RubyGems - gitlab-exporter - Versions diffs - 11.15.2 → 11.17.1 - Mend

gitlab-exporter 11.15.2 → 11.17.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

checksums.yaml +4 -4
data/.gitlab-ci.yml +14 -0
data/Gemfile.lock +7 -7
data/config/gitlab-exporter.yml.example +5 -1
data/gitlab-exporter.gemspec +1 -1
data/lib/gitlab_exporter/tls_helper.rb +39 -0
data/lib/gitlab_exporter/version.rb +1 -1
data/lib/gitlab_exporter/web_exporter.rb +45 -1
metadata +7 -6

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5d0a0ae02ed20a88844dab048496ad7f6d5aad588627a39abd380506ced488c4
-  data.tar.gz: 7452e058c911f6f32c4803bc8a37b694f2a9d604531a5f9b1ec467082e3a5fc8
+  metadata.gz: c6ccef6882054ab76a7ae363221460936a3183ed9055b3b0df775373eac4865f
+  data.tar.gz: e940486956e6d8a32f6c10f696d7baebf27c16d7654e43446325a647e8281143
 SHA512:
-  metadata.gz: 133f534a5a51bc55910b4e06c5d6f7f12cee338952ce92567972e83c5ab4cd95d94cd00336f790b92a66db48ad7c1d31ddcdd9734a15e602986d28c765034671
-  data.tar.gz: 37b8a8a952d9b3352e5bfe458984a4fb2ea7b27dda687e25b42c5c52ba16476f8ebe69e59ab19dfd95492599918cf0967576315554fbbe2b76929835bd9327a2
+  metadata.gz: d9c4f7f435a0460cf5e068ee1d2840500ef12f3324e779aebcd04fe2cd42e98df18602851d25caedf0c49a91956fd7cb9a62a635eb6269a80d7fdf4b93e2010d
+  data.tar.gz: dc5e84fd8acd9568c924a5e51a753df3ad85b2efdea1b6e626fa8ed4e604fb5e05c040ec5700e3e85accf52734aa4cd34c37d3bd2549c35cb2e25808a337b04d

data/.gitlab-ci.yml CHANGED Viewed

@@ -12,6 +12,7 @@ variables:
 stages:
   - test
   - dast
+  - publish
 default:
   image: ruby:${RUBY_VERSION}
@@ -57,3 +58,16 @@ gemnasium-dependency_scanning:
 secret_detection:
   rules: *workflow_rules
+publish_to_rubygems:
+  stage: publish
+  script:
+    - mkdir -p ~/.gem
+    - 'echo ":rubygems_api_key: ${RUBYGEMS_API_KEY}" > ~/.gem/credentials'
+    - chmod 0600 ~/.gem/credentials
+    - gem build gitlab-exporter.gemspec --output=gitlab-exporter.gem
+    - gem push gitlab-exporter.gem
+  before_script: *before_scripts
+  rules:
+    # Only push to RubyGems.org when we tag a new version
+    - if: '$CI_COMMIT_TAG'

data/Gemfile.lock CHANGED Viewed

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    gitlab-exporter (11.15.2)
+    gitlab-exporter (11.17.1)
       connection_pool (= 2.2.5)
       faraday (~> 1.8.0)
       pg (= 1.2.3)
@@ -10,7 +10,7 @@ PATH
       redis (= 4.4.0)
       redis-namespace (= 1.6.0)
       sidekiq (= 6.4.0)
-      sinatra (~> 2.1.0)
+      sinatra (~> 2.2.0)
 GEM
   remote: https://rubygems.org/
@@ -37,7 +37,7 @@ GEM
     faraday-net_http_persistent (1.2.0)
     faraday-patron (1.0.0)
     faraday-rack (1.0.0)
-    multipart-post (2.1.1)
+    multipart-post (2.2.3)
     mustermann (1.1.1)
       ruby2_keywords (~> 0.0.1)
     nio4r (2.5.8)
@@ -48,8 +48,8 @@ GEM
     puma (5.6.2)
       nio4r (~> 2.0)
     quantile (0.2.1)
-    rack (2.2.3)
-    rack-protection (2.1.0)
+    rack (2.2.4)
+    rack-protection (2.2.0)
       rack
     rainbow (3.0.0)
     redis (4.4.0)
@@ -87,10 +87,10 @@ GEM
       connection_pool (>= 2.2.2)
       rack (~> 2.0)
       redis (>= 4.2.0)
-    sinatra (2.1.0)
+    sinatra (2.2.0)
       mustermann (~> 1.0)
       rack (~> 2.2)
-      rack-protection (= 2.1.0)
+      rack-protection (= 2.2.0)
       tilt (~> 2.0)
     tilt (2.0.10)
     unicode-display_width (1.7.0)

