Integrate Spamcheck gRPC gem [RUN ALL RSPEC][RUN AS-IF-FOSS]

Merged Ethan Urie requested to merge 299558-integrate-with-anti-spam-service into master

What does this MR do?

The anti-spam engine, spamcheck, is going to utilize gRPC in production but for now, it provides an HTTP endpoint that accepts and returns JSON. However, the JSON has to be formatted to match the structure of the protocol buffers that will eventually be used.

This MR reformats the JSON to match spamcheck's protobufs.

How to test

  1. Check out and run docker-compose up -d in the inspector project directory
  2. Check out the spamcheck project
  3. Copy config/config.toml.example to config/config.toml
  4. Modify config/config.toml to set the inspectorUrl to http://localhost:8888/api/v1/isspam/issue"
  5. make run in the spamcheck project directory

In GitLab rails:

  1. bundle install && bin/rails db:migrate
  2. In your local Gitlab UI, go to the Admin area -> Settings -> Reporting
  • Check Enable Spam Check via external API endpoint
  • Enter grpc://localhost:55381 in the URL of the external Spam Check endpoint
  1. Set Gitlab's setting to allow calling local services
  • Admin area -> Settings -> Network -> Outbound requests
  1. In your local Gitlab instance, as a "normal" user, impersonate them (or switch to them)
  2. Create an issue that seems reasonable and "real"
  3. It should succeed
  4. In your console where you're running spamcheck, you should see a log message indicating it sent an ALLOW response.

Screenshots (strongly suggested)

Does this MR meet the acceptance criteria?


Availability and Testing


If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

  • Label as security and @ mention @gitlab-com/gl-security/appsec
  • The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • Security reports checked/validated by a reviewer from the AppSec team

Related to #299558 (closed)

Edited by Ethan Urie