Propagate RemoteIP to Gitaly via Workhorse
What does this MR do and why?
For #232645 (closed)
Gitaly is lack of remote_ip logging information for all git operations going through workhorse: logs. This affect all HTTP-based git operations. Frankly, it did propagate user_id and username in a prior attempt. This MR adds the missing RemoteIP to git_http_ok authentication response and propagate it to Gitaly via gRPC metadata.
The remote_ip information is collected from Gitlab::ApplicationContext. We plugged middlewares everywhere, especially in ApplicationController. This is in-sync with other locations that require remote_ip.
Gitaly handled the remote_ip field automatically (here). We don't need to touch Gitaly in this MR.
How to set up and validate locally
Clone a random repository via HTTP and watch Gitaly logs with the following command:
gdk tail gitaly | jq --stream --unbuffered --raw-input 'split("{")|.[1:]|join("{")|"{" + .|fromjson|{remote_ip, user_id, username, "grpc.request.fullMethod", "grpc.meta.client_name"}'
- Before
- After (clone in localhost)
- After (clone via ngrok across the internet)
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.