gitlab-exporter 11.15.2 → 11.17.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 5d0a0ae02ed20a88844dab048496ad7f6d5aad588627a39abd380506ced488c4
4
- data.tar.gz: 7452e058c911f6f32c4803bc8a37b694f2a9d604531a5f9b1ec467082e3a5fc8
3
+ metadata.gz: c6ccef6882054ab76a7ae363221460936a3183ed9055b3b0df775373eac4865f
4
+ data.tar.gz: e940486956e6d8a32f6c10f696d7baebf27c16d7654e43446325a647e8281143
5
5
  SHA512:
6
- metadata.gz: 133f534a5a51bc55910b4e06c5d6f7f12cee338952ce92567972e83c5ab4cd95d94cd00336f790b92a66db48ad7c1d31ddcdd9734a15e602986d28c765034671
7
- data.tar.gz: 37b8a8a952d9b3352e5bfe458984a4fb2ea7b27dda687e25b42c5c52ba16476f8ebe69e59ab19dfd95492599918cf0967576315554fbbe2b76929835bd9327a2
6
+ metadata.gz: d9c4f7f435a0460cf5e068ee1d2840500ef12f3324e779aebcd04fe2cd42e98df18602851d25caedf0c49a91956fd7cb9a62a635eb6269a80d7fdf4b93e2010d
7
+ data.tar.gz: dc5e84fd8acd9568c924a5e51a753df3ad85b2efdea1b6e626fa8ed4e604fb5e05c040ec5700e3e85accf52734aa4cd34c37d3bd2549c35cb2e25808a337b04d
data/.gitlab-ci.yml CHANGED
@@ -12,6 +12,7 @@ variables:
12
12
  stages:
13
13
  - test
14
14
  - dast
15
+ - publish
15
16
 
16
17
  default:
17
18
  image: ruby:${RUBY_VERSION}
@@ -57,3 +58,16 @@ gemnasium-dependency_scanning:
57
58
 
58
59
  secret_detection:
59
60
  rules: *workflow_rules
61
+
62
+ publish_to_rubygems:
63
+ stage: publish
64
+ script:
65
+ - mkdir -p ~/.gem
66
+ - 'echo ":rubygems_api_key: ${RUBYGEMS_API_KEY}" > ~/.gem/credentials'
67
+ - chmod 0600 ~/.gem/credentials
68
+ - gem build gitlab-exporter.gemspec --output=gitlab-exporter.gem
69
+ - gem push gitlab-exporter.gem
70
+ before_script: *before_scripts
71
+ rules:
72
+ # Only push to RubyGems.org when we tag a new version
73
+ - if: '$CI_COMMIT_TAG'
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- gitlab-exporter (11.15.2)
4
+ gitlab-exporter (11.17.1)
5
5
  connection_pool (= 2.2.5)
6
6
  faraday (~> 1.8.0)
7
7
  pg (= 1.2.3)
@@ -10,7 +10,7 @@ PATH
10
10
  redis (= 4.4.0)
11
11
  redis-namespace (= 1.6.0)
12
12
  sidekiq (= 6.4.0)
13
- sinatra (~> 2.1.0)
13
+ sinatra (~> 2.2.0)
14
14
 
15
15
  GEM
16
16
  remote: https://rubygems.org/
@@ -37,7 +37,7 @@ GEM
37
37
  faraday-net_http_persistent (1.2.0)
38
38
  faraday-patron (1.0.0)
39
39
  faraday-rack (1.0.0)
40
- multipart-post (2.1.1)
40
+ multipart-post (2.2.3)
41
41
  mustermann (1.1.1)
42
42
  ruby2_keywords (~> 0.0.1)
43
43
  nio4r (2.5.8)
@@ -48,8 +48,8 @@ GEM
48
48
  puma (5.6.2)
49
49
  nio4r (~> 2.0)
50
50
  quantile (0.2.1)
51
- rack (2.2.3)
52
- rack-protection (2.1.0)
51
+ rack (2.2.4)
52
+ rack-protection (2.2.0)
53
53
  rack
54
54
  rainbow (3.0.0)
55
55
  redis (4.4.0)
@@ -87,10 +87,10 @@ GEM
87
87
  connection_pool (>= 2.2.2)
88
88
  rack (~> 2.0)
89
89
  redis (>= 4.2.0)
90
- sinatra (2.1.0)
90
+ sinatra (2.2.0)
91
91
  mustermann (~> 1.0)
92
92
  rack (~> 2.2)
93
- rack-protection (= 2.1.0)
93
+ rack-protection (= 2.2.0)
94
94
  tilt (~> 2.0)
95
95
  tilt (2.0.10)
96
96
  unicode-display_width (1.7.0)
@@ -6,11 +6,15 @@ db_common: &db_common
6
6
 
