2018-12-13 13:39:08 +05:30
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
2016-09-13 17:45:13 +05:30
|
|
|
require 'yaml'
|
|
|
|
|
require 'json'
|
2020-03-13 15:44:24 +05:30
|
|
|
require 'pathname'
|
2023-04-23 21:23:45 +05:30
|
|
|
require 'active_support'
|
|
|
|
|
require "active_support/core_ext/module/delegation"
|
|
|
|
|
require_relative 'encrypted_configuration' unless defined?(Gitlab::EncryptedConfiguration)
|
2017-09-10 17:25:29 +05:30
|
|
|
require_relative 'redis/queues' unless defined?(Gitlab::Redis::Queues)
|
2016-09-13 17:45:13 +05:30
|
|
|
|
2020-01-01 13:55:28 +05:30
|
|
|
# This service is run independently of the main Rails process,
|
|
|
|
|
# therefore the `Rails` class and its methods are unavailable.
|
|
|
|
|
|
2023-06-20 00:43:36 +05:30
|
|
|
# TODO: Remove this once we're on Ruby 3
|
|
|
|
|
# https://gitlab.com/gitlab-org/gitlab/-/issues/393651
|
|
|
|
|
unless YAML.respond_to?(:safe_load_file)
|
|
|
|
|
module YAML
|
|
|
|
|
# Temporary Ruby 2 back-compat workaround.
|
|
|
|
|
#
|
|
|
|
|
# This method only exists as of stdlib 3.0.0:
|
|
|
|
|
# https://ruby-doc.org/stdlib-3.0.0/libdoc/psych/rdoc/Psych.html
|
|
|
|
|
def self.safe_load_file(path, **options)
|
|
|
|
|
YAML.safe_load(File.read(path), **options)
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2016-09-13 17:45:13 +05:30
|
|
|
module Gitlab
|
|
|
|
|
module MailRoom
|
2020-01-01 13:55:28 +05:30
|
|
|
RAILS_ROOT_DIR = Pathname.new('../..').expand_path(__dir__).freeze
|
|
|
|
|
|
2022-05-07 20:08:51 +05:30
|
|
|
DELIVERY_METHOD_SIDEKIQ = 'sidekiq'
|
|
|
|
|
DELIVERY_METHOD_WEBHOOK = 'webhook'
|
|
|
|
|
INTERNAL_API_REQUEST_HEADER = 'Gitlab-Mailroom-Api-Request'
|
|
|
|
|
INTERNAL_API_REQUEST_JWT_ISSUER = 'gitlab-mailroom'
