Skip to content

Commit 30f3ca1

Browse files
olevskiolevski
authored
feat: disable v1 svcs but keep internal gitlab (#772)
1 parent a1b092c commit 30f3ca1

File tree

8 files changed

+241
-26
lines changed

8 files changed

+241
-26
lines changed

internal/config/config.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,7 @@ sessions:
2424
authorizedParty: renku-cli
2525
revproxy:
2626
enableV1Services: true
27+
enableInternalGitlab: true
2728
renkuBaseUrl: "https://renkulab.io"
2829
externalGitlabUrl:
2930
k8sNamespace:
@@ -41,6 +42,7 @@ revproxy:
4142
search:
4243
login:
4344
enableV1Services: true
45+
enableInternalGitlab: true
4446
endpointsBasePath:
4547
renkuBaseURL: "https://renkulab.io"
4648
tokenEncryption:

internal/config/login.go

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@ type TokenEncryptionConfig struct {
1111
}
1212

1313
type LoginConfig struct {
14+
EnableInternalGitlab bool
1415
EnableV1Services bool
1516
RenkuBaseURL *url.URL
1617
LoginRoutesBasePath string
@@ -36,7 +37,7 @@ type OIDCClient struct {
3637

3738
func (c LoginConfig) Validate(e RunningEnvironment) error {
3839
// Fix the login config when EnableV1Services is false
39-
if !c.EnableV1Services {
40+
if !c.EnableInternalGitlab {
4041
delete(c.Providers, "gitlab")
4142
}
4243
if c.TokenEncryption.Enabled && len(c.TokenEncryption.SecretKey) != 32 {
@@ -55,5 +56,8 @@ func (c LoginConfig) Validate(e RunningEnvironment) error {
5556
}
5657
}
5758
}
59+
if c.EnableV1Services && !c.EnableInternalGitlab {
60+
return fmt.Errorf("enabling V1 (legacy) services but disabling the internal Gitlab is not supported in the login config")
61+
}
5862
return nil
5963
}

internal/config/revproxy.go

Lines changed: 9 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -15,11 +15,12 @@ type RenkuServicesConfig struct {
1515
}
1616

1717
type RevproxyConfig struct {
18-
EnableV1Services bool
19-
RenkuBaseURL *url.URL
20-
ExternalGitlabURL *url.URL
21-
K8sNamespace string
22-
RenkuServices RenkuServicesConfig
18+
EnableV1Services bool
19+
EnableInternalGitlab bool
20+
RenkuBaseURL *url.URL
21+
ExternalGitlabURL *url.URL
22+
K8sNamespace string
23+
RenkuServices RenkuServicesConfig
2324
}
2425

2526
type CoreSvcConfig struct {
@@ -39,6 +40,9 @@ func (r *RevproxyConfig) Validate() error {
3940
if r.RenkuServices.UIServer == nil {
4041
return fmt.Errorf("the proxy config is missing the url to ui-server")
4142
}
43+
if r.EnableV1Services && !r.EnableInternalGitlab {
44+
return fmt.Errorf("enabling V1 (legacy) services but disabling the internal Gitlab is not supported in the reverse proxy config")
45+
}
4246

4347
// Check v1 services if needed
4448
if r.EnableV1Services {

internal/config/revproxy_test.go

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -15,10 +15,11 @@ func getValidRevproxyConfig(t *testing.T) RevproxyConfig {
1515
require.NoError(t, err)
1616
renkuServicesConfig := getValidRenkuServicesConfig(t)
1717
return RevproxyConfig{
18-
EnableV1Services: true,
19-
RenkuBaseURL: renkuBaseURL,
20-
ExternalGitlabURL: externalGitlabURL,
21-
RenkuServices: renkuServicesConfig,
18+
EnableV1Services: true,
19+
EnableInternalGitlab: true,
20+
RenkuBaseURL: renkuBaseURL,
21+
ExternalGitlabURL: externalGitlabURL,
22+
RenkuServices: renkuServicesConfig,
2223
}
2324
}
2425

internal/login/login_server_routes.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -244,7 +244,7 @@ func (l *LoginServer) nextAuthStep(
244244
}
245245

246246
func (l *LoginServer) getLoginSequence() (loginSequence []string) {
247-
if l.config.EnableV1Services {
247+
if l.config.EnableInternalGitlab {
248248
return defaultLoginSequence[:]
249249
} else {
250250
return v2OnlyLoginSequence[:]

internal/login/login_server_routes_test.go

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -48,15 +48,18 @@ func getTestConfig(loginServerPort int, authServers ...testAuthServer) (config.L
4848

4949
// Toggle `EnableV1Services` on if we authenticate with GitLab
5050
enableV1Services := false
51+
enableInternalGitlab := false
5152
for _, auth := range authServers {
5253
if auth.ClientID == "gitlab" {
5354
enableV1Services = true
55+
enableInternalGitlab = true
5456
}
5557
}
5658

