Geo OAuth session authorize_url may not handle relative_url_root
Problem
I ran into this during another MR.
When the primary node url has a relative_url_root like http://node_url51/gitlab, Session#authorize_url drops the /gitlab. And Session#authenticate raises ArgumentError: invalid address.
It looks like our OAuth gem is doing this, so perhaps this is necessary and expected behavior for OAuth; I don't know at this time. If so, then Geo cannot support primaries with a relative_url_root.
If not, then we may need to fix the gem?
https://gitlab.com/gitlab-org/gitlab-ee/-/jobs/199696206:
Failures:
1) Gitlab::Geo::Oauth::Session#authorized_url returns a valid url to the primary node
Failure/Error: expect(subject.authorize_url).to start_with(primary_node.internal_url)
expected "http://node_url51/oauth/authorize?client_id=4330c65a6d16c91b5a8643b3d02257d08df3619154770ca6fae278ff0aa1d894&response_type=code" to start with "http://node_url51/gitlab/"
# ./ee/spec/lib/gitlab/geo/oauth/session_spec.rb:19:in `block (3 levels) in <top (required)>'
2) Gitlab::Geo::Oauth::Session#authenticate on success returns hashed user data
Failure/Error: expect(subject.authenticate(access_token.token)).to eq(parsed_json)
ArgumentError:
invalid address
# ./ee/lib/gitlab/geo/oauth/session.rb:17:in `authenticate'
# ./ee/spec/lib/gitlab/geo/oauth/session_spec.rb:38:in `block (4 levels) in <top (required)>'
3) Gitlab::Geo::Oauth::Session#authenticate on invalid token raises exception
Failure/Error: expect { subject.authenticate(access_token.token) }.to raise_error(OAuth2::Error)
expected OAuth2::Error, got #<ArgumentError: invalid address> with backtrace:
# ./ee/lib/gitlab/geo/oauth/session.rb:17:in `authenticate'
# ./ee/spec/lib/gitlab/geo/oauth/session_spec.rb:48:in `block (5 levels) in <top (required)>'
# ./ee/spec/lib/gitlab/geo/oauth/session_spec.rb:48:in `block (4 levels) in <top (required)>'
# ./ee/spec/lib/gitlab/geo/oauth/session_spec.rb:48:in `block (4 levels) in <top (required)>'
Finished in 13 minutes 58 seconds (files took 16.3 seconds to load)
1484 examples, 3 failures, 3 pending
Failed examples:
rspec ./ee/spec/lib/gitlab/geo/oauth/session_spec.rb:18 # Gitlab::Geo::Oauth::Session#authorized_url returns a valid url to the primary node
rspec ./ee/spec/lib/gitlab/geo/oauth/session_spec.rb:35 # Gitlab::Geo::Oauth::Session#authenticate on success returns hashed user data
rspec ./ee/spec/lib/gitlab/geo/oauth/session_spec.rb:47 # Gitlab::Geo::Oauth::Session#authenticate on invalid token raises exceptionI think this is low priority because I assume relative_url_root usage is rare, and as a result, we haven't seen any reports of Geo problems with relative_url_root even though there are some.
Proposal
-
Set up Geo with a relative URL root -
Try to use the secondary web UI -
If there are errors, create issues for them
Edited by Michael Kozono