|
|
|
|
|
|
2018-03-17 18:26:18 +05:30
|
|
|
DEFAULT_CONFIG = {
|
|
|
|
|
enabled: false,
|
|
|
|
|
port: 143,
|
|
|
|
|
ssl: false,
|
|
|
|
|
start_tls: false,
|
|
|
|
|
mailbox: 'inbox',
|
2020-01-01 13:55:28 +05:30
|
|
|
idle_timeout: 60,
|
2020-05-24 23:13:21 +05:30
|
|
|
log_path: RAILS_ROOT_DIR.join('log', 'mail_room_json.log'),
|
2022-05-07 20:08:51 +05:30
|
|
|
expunge_deleted: false,
|
|
|
|
|
delivery_method: DELIVERY_METHOD_SIDEKIQ
|
2018-03-17 18:26:18 +05:30
|
|
|
}.freeze
|
|
|
|
|
|
2020-03-13 15:44:24 +05:30
|
|
|
# Email specific configuration which is merged with configuration
|
|
|
|
|
# fetched from YML config file.
|
2022-03-02 08:16:31 +05:30
|
|
|
MAILBOX_SPECIFIC_CONFIGS = {
|
2020-03-13 15:44:24 +05:30
|
|
|
incoming_email: {
|
2022-08-27 11:52:29 +05:30
|
|
|
queue: 'default',
|
2020-03-13 15:44:24 +05:30
|
|
|
worker: 'EmailReceiverWorker'
|
|
|
|
|
},
|
|
|
|
|
service_desk_email: {
|
2022-08-27 11:52:29 +05:30
|
|
|
queue: 'default',
|
2020-03-13 15:44:24 +05:30
|
|
|
worker: 'ServiceDeskEmailReceiverWorker'
|
|
|
|
|
}
|
|
|
|
|
}.freeze
|
|
|
|
|
|
2023-04-23 21:23:45 +05:30
|
|
|
# Default path strings (this is a data duplication
|
|
|
|
|
# with Settings which is not pulled in - see the service
|
|
|
|
|
# comment at the top of this file)
|
|
|
|
|
DEFAULT_PATHS = {
|
|
|
|
|
shared_path: 'shared',
|
|
|
|
|
encrypted_settings_path: 'encrypted_settings',
|
|
|
|
|
incoming_email: {
|
|
|
|
|
encrypted_secret_filename: 'incoming_email.yaml.enc'
|
|
|
|
|
},
|
|
|
|
|
service_desk_email: {
|
|
|
|
|
encrypted_secret_filename: 'service_desk_email.yaml.enc'
|
|
|
|
|
}
|
|
|
|
|
}.freeze
|
|
|
|
|
|
2016-09-13 17:45:13 +05:30
|
|
|
class << self
|
2020-03-13 15:44:24 +05:30
|
|
|
def enabled_configs
|
2022-03-02 08:16:31 +05:30
|
|
|
@enabled_configs ||= configs.select { |_key, config| enabled?(config) }
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def enabled_mailbox_types
|
|
|
|
|
enabled_configs.keys.map(&:to_s)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def worker_for(mailbox_type)
|
|
|
|
|
MAILBOX_SPECIFIC_CONFIGS.try(:[], mailbox_type.to_sym).try(:[], :worker).try(:safe_constantize)
|
2016-09-13 17:45:13 +05:30
|
|
|
end
|
|
|
|
|
|
2020-03-13 15:44:24 +05:30
|
|
|
private
|
2016-09-13 17:45:13 +05:30
|
|
|
|
2020-03-13 15:44:24 +05:30
|
|
|
def enabled?(config)
|
|
|
|
|
config[:enabled] && !config[:address].to_s.empty?
|
2016-09-13 17:45:13 +05:30
|
|
|
end
|
|
|
|
|
|
2020-03-13 15:44:24 +05:30
|
|
|
def configs
|
2022-03-02 08:16:31 +05:30
|
|
|
MAILBOX_SPECIFIC_CONFIGS.to_h { |key, _value| [key, fetch_config(key)] }
|
2020-03-13 15:44:24 +05:30
|
|
|
end
|
2016-09-13 17:45:13 +05:30
|
|
|
|
2020-03-13 15:44:24 +05:30
|
|
|
def fetch_config(config_key)
|
2016-09-13 17:45:13 +05:30
|
|
|
return {} unless File.exist?(config_file)
|
|
|
|
|
|
2020-03-13 15:44:24 +05:30
|
|
|
config = merged_configs(config_key)
|
2022-05-07 20:08:51 +05:30
|
|
|
|
2020-03-13 15:44:24 +05:30
|
|
|
config.merge!(redis_config) if enabled?(config)
|
2022-05-07 20:08:51 +05:30
|
|
|
|
2020-03-13 15:44:24 +05:30
|
|
|
config[:log_path] = File.expand_path(config[:log_path], RAILS_ROOT_DIR)
|
|
|
|
|
|
2023-04-23 21:23:45 +05:30
|
|
|
# override password/user from any encrypted secrets
|
|
|
|
|
if secrets = decrypted_secrets(config_key)
|
|
|
|
|
config[:password] = secrets[:password] if secrets[:password]
|
|
|
|
|
config[:user] = secrets[:user] if secrets[:user]
|
|
|
|
|
end
|
|
|
|
|
|
2020-03-13 15:44:24 +05:30
|
|
|
config
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def merged_configs(config_key)
|
|
|
|
|
yml_config = load_yaml.fetch(config_key, {})
|
2022-03-02 08:16:31 +05:30
|
|
|
specific_config = MAILBOX_SPECIFIC_CONFIGS.fetch(config_key, {})
|
2020-03-13 15:44:24 +05:30
|
|
|
DEFAULT_CONFIG.merge(specific_config, yml_config) do |_key, oldval, newval|
|
2018-03-17 18:26:18 +05:30
|
|
|
newval.nil? ? oldval : newval
|
|
|
|
|
end
|
2020-03-13 15:44:24 +05:30
|
|
|
end
|
2016-09-13 17:45:13 +05:30
|
|
|
|
2020-03-13 15:44:24 +05:30
|
|
|
def redis_config
|
|
|
|
|
gitlab_redis_queues = Gitlab::Redis::Queues.new(rails_env)
|
2021-11-18 22:05:49 +05:30
|
|
|
|
|
|
|
|
config = { redis_url: gitlab_redis_queues.url, redis_db: gitlab_redis_queues.db }
|
2017-08-17 22:00:37 +05:30
|
|
|
|
2020-03-13 15:44:24 +05:30
|
|
|
if gitlab_redis_queues.sentinels?