data/config/gitlab-exporter.yml.example CHANGED Viewed

@@ -6,11 +6,15 @@ db_common: &db_common
 # Web server config
 server:
-  name: puma # cf. https://github.com/sinatra/sinatra#available-settings
+  name: webrick # cf. https://github.com/sinatra/sinatra#available-settings
   listen_address: 0.0.0.0
   listen_port: 9168
   # Maximum amount of memory to use in megabytes, after which the process is killed
   memory_threshold: 1024
+  # TLS settings
+  tls_enabled: false
+  tls_cert_path: /tmp/server.crt
+  tls_key_path: /tmp/server.key
 # Probes config
 probes:

data/gitlab-exporter.gemspec CHANGED Viewed

@@ -28,7 +28,7 @@ Gem::Specification.new do |s|
   s.add_runtime_dependency "redis", "4.4.0"
   s.add_runtime_dependency "redis-namespace", "1.6.0"
   s.add_runtime_dependency "sidekiq", "6.4.0"
-  s.add_runtime_dependency "sinatra", "~> 2.1.0"
+  s.add_runtime_dependency "sinatra", "~> 2.2.0"
   s.add_development_dependency "rspec", "~> 3.7.0"
   s.add_development_dependency "rspec-expectations", "~> 3.7.0"

data/lib/gitlab_exporter/tls_helper.rb ADDED Viewed

@@ -0,0 +1,39 @@
+# Contains helper methods to generate TLS related configuration for web servers
+module TLSHelper
+  CERT_REGEX = /-----BEGIN CERTIFICATE-----(?:.|\n)+?-----END CERTIFICATE-----/.freeze
+  def validate_tls_config(config)
+    %i[tls_cert_path tls_key_path].each do |key|
+      fail "TLS enabled, but #{key} not specified in config" unless config.key?(key)
+      fail "File specified via #{key} not found: #{config[key]}" unless File.exist?(config[key])
+    end
+  end
+  def webrick_tls_config(config)
+    # This monkey-patches WEBrick::GenericServer, so never require this unless TLS is enabled.
+    require "webrick/ssl"
+    certs = load_ca_certs_bundle(File.binread(config[:tls_cert_path]))
+    {
+      SSLEnable: true,
+      SSLCertificate: certs.shift,
+      SSLPrivateKey: OpenSSL::PKey.read(File.binread(config[:tls_key_path])),
+      # SSLStartImmediately is true by default according to the docs, but when WEBrick creates the
+      # SSLServer internally, the switch was always nil for some reason. Setting this explicitly fixes this.
+      SSLStartImmediately: true,
+      SSLExtraChainCert: certs
+    }
+  end
+  # In Ruby OpenSSL v3.0.0, this can be replaced by OpenSSL::X509::Certificate.load
+  # https://github.com/ruby/openssl/issues/254
+  def load_ca_certs_bundle(ca_certs_string)
+    return [] unless ca_certs_string
+    ca_certs_string.scan(CERT_REGEX).map do |ca_cert_string|
+      OpenSSL::X509::Certificate.new(ca_cert_string)
+    end
+  end
+end

