External Authorization Client adheres to local request setting
What does this MR do?
Issue #32445 (closed)
Changes the external authorization client from Excon to Gitlab::HTTP so it adheres to internal network call settings. The client will allow/deny internal network requests based on the allow_local_requests_from_system_hooks setting.
The default for the above setting is enabled so this will not change default behavior. External authorization will only 'stop' working if an instance has external auth enabled and the setting for local requests explicitly disabled.
In the future we should consider renaming the setting to something more generic to cover any admin-related local network calls. I created an issue for this at #232556
Screenshots
Does this MR meet the acceptance criteria?
Conformity
-
Changelog entry -
Documentation (if required) -
Code review guidelines -
Merge request performance guidelines -
Style guides -
Database guides -
Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. -
Tested in all supported browsers -
Informed Infrastructure department of a default or new setting change, if applicable per definition of done
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
-
Label as security and @ mention @gitlab-com/gl-security/appsec -
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods -
Security reports checked/validated by a reviewer from the AppSec team