7
7
  # Web server config
8
8
  server:
9
- name: puma # cf. https://github.com/sinatra/sinatra#available-settings
9
+ name: webrick # cf. https://github.com/sinatra/sinatra#available-settings
10
10
  listen_address: 0.0.0.0
11
11
  listen_port: 9168
12
12
  # Maximum amount of memory to use in megabytes, after which the process is killed
13
13
  memory_threshold: 1024
14
+ # TLS settings
15
+ tls_enabled: false
16
+ tls_cert_path: /tmp/server.crt
17
+ tls_key_path: /tmp/server.key
14
18
 
15
19
  # Probes config
16
20
  probes:
@@ -28,7 +28,7 @@ Gem::Specification.new do |s|
28
28
  s.add_runtime_dependency "redis", "4.4.0"
29
29
  s.add_runtime_dependency "redis-namespace", "1.6.0"
30
30
  s.add_runtime_dependency "sidekiq", "6.4.0"
31
- s.add_runtime_dependency "sinatra", "~> 2.1.0"
31
+ s.add_runtime_dependency "sinatra", "~> 2.2.0"
32
32
 
33
33
  s.add_development_dependency "rspec", "~> 3.7.0"
34
34
  s.add_development_dependency "rspec-expectations", "~> 3.7.0"
@@ -0,0 +1,39 @@
1
+ # Contains helper methods to generate TLS related configuration for web servers
2
+ module TLSHelper
3
+ CERT_REGEX = /-----BEGIN CERTIFICATE-----(?:.|\n)+?-----END CERTIFICATE-----/.freeze
4
+
5
+ def validate_tls_config(config)
6
+ %i[tls_cert_path tls_key_path].each do |key|
7
+ fail "TLS enabled, but #{key} not specified in config" unless config.key?(key)
8
+
9
+ fail "File specified via #{key} not found: #{config[key]}" unless File.exist?(config[key])
10
+ end
11
+ end
12
+
13
+ def webrick_tls_config(config)
14
+ # This monkey-patches WEBrick::GenericServer, so never require this unless TLS is enabled.
15
+ require "webrick/ssl"
16
+
17
+ certs = load_ca_certs_bundle(File.binread(config[:tls_cert_path]))
18
+
19
+ {
20
+ SSLEnable: true,
21
+ SSLCertificate: certs.shift,
22
+ SSLPrivateKey: OpenSSL::PKey.read(File.binread(config[:tls_key_path])),
23
+ # SSLStartImmediately is true by default according to the docs, but when WEBrick creates the
24
+ # SSLServer internally, the switch was always nil for some reason. Setting this explicitly fixes this.
25
+ SSLStartImmediately: true,
26
+ SSLExtraChainCert: certs
27
+ }
28
+ end
29
+
30
+ # In Ruby OpenSSL v3.0.0, this can be replaced by OpenSSL::X509::Certificate.load
31
+ # https://github.com/ruby/openssl/issues/254
32
+ def load_ca_certs_bundle(ca_certs_string)
33
+ return [] unless ca_certs_string
34
+
35
+ ca_certs_string.scan(CERT_REGEX).map do |ca_cert_string|
36
+ OpenSSL::X509::Certificate.new(ca_cert_string)
37
+ end
38
+ end
39
+ end
@@ -1,5 +1,5 @@
1
1
  module GitLab
2
2
  module Exporter
3
- VERSION = "11.15.2".freeze
3
+ VERSION = "11.17.1".freeze
4
4
  end
5
5
  end
@@ -1,5 +1,8 @@
1
1
  require "sinatra/base"
2
2
  require "English"
3
+ require "cgi"
4
+
5
+ require_relative "tls_helper"
3
6
 
4
7
  module GitLab
5
8
  module Exporter
@@ -51,6 +54,8 @@ module GitLab
51
54
  end
52
55
 
53
56
  class << self
57
+ include TLSHelper
58
+
54
59
  DEFAULT_WEB_SERVER = "webrick".freeze
55
60
 