5759
testConfig := config.LoginConfig{
58-
EnableV1Services: enableV1Services,
59-
RenkuBaseURL: renkuBaseURL,
60+
EnableInternalGitlab: enableInternalGitlab,
61+
EnableV1Services: enableV1Services,
62+
RenkuBaseURL: renkuBaseURL,
6063
TokenEncryption: config.TokenEncryptionConfig{
6164
Enabled: true,
6265
SecretKey: "1b195c6329ba7df1c1adf6975c71910d",

internal/revproxy/main.go

Lines changed: 29 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -54,8 +54,10 @@ func (r *Revproxy) RegisterHandlers(e *echo.Echo, commonMiddlewares ...echo.Midd
5454
sk := e.Group("/api/data/user/secret_key", commonMiddlewares...)
5555
sk.GET("/", echo.NotFoundHandler)
5656

57-
// Middlewares and routing is configured depending on `EnableV1Services`
57+
// Middlewares and routing is configured depending on `EnableV1Services` and `EnableInternalGitlab`
5858
if r.config.EnableV1Services {
59+
// Means that the V1Services and the internal Gitlab are enabled
60+
// This whole branch of else-if should be removed when the Gitlab is retired.
5961
// Initialize common authentication middleware
6062
coreSvcIdToken := r.coreSvcIdTokenAuth.Middleware()
6163
dataGitlabAccessToken := r.dataGitlabAccessTokenAuth.Middleware()
@@ -107,7 +109,26 @@ func (r *Revproxy) RegisterHandlers(e *echo.Echo, commonMiddlewares ...echo.Midd
107109
e.Group("/ui-server/api/last-projects/:length", append(commonMiddlewares, renkuAccessToken, uiServerProxy)...)
108110
e.Group("/ui-server/api/renku/cache.files_upload", uiServerUpstreamCoreLocation(r.config.RenkuServices.Core.ServiceNames[0]), uiServerProxy)
109111
e.Group("/ui-server/api/kg/entities", append(commonMiddlewares, uiServerUpstreamKgLocation(r.config.RenkuServices.KG.Host), renkuAccessToken, dataGitlabAccessToken, uiServerProxy)...)
112+
} else if r.config.EnableInternalGitlab {
113+
// This whole branch of else-if should be removed when the Gitlab is retired.
114+
// Initialize common authentication middleware
115+
notebooksRenkuRefreshToken := r.notebooksRenkuRefreshTokenAuth.Middleware()
116+
renkuAccessToken := r.renkuAccessTokenAuth.Middleware()
117+
dataGitlabAccessToken := r.dataGitlabAccessTokenAuth.Middleware()
118+
119+
// Routing for Renku services
120+
// Notebooks is being routed to data service now
121+
e.Group("/api/notebooks", append(commonMiddlewares, renkuAccessToken, dataGitlabAccessToken, notebooksRenkuRefreshToken, notebooksAnonymousID(r.sessions), regexRewrite("^/api/notebooks(.*)", "/api/data/notebooks$1"), dataServiceProxy)...)
122+
e.Group("/api/data", append(commonMiddlewares, renkuAccessToken, dataGitlabAccessToken, notebooksRenkuRefreshToken, notebooksAnonymousID(r.sessions), dataServiceProxy)...)
123+
// /api/kc is used only by the ui and no one else, will be removed when the gateway is in charge of user sessions
124+
e.Group("/api/kc", append(commonMiddlewares, stripPrefix("/api/kc"), renkuAccessToken, keycloakProxyHost, keycloakProxy)...)
125+
126+
// UI server webssockets
127+
e.Group("/ui-server/ws", append(commonMiddlewares, ensureSession(r.sessions), renkuAccessToken, uiServerProxy)...)
128+
// Some routes need to go to the UI server before they go to the specific Renku service
129+
e.Group("/ui-server/api/allows-iframe", append(commonMiddlewares, uiServerProxy)...)
110130
} else {
131+
// Both the v1 services and internal gitlab are disabled
111132
// Initialize common authentication middleware
112133
notebooksRenkuRefreshToken := r.notebooksRenkuRefreshTokenAuth.Middleware()
113134
renkuAccessToken := r.renkuAccessTokenAuth.Middleware()
@@ -142,6 +163,13 @@ func (r *Revproxy) initializeAuth() error {
142163
return err
143164
}
144165

166+
if !r.config.EnableV1Services && r.config.EnableInternalGitlab {
167+
r.dataGitlabAccessTokenAuth, err = NewAuth(AuthWithSessionStore(r.sessions), WithTokenType(models.AccessTokenType), WithProviderID("gitlab"), WithTokenInjector(dataServiceGitlabAccessTokenInjector))
168+
if err != nil {
169+
return err
170+
}
171+
}
172+
145173
// Initialize auth for v1 services if needed
146174
if r.config.EnableV1Services {
147175
r.coreSvcIdTokenAuth, err = NewAuth(AuthWithSessionStore(r.sessions), WithTokenType(models.IDTokenType), WithProviderID("renku"), WithTokenInjector(coreSvcRenkuIdTokenInjector))

0 commit comments

Comments
 (0)