Cover cases where different secrets file are in use (!88537) · Merge requests · GitLab.org / GitLab

Daniel Diniz requested to merge dnldnz-troubleshooting-gitaly-401 into master May 25, 2022

What does this MR do and why?

Cover authentication API failures because incorrect secrets are configured. Users can either have a different secrets file configured, or in some rare cases, none at all, in which case GitLab will default to .gitlab_shell_secret, as seen in L#226 and L#86

How to set up and validate locally

Remove the corresponding [gitlab] entry from the Gitaly server's config.toml.
Try to push a commit to a repository
Gitaly will fail to authenticate with the Rails application and raise a 401. No authentication_token is included in the API request to the /api/v4/internal/allowed endpoint.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Cover cases where different secrets file are in use

What does this MR do and why?

How to set up and validate locally

MR acceptance checklist

Merge request reports