gitlab-exporter 11.16.0 → 11.18.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 59972832ceb5628be0928d0b307c129838ba6ebe5c2c96ad700ea28a8b153db7
4
- data.tar.gz: 3fd4e095c416f2dbbea0c9f5901f1d8fe3d9006eda4f8b4a522a4802cdb2a924
3
+ metadata.gz: 885bd06ee8dbcc064e6f1f05fb13d2b216d8f371f2781d4fb6118ac1ab073236
4
+ data.tar.gz: 2257a1c7eaf0caecd81adc4f7db1b66f2d4176fe3d594969be15add4fb190ce9
5
5
  SHA512:
6
- metadata.gz: 8b68d888728ea5316c91e8a3ca26383dd8161544db55df677fc58fcb3c6ed5771c9154235462c3a0decee89b9dd31c6ffbef424d4106d8b534c6d9b015dbc0a4
7
- data.tar.gz: 4402cac5d98a53b077a1832c4d933a1ed93f49cc498a739396ec96f99ab361bb2a3f07e01c58bd4095c100ea77fbe3931fd645e1e4a4d37b5c8fccf99d43d644
6
+ metadata.gz: 3c7683f8f49f4d600bff7612eb1a7608b994ab19a5e8c220ebc78115ffd05ac8f778d2d57a2036a444570254eae1d0278f3bfcc5716ea79134ac9b87e6bde417
7
+ data.tar.gz: 336f305f91b21446789b8152d255929419bf494ed6f1c74faf03e7c4b89e4b117b02e584170ec5d64efddd64c4ad6f0adc1a8037b00f7c26fcb2835ddc9a49ff
data/.gitignore CHANGED
@@ -1,2 +1,3 @@
1
1
  .bundle
2
+ vendor
2
3
  config/gitlab-exporter*.yml
data/.gitlab-ci.yml CHANGED
@@ -25,7 +25,8 @@ default:
25
25
  .before_scripts: &before_scripts
26
26
  - git config --global user.email "bot@gitlab.com"
27
27
  - git config --global user.name "Bot User"
28
- - bundle install -j $(nproc) --path vendor
28
+ - bundle config set --local deployment true
29
+ - bundle install -j $(nproc)
29
30
 
30
31
  workflow:
31
32
  rules: &workflow_rules
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- gitlab-exporter (11.16.0)
4
+ gitlab-exporter (11.18.0)
5
5
  connection_pool (= 2.2.5)
6
6
  faraday (~> 1.8.0)
7
7
  pg (= 1.2.3)
@@ -37,8 +37,8 @@ GEM
37
37
  faraday-net_http_persistent (1.2.0)
38
38
  faraday-patron (1.0.0)
39
39
  faraday-rack (1.0.0)
40
- multipart-post (2.1.1)
41
- mustermann (1.1.1)
40
+ multipart-post (2.2.3)
41
+ mustermann (2.0.2)
42
42
  ruby2_keywords (~> 0.0.1)
43
43
  nio4r (2.5.8)
44
44
  parallel (1.20.1)
@@ -48,8 +48,8 @@ GEM
48
48
  puma (5.6.2)
49
49
  nio4r (~> 2.0)
50
50
  quantile (0.2.1)
51
- rack (2.2.3.1)
52
- rack-protection (2.2.0)
51
+ rack (2.2.4)
52
+ rack-protection (2.2.2)
53
53
  rack
54
54
  rainbow (3.0.0)
55
55
  redis (4.4.0)
@@ -87,12 +87,12 @@ GEM
87
87
  connection_pool (>= 2.2.2)
88
88
  rack (~> 2.0)
89
89
  redis (>= 4.2.0)
90
- sinatra (2.2.0)
91
- mustermann (~> 1.0)
90
+ sinatra (2.2.2)
91
+ mustermann (~> 2.0)
92
92
  rack (~> 2.2)
93
- rack-protection (= 2.2.0)
93
+ rack-protection (= 2.2.2)
94
94
  tilt (~> 2.0)
95
- tilt (2.0.10)
95
+ tilt (2.0.11)
96
96
  unicode-display_width (1.7.0)
97
97
  webrick (1.7.0)
98
98
 