|
|
|
|
|
config[:sentinels] = gitlab_redis_queues.sentinels
|
2016-09-13 17:45:13 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
|
|
config
|
|
|
|
|
end
|
|
|
|
|
|
2018-03-17 18:26:18 +05:30
|
|
|
def rails_env
|
|
|
|
|
@rails_env ||= ENV['RAILS_ENV'] || ENV['RACK_ENV'] || 'development'
|
|
|
|
|
end
|
|
|
|
|
|
2016-09-13 17:45:13 +05:30
|
|
|
def config_file
|
2018-11-18 11:00:15 +05:30
|
|
|
ENV['MAIL_ROOM_GITLAB_CONFIG_FILE'] || File.expand_path('../../config/gitlab.yml', __dir__)
|
2016-09-13 17:45:13 +05:30
|
|
|
end
|
2020-01-01 13:55:28 +05:30
|
|
|
|
2020-03-13 15:44:24 +05:30
|
|
|
def load_yaml
|
2023-06-20 00:43:36 +05:30
|
|
|
@yaml ||= YAML.safe_load_file(config_file, aliases: true)[rails_env].deep_symbolize_keys
|
2020-01-01 13:55:28 +05:30
|
|
|
end
|
2023-04-23 21:23:45 +05:30
|
|
|
|
|
|
|
|
def application_secrets_file
|
|
|
|
|
ENV['MAIL_ROOM_GITLAB_SECRETS_FILE'] || File.expand_path('../../config/secrets.yml', __dir__)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def application_secrets
|
|
|
|
|
@application_secrets ||= {}.tap do |application_secrets|
|
|
|
|
|
# Uses Rails::Secret.parse
|
|
|
|
|
# from: https://github.com/rails/rails/blob/v6.1.6.1/railties/lib/rails/secrets.rb#L24
|
|
|
|
|
erb_processed_yaml = ERB.new(File.read(application_secrets_file)).result
|
|
|
|
|
yaml_secrets =
|
|
|
|
|
YAML.respond_to?(:unsafe_load) ? YAML.unsafe_load(erb_processed_yaml) : YAML.safe_load(erb_processed_yaml)
|
|
|
|
|
application_secrets.merge!(yaml_secrets["shared"].deep_symbolize_keys) if yaml_secrets["shared"]
|
|
|
|
|
application_secrets.merge!(yaml_secrets[rails_env].deep_symbolize_keys) if yaml_secrets[rails_env]
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def default_encrypted_secret_filename(config_key)
|
|
|
|
|
DEFAULT_PATHS[config_key][:encrypted_secret_filename]
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def encrypted_secret_file(config_key)
|
|
|
|
|
config = merged_configs(config_key)
|
|
|
|
|
return config[:encrypted_secret_file] if config[:encrypted_secret_file]
|
|
|
|
|
|
|
|
|
|
config_yaml = load_yaml
|
|
|
|
|
# Path handling for shared.path / encrypted_settings.path is a duplicate
|
|
|
|
|
# of the logic in config/initializers/1_settings.rb
|
|
|
|
|
shared_path = File.expand_path(config_yaml.dig(:shared, :path) ||
|
|
|
|
|
DEFAULT_PATHS[:shared_path], RAILS_ROOT_DIR)
|
|
|
|
|
encrypted_settings_path =
|
|
|
|
|
File.expand_path(config_yaml.dig(:encrypted_settings, :path) ||
|
|
|
|
|
File.join(shared_path, DEFAULT_PATHS[:encrypted_settings_path]),
|
|
|
|
|
RAILS_ROOT_DIR)
|
|
|
|
|
File.join(encrypted_settings_path, default_encrypted_secret_filename(config_key))
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def encrypted_configuration_settings(config_key)
|
|
|
|
|
{
|
|
|
|
|
content_path: encrypted_secret_file(config_key),
|
|
|
|
|
base_key: application_secrets[:encrypted_settings_key_base],
|
|
|
|
|
previous_keys: application_secrets[:rotated_encrypted_settings_key_base] || []
|
|
|
|
|
}
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def decrypted_secrets(config_key)
|
|
|
|
|
settings = encrypted_configuration_settings(config_key)
|
|
|
|
|
return if settings[:base_key].nil?
|
|
|
|
|
|
|
|
|
|
encrypted = Gitlab::EncryptedConfiguration.new(**settings)
|
|
|
|
|
encrypted.active? ? encrypted.config : nil
|
|
|
|
|
end
|
2016-09-13 17:45:13 +05:30
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
