Embed Jaeger tracing in iframe

changelogs/unreleased/30525-iframe_jaeger.yml

+---
+title: Embed Jaeger in Gitlab UI
+merge_request:
+author:
+type: changed

ee/app/views/layouts/nav/sidebar/_tracing_link.html.haml

@@ -2,12 +2,6 @@
 
 - if project_nav_tab? :settings
   = nav_link(controller: :tracings, action: [:show]) do
-    - if @project.tracing_external_url.present?
-      = link_to sanitize(@project.tracing_external_url, scrubber: Rails::Html::TextOnlyScrubber.new), target: "_blank", rel: 'noopener noreferrer' do
-        %span
-          = _('Tracing')
-          %i.strong.ml-1.fa.fa-external-link
-    - else
-      = link_to project_tracing_path(@project), title: _('Tracing') do
-        %span
-          = _('Tracing')
+    = link_to project_tracing_path(@project), title: _('Tracing') do
+      %span
+        = _('Tracing')

ee/app/views/projects/tracings/show.html.haml

 - @content_class = "limit-container-width" unless fluid_layout
 - page_title _("Tracing")
 
-.row.empty-state
-  .col-12
-    .svg-content
-      = image_tag 'illustrations/monitoring/tracing.svg', style: 'max-height: 254px'
+- if @project.tracing_external_url.present?
+  %h3.page-title= _('Tracing')
+  - jaeger_link = link_to('Jaeger tracing', 'https://www.jaegertracing.io/', target: "_blank", rel: "noreferrer")
+  %p.light= _("GitLab uses %{jaeger_link} to monitor distributed systems.").html_safe % { jaeger_link: jaeger_link }
 
-  .col-12
-    .text-content
-      %h4.text-left= _('Troubleshoot and monitor your application with tracing')
-      %p
-        - jaeger_help_url = "https://www.jaegertracing.io/docs/1.7/getting-started/"
-        - link_start_tag = '<a href="%{url}" target="_blank" rel="noopener noreferrer">'.html_safe % { url: jaeger_help_url }
-        - link_end_tag = "#{sprite_icon('external-link', size: 16, css_class: 'ml-1 vertical-align-middle')}</a>".html_safe
-        = _('To get started, link this page to your Jaeger server, or find out how to %{link_start_tag}install Jaeger%{link_end_tag}').html_safe % { link_start_tag: link_start_tag, link_end_tag: link_end_tag }
+  = content_for :flash_message do
+    .alert.alert-warning.flex-alert
+      .alert-message
+        = _("Your password isn't required to view this page. If a password or any other personal details are requested, please contact your administrator to report abuse.")
 
-      .text-center
-        = render 'tracing_button'
+  .card
+    - iframe_permissions = "allow-forms allow-scripts allow-same-origin allow-popups"
+    %iframe.border-0{ src: sanitize(@project.tracing_external_url, scrubber: Rails::Html::TextOnlyScrubber.new), width: '100%', height: 970, sandbox: iframe_permissions }
+- else
+  .row.empty-state
+    .col-12
+      .svg-content
+        = image_tag 'illustrations/monitoring/tracing.svg'
+
+    .col-12
+      .text-content
+        %h4.text-left= _('Troubleshoot and monitor your application with tracing')
+        %p
+          - jaeger_help_url = "https://www.jaegertracing.io/docs/1.7/getting-started/"
+          - link_start_tag = '<a href="%{url}" target="_blank" rel="noopener noreferrer">'.html_safe % { url: jaeger_help_url }
+          - link_end_tag = "#{sprite_icon('external-link', size: 16, css_class: 'ml-1 vertical-align-middle')}</a>".html_safe
+          = _('To get started, link this page to your Jaeger server, or find out how to %{link_start_tag}install Jaeger%{link_end_tag}').html_safe % { link_start_tag: link_start_tag, link_end_tag: link_end_tag }
+
+          .text-center
+            = render 'tracing_button'

ee/spec/views/layouts/nav/sidebar/_project.html.haml_spec.rb

@@ -73,40 +73,12 @@ describe 'layouts/nav/sidebar/_project' do
       expect(rendered).not_to have_text 'Tracing'
     end
 