@@ -6,11 +6,15 @@ db_common: &db_common
6
6
 
7
7
  # Web server config
8
8
  server:
9
- name: puma # cf. https://github.com/sinatra/sinatra#available-settings
9
+ name: webrick # cf. https://github.com/sinatra/sinatra#available-settings
10
10
  listen_address: 0.0.0.0
11
11
  listen_port: 9168
12
12
  # Maximum amount of memory to use in megabytes, after which the process is killed
13
13
  memory_threshold: 1024
14
+ # TLS settings
15
+ tls_enabled: false
16
+ tls_cert_path: /tmp/server.crt
17
+ tls_key_path: /tmp/server.key
14
18
 
15
19
  # Probes config
16
20
  probes:
@@ -136,7 +136,7 @@ module GitLab
136
136
  select: :container_repositories,
137
137
  where: <<~SQL
138
138
  migration_state <> 'import_done'
139
- AND created_at < '2022-01-23 00:00:00'
139
+ AND created_at < '2022-08-17 00:00:00'
140
140
  SQL
141
141
  },
142
142
  container_repositories_pre_importing: {
@@ -174,7 +174,7 @@ module GitLab
174
174
  select: :container_repositories,
175
175
  where: <<~SQL
176
176
  migration_state <> 'import_done'
177
- AND created_at < '2022-01-23 00:00:00'
177
+ AND created_at < '2022-08-17 00:00:00'
178
178
  AND (migration_plan IN ('free', 'early_adopter')
179
179
  OR migration_plan IS NULL)
180
180
  SQL
@@ -182,7 +182,7 @@ module GitLab
182
182
  container_repositories_import_done_free: {
183
183
  select: :container_repositories,
184
184
  where: <<~SQL
185
- (migration_state = 'import_done' OR created_at >= '2022-01-23 00:00:00')
185
+ (migration_state = 'import_done' OR created_at >= '2022-08-17 00:00:00')
186
186
  AND (migration_plan IN ('free', 'early_adopter')
187
187
  OR migration_plan IS NULL)
188
188
  SQL
@@ -0,0 +1,39 @@
1
+ # Contains helper methods to generate TLS related configuration for web servers
2
+ module TLSHelper
3
+ CERT_REGEX = /-----BEGIN CERTIFICATE-----(?:.|\n)+?-----END CERTIFICATE-----/.freeze
4
+
5
+ def validate_tls_config(config)
6
+ %i[tls_cert_path tls_key_path].each do |key|
7
+ fail "TLS enabled, but #{key} not specified in config" unless config.key?(key)
8
+
9
+ fail "File specified via #{key} not found: #{config[key]}" unless File.exist?(config[key])
10
+ end
11
+ end
12
+
13
+ def webrick_tls_config(config)
14
+ # This monkey-patches WEBrick::GenericServer, so never require this unless TLS is enabled.
15
+ require "webrick/ssl"
16
+
17
+ certs = load_ca_certs_bundle(File.binread(config[:tls_cert_path]))
18
+
19
+ {
20
+ SSLEnable: true,
21
+ SSLCertificate: certs.shift,
22
+ SSLPrivateKey: OpenSSL::PKey.read(File.binread(config[:tls_key_path])),
23
+ # SSLStartImmediately is true by default according to the docs, but when WEBrick creates the
24
+ # SSLServer internally, the switch was always nil for some reason. Setting this explicitly fixes this.
25
+ SSLStartImmediately: true,
26
+ SSLExtraChainCert: certs
27
+ }
28
+ end
29
+
30
+ # In Ruby OpenSSL v3.0.0, this can be replaced by OpenSSL::X509::Certificate.load
31
+ # https://github.com/ruby/openssl/issues/254
32
+ def load_ca_certs_bundle(ca_certs_string)
33
+ return [] unless ca_certs_string
34
+
35
+ ca_certs_string.scan(CERT_REGEX).map do |ca_cert_string|
36
+ OpenSSL::X509::Certificate.new(ca_cert_string)
37
+ end
38
+ end
39
+ end
@@ -1,5 +1,5 @@
1
1
  module GitLab
2
2
  module Exporter
3
- VERSION = "11.16.0".freeze
3
+ VERSION = "11.18.0".freeze
4
4
  end
5
5
  end
@@ -1,5 +1,8 @@
1
1
  require "sinatra/base"
2
2
  require "English"
3
+ require "cgi"
4
+
5
+ require_relative "tls_helper"
3
6
 
