Add configuration options for GitLab container registry to support...

Add configuration options for GitLab container registry to support notification endpoints to template

CHANGELOG.md

@@ -7,6 +7,7 @@ omnibus-gitlab repository.
 - Remove Bitbucket from templates as it does not require special settings anymore
 - Fix the issue that prevents registry from starting when user and group
 are not the same (O Schwede) 62b5cc
+- Add configuration options for GitLab container registry to support notification endpoints to template
 8.17.0

files/gitlab-config-template/gitlab.rb.template

@@ -419,6 +419,26 @@ external_url 'GENERATED_EXTERNAL_URL'
 #   }
 # }
+### Registry notifications endpoints
+# registry['notifications'] = [
+#   {
+#     'name' => 'test_endpoint',
+#     'url' => 'https://gitlab.example.com/notify2',
+#     'timeout' => '500ms',
+#     'threshold' => 5,
+#     'backoff' => '1s',
+#     'headers' => {
+#       "Authorization" => ["AUTHORIZATION_EXAMPLE_TOKEN"]
+#     }
+#   }
+# ]
+### Default registry notifications
+# registry['default_notifications_timeout'] = "500ms"
+# registry['default_notifications_threshold'] = 5
+# registry['default_notifications_backoff'] = "1s"
+# registry['default_notifications_headers'] = {}
+
+
 ################################################################################
 ## GitLab Workhorse

files/gitlab-cookbooks/gitlab/attributes/default.rb

@@ -541,6 +541,15 @@ default['gitlab']['registry']['storage_delete_enabled'] = nil
 default['gitlab']['registry']['storage'] = nil
 default['gitlab']['registry']['debug_addr'] = nil
+####
+# Registry Notifications
+####
+default['gitlab']['registry']['notifications'] = nil
+default['gitlab']['registry']['default_notifications_timeout'] = "500ms"
+default['gitlab']['registry']['default_notifications_threshold'] = 5
+default['gitlab']['registry']['default_notifications_backoff'] = "1s"
+default['gitlab']['registry']['default_notifications_headers'] = {}
+
 ####
 # Nginx
 ####

files/gitlab-cookbooks/gitlab/libraries/registry.rb

@@ -24,6 +24,8 @@ module Registry
       parse_registry_external_url
       # before this gitlab_rails[registry_path] needs to be parsed
       parse_registry
+      # parsing the registry notifications
+      parse_registry_notifications
     end
     def parse_registry_external_url
@@ -81,6 +83,29 @@ module Registry
       Gitlab['registry']['storage']['delete'] ||= {'enabled' => Gitlab['registry']['storage_delete_enabled']}
     end
+    def parse_registry_notifications
+      return unless Gitlab['registry']['notifications']
+
+      user_configuration = Gitlab['registry']
+      gitlab_configuration = Gitlab['node']['gitlab']['registry']
+
+      # Use the registry defaults configured by the user but use the defaults from gitlab if they were not set
+      user_configuration['default_notifications_timeout'] ||=  gitlab_configuration['default_notifications_timeout']
+      user_configuration['default_notifications_threshold'] ||=  gitlab_configuration['default_notifications_threshold']
+      user_configuration['default_notifications_backoff'] ||=  gitlab_configuration['default_notifications_backoff']
+      user_configuration['default_notifications_headers'] ||=  gitlab_configuration['default_notifications_headers']
+
+      Gitlab['registry']['notifications'].each do |endpoint|
+        # Get the values from default if they are not set
+        endpoint['timeout'] ||= user_configuration['default_notifications_timeout']
+        endpoint['threshold'] ||= user_configuration['default_notifications_threshold']
+        endpoint['backoff'] ||= user_configuration['default_notifications_backoff']
+
+        # And merge the default headers with the ones specific to this endpoint
+        endpoint['headers'] = user_configuration['default_notifications_headers'].merge(endpoint['headers'] || {})
+      end
+    end
+
     def generate_registry_keypair
       key = OpenSSL::PKey::RSA.new(4096)
       subject = "/C=USA/O=GitLab/OU=Container/CN=Registry"

