Set SSL certificates path env when calling ES indexer

ca107c31 · Changzheng Liu · Nick Thomas · 7b79ae26 · ca107c31 · ca107c31
Commit ca107c31 authored Feb 12, 2020 by Changzheng Liu Committed by Nick Thomas Feb 12, 2020
3 changed files
--- a/ee/changelogs/unreleased/omnibus-5037-workaround.yml
+++ b/ee/changelogs/unreleased/omnibus-5037-workaround.yml
+---
+title: Set SSL certificates path env when calling ES indexer
+merge_request: 24213
+author:
+type: fixed
--- a/ee/lib/gitlab/elastic/indexer.rb
+++ b/ee/lib/gitlab/elastic/indexer.rb
@@ -55,15 +55,7 @@ module Gitlab
      end

      def run_indexer!(to_sha, target)
-        # We accept any form of settings, including string and array
-        # This is why JSON is needed
-        vars = {
-          'RAILS_ENV'               => Rails.env,
-          'ELASTIC_CONNECTION_INFO' => elasticsearch_config(target),
-          'GITALY_CONNECTION_INFO'  => gitaly_connection_info,
-          'FROM_SHA'                => from_sha,
-          'TO_SHA'                  => to_sha
-        }
+        vars = build_envvars(to_sha, target)

        if index_status && !repository_contains_last_indexed_commit?
          target.delete_index_for_commits_and_blobs(wiki: wiki?)
@@ -83,6 +75,23 @@ module Gitlab
        raise Error, output unless status&.zero?
      end

+      def build_envvars(to_sha, target)
+        # We accept any form of settings, including string and array
+        # This is why JSON is needed
+        vars = {
+          'RAILS_ENV'               => Rails.env,
+          'ELASTIC_CONNECTION_INFO' => elasticsearch_config(target),
+          'GITALY_CONNECTION_INFO'  => gitaly_connection_info,
+          'FROM_SHA'                => from_sha,
+          'TO_SHA'                  => to_sha
+        }
+
+        # SSL certificates related env will be sent to child process if configured
+        %w(SSL_CERT_FILE SSL_CERT_DIR).each_with_object(vars) do |key, hash|
+          hash[key] = ENV[key] if ENV.key?(key)
+        end
+      end
+
      def last_commit
        if wiki?
          index_status&.last_wiki_commit

--- a/ee/spec/lib/gitlab/elastic/indexer_spec.rb
+++ b/ee/spec/lib/gitlab/elastic/indexer_spec.rb
@@ -269,6 +269,32 @@ describe Gitlab::Elastic::Indexer do
    end
  end

+  context 'when SSL env vars are not set' do
+    subject { envvars }
+
+    it 'they will not be passed down to child process' do
+      is_expected.not_to include('SSL_CERT_FILE', 'SSL_CERT_DIR')
+    end
+  end
+
+  context 'when SSL env vars are set' do
+    let(:cert_file) { '/fake/cert.pem' }
+    let(:cert_dir) { '/fake/cert/dir' }
+
+    before do
+      stub_env('SSL_CERT_FILE', cert_file)
+      stub_env('SSL_CERT_DIR', cert_dir)
+    end
+
+    context 'when building env vars for child process' do
+      subject { envvars }
+
+      it 'SSL env vars will be included' do
+        is_expected.to include('SSL_CERT_FILE' => cert_file, 'SSL_CERT_DIR' => cert_dir)
+      end
+    end
+  end
+
  def expect_popen
    expect(Gitlab::Popen).to receive(:popen)
  end
@@ -286,4 +312,10 @@ describe Gitlab::Elastic::Indexer do
      index_name: 'gitlab-test'
    )
  end
+
+  def envvars
+    indexer.send(:build_envvars,
+      Gitlab::Git::BLANK_SHA,
+      project.repository.__elasticsearch__.elastic_writing_targets.first)
+  end
 end