4
7
  module GitLab
5
8
  module Exporter
@@ -51,6 +54,8 @@ module GitLab
51
54
  end
52
55
 
53
56
  class << self
57
+ include TLSHelper
58
+
54
59
  DEFAULT_WEB_SERVER = "webrick".freeze
55
60
 
56
61
  def setup(config)
@@ -74,8 +79,47 @@ module GitLab
74
79
  config ||= {}
75
80
 
76
81
  set(:server, config.fetch(:name, DEFAULT_WEB_SERVER))
77
- set(:bind, config.fetch(:listen_address, "0.0.0.0"))
78
82
  set(:port, config.fetch(:listen_port, 9168))
83
+
84
+ # Depending on whether TLS is enabled or not, bind string
85
+ # will be different.
86
+ if config.fetch(:tls_enabled, "false").to_s == "true"
87
+ set_tls_config(config)
88
+ else
89
+ set(:bind, config.fetch(:listen_address, "0.0.0.0"))
90
+ end
91
+ end
92
+
93
+ def set_tls_config(config) # rubocop:disable Naming/AccessorMethodName
94
+ validate_tls_config(config)
95
+
96
+ web_server = config.fetch(:name, DEFAULT_WEB_SERVER)
97
+ if web_server == "webrick"
98
+ set_webrick_tls(config)
99
+ elsif web_server == "puma"
100
+ set_puma_tls(config)
101
+ else
102
+ fail "TLS not supported for web server `#{web_server}`."
103
+ end
104
+ end
105
+
106
+ def set_webrick_tls(config) # rubocop:disable Naming/AccessorMethodName
107
+ server_settings = {}
108
+ server_settings.merge!(webrick_tls_config(config))
109
+
110
+ set(:bind, config.fetch(:listen_address, "0.0.0.0"))
111
+ set(:server_settings, server_settings)
112
+ end
113
+
114
+ def set_puma_tls(config) # rubocop:disable Naming/AccessorMethodName
115
+ listen_address = config.fetch(:listen_address, "0.0.0.0")
116
+ listen_port = config.fetch(:listen_port, 8443)
117
+ tls_cert_path = CGI.escape(config.fetch(:tls_cert_path))
118
+ tls_key_path = CGI.escape(config.fetch(:tls_key_path))
119
+
120
+ bind_string = "ssl://#{listen_address}:#{listen_port}?cert=#{tls_cert_path}&key=#{tls_key_path}"
121
+
122
+ set(:bind, bind_string)
79
123
  end
80
124
 
81
125
  def setup_probes(config)
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: gitlab-exporter
3
3
  version: !ruby/object:Gem::Version
4
- version: 11.16.0
4
+ version: 11.18.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Pablo Carranza
@@ -204,6 +204,7 @@ files:
204
204
  - lib/gitlab_exporter/prometheus.rb
205
205
  - lib/gitlab_exporter/ruby.rb
206
206
  - lib/gitlab_exporter/sidekiq.rb
207
+ - lib/gitlab_exporter/tls_helper.rb
207
208
  - lib/gitlab_exporter/util.rb
208
209
  - lib/gitlab_exporter/version.rb
209
210
  - lib/gitlab_exporter/web_exporter.rb