BigW Consortium Gitlab

Commit 2f875c40 by Pawel Chojnacki

Finish refactring processed configuraiton, and add test validating ip range matching

parent e5a6f268
module RequiresWhitelistedMonitoringClient module RequiresWhitelistedMonitoringClient
extend ActiveSupport::Concern extend ActiveSupport::Concern
included do included do
before_action :validate_ip_whitelisted! before_action :validate_ip_whitelisted_or_token_is_valid!
end end
private private
def validate_ip_whitelisted! def validate_ip_whitelisted_or_token_is_valid!
render_404 unless client_ip_whitelisted? || token_valid? render_404 unless client_ip_whitelisted? || token_valid?
end end
def client_ip_whitelisted? def client_ip_whitelisted?
Settings.monitoring.ip_whitelist.any? { |e| e.include?(Gitlab::RequestContext.client_ip) } ip_whitelist.any? { |e| e.include?(Gitlab::RequestContext.client_ip) }
end end
def ip_whitelist def ip_whitelist
......
...@@ -6,21 +6,19 @@ describe MetricsController do ...@@ -6,21 +6,19 @@ describe MetricsController do
let(:json_response) { JSON.parse(response.body) } let(:json_response) { JSON.parse(response.body) }
let(:metrics_multiproc_dir) { Dir.mktmpdir } let(:metrics_multiproc_dir) { Dir.mktmpdir }
let(:whitelisted_ip) { '127.0.0.1' } let(:whitelisted_ip) { '127.0.0.1' }
let(:not_whitelisted_ip) { '127.0.0.2' } let(:whitelisted_ip_range) { '10.0.0.0/24' }
let(:ip_in_whitelisted_range) { '10.0.0.1' }
let(:not_whitelisted_ip) { '10.0.1.1' }
before do before do
stub_env('IN_MEMORY_APPLICATION_SETTINGS', 'false') stub_env('IN_MEMORY_APPLICATION_SETTINGS', 'false')
stub_env('prometheus_multiproc_dir', metrics_multiproc_dir) stub_env('prometheus_multiproc_dir', metrics_multiproc_dir)
allow(Gitlab::Metrics).to receive(:prometheus_metrics_enabled?).and_return(true) allow(Gitlab::Metrics).to receive(:prometheus_metrics_enabled?).and_return(true)
allow(Settings.monitoring).to receive(:ip_whitelist).and_return([IPAddr.new(whitelisted_ip)]) allow(Settings.monitoring).to receive(:ip_whitelist).and_return([whitelisted_ip, whitelisted_ip_range])
end end
describe '#index' do describe '#index' do
context 'accessed from whitelisted ip' do shared_examples_for 'endpoint providing metrics' do
before do
allow(Gitlab::RequestContext).to receive(:client_ip).and_return(whitelisted_ip)
end
it 'returns DB ping metrics' do it 'returns DB ping metrics' do
get :index get :index
...@@ -61,6 +59,22 @@ describe MetricsController do ...@@ -61,6 +59,22 @@ describe MetricsController do
end end
end end
context 'accessed from whitelisted ip' do
before do
allow(Gitlab::RequestContext).to receive(:client_ip).and_return(whitelisted_ip)
end
it_behaves_like 'endpoint providing metrics'
end
context 'accessed from ip in whitelisted range' do
before do
allow(Gitlab::RequestContext).to receive(:client_ip).and_return(ip_in_whitelisted_range)
end
it_behaves_like 'endpoint providing metrics'
end
context 'accessed from not whitelisted ip' do context 'accessed from not whitelisted ip' do
before do before do
allow(Gitlab::RequestContext).to receive(:client_ip).and_return(not_whitelisted_ip) allow(Gitlab::RequestContext).to receive(:client_ip).and_return(not_whitelisted_ip)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment