})/(.*)$" => "/$1/$3",
|
||||
"~^/(.*)$" => "/$namespace/$1",
|
||||
|
|
|
@ -904,7 +904,10 @@ RSpec.describe 'nginx' do
|
|||
context 'when namespace_in_path is enabled in gitlab_pages' do
|
||||
before do
|
||||
stub_gitlab_rb(
|
||||
gitlab_pages: { namespace_in_path: true }
|
||||
gitlab_pages: {
|
||||
namespace_in_path: true,
|
||||
auth_redirect_uri: 'https://projects.pages.localhost/auth',
|
||||
}
|
||||
)
|
||||
end
|
||||
|
||||
|
@ -918,7 +921,7 @@ RSpec.describe 'nginx' do
|
|||
expect(content).to include('rewrite ^/([^/]+)/(.*)$ /$2 break;')
|
||||
expect(content).to include('proxy_set_header Host $1.$http_host;')
|
||||
expect(content).to include('proxy_set_header X-Gitlab-Namespace-In-Path $namespace;')
|
||||
expect(content).to include('proxy_redirect ~^https://(projects\.pages\.localhost)/(.*)$ https://$1/$2;')
|
||||
expect(content).to include('proxy_redirect ~^(https://projects\.pages\.localhost/auth)(.*)$ $1$2;')
|
||||
expect(content).to include('proxy_redirect ~^https://([^/]*)\.(pages\.localhost)/(.*)$ https://$2/$1/$3;')
|
||||
expect(content).to include('proxy_redirect ~^//([^/]*)\.(pages\.localhost)/(.*)$ /$1/$3;')
|
||||
expect(content).to include('proxy_redirect ~^/(.*)$ /$namespace/$1;')
|
||||
|
@ -935,8 +938,11 @@ RSpec.describe 'nginx' do
|
|||
context 'when namespace_in_path is enabled and pages_external_url has custom port in gitlab_pages' do
|
||||
before do
|
||||
stub_gitlab_rb(
|
||||
gitlab_pages: { namespace_in_path: true },
|
||||
pages_external_url: 'https://pages.localhost:25800'
|
||||
pages_external_url: 'https://pages.localhost:25800',
|
||||
gitlab_pages: {
|
||||
namespace_in_path: true,
|
||||
auth_redirect_uri: 'https://projects.pages.localhost/auth',
|
||||
}
|
||||
)
|
||||
end
|
||||
|
||||
|
@ -951,7 +957,7 @@ RSpec.describe 'nginx' do
|
|||
expect(content).to include('rewrite ^/([^/]+)/(.*)$ /$2 break;')
|
||||
expect(content).to include('proxy_set_header Host $1.$http_host;')
|
||||
expect(content).to include('proxy_set_header X-Gitlab-Namespace-In-Path $namespace;')
|
||||
expect(content).to include('proxy_redirect ~^https://(projects\.pages\.localhost:25800)/(.*)$ https://$1/$2;')
|
||||
expect(content).to include('proxy_redirect ~^(https://projects\.pages\.localhost/auth)(.*)$ $1$2;')
|
||||
expect(content).to include('proxy_redirect ~^https://([^/]*)\.(pages\.localhost:25800)/(.*)$ https://$2/$1/$3;')
|
||||
expect(content).to include('proxy_redirect ~^//([^/]*)\.(pages\.localhost:25800)/(.*)$ /$1/$3;')
|
||||
expect(content).to include('proxy_redirect ~^/(.*)$ /$namespace/$1;')
|
||||
|
@ -995,6 +1001,40 @@ RSpec.describe 'nginx' do
|
|||
}
|
||||
end
|
||||
end
|
||||
|
||||
context 'when namespace_in_path is enabled in gitlab_pages and auth_redirect_uri has custom url' do
|
||||
before do
|
||||
stub_gitlab_rb(
|
||||
gitlab_pages: {
|
||||
namespace_in_path: true,
|
||||
auth_redirect_uri: 'https://customauth.pages.localhost/auth',
|
||||
}
|
||||
)
|
||||
end
|
||||
|
||||
it 'applies nginx namespace_in_path settings for gitlab-pages' do
|
||||
expect(chef_run).to render_file(http_conf['pages']).with_content { |content|
|
||||
expect(content).to include('server {').twice
|
||||
expect(content).to include('server_name ~^pages\.localhost$;')
|
||||
expect(content).to include('location ~ ^/(?<namespace>[^/]+)$ {')
|
||||
expect(content).to include('return 301 $scheme://$http_host$request_uri/;')
|
||||
expect(content).to include('location ~ ^/(?<namespace>[^/]+)/(?<project>.*)$ {')
|
||||
expect(content).to include('rewrite ^/([^/]+)/(.*)$ /$2 break;')
|
||||
expect(content).to include('proxy_set_header Host $1.$http_host;')
|
||||
expect(content).to include('proxy_set_header X-Gitlab-Namespace-In-Path $namespace;')
|
||||
expect(content).to include('proxy_redirect ~^(https://customauth\.pages\.localhost/auth)(.*)$ $1$2;')
|
||||
expect(content).to include('proxy_redirect ~^https://([^/]*)\.(pages\.localhost)/(.*)$ https://$2/$1/$3;')
|
||||
expect(content).to include('proxy_redirect ~^//([^/]*)\.(pages\.localhost)/(.*)$ /$1/$3;')
|
||||
expect(content).to include('proxy_redirect ~^/(.*)$ /$namespace/$1;')
|
||||
expect(content).to include('proxy_hide_header X-Gitlab-Namespace-In-Path;')
|
||||
# Below checks are to verify proper render entries are made
|
||||
expect(content).to include('proxy_http_version 1.1;').twice
|
||||
expect(content).to include('proxy_pass').twice
|
||||
expect(content).to include('disable_symlinks on;').twice
|
||||
expect(content).to include('server_tokens off;').twice
|
||||
}
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
include_examples "consul service discovery", "nginx", "nginx"
|
||||
|
|
Loading…
Reference in New Issue