files/gitlab-cookbooks/gitlab/templates/default/registry-config.yml.erb

@@ -25,3 +25,8 @@ auth:
     service: container_registry
     issuer: <%= @registry_issuer %>
     rootcertbundle: <%= @rootcertbundle %>
+
+<% if @notifications %>
+notifications:
+  endpoints: <%= @notifications.to_json %>
+<% end %>

spec/chef/recipes/registry_spec.rb

@@ -75,7 +75,7 @@ describe 'registry recipe' do
       expect(chef_run).to render_file('/var/opt/gitlab/registry/config.yml')
         .with_content(/version: 0.1/)
       expect(chef_run).to render_file('/var/opt/gitlab/registry/config.yml')
-        .with_content(/realm: \/jwt\/auth/)
+        .with_content(/realm: .*\/jwt\/auth/)
       expect(chef_run).to render_file('/var/opt/gitlab/registry/config.yml')
         .with_content(/addr: localhost:5000/)
       expect(chef_run).to render_file('/var/opt/gitlab/registry/config.yml')
@@ -186,5 +186,161 @@ describe 'registry' do
           .to eql('enabled' => false)
       end
     end
+
+    context 'when registry notification endpoint is configured with the minimum required' do
+      before { stub_gitlab_rb(
+        registry: {
+          notifications: [
+            name: 'test_endpoint',
+            url: 'https://registry.example.com/notify'
+          ]
+        }
+      )}
+
+      it 'creates the registry config with the specified endpoint config' do
+        expect(chef_run).to render_file('/var/opt/gitlab/registry/config.yml')
+          .with_content(/"name":"test_endpoint"/)
+        expect(chef_run).to render_file('/var/opt/gitlab/registry/config.yml')
+          .with_content(/"url":"https:\/\/registry.example.com\/notify"/)
+        expect(chef_run).to render_file('/var/opt/gitlab/registry/config.yml')
+          .with_content(/"timeout":"500ms"/)
+        expect(chef_run).to render_file('/var/opt/gitlab/registry/config.yml')
+          .with_content(/"threshold":5/)
+        expect(chef_run).to render_file('/var/opt/gitlab/registry/config.yml')
+          .with_content(/"backoff":"1s"/)
+      end
+    end
+
+    context 'when the default values are overridden' do
+      before { stub_gitlab_rb(
+        registry: {
+          notifications: [
+            name: 'test_endpoint',
+            url: 'https://registry.example.com/notify'
+          ],
+          default_notifications_timeout: '5000ms',
+          default_notifications_threshold: 10,
+          default_notifications_backoff: '50s',
+          default_notifications_headers: {
+            "Authorization" => ["AUTHORIZATION_EXAMPLE_TOKEN1", "AUTHORIZATION_EXAMPLE_TOKEN2"] 
+          }
+        }
+      )}
+
+      it 'creates the registry config overriding the values not set with the new defaults' do
+        expect(chef_run).to render_file('/var/opt/gitlab/registry/config.yml')
+          .with_content(/"name":"test_endpoint"/)
+        expect(chef_run).to render_file('/var/opt/gitlab/registry/config.yml')
+          .with_content(/"url":"https:\/\/registry.example.com\/notify"/)
+        expect(chef_run).to render_file('/var/opt/gitlab/registry/config.yml')
+          .with_content(/"timeout":"5000ms"/)
+        expect(chef_run).to render_file('/var/opt/gitlab/registry/config.yml')
+          .with_content(/"threshold":10/)
+        expect(chef_run).to render_file('/var/opt/gitlab/registry/config.yml')
+          .with_content(/"backoff":"50s"/)
+      end
+    end
+    
+    context 'when registry notification endpoint is configured with all the available variables' do
+      before { stub_gitlab_rb(
+        registry: {
+          notifications:[
+            {
+              'name' => 'test_endpoint',
+              'url' => 'https://registry.example.com/notify',
+              'timeout' => '500ms',
+              'threshold' => 5,
+              'backoff' => '1s',
+              'headers' => {
+                "Authorization" => ["AUTHORIZATION_EXAMPLE_TOKEN"]
+              }
+            }
+          ]
+        }
+      )}
+
+      it 'creates the registry config with the specified endpoint config' do