56
61
  def setup(config)
@@ -74,8 +79,47 @@ module GitLab
74
79
  config ||= {}
75
80
 
76
81
  set(:server, config.fetch(:name, DEFAULT_WEB_SERVER))
77
- set(:bind, config.fetch(:listen_address, "0.0.0.0"))
78
82
  set(:port, config.fetch(:listen_port, 9168))
83
+
84
+ # Depending on whether TLS is enabled or not, bind string
85
+ # will be different.
86
+ if config.fetch(:tls_enabled, "false").to_s == "true"
87
+ set_tls_config(config)
88
+ else
89
+ set(:bind, config.fetch(:listen_address, "0.0.0.0"))
90
+ end
91
+ end
92
+
93
+ def set_tls_config(config) # rubocop:disable Naming/AccessorMethodName
94
+ validate_tls_config(config)
95
+
96
+ web_server = config.fetch(:name, DEFAULT_WEB_SERVER)
97
+ if web_server == "webrick"
98
+ set_webrick_tls(config)
99
+ elsif web_server == "puma"
100
+ set_puma_tls(config)
101
+ else
102
+ fail "TLS not supported for web server `#{web_server}`."
103
+ end
104
+ end
105
+
106
+ def set_webrick_tls(config) # rubocop:disable Naming/AccessorMethodName
107
+ server_settings = {}
108
+ server_settings.merge!(webrick_tls_config(config))
109
+
110
+ set(:bind, config.fetch(:listen_address, "0.0.0.0"))
111
+ set(:server_settings, server_settings)
112
+ end
113
+
114
+ def set_puma_tls(config) # rubocop:disable Naming/AccessorMethodName
115
+ listen_address = config.fetch(:listen_address, "0.0.0.0")
116
+ listen_port = config.fetch(:listen_port, 8443)
117
+ tls_cert_path = CGI.escape(config.fetch(:tls_cert_path))
118
+ tls_key_path = CGI.escape(config.fetch(:tls_key_path))
119
+
120
+ bind_string = "ssl://#{listen_address}:#{listen_port}?cert=#{tls_cert_path}&key=#{tls_key_path}"
121
+
122
+ set(:bind, bind_string)
79
123
  end
80
124
 
81
125
  def setup_probes(config)
metadata CHANGED
@@ -1,11 +1,11 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: gitlab-exporter
3
3
  version: !ruby/object:Gem::Version
4
- version: 11.15.2
4
+ version: 11.17.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Pablo Carranza
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
11
  date: 2016-07-27 00:00:00.000000000 Z
@@ -128,14 +128,14 @@ dependencies:
128
128
  requirements:
129
129
  - - "~>"
130
130
  - !ruby/object:Gem::Version
131
- version: 2.1.0
131
+ version: 2.2.0
132
132
  type: :runtime
133
133
  prerelease: false
134
134
  version_requirements: !ruby/object:Gem::Requirement
135
135
  requirements:
136
136
  - - "~>"
137
137
  - !ruby/object:Gem::Version
138
- version: 2.1.0
138
+ version: 2.2.0
139
139
  - !ruby/object:Gem::Dependency
140
140
  name: rspec
141
141
  requirement: !ruby/object:Gem::Requirement
@@ -204,6 +204,7 @@ files:
204
204
  - lib/gitlab_exporter/prometheus.rb
205
205
  - lib/gitlab_exporter/ruby.rb
206
206
  - lib/gitlab_exporter/sidekiq.rb
207
+ - lib/gitlab_exporter/tls_helper.rb
207
208
  - lib/gitlab_exporter/util.rb
208
209
  - lib/gitlab_exporter/version.rb
209
210
  - lib/gitlab_exporter/web_exporter.rb
@@ -224,7 +225,7 @@ homepage: http://gitlab.com
224
225
  licenses:
225
226
  - MIT
226
227
  metadata: {}
227
- post_install_message:
228
+ post_install_message:
228
229
  rdoc_options: []
229
230
  require_paths:
230
231
  - lib
@@ -240,7 +241,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
240
241
  version: '0'
241
242
  requirements: []
242
243
  rubygems_version: 3.1.6
243
- signing_key:
244
+ signing_key:
244
245
  specification_version: 4
245
246
  summary: GitLab metrics exporter
246
247
  test_files: