Refactor GCP session token exchange scheme
This commit is contained in:
parent
15b5b91d20
commit
e7a8564f39
3 changed files with 23 additions and 12 deletions
|
@ -65,11 +65,7 @@ class Projects::Clusters::GcpController < Projects::ApplicationController
|
|||
end
|
||||
|
||||
def authorize_google_project_billing
|
||||
redis_token_key = CheckGcpProjectBillingWorker.generate_redis_token_key
|
||||
Gitlab::Redis::SharedState.with do |redis|
|
||||
redis.set(redis_token_key, token_in_session, ex: 5.minutes)
|
||||
end
|
||||
|
||||
redis_token_key = CheckGcpProjectBillingWorker.store_session_token(token_in_session)
|
||||
CheckGcpProjectBillingWorker.perform_async(redis_token_key)
|
||||
end
|
||||
|
||||
|
|
|
@ -5,9 +5,20 @@ class CheckGcpProjectBillingWorker
|
|||
include ClusterQueue
|
||||
|
||||
LEASE_TIMEOUT = 15.seconds.to_i
|
||||
SESSION_KEY_TIMEOUT = 5.minutes
|
||||
|
||||
def self.generate_redis_token_key
|
||||
SecureRandom.uuid
|
||||
def self.get_session_token(token_key)
|
||||
Gitlab::Redis::SharedState.with do |redis|
|
||||
redis.get(get_redis_session_key(token_key))
|
||||
end
|
||||
end
|
||||
|
||||
def self.store_session_token(token)
|
||||
generate_token_key.tap do |token_key|
|
||||
Gitlab::Redis::SharedState.with do |redis|
|
||||
redis.set(get_redis_session_key(token_key), token, ex: SESSION_KEY_TIMEOUT)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
def self.redis_shared_state_key_for(token)
|
||||
|
@ -17,7 +28,7 @@ class CheckGcpProjectBillingWorker
|
|||
def perform(token_key)
|
||||
return unless token_key
|
||||
|
||||
token = get_token(token_key)
|
||||
token = self.get_session_token(token_key)
|
||||
return unless token
|
||||
return unless try_obtain_lease_for(token)
|
||||
|
||||
|
@ -29,8 +40,12 @@ class CheckGcpProjectBillingWorker
|
|||
|
||||
private
|
||||
|
||||
def get_token(token_key)
|
||||
Gitlab::Redis::SharedState.with { |redis| redis.get(token_key) }
|
||||
def self.generate_token_key
|
||||
SecureRandom.uuid
|
||||
end
|
||||
|
||||
def self.get_redis_session_key(token_key)
|
||||
"gitlab:gcp:session:#{token_key}"
|
||||
end
|
||||
|
||||
def try_obtain_lease_for(token)
|
||||
|
|
|
@ -8,7 +8,7 @@ describe CheckGcpProjectBillingWorker do
|
|||
|
||||
context 'when there is a token in redis' do
|
||||
before do
|
||||
allow_any_instance_of(described_class).to receive(:get_token).and_return(token)
|
||||
allow_any_instance_of(described_class).to receive(:get_session_token).and_return(token)
|
||||
end
|
||||
|
||||
context 'when there is no lease' do
|
||||
|
@ -48,7 +48,7 @@ describe CheckGcpProjectBillingWorker do
|
|||
|
||||
context 'when there is no token in redis' do
|
||||
before do
|
||||
allow_any_instance_of(described_class).to receive(:get_token).and_return(nil)
|
||||
allow_any_instance_of(described_class).to receive(:get_session_token).and_return(nil)
|
||||
end
|
||||
|
||||
it 'does not call the service' do
|
||||
|
|
Loading…
Reference in a new issue