+        expect(chef_run).to render_file('/var/opt/gitlab/registry/config.yml')
+          .with_content(/"name":"test_endpoint"/)
+        expect(chef_run).to render_file('/var/opt/gitlab/registry/config.yml')
+          .with_content(/"url":"https:\/\/registry.example.com\/notify"/)
+        expect(chef_run).to render_file('/var/opt/gitlab/registry/config.yml')
+          .with_content(/"timeout":"500ms"/)
+        expect(chef_run).to render_file('/var/opt/gitlab/registry/config.yml')
+          .with_content(/"threshold":5/)
+        expect(chef_run).to render_file('/var/opt/gitlab/registry/config.yml')
+          .with_content(/"backoff":"1s"/)
+      end
+    end
+
+    context 'when 3 registry notification endpoints are configured' do
+      before { stub_gitlab_rb(
+        registry: {
+          notifications: [
+            {
+              'name' => 'test_endpoint',
+              'url' => 'https://registry.example.com/notify'
+            },
+            {
+              'name' => 'test_endpoint2',
+              'url' => 'https://registry.example.com/notify2',
+              'timeout' => '100ms',
+              'threshold' => 2,
+              'backoff' => '4s',
+              'headers' => {
+                "Authorization" => ["AUTHORIZATION_EXAMPLE_TOKEN"]
+              }
+            },
+            {
+              'name' => 'test_endpoint3',
+              'url' => 'https://registry.example.com/notify3'
+            }
+          ]
+        }
+      )}
+
+      it 'creates the registry config with the specified endpoint config' do
+        expect(chef_run).to render_file('/var/opt/gitlab/registry/config.yml')
+          .with_content(/"name":"test_endpoint"/)
+        expect(chef_run).to render_file('/var/opt/gitlab/registry/config.yml')
+          .with_content(/\"url\":\"https:\/\/registry.example.com\/notify\"/)
+        expect(chef_run).to render_file('/var/opt/gitlab/registry/config.yml')
+          .with_content(/"timeout":"500ms"/)
+        expect(chef_run).to render_file('/var/opt/gitlab/registry/config.yml')
+          .with_content(/"threshold":5/)
+        expect(chef_run).to render_file('/var/opt/gitlab/registry/config.yml')
+          .with_content(/"backoff":"1s"/)
+        # Second endpoint
+        expect(chef_run).to render_file('/var/opt/gitlab/registry/config.yml')
+          .with_content(/"name":"test_endpoint2"/)
+        expect(chef_run).to render_file('/var/opt/gitlab/registry/config.yml')
+          .with_content(/"url":"https:\/\/registry.example.com\/notify2"/)
+        expect(chef_run).to render_file('/var/opt/gitlab/registry/config.yml')
+          .with_content(/"timeout":"100ms"/)
+        expect(chef_run).to render_file('/var/opt/gitlab/registry/config.yml')
+          .with_content(/"threshold":2/)
+        expect(chef_run).to render_file('/var/opt/gitlab/registry/config.yml')
+          .with_content(/"backoff":"4s"/)
+        # Third endpoint
+        expect(chef_run).to render_file('/var/opt/gitlab/registry/config.yml')
+          .with_content(/"name":"test_endpoint3"/)
+        expect(chef_run).to render_file('/var/opt/gitlab/registry/config.yml')
+          .with_content(/"url":"https:\/\/registry.example.com\/notify3"/)
+        expect(chef_run).to render_file('/var/opt/gitlab/registry/config.yml')
+          .with_content(/"timeout":"500ms"/)
+        expect(chef_run).to render_file('/var/opt/gitlab/registry/config.yml')
+          .with_content(/"threshold":5/)
+        expect(chef_run).to render_file('/var/opt/gitlab/registry/config.yml')
+          .with_content(/"backoff":"1s"/)
+      end
+    end
+
+    context 'when registry notification endpoint is not configured' do
+      it 'creates the registry config without the endpoint config' do
+        expect(chef_run).to render_file('/var/opt/gitlab/registry/config.yml')
+        expect(chef_run).not_to render_file('/var/opt/gitlab/registry/config.yml')
+          .with_content('notifications:')
+      end
+    end
   end
 end