Add support for propagation correlation IDs from trusted CIDRs
When Gitaly makes internal API calls back to Workhorse in Git hooks, Workhorse previously would generate new correlation IDs, making it hard to trace the entire call flow.
In labkit!123 (merged), we added the ability to propagate correlation IDs from trusted CIDR blocks.
To use this feature, we add two configuraton parameters:
trusted_cidrs_for_x_forwarded_for
trusted_cidrs_for_propagation
If propagation of correlation ID is enabled,
trusted_cidrs_for_x_forwarded_for
tells LabKit what remote IPs can be
trusted to use the X-Forwarded-For
HTTP header to resolve the actual
client IP. Note that this parameter is not yet used in Workhorse's
remote IP resolution, but it should be.
trusted_cidrs_for_propagation
allows Workhorse to restrict propagation
to certain IP ranges. We will want to add the Gitaly servers to this
list.
Relates to #324836 (closed)