Merge branch 'mk/add-internal-geo-proxy-endpoint' into 'master'

Add /internal/geo_proxy endpoint [RUN ALL RSPEC] [RUN AS-IF-FOSS] See merge request gitlab-org/gitlab!56297

Merge branch 'mk/add-internal-geo-proxy-endpoint' into 'master'
Add /internal/geo_proxy endpoint [RUN ALL RSPEC] [RUN AS-IF-FOSS] See merge request gitlab-org/gitlab!56297
6c29be7e · Douglas Barbosa Alexandre · c84d9415 · 36c745e2 · 6c29be7e · 6c29be7e
Commit 6c29be7e authored Mar 29, 2021 by Douglas Barbosa Alexandre
5 changed files
--- a/ee/config/feature_flags/development/geo_secondary_proxy.yml
+++ b/ee/config/feature_flags/development/geo_secondary_proxy.yml
+---
+name: geo_secondary_proxy
+introduced_by_url: '56297'
+rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/325732
+milestone: '13.11'
+type: development
+group: group::geo
+default_enabled: false
--- a/ee/lib/ee/api/internal/base.rb
+++ b/ee/lib/ee/api/internal/base.rb
@@ -49,6 +49,21 @@ module EE
                { success: false, message: 'Invalid OTP' }
              end
            end
+
+            override :geo_proxy
+            def geo_proxy
+              # The methods used here (or their underlying methods) are cached
+              # for:
+              #
+              # * 1 minute in memory
+              # * 2 minutes in Redis
+              #
+              if ::Feature.enabled?(:geo_secondary_proxy, default_enabled: :yaml) && ::Gitlab::Geo.secondary_with_primary?
+                { geo_proxy_url: ::Gitlab::Geo.primary_node.internal_url }
+              else
+                super
+              end
+            end
          end
        end
      end

--- a/ee/spec/requests/api/internal/base_spec.rb
+++ b/ee/spec/requests/api/internal/base_spec.rb
@@ -474,4 +474,81 @@ RSpec.describe API::Internal::Base do
      end
    end
  end
+
+  describe 'GET /internal/geo_proxy' do
+    subject { get api('/internal/geo_proxy'), params: { secret_token: secret_token } }
+
+    context 'with valid auth' do
+      context 'when Geo is not being used' do
+        it 'returns empty data' do
+          allow(::Gitlab::Geo).to receive(:enabled?).and_return(false)
+
+          subject
+
+          expect(response).to have_gitlab_http_status(:ok)
+          expect(json_response).to be_empty
+        end
+      end
+
+      context 'when this is a primary site' do
+        it 'returns empty data' do
+          stub_current_geo_node(primary_node)
+
+          subject
+
+          expect(response).to have_gitlab_http_status(:ok)
+          expect(json_response).to be_empty
+        end
+      end
+
+      context 'when this is a secondary site' do
+        before do
+          stub_current_geo_node(secondary_node)
+        end
+
+        context 'when a primary exists' do
+          it 'returns the primary internal URL' do
+            subject
+
+            expect(response).to have_gitlab_http_status(:ok)
+            expect(json_response['geo_proxy_url']).to match(primary_node.internal_url)
+          end
+        end
+
+        context 'when a primary does not exist' do
+          it 'returns empty data' do
+            allow(::Gitlab::Geo).to receive(:primary_node_configured?).and_return(false)
+
+            subject
+
+            expect(response).to have_gitlab_http_status(:ok)
+            expect(json_response).to be_empty
+          end
+        end
+      end
+
+      context 'when geo_secondary_proxy feature flag is disabled' do
+        before do
+          stub_feature_flags(geo_secondary_proxy: false)
+        end
+
+        it 'returns empty data' do
+          subject
+
+          expect(response).to have_gitlab_http_status(:ok)
+          expect(json_response).to be_empty
+        end
+      end
+    end
+
+    context 'with invalid auth' do
+      let(:secret_token) { 'invalid_token' }
+
+      it 'returns unauthorized' do
+        subject
+
+        expect(response).to have_gitlab_http_status(:unauthorized)
+      end
+    end
+  end
 end
--- a/lib/api/internal/base.rb
+++ b/lib/api/internal/base.rb
@@ -128,6 +128,11 @@ module API
            yield
          end
        end
+
+        # Overridden in EE
+        def geo_proxy
+          {}
+        end
      end

      namespace 'internal' do
@@ -322,6 +327,12 @@ module API

          two_factor_otp_check
        end
+
+        # Workhorse calls this to determine if it is a Geo secondary site
+        # that should proxy requests. FOSS can quickly return empty data.
+        get '/geo_proxy', feature_category: :geo_replication do
+          geo_proxy
+        end
      end
    end
  end

--- a/spec/requests/api/internal/base_spec.rb
+++ b/spec/requests/api/internal/base_spec.rb
@@ -1413,6 +1413,29 @@ RSpec.describe API::Internal::Base do
    end
  end

+  describe 'GET /internal/geo_proxy' do
+    subject { get api('/internal/geo_proxy'), params: { secret_token: secret_token } }
+
+    context 'with valid auth' do
+      it 'returns empty data' do
+        subject
+
+        expect(response).to have_gitlab_http_status(:ok)
+        expect(json_response).to be_empty
+      end
+    end
+
+    context 'with invalid auth' do
+      let(:secret_token) { 'invalid_token' }
+
+      it 'returns unauthorized' do
+        subject
+
+        expect(response).to have_gitlab_http_status(:unauthorized)
+      end
+    end
+  end
+
  def lfs_auth_project(project)
    post(
      api("/internal/lfs_authenticate"),