debian-mirror-gitlab/lib/gitlab/mail_room.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

203 lines
6.7 KiB
Ruby
Raw Permalink Normal View History

2018-12-13 13:39:08 +05:30
# frozen_string_literal: true
2016-09-13 17:45:13 +05:30
require 'yaml'
require 'json'
2020-03-13 15:44:24 +05:30
require 'pathname'
2023-04-23 21:23:45 +05:30
require 'active_support'
require "active_support/core_ext/module/delegation"
require_relative 'encrypted_configuration' unless defined?(Gitlab::EncryptedConfiguration)
2017-09-10 17:25:29 +05:30
require_relative 'redis/queues' unless defined?(Gitlab::Redis::Queues)
2016-09-13 17:45:13 +05:30
2020-01-01 13:55:28 +05:30
# This service is run independently of the main Rails process,
# therefore the `Rails` class and its methods are unavailable.
2023-06-20 00:43:36 +05:30
# TODO: Remove this once we're on Ruby 3
# https://gitlab.com/gitlab-org/gitlab/-/issues/393651
unless YAML.respond_to?(:safe_load_file)
module YAML
# Temporary Ruby 2 back-compat workaround.
#
# This method only exists as of stdlib 3.0.0:
# https://ruby-doc.org/stdlib-3.0.0/libdoc/psych/rdoc/Psych.html
def self.safe_load_file(path, **options)
YAML.safe_load(File.read(path), **options)
end
end
end
2016-09-13 17:45:13 +05:30
module Gitlab
module MailRoom
2020-01-01 13:55:28 +05:30
RAILS_ROOT_DIR = Pathname.new('../..').expand_path(__dir__).freeze
2022-05-07 20:08:51 +05:30
DELIVERY_METHOD_SIDEKIQ = 'sidekiq'
DELIVERY_METHOD_WEBHOOK = 'webhook'
INTERNAL_API_REQUEST_HEADER = 'Gitlab-Mailroom-Api-Request'
INTERNAL_API_REQUEST_JWT_ISSUER = 'gitlab-mailroom'
2018-03-17 18:26:18 +05:30
DEFAULT_CONFIG = {
enabled: false,
port: 143,
ssl: false,
start_tls: false,
mailbox: 'inbox',
2020-01-01 13:55:28 +05:30
idle_timeout: 60,
2020-05-24 23:13:21 +05:30
log_path: RAILS_ROOT_DIR.join('log', 'mail_room_json.log'),
2022-05-07 20:08:51 +05:30
expunge_deleted: false,
delivery_method: DELIVERY_METHOD_SIDEKIQ
2018-03-17 18:26:18 +05:30
}.freeze
2020-03-13 15:44:24 +05:30
# Email specific configuration which is merged with configuration
# fetched from YML config file.
2022-03-02 08:16:31 +05:30
MAILBOX_SPECIFIC_CONFIGS = {
2020-03-13 15:44:24 +05:30
incoming_email: {
2022-08-27 11:52:29 +05:30
queue: 'default',
2020-03-13 15:44:24 +05:30
worker: 'EmailReceiverWorker'
},
service_desk_email: {
2022-08-27 11:52:29 +05:30
queue: 'default',
2020-03-13 15:44:24 +05:30
worker: 'ServiceDeskEmailReceiverWorker'
}
}.freeze
2023-04-23 21:23:45 +05:30
# Default path strings (this is a data duplication
# with Settings which is not pulled in - see the service
# comment at the top of this file)
DEFAULT_PATHS = {
shared_path: 'shared',
encrypted_settings_path: 'encrypted_settings',
incoming_email: {
encrypted_secret_filename: 'incoming_email.yaml.enc'
},
service_desk_email: {
encrypted_secret_filename: 'service_desk_email.yaml.enc'
}
}.freeze
2016-09-13 17:45:13 +05:30
class << self
2020-03-13 15:44:24 +05:30
def enabled_configs
2022-03-02 08:16:31 +05:30
@enabled_configs ||= configs.select { |_key, config| enabled?(config) }
end
def enabled_mailbox_types
enabled_configs.keys.map(&:to_s)
end
def worker_for(mailbox_type)
MAILBOX_SPECIFIC_CONFIGS.try(:[], mailbox_type.to_sym).try(:[], :worker).try(:safe_constantize)
2016-09-13 17:45:13 +05:30
end
2020-03-13 15:44:24 +05:30
private
2016-09-13 17:45:13 +05:30
2020-03-13 15:44:24 +05:30
def enabled?(config)
config[:enabled] && !config[:address].to_s.empty?