data/lib/gitlab_exporter/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module GitLab
   module Exporter
-    VERSION = "11.15.2".freeze
+    VERSION = "11.17.1".freeze
   end
 end

data/lib/gitlab_exporter/web_exporter.rb CHANGED Viewed

@@ -1,5 +1,8 @@
 require "sinatra/base"
 require "English"
+require "cgi"
+require_relative "tls_helper"
 module GitLab
   module Exporter
@@ -51,6 +54,8 @@ module GitLab
       end
       class << self
+        include TLSHelper
         DEFAULT_WEB_SERVER = "webrick".freeze
         def setup(config)
@@ -74,8 +79,47 @@ module GitLab
           config ||= {}
           set(:server, config.fetch(:name, DEFAULT_WEB_SERVER))
-          set(:bind, config.fetch(:listen_address, "0.0.0.0"))
           set(:port, config.fetch(:listen_port, 9168))
+          # Depending on whether TLS is enabled or not, bind string
+          # will be different.
+          if config.fetch(:tls_enabled, "false").to_s == "true"
+            set_tls_config(config)
+          else
+            set(:bind, config.fetch(:listen_address, "0.0.0.0"))
+          end
+        end
+        def set_tls_config(config) # rubocop:disable Naming/AccessorMethodName
+          validate_tls_config(config)
+          web_server = config.fetch(:name, DEFAULT_WEB_SERVER)
+          if web_server == "webrick"
+            set_webrick_tls(config)
+          elsif web_server == "puma"
+            set_puma_tls(config)
+          else
+            fail "TLS not supported for web server `#{web_server}`."
+          end
+        end
+        def set_webrick_tls(config) # rubocop:disable Naming/AccessorMethodName
+          server_settings = {}
+          server_settings.merge!(webrick_tls_config(config))
+          set(:bind, config.fetch(:listen_address, "0.0.0.0"))
+          set(:server_settings, server_settings)
+        end
+        def set_puma_tls(config) # rubocop:disable Naming/AccessorMethodName
+          listen_address = config.fetch(:listen_address, "0.0.0.0")
+          listen_port = config.fetch(:listen_port, 8443)
+          tls_cert_path = CGI.escape(config.fetch(:tls_cert_path))
+          tls_key_path = CGI.escape(config.fetch(:tls_key_path))
+          bind_string = "ssl://#{listen_address}:#{listen_port}?cert=#{tls_cert_path}&key=#{tls_key_path}"
+          set(:bind, bind_string)
         end
         def setup_probes(config)

metadata CHANGED Viewed

@@ -1,11 +1,11 @@
 --- !ruby/object:Gem::Specification
 name: gitlab-exporter
 version: !ruby/object:Gem::Version
-  version: 11.15.2
+  version: 11.17.1
 platform: ruby
 authors:
 - Pablo Carranza
-autorequire:
+autorequire:
 bindir: bin
 cert_chain: []
 date: 2016-07-27 00:00:00.000000000 Z
@@ -128,14 +128,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.1.0
+        version: 2.2.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.1.0
+        version: 2.2.0
 - !ruby/object:Gem::Dependency
   name: rspec
   requirement: !ruby/object:Gem::Requirement
@@ -204,6 +204,7 @@ files:
 - lib/gitlab_exporter/prometheus.rb
 - lib/gitlab_exporter/ruby.rb
 - lib/gitlab_exporter/sidekiq.rb
+- lib/gitlab_exporter/tls_helper.rb
 - lib/gitlab_exporter/util.rb
 - lib/gitlab_exporter/version.rb
 - lib/gitlab_exporter/web_exporter.rb
@@ -224,7 +225,7 @@ homepage: http://gitlab.com
 licenses:
 - MIT
 metadata: {}
-post_install_message:
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -240,7 +241,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubygems_version: 3.1.6
-signing_key:
+signing_key:
 specification_version: 4
 summary: GitLab metrics exporter
 test_files: