gitlab-labkit 0.21.2 → 0.23.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: '058e5c086c1e0408267aa37085b1badd34e04fdc30500a0d53bd081d275ae1c5'
-  data.tar.gz: 04e3d07290e4d1dd2b5e311ed5f1754dd131b3600ed8670d642e87f099ac704c
+  metadata.gz: 374f599a7aab8870d5294f5920d5f8563d8b694ea6788c1fa42ad7e8a50fd34a
+  data.tar.gz: f3d81d73ec48bf35b8faaf6cb8e5f43c27feb32a411acab08d1b5caddf112acb
 SHA512:
-  metadata.gz: 247a32b1cefef2f8a8ff5c5927048284976c8aef1eea14ad26a9c10b151760f0d412ece360ab7df0b82bb4596ceba7656aeb7c711caa14de039c531c43d298e8
-  data.tar.gz: 40d0731363c80b02e658c252dfd0da1c7ad4b19688f66f35a8b146fdef024fb3e0754a453fe38a98207102f01801db14420e553c731eba7fc09f9bdcbc1c6447
+  metadata.gz: daf3ba2cc04096dbcfd4ce9acb9a719b4437eba9aa9b2e4d3a39885f5b47dbd8dd5dc2696e775ecfd961cc729426f8eca5b7abe978a9c023876d3aac9e29168f
+  data.tar.gz: fe9648bd7092ff6852fbda09f54ca6356c5b3c8eb3974ff16839b8bb7e9f28ffb3d145e626383ab8d09f1e19dc1b6b2b10fedc910296e74e9af82c5b39155c4f

data/.gitlab/CODEOWNERS

@@ -1 +1 @@
-* @andrewn @ayufan @reprazent
+* @andrewn @ayufan @reprazent @mkaeppler

data/.gitlab-ci.yml

@@ -36,6 +36,17 @@ static-analysis:
   script:
     - rake verify
 
+danger-review:
+  image: ruby:3.0
+  stage: test
+  except:
+    - tags
+    - master
+  before_script:
+    - bundle install
+  script:
+    - bundle exec danger --fail-on-errors=true --verbose
+
 deploy:
   stage: deploy
   script:

data/.rubocop.yml

@@ -60,3 +60,6 @@ Lint/RedundantSafeNavigation: # (new in 0.93)
   Enabled: true
 Style/ClassEqualityComparison: # (new in 0.93)
   Enabled: true
+
+CodeReuse/ActiveRecord:
+  Enabled: false

data/CONTRIBUTING.md

@@ -0,0 +1,40 @@
+## Developer Certificate of Origin and License
+
+By contributing to GitLab B.V., you accept and agree to the following terms and
+conditions for your present and future contributions submitted to GitLab B.V.
+Except for the license granted herein to GitLab B.V. and recipients of software
+distributed by GitLab B.V., you reserve all right, title, and interest in and to
+your Contributions.
+
+All contributions are subject to the Developer Certificate of Origin and license set out at [docs.gitlab.com/ce/legal/developer_certificate_of_origin](https://docs.gitlab.com/ce/legal/developer_certificate_of_origin).
+
+_This notice should stay as the first item in the CONTRIBUTING.md file._
+
+## Code of conduct
+
+As contributors and maintainers of this project, we pledge to respect all people
+who contribute through reporting issues, posting feature requests, updating
+documentation, submitting pull requests or patches, and other activities.
+
+We are committed to making participation in this project a harassment-free
+experience for everyone, regardless of level of experience, gender, gender
+identity and expression, sexual orientation, disability, personal appearance,
+body size, race, ethnicity, age, or religion.
+
+Examples of unacceptable behavior by participants include the use of sexual
+language or imagery, derogatory comments or personal attacks, trolling, public
+or private harassment, insults, or other unprofessional conduct.
+
+Project maintainers have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct. Project maintainers who do not follow the
+Code of Conduct may be removed from the project team.
+
+This code of conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community.
+
+Instances of abusive, harassing, or otherwise unacceptable behavior can be
+reported by emailing contact@gitlab.com.
+
+This Code of Conduct is adapted from the [Contributor Covenant](https://contributor-covenant.org), version 1.1.0,
+available at [https://contributor-covenant.org/version/1/1/0/](https://contributor-covenant.org/version/1/1/0/).

data/Dangerfile

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+require 'gitlab-dangerfiles'
+
+Gitlab::Dangerfiles.for_project(self, 'labkit-ruby', &:import_defaults)

data/README.md

@@ -16,10 +16,11 @@ The changelog is available via [**tagged release notes**](https://gitlab.com/git
 
