Merge branch 'ngala/pages_namespace_in_path_custom_auth_redirect_uri' into 'master'

Robert Marshall · ngala · Robert Marshall · commit 8ea9c2a9739b · 2024-04-15T23:29:41.000Z
Support custom auth_redirect_uri when namespace_in_path is enabled See merge request https://gitlab.com/gitlab-org/omnibus-gitlab/-/merge_requests/7516 Merged-by: Robert Marshall <rmarshall@gitlab.com> Approved-by: Mitchell Nielsen <mnielsen@gitlab.com> Approved-by: Robert Marshall <rmarshall@gitlab.com> Co-authored-by: ngala <ngala@gitlab.com>
diff --git a/files/gitlab-cookbooks/gitlab-pages/libraries/gitlab_pages.rb b/files/gitlab-cookbooks/gitlab-pages/libraries/gitlab_pages.rb
@@ -145,18 +145,19 @@ def parse_namespace_in_path
       url_scheme = Gitlab['gitlab_rails']['pages_https'] ? 'https' : 'http'
 
       pages_port = Gitlab['gitlab_rails']['pages_port']
+      redirect_uri = Gitlab['gitlab_pages']['auth_redirect_uri'].gsub('.', '\.')
       # Add the following when pages_port is not 80 or 443
       Gitlab['pages_nginx']['proxy_redirect'] =
         if [80, 443].include?(pages_port)
           {
-            "~^#{url_scheme}://(projects\\.#{Gitlab['pages_nginx']['fqdn_regex']})/(.*)$" => "#{url_scheme}://$1/$2",
+            "~^(#{redirect_uri})(.*)$" => "$1$2",
             "~^#{url_scheme}://([^/]*)\\.(#{Gitlab['pages_nginx']['fqdn_regex']})/(.*)$" => "#{url_scheme}://$2/$1/$3",
             "~^//([^/]*)\\.(#{Gitlab['pages_nginx']['fqdn_regex']})/(.*)$" => "/$1/$3",
             "~^/(.*)$" => "/$namespace/$1",
           }
         else
           {
-            "~^#{url_scheme}://(projects\\.#{Gitlab['pages_nginx']['fqdn_regex']}:#{pages_port})/(.*)$" => "#{url_scheme}://$1/$2",
+            "~^(#{redirect_uri})(.*)$" => "$1$2",
             "~^#{url_scheme}://([^/]*)\\.(#{Gitlab['pages_nginx']['fqdn_regex']}:#{pages_port})/(.*)$" => "#{url_scheme}://$2/$1/$3",
             "~^//([^/]*)\\.(#{Gitlab['pages_nginx']['fqdn_regex']}:#{pages_port})/(.*)$" => "/$1/$3",
             "~^/(.*)$" => "/$namespace/$1",
diff --git a/spec/chef/cookbooks/gitlab/recipes/nginx_spec.rb b/spec/chef/cookbooks/gitlab/recipes/nginx_spec.rb
@@ -904,7 +904,10 @@
     context 'when namespace_in_path is enabled in gitlab_pages' do
       before do
         stub_gitlab_rb(
-          gitlab_pages: { namespace_in_path: true }
+          gitlab_pages: {
+            namespace_in_path: true,
+            auth_redirect_uri: 'https://projects.pages.localhost/auth',
+          }
         )
       end
 