2016-09-13 17:45:13 +05:30
end
2020-03-13 15:44:24 +05:30
def configs
2022-03-02 08:16:31 +05:30
MAILBOX_SPECIFIC_CONFIGS.to_h { |key, _value| [key, fetch_config(key)] }
2020-03-13 15:44:24 +05:30
end
2016-09-13 17:45:13 +05:30
2020-03-13 15:44:24 +05:30
def fetch_config(config_key)
2016-09-13 17:45:13 +05:30
return {} unless File.exist?(config_file)
2020-03-13 15:44:24 +05:30
config = merged_configs(config_key)
2022-05-07 20:08:51 +05:30
2020-03-13 15:44:24 +05:30
config.merge!(redis_config) if enabled?(config)
2022-05-07 20:08:51 +05:30
2020-03-13 15:44:24 +05:30
config[:log_path] = File.expand_path(config[:log_path], RAILS_ROOT_DIR)
2023-04-23 21:23:45 +05:30
# override password/user from any encrypted secrets
if secrets = decrypted_secrets(config_key)
config[:password] = secrets[:password] if secrets[:password]
config[:user] = secrets[:user] if secrets[:user]
end
2020-03-13 15:44:24 +05:30
config
end
def merged_configs(config_key)
yml_config = load_yaml.fetch(config_key, {})
2022-03-02 08:16:31 +05:30
specific_config = MAILBOX_SPECIFIC_CONFIGS.fetch(config_key, {})
2020-03-13 15:44:24 +05:30
DEFAULT_CONFIG.merge(specific_config, yml_config) do |_key, oldval, newval|
2018-03-17 18:26:18 +05:30
newval.nil? ? oldval : newval
end
2020-03-13 15:44:24 +05:30
end
2016-09-13 17:45:13 +05:30
2020-03-13 15:44:24 +05:30
def redis_config
gitlab_redis_queues = Gitlab::Redis::Queues.new(rails_env)
2021-11-18 22:05:49 +05:30
config = { redis_url: gitlab_redis_queues.url, redis_db: gitlab_redis_queues.db }
2017-08-17 22:00:37 +05:30
2020-03-13 15:44:24 +05:30
if gitlab_redis_queues.sentinels?
config[:sentinels] = gitlab_redis_queues.sentinels
2016-09-13 17:45:13 +05:30
end
config
end
2018-03-17 18:26:18 +05:30
def rails_env
@rails_env ||= ENV['RAILS_ENV'] || ENV['RACK_ENV'] || 'development'
end
2016-09-13 17:45:13 +05:30
def config_file
2018-11-18 11:00:15 +05:30
ENV['MAIL_ROOM_GITLAB_CONFIG_FILE'] || File.expand_path('../../config/gitlab.yml', __dir__)
2016-09-13 17:45:13 +05:30
end
2020-01-01 13:55:28 +05:30
2020-03-13 15:44:24 +05:30
def load_yaml
2023-06-20 00:43:36 +05:30
@yaml ||= YAML.safe_load_file(config_file, aliases: true)[rails_env].deep_symbolize_keys
2020-01-01 13:55:28 +05:30
end
2023-04-23 21:23:45 +05:30
def application_secrets_file
ENV['MAIL_ROOM_GITLAB_SECRETS_FILE'] || File.expand_path('../../config/secrets.yml', __dir__)
end
def application_secrets
@application_secrets ||= {}.tap do |application_secrets|
# Uses Rails::Secret.parse
# from: https://github.com/rails/rails/blob/v6.1.6.1/railties/lib/rails/secrets.rb#L24
erb_processed_yaml = ERB.new(File.read(application_secrets_file)).result
yaml_secrets =
YAML.respond_to?(:unsafe_load) ? YAML.unsafe_load(erb_processed_yaml) : YAML.safe_load(erb_processed_yaml)
application_secrets.merge!(yaml_secrets["shared"].deep_symbolize_keys) if yaml_secrets["shared"]
application_secrets.merge!(yaml_secrets[rails_env].deep_symbolize_keys) if yaml_secrets[rails_env]
end
end
def default_encrypted_secret_filename(config_key)
DEFAULT_PATHS[config_key][:encrypted_secret_filename]
end
def encrypted_secret_file(config_key)
config = merged_configs(config_key)
return config[:encrypted_secret_file] if config[:encrypted_secret_file]
config_yaml = load_yaml
# Path handling for shared.path / encrypted_settings.path is a duplicate
# of the logic in config/initializers/1_settings.rb
shared_path = File.expand_path(config_yaml.dig(:shared, :path) ||
DEFAULT_PATHS[:shared_path], RAILS_ROOT_DIR)
encrypted_settings_path =
File.expand_path(config_yaml.dig(:encrypted_settings, :path) ||
File.join(shared_path, DEFAULT_PATHS[:encrypted_settings_path]),
RAILS_ROOT_DIR)
File.join(encrypted_settings_path, default_encrypted_secret_filename(config_key))
end
def encrypted_configuration_settings(config_key)
{
content_path: encrypted_secret_file(config_key),
base_key: application_secrets[:encrypted_settings_key_base],
previous_keys: application_secrets[:rotated_encrypted_settings_key_base] || []
}
end
def decrypted_secrets(config_key)
settings = encrypted_configuration_settings(config_key)
return if settings[:base_key].nil?
encrypted = Gitlab::EncryptedConfiguration.new(**settings)
encrypted.active? ? encrypted.config : nil
end
2016-09-13 17:45:13 +05:30
end
end
end