 ## Functionality
 
-LabKit-Ruby provides functionality in three areas:
+LabKit-Ruby provides functionality in a number of areas:
 
 1. `Labkit::Context` used for providing context information to log messages.
 1. `Labkit::Correlation` For accessing the correlation id. (Generated and propagated by `Labkit::Context`)
+1. `Labkit::FIPS` for checking for FIPS mode and using FIPS-compliant algorithms.
 1. `Labkit::Logging` for sanitizing log messages.
 1. `Labkit::Tracing` for handling and propagating distributed traces.
 

data/gitlab-labkit.gemspec

@@ -21,8 +21,8 @@ Gem::Specification.new do |spec|
   # Please maintain alphabetical order for dependencies
   spec.add_runtime_dependency "actionpack", ">= 5.0.0", "< 7.0.0"
   spec.add_runtime_dependency "activesupport", ">= 5.0.0", "< 7.0.0"
-  spec.add_runtime_dependency "grpc", "~> 1.30" # Be sure to update the "grpc-tools" dev_dependency too
-  spec.add_runtime_dependency "jaeger-client", "~> 1.1"
+  spec.add_runtime_dependency "grpc", ">= 1.37" # Be sure to update the "grpc-tools" dev_dependency too
+  spec.add_runtime_dependency "jaeger-client", "~> 1.1.0"
   spec.add_runtime_dependency "opentracing", "~> 0.4"
   spec.add_runtime_dependency "pg_query", "~> 2.1"
   spec.add_runtime_dependency "redis", ">3.0.0", "<5.0.0"
@@ -30,8 +30,9 @@ Gem::Specification.new do |spec|
   # Please maintain alphabetical order for dev dependencies
   spec.add_development_dependency "excon", "~> 0.78.1"
   spec.add_development_dependency "faraday", "~> 1.2.0"
+  spec.add_development_dependency "gitlab-dangerfiles", "~> 2.11.0"
   spec.add_development_dependency "gitlab-styles", "~> 6.2.0"
-  spec.add_development_dependency "grpc-tools", "~> 1.30"
+  spec.add_development_dependency "grpc-tools", ">= 1.37"
   spec.add_development_dependency "httparty", "~> 0.17.3"
   spec.add_development_dependency "httpclient", "~> 2.8.3"
   spec.add_development_dependency "pry", "~> 0.12"
@@ -41,6 +42,6 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency "rspec", "~> 3.10.0"
   spec.add_development_dependency "rspec-parameterized", "~> 0.4"
   spec.add_development_dependency "rufo", "0.9.0"
-  spec.add_development_dependency "sidekiq", "~> 5.2.7"
+  spec.add_development_dependency "sidekiq", ">= 5.2"
   spec.add_development_dependency "webrick", "~> 1.7.0"
 end

data/lib/gitlab-labkit.rb

@@ -9,6 +9,7 @@ module Labkit
 
   autoload :Correlation, "labkit/correlation"
   autoload :Context, "labkit/context"
+  autoload :FIPS, "labkit/fips"
   autoload :Tracing, "labkit/tracing"
   autoload :Logging, "labkit/logging"
   autoload :Middleware, "labkit/middleware"

data/lib/labkit/context.rb

@@ -9,7 +9,6 @@ require "active_support/core_ext/string/inflections"
 module Labkit
   # A context can be used to provide structured information on what resources
   # GitLab is working on within a service.
-  # The currently supported keys are defined in the `KNOWN_KEYS` constant.
   #
   # Values can be provided by passing a hash. If one of the values is a Proc
   # the proc will only be called when the value is actually needed.
@@ -28,8 +27,6 @@ module Labkit
     CORRELATION_ID_KEY = "correlation_id"
     RAW_KEYS = [CORRELATION_ID_KEY].freeze
     HEADER_PREFIX = "X-Gitlab-"
-    KNOWN_KEYS = %w[user project root_namespace subscription_plan caller_id
-                    remote_ip related_class feature_category client_id].freeze
 
     class << self
       def with_context(attributes = {})
@@ -122,7 +119,6 @@ module Labkit
 
     def assign_attributes(attributes)
       attributes = attributes.transform_keys(&method(:log_key))
-      attributes = attributes.slice(*known_log_keys)
 
       data.merge!(attributes)
 
