• Stan Hu's avatar
    Add support for propagation correlation IDs from trusted CIDRs · 5e865c2e
    Stan Hu authored
    When Gitaly makes internal API calls back to Workhorse in Git hooks,
    Workhorse previously would generate new correlation IDs, making it hard
    to trace the entire call flow.
    
    In https://gitlab.com/gitlab-org/labkit/-/merge_requests/123, we added
    the ability to propagate correlation IDs from trusted CIDR blocks.
    
    To use this feature, we add two configuraton parameters:
    
    * `trusted_cidrs_for_x_forwarded_for`
    * `trusted_cidrs_for_propagation`
    
    If propagation of correlation ID is enabled,
    `trusted_cidrs_for_x_forwarded_for` tells LabKit what remote IPs can be
    trusted to use the `X-Forwarded-For` HTTP header to resolve the actual
    client IP. Note that this parameter is not yet used in Workhorse's
    remote IP resolution, but it should be.
    
    `trusted_cidrs_for_propagation` allows Workhorse to restrict propagation
    to certain IP ranges. We will want to add the Gitaly servers to this
    list.
    
    Relates to https://gitlab.com/gitlab-org/gitlab/-/issues/324836
    
    Changelog: added
    5e865c2e
go.mod 1.75 KB