debian-mirror-gitlab/lib/gitlab/ci/jwt_v2.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

60 lines
1.3 KiB
Ruby
Raw Normal View History

2022-03-02 08:16:31 +05:30
# frozen_string_literal: true
module Gitlab
module Ci
class JwtV2 < Jwt
2022-11-25 23:54:43 +05:30
DEFAULT_AUD = Settings.gitlab.base_url
2023-07-09 08:55:56 +05:30
GITLAB_HOSTED_RUNNER = 'gitlab-hosted'
SELF_HOSTED_RUNNER = 'self-hosted'
2022-11-25 23:54:43 +05:30
def self.for_build(build, aud: DEFAULT_AUD)
new(build, ttl: build.metadata_timeout, aud: aud).encoded
end
def initialize(build, ttl:, aud:)
super(build, ttl: ttl)
@aud = aud
end
2022-03-02 08:16:31 +05:30
private
2022-11-25 23:54:43 +05:30
attr_reader :aud
2022-03-02 08:16:31 +05:30
def reserved_claims
2023-06-20 00:43:36 +05:30
super.merge({
2022-03-02 08:16:31 +05:30
iss: Settings.gitlab.base_url,
2022-10-11 01:57:18 +05:30
sub: "project_path:#{project.full_path}:ref_type:#{ref_type}:ref:#{source_ref}",
2023-06-20 00:43:36 +05:30
aud: aud,
user_identities: user_identities
}.compact)
end
def user_identities
return unless user&.pass_user_identities_to_ci_jwt
user.identities.map do |identity|
{
provider: identity.provider.to_s,
extern_uid: identity.extern_uid.to_s
}
end
2022-03-02 08:16:31 +05:30
end
2023-07-09 08:55:56 +05:30
def custom_claims
super.merge(
runner_id: runner&.id,
runner_environment: runner_environment,
sha: pipeline.sha
)
end
def runner_environment
return unless runner
runner.gitlab_hosted? ? GITLAB_HOSTED_RUNNER : SELF_HOSTED_RUNNER
end
2022-03-02 08:16:31 +05:30
end
end
end