gitlab
/
omnibus-gitlab
mirror of https://gitlab.com/gitlab-org/omnibus-gitlab.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'ngala/pages_namespace_in_path_custom_auth_redirect_uri' into 'master' 

Support custom auth_redirect_uri when namespace_in_path is enabled

See merge request https://gitlab.com/gitlab-org/omnibus-gitlab/-/merge_requests/7516

Merged-by: Robert Marshall <rmarshall@gitlab.com>
Approved-by: Mitchell Nielsen <mnielsen@gitlab.com>
Approved-by: Robert Marshall <rmarshall@gitlab.com>
Co-authored-by: ngala <ngala@gitlab.com>
This commit is contained in:
Robert Marshall 2024-04-15 23:29:41 +00:00
parent f96ce284b5 5bc1b0d5ad
commit 8ea9c2a973
2 changed files with 48 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
files/gitlab-cookbooks/gitlab-pages/libraries/gitlab_pages.rb
View File

@ -145,18 +145,19 @@ module GitlabPages
url_scheme = Gitlab['gitlab_rails']['pages_https'] ? 'https' : 'http'
pages_port = Gitlab['gitlab_rails']['pages_port']
redirect_uri = Gitlab['gitlab_pages']['auth_redirect_uri'].gsub('.', '\.')
# Add the following when pages_port is not 80 or 443
Gitlab['pages_nginx']['proxy_redirect'] =
if [80, 443].include?(pages_port)
{
"~^#{url_scheme}://(projects\\.#{Gitlab['pages_nginx']['fqdn_regex']})/(.*)$" => "#{url_scheme}://$1/$2",
"~^(#{redirect_uri})(.*)$" => "$1$2",
"~^#{url_scheme}://([^/]*)\\.(#{Gitlab['pages_nginx']['fqdn_regex']})/(.*)$" => "#{url_scheme}://$2/$1/$3",
"~^//([^/]*)\\.(#{Gitlab['pages_nginx']['fqdn_regex']})/(.*)$" => "/$1/$3",
"~^/(.*)$" => "/$namespace/$1",
}
else
{
"~^#{url_scheme}://(projects\\.#{Gitlab['pages_nginx']['fqdn_regex']}:#{pages_port})/(.*)$" => "#{url_scheme}://$1/$2",
"~^(#{redirect_uri})(.*)$" => "$1$2",
"~^#{url_scheme}://([^/]*)\\.(#{Gitlab['pages_nginx']['fqdn_regex']}:#{pages_port})/(.*)$" => "#{url_scheme}://$2/$1/$3",
"~^//([^/]*)\\.(#{Gitlab['pages_nginx']['fqdn_regex']}:#{pages_port})/(.*)$" => "/$1/$3",
"~^/(.*)$" => "/$namespace/$1",

50
spec/chef/cookbooks/gitlab/recipes/nginx_spec.rb
View File

@ -904,7 +904,10 @@ RSpec.describe 'nginx' do
context 'when namespace_in_path is enabled in gitlab_pages' do
before do
stub_gitlab_rb(
gitlab_pages: { namespace_in_path: true }
gitlab_pages: {
namespace_in_path: true,
auth_redirect_uri: 'https://projects.pages.localhost/auth',
}
)
end
@ -918,7 +921,7 @@ RSpec.describe 'nginx' do
expect(content).to include('rewrite ^/([^/]+)/(.*)$ /$2 break;')
expect(content).to include('proxy_set_header Host $1.$http_host;')
expect(content).to include('proxy_set_header X-Gitlab-Namespace-In-Path $namespace;')
expect(content).to include('proxy_redirect ~^https://(projects\.pages\.localhost)/(.*)$ https://$1/$2;')
expect(content).to include('proxy_redirect ~^(https://projects\.pages\.localhost/auth)(.*)$ $1$2;')
expect(content).to include('proxy_redirect ~^https://([^/]*)\.(pages\.localhost)/(.*)$ https://$2/$1/$3;')
expect(content).to include('proxy_redirect ~^//([^/]*)\.(pages\.localhost)/(.*)$ /$1/$3;')
expect(content).to include('proxy_redirect ~^/(.*)$ /$namespace/$1;')
@ -935,8 +938,11 @@ RSpec.describe 'nginx' do
context 'when namespace_in_path is enabled and pages_external_url has custom port in gitlab_pages' do
before do
stub_gitlab_rb(
gitlab_pages: { namespace_in_path: true },
pages_external_url: 'https://pages.localhost:25800'
pages_external_url: 'https://pages.localhost:25800',
gitlab_pages: {
namespace_in_path: true,
auth_redirect_uri: 'https://projects.pages.localhost/auth',
}
)
end
@ -951,7 +957,7 @@ RSpec.describe 'nginx' do
expect(content).to include('rewrite ^/([^/]+)/(.*)$ /$2 break;')
expect(content).to include('proxy_set_header Host $1.$http_host;')
expect(content).to include('proxy_set_header X-Gitlab-Namespace-In-Path $namespace;')
expect(content).to include('proxy_redirect ~^https://(projects\.pages\.localhost:25800)/(.*)$ https://$1/$2;')
expect(content).to include('proxy_redirect ~^(https://projects\.pages\.localhost/auth)(.*)$ $1$2;')
expect(content).to include('proxy_redirect ~^https://([^/]*)\.(pages\.localhost:25800)/(.*)$ https://$2/$1/$3;')
expect(content).to include('proxy_redirect ~^//([^/]*)\.(pages\.localhost:25800)/(.*)$ /$1/$3;')
expect(content).to include('proxy_redirect ~^/(.*)$ /$namespace/$1;')
@ -995,6 +1001,40 @@ RSpec.describe 'nginx' do
}
end
end
context 'when namespace_in_path is enabled in gitlab_pages and auth_redirect_uri has custom url' do
before do
stub_gitlab_rb(
gitlab_pages: {
namespace_in_path: true,
auth_redirect_uri: 'https://customauth.pages.localhost/auth',
}
)
end
it 'applies nginx namespace_in_path settings for gitlab-pages' do
expect(chef_run).to render_file(http_conf['pages']).with_content { |content|
expect(content).to include('server {').twice
expect(content).to include('server_name ~^pages\.localhost$;')
expect(content).to include('location ~ ^/(?<namespace>[^/]+)$ {')
expect(content).to include('return 301 $scheme://$http_host$request_uri/;')
expect(content).to include('location ~ ^/(?<namespace>[^/]+)/(?<project>.*)$ {')
expect(content).to include('rewrite ^/([^/]+)/(.*)$ /$2 break;')
expect(content).to include('proxy_set_header Host $1.$http_host;')
expect(content).to include('proxy_set_header X-Gitlab-Namespace-In-Path $namespace;')
expect(content).to include('proxy_redirect ~^(https://customauth\.pages\.localhost/auth)(.*)$ $1$2;')
expect(content).to include('proxy_redirect ~^https://([^/]*)\.(pages\.localhost)/(.*)$ https://$2/$1/$3;')
expect(content).to include('proxy_redirect ~^//([^/]*)\.(pages\.localhost)/(.*)$ /$1/$3;')
expect(content).to include('proxy_redirect ~^/(.*)$ /$namespace/$1;')
expect(content).to include('proxy_hide_header X-Gitlab-Namespace-In-Path;')
# Below checks are to verify proper render entries are made
expect(content).to include('proxy_http_version 1.1;').twice
expect(content).to include('proxy_pass').twice
expect(content).to include('disable_symlinks on;').twice
expect(content).to include('server_tokens off;').twice
}
end
end
end
include_examples "consul service discovery", "nginx", "nginx"