Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
e5709c22
Commit
e5709c22
authored
Sep 19, 2019
by
Valery Sizov
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Allow grapqh requests to a secondary node
We only prohibit GraphQL mutation
parent
d2c1eb44
Changes
6
Show whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
90 additions
and
4 deletions
+90
-4
app/graphql/mutations/base_mutation.rb
app/graphql/mutations/base_mutation.rb
+10
-0
changelogs/unreleased/32279-fix_graphql_for_secondary_node.yml
...elogs/unreleased/32279-fix_graphql_for_secondary_node.yml
+5
-0
ee/lib/ee/gitlab/middleware/read_only/controller.rb
ee/lib/ee/gitlab/middleware/read_only/controller.rb
+4
-3
lib/gitlab/middleware/read_only/controller.rb
lib/gitlab/middleware/read_only/controller.rb
+7
-1
spec/lib/gitlab/middleware/read_only_spec.rb
spec/lib/gitlab/middleware/read_only_spec.rb
+7
-0
spec/requests/api/graphql/read_only_spec.rb
spec/requests/api/graphql/read_only_spec.rb
+57
-0
No files found.
app/graphql/mutations/base_mutation.rb
View file @
e5709c22
...
@@ -5,6 +5,8 @@ module Mutations
...
@@ -5,6 +5,8 @@ module Mutations
prepend
Gitlab
::
Graphql
::
Authorize
::
AuthorizeResource
prepend
Gitlab
::
Graphql
::
Authorize
::
AuthorizeResource
prepend
Gitlab
::
Graphql
::
CopyFieldDescription
prepend
Gitlab
::
Graphql
::
CopyFieldDescription
ERROR_MESSAGE
=
'You cannot perform write operations on a read-only instance'
field
:errors
,
[
GraphQL
::
STRING_TYPE
],
field
:errors
,
[
GraphQL
::
STRING_TYPE
],
null:
false
,
null:
false
,
description:
"Reasons why the mutation failed."
description:
"Reasons why the mutation failed."
...
@@ -17,5 +19,13 @@ module Mutations
...
@@ -17,5 +19,13 @@ module Mutations
def
errors_on_object
(
record
)
def
errors_on_object
(
record
)
record
.
errors
.
full_messages
record
.
errors
.
full_messages
end
end
def
ready?
(
**
args
)
if
Gitlab
::
Database
.
read_only?
raise
Gitlab
::
Graphql
::
Errors
::
ResourceNotAvailable
,
ERROR_MESSAGE
else
true
end
end
end
end
end
end
changelogs/unreleased/32279-fix_graphql_for_secondary_node.yml
0 → 100644
View file @
e5709c22
---
title
:
Fix GraphQL for read-only instances
merge_request
:
17225
author
:
type
:
fixed
ee/lib/ee/gitlab/middleware/read_only/controller.rb
View file @
e5709c22
...
@@ -20,10 +20,10 @@ module EE
...
@@ -20,10 +20,10 @@ module EE
override
:whitelisted_routes
override
:whitelisted_routes
def
whitelisted_routes
def
whitelisted_routes
super
||
geo_node_update_route
||
geo_proxy_git_push_ssh_route
super
||
geo_node_update_route
?
||
geo_proxy_git_push_ssh_route?
end
end
def
geo_node_update_route
def
geo_node_update_route
?
# Calling route_hash may be expensive. Only do it if we think there's a possible match
# Calling route_hash may be expensive. Only do it if we think there's a possible match
return
false
unless
request
.
path
.
start_with?
(
'/admin/geo/'
)
return
false
unless
request
.
path
.
start_with?
(
'/admin/geo/'
)
...
@@ -37,11 +37,12 @@ module EE
...
@@ -37,11 +37,12 @@ module EE
end
end
end
end
def
geo_proxy_git_push_ssh_route
def
geo_proxy_git_push_ssh_route
?
routes
=
::
Gitlab
::
Middleware
::
ReadOnly
::
API_VERSIONS
.
map
do
|
version
|
routes
=
::
Gitlab
::
Middleware
::
ReadOnly
::
API_VERSIONS
.
map
do
|
version
|
%W(/api/v
#{
version
}
/geo/proxy_git_push_ssh/info_refs
%W(/api/v
#{
version
}
/geo/proxy_git_push_ssh/info_refs
/api/v
#{
version
}
/geo/proxy_git_push_ssh/push)
/api/v
#{
version
}
/geo/proxy_git_push_ssh/push)
end
end
routes
.
flatten
.
include?
