Propagate RemoteIP to Gitaly via Workhorse (!103635) · Merge requests · GitLab.org / GitLab

Quang-Minh Nguyen requested to merge qmnguyen0711/232645-propagate-user_id-username-and-remote_ip-to-gitaly-for-end-to-end-logging into master Nov 10, 2022

What does this MR do and why?

For #232645 (closed)

Gitaly is lack of remote_ip logging information for all git operations going through workhorse: logs. This affect all HTTP-based git operations. Frankly, it did propagate user_id and username in a prior attempt. This MR adds the missing RemoteIP to git_http_ok authentication response and propagate it to Gitaly via gRPC metadata.

The remote_ip information is collected from Gitlab::ApplicationContext. We plugged middlewares everywhere, especially in ApplicationController. This is in-sync with other locations that require remote_ip.

Gitaly handled the remote_ip field automatically (here). We don't need to touch Gitaly in this MR.

How to set up and validate locally

Clone a random repository via HTTP and watch Gitaly logs with the following command:

gdk tail gitaly |  jq --stream --unbuffered --raw-input 'split("{")|.[1:]|join("{")|"{" + .|fromjson|{remote_ip, user_id, username, "grpc.request.fullMethod", "grpc.meta.client_name"}'

Before

After (clone in localhost)

After (clone via ngrok across the internet)

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Nov 10, 2022 by Quang-Minh Nguyen

Propagate RemoteIP to Gitaly via Workhorse

What does this MR do and why?

How to set up and validate locally

MR acceptance checklist

Merge request reports