@@ -918,7 +921,7 @@
           expect(content).to include('rewrite ^/([^/]+)/(.*)$ /$2 break;')
           expect(content).to include('proxy_set_header Host $1.$http_host;')
           expect(content).to include('proxy_set_header X-Gitlab-Namespace-In-Path $namespace;')
-          expect(content).to include('proxy_redirect ~^https://(projects\.pages\.localhost)/(.*)$ https://$1/$2;')
+          expect(content).to include('proxy_redirect ~^(https://projects\.pages\.localhost/auth)(.*)$ $1$2;')
           expect(content).to include('proxy_redirect ~^https://([^/]*)\.(pages\.localhost)/(.*)$ https://$2/$1/$3;')
           expect(content).to include('proxy_redirect ~^//([^/]*)\.(pages\.localhost)/(.*)$ /$1/$3;')
           expect(content).to include('proxy_redirect ~^/(.*)$ /$namespace/$1;')
@@ -935,8 +938,11 @@
     context 'when namespace_in_path is enabled and pages_external_url has custom port in gitlab_pages' do
       before do
         stub_gitlab_rb(
-          gitlab_pages: { namespace_in_path: true },
-          pages_external_url: 'https://pages.localhost:25800'
+          pages_external_url: 'https://pages.localhost:25800',
+          gitlab_pages: {
+            namespace_in_path: true,
+            auth_redirect_uri: 'https://projects.pages.localhost/auth',
+          }
         )
       end
 
@@ -951,7 +957,7 @@
           expect(content).to include('rewrite ^/([^/]+)/(.*)$ /$2 break;')
           expect(content).to include('proxy_set_header Host $1.$http_host;')
           expect(content).to include('proxy_set_header X-Gitlab-Namespace-In-Path $namespace;')
-          expect(content).to include('proxy_redirect ~^https://(projects\.pages\.localhost:25800)/(.*)$ https://$1/$2;')
+          expect(content).to include('proxy_redirect ~^(https://projects\.pages\.localhost/auth)(.*)$ $1$2;')
           expect(content).to include('proxy_redirect ~^https://([^/]*)\.(pages\.localhost:25800)/(.*)$ https://$2/$1/$3;')
           expect(content).to include('proxy_redirect ~^//([^/]*)\.(pages\.localhost:25800)/(.*)$ /$1/$3;')
           expect(content).to include('proxy_redirect ~^/(.*)$ /$namespace/$1;')
@@ -995,6 +1001,40 @@
         }
       end
     end
+
+    context 'when namespace_in_path is enabled in gitlab_pages and auth_redirect_uri has custom url' do
+      before do
+        stub_gitlab_rb(
+          gitlab_pages: {
+            namespace_in_path: true,
+            auth_redirect_uri: 'https://customauth.pages.localhost/auth',
+          }
+        )
+      end
+
+      it 'applies nginx namespace_in_path settings for gitlab-pages' do
+        expect(chef_run).to render_file(http_conf['pages']).with_content { |content|
+          expect(content).to include('server {').twice
+          expect(content).to include('server_name  ~^pages\.localhost$;')
+          expect(content).to include('location ~ ^/(?<namespace>[^/]+)$ {')
+          expect(content).to include('return 301 $scheme://$http_host$request_uri/;')
+          expect(content).to include('location ~ ^/(?<namespace>[^/]+)/(?<project>.*)$ {')
+          expect(content).to include('rewrite ^/([^/]+)/(.*)$ /$2 break;')
+          expect(content).to include('proxy_set_header Host $1.$http_host;')
+          expect(content).to include('proxy_set_header X-Gitlab-Namespace-In-Path $namespace;')
+          expect(content).to include('proxy_redirect ~^(https://customauth\.pages\.localhost/auth)(.*)$ $1$2;')
+          expect(content).to include('proxy_redirect ~^https://([^/]*)\.(pages\.localhost)/(.*)$ https://$2/$1/$3;')
+          expect(content).to include('proxy_redirect ~^//([^/]*)\.(pages\.localhost)/(.*)$ /$1/$3;')
+          expect(content).to include('proxy_redirect ~^/(.*)$ /$namespace/$1;')
+          expect(content).to include('proxy_hide_header X-Gitlab-Namespace-In-Path;')
+          # Below checks are to verify proper render entries are made
+          expect(content).to include('proxy_http_version 1.1;').twice
+          expect(content).to include('proxy_pass').twice
+          expect(content).to include('disable_symlinks on;').twice
+          expect(content).to include('server_tokens off;').twice
+        }
+      end
+    end
   end
 
   include_examples "consul service discovery", "nginx", "nginx"