(
request
.
path
)
routes
.
flatten
.
include?
(
request
.
path
)
end
end
end
end
...
...
lib/gitlab/middleware/read_only/controller.rb
View file @
e5709c22
...
@@ -20,6 +20,8 @@ module Gitlab
...
@@ -20,6 +20,8 @@ module Gitlab
'projects/lfs_locks_api'
=>
%w{verify create unlock}
'projects/lfs_locks_api'
=>
%w{verify create unlock}
}.
freeze
}.
freeze
GRAPHQL_URL
=
'/api/graphql'
def
initialize
(
app
,
env
)
def
initialize
(
app
,
env
)
@app
=
app
@app
=
app
@env
=
env
@env
=
env
...
@@ -79,7 +81,7 @@ module Gitlab
...
@@ -79,7 +81,7 @@ module Gitlab
# Overridden in EE module
# Overridden in EE module
def
whitelisted_routes
def
whitelisted_routes
grack_route?
||
internal_route?
||
lfs_route?
||
sidekiq_route?
grack_route?
||
internal_route?
||
lfs_route?
||
sidekiq_route?
||
graphql_query?
end
end
def
grack_route?
def
grack_route?
...
@@ -108,6 +110,10 @@ module Gitlab
...
@@ -108,6 +110,10 @@ module Gitlab
def
sidekiq_route?
def
sidekiq_route?
request
.
path
.
start_with?
(
"
#{
relative_url
}
/admin/sidekiq"
)
request
.
path
.
start_with?
(
"
#{
relative_url
}
/admin/sidekiq"
)
end
end
def
graphql_query?
request
.
post?
&&
request
.
path
.
start_with?
(
GRAPHQL_URL
)
end
end
end
end
end
end
end
...
...
spec/lib/gitlab/middleware/read_only_spec.rb
View file @
e5709c22
...
@@ -103,6 +103,13 @@ describe Gitlab::Middleware::ReadOnly do
...
@@ -103,6 +103,13 @@ describe Gitlab::Middleware::ReadOnly do
expect
(
subject
).
not_to
disallow_request
expect
(
subject
).
not_to
disallow_request
end
end
it
'expects a graphql request to be allowed'
do
response
=
request
.
post
(
"/api/graphql"
)
expect
(
response
).
not_to
be_redirect
expect
(
subject
).
not_to
disallow_request
end
context
'sidekiq admin requests'
do
context
'sidekiq admin requests'
do
where
(
:mounted_at
)
do
where
(
:mounted_at
)
do
[
[
...
...
spec/requests/api/graphql/read_only_spec.rb
0 → 100644
View file @
e5709c22
# frozen_string_literal: true
require
'spec_helper'
describe
'Requests on a read-only node'
do
include
GraphqlHelpers
before
do
allow
(
Gitlab
::
Database
).
to
receive
(
:read_only?
)
{
true
}
end
context
'mutations'
do
let
(
:current_user
)
{
note
.
author
}
let!
(
:note
)
{
create
(
:note
)
}
let
(
:mutation
)
do
variables
=
{
id:
GitlabSchema
.
id_from_object
(
note
).
to_s
}
graphql_mutation
(
:destroy_note
,
variables
)
end
def
mutation_response
graphql_mutation_response
(
:destroy_note
)
end
it
'disallows the query'
do
post_graphql_mutation
(
mutation
,
current_user:
current_user
)
expect
(
json_response
[
'errors'
].
first
[
'message'
]).
to
eq
(
Mutations
::
BaseMutation
::
ERROR_MESSAGE
)
end
it
'does not destroy the Note'
do
expect
do
post_graphql_mutation
(
mutation
,
current_user:
current_user
)
end
.
not_to
change
{
Note
.
count
}
end
end
context
'read-only queries'
do
let
(
:current_user
)
{
create
(
:user
)
}
let
(
:project
)
{
create
(
:project
,
:repository
)
}
before
do
project
.
add_developer
(
current_user
)
end
it
'allows the query'
do
query
=
graphql_query_for
(
'project'
,
'fullPath'
=>
project
.
full_path
)
post_graphql
(
query
,
current_user:
current_user
)
expect
(
graphql_data
[
'project'
]).
not_to
be_nil
end
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment