🏡 index : ~doyle/gitlab-cargo-shim.git

author fdbastionamio <138663499+fdbastionamio@users.noreply.github.com> 2023-07-21 0:10:17.0 +00:00:00
committer GitHub <noreply@github.com> 2023-07-21 0:10:17.0 +00:00:00
commit 
26379440dc7f8a86843394f50053a50151cb2fa6 [patch]
tree 
00d44abeab698a2b85a63e3565286a93543e900d
parent 
bd8f8db0582a180e979f9d11c20b2ec18758d19d
download 
26379440dc7f8a86843394f50053a50151cb2fa6.tar.gz

Features/gitlab custom cert (#50)

* Added gitlab custom cert

* Added gitlab custom cert

* fix conf

* use the gitlab server cert for non-admin requests

* Fixes clippy warnings on CI

Diff

 Cargo.lock              |  2 +-
 src/config.rs           |  2 ++
 src/providers/gitlab.rs | 33 +++++++++++++++++++++++++--------
 3 files changed, 28 insertions(+), 9 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 3a00ad9..ab1d77e 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -530,7 +530,7 @@ dependencies = [

[[package]]
name = "gitlab-cargo-shim"
version = "0.1.1"
version = "0.1.2"
dependencies = [
 "anyhow",
 "arrayvec",
diff --git a/src/config.rs b/src/config.rs
index a4abd98..e9a377f 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -28,6 +28,8 @@ pub struct GitlabConfig {
    pub admin_token: String,
    #[serde(default = "GitlabConfig::default_token_expiry")]
    pub token_expiry: Duration,
    #[serde(default)]
    pub ssl_cert: Option<String>,
}

impl GitlabConfig {
diff --git a/src/providers/gitlab.rs b/src/providers/gitlab.rs
index d7c1f23..3faf752 100644
--- a/src/providers/gitlab.rs
+++ b/src/providers/gitlab.rs
@@ -5,7 +5,7 @@ use crate::providers::{Release, User};
use async_trait::async_trait;
use futures::{stream::FuturesUnordered, StreamExt, TryStreamExt};
use percent_encoding::{utf8_percent_encode, NON_ALPHANUMERIC};
use reqwest::header;
use reqwest::{header, Certificate};
use serde::{Deserialize, Serialize};
use std::{borrow::Cow, sync::Arc};
use time::{Duration, OffsetDateTime};
@@ -16,6 +16,7 @@ pub struct Gitlab {
    client: reqwest::Client,
    base_url: Url,
    token_expiry: Duration,
    ssl_cert: Option<Certificate>,
}

impl Gitlab {
@@ -26,12 +27,23 @@ impl Gitlab {
            header::HeaderValue::from_str(&config.admin_token)?,
        );

        let mut client_builder = reqwest::ClientBuilder::new().default_headers(headers);

        let ssl_cert = match &config.ssl_cert {
            Some(cert_path) => {
                let gitlab_cert_bytes = std::fs::read(cert_path)?;
                let gitlab_cert = Certificate::from_pem(&gitlab_cert_bytes)?;
                client_builder = client_builder.add_root_certificate(gitlab_cert.clone());
                Some(gitlab_cert)
            }
            _ => None,
        };

        Ok(Self {
            client: reqwest::ClientBuilder::new()
                .default_headers(headers)
                .build()?,
            client: client_builder.build()?,
            base_url: config.uri.join("api/v4/")?,
            token_expiry: config.token_expiry,
            ssl_cert,
        })
    }
}
@@ -49,10 +61,15 @@ impl super::UserProvider for Gitlab {
        };

        if username == "gitlab-ci-token" {
            // we're purposely not using `self.client` here as we don't
            // want to use our admin token for this request but still want to use any ssl cert provided.
            let mut client_builder = reqwest::Client::builder();
            if let Some(cert) = &self.ssl_cert {
                client_builder = client_builder.add_root_certificate(cert.clone());
            }
            let client = client_builder.build();
            let res: GitlabJobResponse = handle_error(
                // we're purposely not using `self.client` here as we don't
                // want to use our admin token for this request
                reqwest::Client::new()
                client?
                    .get(self.base_url.join("job/")?)
                    .header("JOB-TOKEN", password)
                    .send()
@@ -142,7 +159,7 @@ impl super::PackageProvider for Gitlab {
        while let Some(uri) = next_uri.take() {
            let res = handle_error(self.client.get(uri).send().await?).await?;

            if let Some(link_header) = res.headers().get(reqwest::header::LINK) {
            if let Some(link_header) = res.headers().get(header::LINK) {
                let mut link_header = parse_link_header::parse_with_rel(link_header.to_str()?)?;

                if let Some(next) = link_header.remove("next") {