-    context 'with project.tracing_external_url' do
-      let(:tracing_url) { 'https://tracing.url' }
-      let(:tracing_settings) { create(:project_tracing_setting, project: project, external_url: tracing_url) }
-
-      before do
-        allow(view).to receive(:can?).and_return(true)
-      end
-
-      it 'links to project.tracing_external_url' do
-        expect(tracing_settings.external_url).to eq(tracing_url)
-        expect(project.tracing_external_url).to eq(tracing_url)
-
-        render
-
-        expect(rendered).to have_link('Tracing', href: tracing_url)
-      end
-
-      context 'with malicious external_url' do
-        let(:malicious_tracing_url) { "https://replaceme.com/'><script>alert(document.cookie)</script>" }
-        let(:cleaned_url) { "https://replaceme.com/'>" }
-
-        before do
-          tracing_settings.update_column(:external_url, malicious_tracing_url)
-        end
-
-        it 'sanitizes external_url' do
-          expect(project.tracing_external_url).to eq(malicious_tracing_url)
+    it 'links to Tracing page' do
+      allow(view).to receive(:can?).and_return(true)
 
-          render
+      render
 
-          expect(tracing_settings.external_url).to eq(malicious_tracing_url)
-          expect(rendered).to have_link('Tracing', href: cleaned_url)
-        end
-      end
+      expect(rendered).to have_link('Tracing', href: project_tracing_path(project))
     end
 
     context 'without project.tracing_external_url' do

ee/spec/views/projects/tracing/show.html.haml_spec.rb

+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe 'projects/tracings/show' do
+  let(:project) { create(:project, :repository) }
+  let(:error_tracking_setting) { create(:project_error_tracking_setting, project: project) }
+
+  before do
+    assign(:project, project)
+    assign(:repository, project.repository)
+    allow(view).to receive(:current_ref).and_return('master')
+    allow(view).to receive(:error_tracking_setting).and_return(error_tracking_setting)
+    allow(view).to receive(:incident_management_available?) { false }
+    stub_licensed_features(tracing: true)
+  end
+
+  context 'with project.tracing_external_url' do
+    let(:tracing_url) { 'https://tracing.url' }
+    let(:tracing_setting) { create(:project_tracing_setting, project: project, external_url: tracing_url) }
+
+    before do
+      allow(view).to receive(:can?).and_return(true)
+      allow(view).to receive(:tracing_setting).and_return(tracing_setting)
+    end
+
+    it 'renders iframe' do
+      render
+
+      expect(rendered).to match(/iframe/)
+    end
+
+    context 'with malicious external_url' do
+      let(:malicious_tracing_url) { "https://replaceme.com/'><script>alert(document.cookie)</script>" }
+      let(:cleaned_url) { "https://replaceme.com/'&gt;" }
+
+      before do
+        tracing_setting.update_column(:external_url, malicious_tracing_url)
+      end
+
+      it 'sanitizes external_url' do
+        render
+
+        expect(tracing_setting.external_url).to eq(malicious_tracing_url)
+        expect(rendered).to have_xpath("//iframe[@src=\"#{cleaned_url}\"]")
+      end
+    end
+  end
+
+  context 'without project.tracing_external_url' do
+    before do
+      allow(view).to receive(:can?).and_return(true)
+    end
+
+    it 'renders empty state' do
+      render
+
+      expect(rendered).to have_link('Add Jaeger URL')
+      expect(rendered).not_to match(/iframe/)
+    end
+  end
+end

locale/gitlab.pot

@@ -7922,6 +7922,9 @@ msgstr ""
 msgid "GitLab single sign on URL"
 msgstr ""
 
+msgid "GitLab uses %{jaeger_link} to monitor distributed systems."
+msgstr ""
+
 msgid "GitLab will run a background job that will produce pseudonymized CSVs of the GitLab database that will be uploaded to your configured object storage directory."
 msgstr ""
 
@@ -19289,6 +19292,9 @@ msgstr ""
 msgid "Your new personal access token has been created."
 msgstr ""
 
+msgid "Your password isn't required to view this page. If a password or any other personal details are requested, please contact your administrator to report abuse."
+msgstr ""
+
 msgid "Your password reset token has expired."
 msgstr ""