@@ -138,7 +134,7 @@ module Labkit
 
     private
 
-    delegate :log_key, :known_log_keys, to: :class
+    delegate :log_key, to: :class
 
     attr_reader :data
 

data/lib/labkit/fips.rb

@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+
+module Labkit
+  module Digest
+    module SHA2
+      def new(*args, &block)
+        bitlen = args.first || 256
+        ::OpenSSL::Digest.const_get("SHA#{bitlen}").new
+      end
+    end
+  end
+
+  class FIPS
+    OPENSSL_DIGESTS = %i[SHA1 SHA256 SHA384 SHA512].freeze
+
+    class << self
+      # Returns whether we should be running in FIPS mode or not
+      #
+      # @return [Boolean]
+      def enabled?
+        # Attempt to auto-detect FIPS mode from OpenSSL
+        return true if OpenSSL.fips_mode
+
+        # Otherwise allow it to be set manually via the env vars
+        return true if %w[1 true yes].include?(ENV["FIPS_MODE"])
+
+        false
+      end
+
+      # Swap Ruby's Digest::SHAx implementations for OpenSSL::Digest::SHAx.
+      def enable_fips_mode!
+        require "digest"
+        require "digest/sha2"
+
+        ::Digest::SHA2.singleton_class.prepend(Labkit::Digest::SHA2)
+        OPENSSL_DIGESTS.each { |alg| use_openssl_digest(alg, alg) }
+      end
+
+      private
+
+      def use_openssl_digest(ruby_algorithm, openssl_algorithm)
+        ::Digest.send(:remove_const, ruby_algorithm) # rubocop:disable GitlabSecurity/PublicSend
+        ::Digest.const_set(ruby_algorithm, OpenSSL::Digest.const_get(openssl_algorithm, false))
+      end
+    end
+  end
+end

data/lib/labkit/middleware/sidekiq/context/server.rb

@@ -10,6 +10,7 @@ module Labkit
           def call(_worker_class, job, _queue)
             worker_name = (job["wrapped"].presence || job["class"]).to_s
             data = job.merge(Labkit::Context.log_key(:caller_id) => worker_name)
+                      .select { |key, _| key.start_with?("#{Labkit::Context::LOG_KEY}.") || Labkit::Context::RAW_KEYS.include?(key.to_s) }
 
             Labkit::Context.with_context(data) do |_context|
               yield

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: gitlab-labkit
 version: !ruby/object:Gem::Version
-  version: 0.21.2
+  version: 0.23.0
 platform: ruby
 authors:
 - Andrew Newdigate
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-09-08 00:00:00.000000000 Z
+date: 2022-06-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: actionpack
@@ -54,30 +54,30 @@ dependencies:
   name: grpc
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.30'
+        version: '1.37'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.30'
+        version: '1.37'
 - !ruby/object:Gem::Dependency
   name: jaeger-client
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.1'
+        version: 1.1.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.1'
+        version: 1.1.0
 - !ruby/object:Gem::Dependency
   name: opentracing
   requirement: !ruby/object:Gem::Requirement
@@ -154,6 +154,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 1.2.0
+- !ruby/object:Gem::Dependency
+  name: gitlab-dangerfiles
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.11.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.11.0
 - !ruby/object:Gem::Dependency
   name: gitlab-styles
   requirement: !ruby/object:Gem::Requirement
@@ -172,16 +186,16 @@ dependencies:
   name: grpc-tools
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.30'
+        version: '1.37'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.30'
+        version: '1.37'
 - !ruby/object:Gem::Dependency
   name: httparty
   requirement: !ruby/object:Gem::Requirement
@@ -312,16 +326,16 @@ dependencies:
   name: sidekiq
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 5.2.7
+        version: '5.2'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 5.2.7
+        version: '5.2'
 - !ruby/object:Gem::Dependency
   name: webrick
   requirement: !ruby/object:Gem::Requirement
@@ -351,6 +365,8 @@ files:
 - ".rubocop_todo.yml"
 - ".ruby-version"
 - ".rufo"
+- CONTRIBUTING.md
+- Dangerfile
 - Gemfile
 - LICENSE
 - README.md
@@ -365,6 +381,7 @@ files:
 - lib/labkit/correlation/grpc/grpc_common.rb
 - lib/labkit/correlation/grpc/server_interceptor.rb
 - lib/labkit/excon_publisher.rb
+- lib/labkit/fips.rb
 - lib/labkit/httpclient_publisher.rb
 - lib/labkit/logging.rb
 - lib/labkit/logging/grpc.rb