gitlab: Allow passing action to `Allowed()` function
The GitLab client is responsible for connecting to the Rails application
to inform it of changes in a Git repository. One of these functions is
Allowed()
function, which connects to the /internal/allowed
endpoint
with a set of proposed changes. These changes will only get committed if
that endpoint returns success.
One of the parameters sent to the endpoint is the "action", which is supposed to tell Rails what has caused the change. This action is also being added to the audit trail so that it becomes possible to see how changes came about.
Currently though, the action field is hardcoded to "git-receive-pack", which makes it kind of pointless. This value goes all the way back to 9738045a (Add gitlab api access, 2020-05-09), which is our initial implementaiton of access checks in Go. In the Ruby codebase we in fact had two different values for the access check, "git-receive-pack" and "git-upload-pack", which is only barely more helpful.
It's thus fair to say that this has always been that way, but that is not much of a reason to keep it as-is. We're thus about to change the "action" field to contain the RPC that is causing the change instead of the hardcoded "git-receive-pack" so that we can leave a better audit trail.
To do so we have to plumb the value through multiple layers. Let's plumb
it through the Allowed()
function and adjust callers accordingly. For
now, we simply keep the hardcoded value everywhere until we have reached
the first level of the call stack that actually has the information at
hand.
Closes Action is hardcoded in calls to `/internal/allo... (#4581).