Skip to content

Repository authz (permissions) for GitLab

Administrator requested to merge bl/perm into master

Created by: beyang

Add GitLab repository permissions to Sourcegraph. Can be reviewed commit-by-commit.

part of https://github.com/sourcegraph/sourcegraph/issues/134

Summary

  • Core authz interfaces and registration functions: a32192a5eeb35f326343e300888a038c4362d16c
  • GitLab authz impl: 0b1133c4711657d2286871bbf8fc8f9770d1d2ce
  • Adds Actor.Internal field that lets internal Sourcegraph requests bypass authz check: 0862293a5880bdd1059a95a49f7e31d6ee1fb5fe, b3d69f9291ef819ee088db29043f9d0288eadb42
  • Actual repo authz enforcement point: 50a9934b62c477b9b66e136d9f228a1d7556d483
  • GitLabConnection authz config fields: 8039098b04c060d26045618d3551bf6c8fe76438, b87e468bcb2878247a8409264a54a6df22eebc30
  • CHANGELOG update: 074deab255f9b40a5696d6ca8c50c0a513eb7e1c

Test plan

  • Verify Sourcegraph is connected to gitlab.sgdev.org (the necessary config is added in dev-private/enterprise/dev/config.json; the admin username and password for that instance are in dev-private/enterprise/dev/config.json). Sign via Okta SAML SSO (not OpenID Connect) using one of the accounts mentioned in config.json.
  • Add gitlab2.sgdev.org to the configuration. Create repositories on both GitLab instances and assign different repository permissions. SSO via OneLogin SAML is configured (OneLogin account is [email protected], DM @beyang for the password).
  • Try to gain access to contents of a repo from gitlab.sgdev.org you don't have access to. Try to gain access to a repo on the other GitLab instance that you don't have access to. Try different pages in the UI (e.g., repo, file, search) and also the API.
    • Search
    • Repo page
    • File/directory view
    • API
    • Other means I haven't thought of?
  • Check that you still have access to all repositories that are not from gitlab.sgdev.org or gitlab2.sgdev.org (e.g., repositories from GitHub, other code host connections, repos.list).
  • Exercise the GitLab config options (GitLabConnection.authorization). Do they do what you expect them to?
    • matcher
    • ttl
    • authnProvider
  • Code check: is there any code path that returns repository data to the end user that doesn't involve a call to repos.getBySQL?

Subsequent PR

  • migrate the rest of cmd/repo-updater/internal/externalservice subpackages to pkg/externalservice for consistency
  • also migrate the *ExternalRepoSpec methods to the corresponding externalservice packages
  • add mechanism for individual user to bypass+refresh authz provider cache (e.g., if a user adds a new repo, they want to immediately see it in Sourcegraph, they should be able to hard refresh). Mechanism for this is (1) read Cache-Control: no-cache from end-user request, (2) set nocache item in context, (3) individual caches check this context item. Filed here: https://github.com/sourcegraph/sourcegraph/issues/678

Merge request reports