Skip to content
Snippets Groups Projects
Commit c1bc4dfc authored by Stan Hu's avatar Stan Hu
Browse files

Add Azure Blob Storage credential support

Unlike AWS and Google, Azure needs to use an Azure client inside
Workhorse to support direct uploads. Using standard HTTP transfers with
pre-signed URLs with the Azure Put Blob API
(https://docs.microsoft.com/en-us/rest/api/storageservices/put-blob)
doesn't work because Azure doesn't support chunked transfer encoding.
However, Azure does support uploading files in segments via the Put
Block and Put Block List API
(https://docs.microsoft.com/en-us/rest/api/storageservices/put-block),
but this requires an Azure client.

To support this, this commit extracts the Azure Fog credentials from the
Rails connection information and adds them to the Workhorse
configuration.

This changes requires two merge requests to work:

1. gitlab-workhorse!555
2. gitlab!38882

Part of gitlab#25877
parent 648d1ec7
No related branches found
No related tags found
Loading
---
title: Add Azure Blob Storage credential support
merge_request: 4503
author:
type: added
......@@ -73,7 +73,8 @@ redis_sentinel_master = node['redis']['master_name']
redis_sentinel_master_password = node['redis']['master_password']
config_file_path = File.join(working_dir, "config.toml")
object_store = node['gitlab']['gitlab-rails']['object_store']
object_store_provider = object_store.dig('connection', 'provider')
provider = object_store.dig('connection', 'provider')
object_store_provider = provider if %w(AWS AzureRM).include?(provider)
template config_file_path do
source "workhorse-config.toml.erb"
......
......@@ -8,12 +8,17 @@ SentinelMaster = "<%= @sentinel_master %>"
Password = "<%= @master_password %>"
<% end %>
<%- if @object_store['enabled'] && @object_store_provider == 'AWS' %>
<%- if @object_store['enabled'] && @object_store_provider %>
[object_storage]
enabled = true
provider = "<%= @object_store_provider %>"
<%- if @object_store_provider == 'AWS' %>
[object_storage.s3]
aws_access_key_id = "<%= @object_store.dig('connection', 'aws_access_key_id') %>"
aws_secret_access_key = "<%= @object_store.dig('connection', 'aws_secret_access_key') %>"
<%- elsif @object_store_provider == 'AzureRM' %>
[object_storage.azurerm]
azure_storage_account_name = "<%= @object_store.dig('connection', 'azure_storage_account_name') %>"
azure_storage_access_key = "<%= @object_store.dig('connection', 'azure_storage_access_key') %>"
<%- end %>
<%- end %>
......@@ -156,23 +156,46 @@ RSpec.describe 'gitlab::gitlab-workhorse' do
context 'consolidated object store settings' do
include_context 'object storage config'
before do
stub_gitlab_rb(
gitlab_rails: {
object_store: {
enabled: true,
connection: aws_connection_hash,
objects: object_config
context 'with S3 config' do
before do
stub_gitlab_rb(
gitlab_rails: {
object_store: {
enabled: true,
connection: aws_connection_hash,
objects: object_config
}
}
)
end
it 'includes S3 credentials' do
expect(chef_run).to render_file(config_file).with_content { |content|
expect(content).to match(/\[object_storage\]\n provider = "AWS"\n/m)
expect(content).to match(/\[object_storage.s3\]\n aws_access_key_id = "AKIAKIAKI"\n aws_secret_access_key = "secret123"\n/m)
}
)
end
end
it 'includes S3 credentials' do
expect(chef_run).to render_file(config_file).with_content { |content|
expect(content).to match(/\[object_storage\]\n enabled = true\n provider = "AWS"\n/m)
expect(content).to match(/\[object_storage.s3\]\n aws_access_key_id = "AKIAKIAKI"\n aws_secret_access_key = "secret123"\n/m)
}
context 'with Azure config' do
before do
stub_gitlab_rb(
gitlab_rails: {
object_store: {
enabled: true,
connection: azure_connection_hash,
objects: object_config
}
}
)
end
it 'includes Azure credentials' do
expect(chef_run).to render_file(config_file).with_content { |content|
expect(content).to match(/\[object_storage\]\n provider = "AzureRM"\n/m)
expect(content).to match(/\[object_storage.azurerm\]\n azure_storage_account_name = "testaccount"\n azure_storage_access_key = "1234abcd"\n/m)
}
end
end
end
......
......@@ -27,4 +27,11 @@ RSpec.shared_context 'object storage config' do
'server_side_encryption_kms_key_id' => 'arn:aws:12345'
}
end
let(:azure_connection_hash) do
{
'provider' => 'AzureRM',
'azure_storage_account_name' => 'testaccount',
'azure_storage_access_key' => '1234abcd'
}
end
end
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment