From ae77f1da1a8341c612b84f5d59f5ee44534e597d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Richard=20Bukovansk=C3=BD?= Date: Thu, 14 Jun 2018 11:38:34 +0200 Subject: [PATCH 1/2] Add usage of client certificate for HTTPS communication --- api/gitlab-bash-api.sh | 47 +++++++++++-------- .../my-secrets-configuration.sh | 5 ++ 2 files changed, 32 insertions(+), 20 deletions(-) diff --git a/api/gitlab-bash-api.sh b/api/gitlab-bash-api.sh index 4ba54de..4d219a2 100644 --- a/api/gitlab-bash-api.sh +++ b/api/gitlab-bash-api.sh @@ -25,9 +25,8 @@ function gitlab_get_page { local page="$3" local curl_url="${GITLAB_URL_PREFIX}/api/${GITLAB_API_VERSION}/${api_url}?page=${page}&per_page=${PER_PAGE_MAX}&${api_params}" - local curl_result - - curl_result="$( curl --include --silent --header "PRIVATE-TOKEN: ${GITLAB_PRIVATE_TOKEN}" "${curl_url}" )" + local curl_result= + curl_result="$( curl --include --silent --header "PRIVATE-TOKEN: ${GITLAB_PRIVATE_TOKEN}" "${curl_url}" ${client_certificate} )" local curl_rc=$? if [ ${curl_rc} -ne 0 ]; then @@ -106,9 +105,8 @@ function gitlab_post { local api_params="$2" local curl_url="${GITLAB_URL_PREFIX}/api/${GITLAB_API_VERSION}/${api_url}?per_page=${PER_PAGE_MAX}&${api_params}" - local curl_result - - curl_result="$( curl --header "PRIVATE-TOKEN: ${GITLAB_PRIVATE_TOKEN}" -X POST --silent "${curl_url}" )" + local curl_result= + curl_result="$( curl --header "PRIVATE-TOKEN: ${GITLAB_PRIVATE_TOKEN}" -X POST --silent "${curl_url}" ${client_certificate} )" local curl_rc=$? if [ ${curl_rc} -ne 0 ]; then @@ -127,9 +125,8 @@ function gitlab_put { local api_params="$2" local curl_url="${GITLAB_URL_PREFIX}/api/${GITLAB_API_VERSION}/${api_url}?per_page=${PER_PAGE_MAX}&${api_params}" - local curl_result - - curl_result="$( curl --header "PRIVATE-TOKEN: ${GITLAB_PRIVATE_TOKEN}" -X PUT --silent "${curl_url}" )" + local curl_result= + curl_result="$( curl --header "PRIVATE-TOKEN: ${GITLAB_PRIVATE_TOKEN}" -X PUT --silent "${curl_url}" ${client_certificate} )" local curl_rc=$? if [ ${curl_rc} -ne 0 ]; then @@ -148,9 +145,8 @@ function gitlab_delete { local api_params="$2" local curl_url="${GITLAB_URL_PREFIX}/api/${GITLAB_API_VERSION}/${api_url}?per_page=${PER_PAGE_MAX}&${api_params}" - local curl_result - - curl_result="$( curl --header "PRIVATE-TOKEN: ${GITLAB_PRIVATE_TOKEN}" -X DELETE --silent "${curl_url}" )" + local curl_result= + curl_result="$( curl --header "PRIVATE-TOKEN: ${GITLAB_PRIVATE_TOKEN}" -X DELETE --silent "${curl_url}" ${client_certificate} )" local curl_rc=$? if [ ${curl_rc} -ne 0 ]; then @@ -174,26 +170,26 @@ function url_encode { } function source_all_files_in_directory { - local folder=$1 - local file + local -r folder=$1 + local file= for file in "${folder}"/* ; do source "${file}" done } function list_projects_in_group { - local group_name=$1 - local answer + local -r group_name="$1" + local answer= answer="$( list_projects_raw )" # Rewrite result - local result_for_group - local size - + local curl_result= curl_result="$( echo "${answer}" | jq "[.[] | select(.namespace.name==\"${group_name}\")]" )" || exit $? - size="$( echo "${result_for_group}" |jq '. | length' )" + + local size= + size="$( echo "${result_for_group}" | jq '. | length' )" if [ "${size}" -eq 0 ] ; then echo "No project available for group [${group_name}] (group does not exist ?)" >&2 @@ -396,3 +392,14 @@ if [ -z "${PER_PAGE_MAX}" ]; then # Max value for GitLab is 100 PER_PAGE_MAX=50 fi + +#prepare client_certificate part of CURL +if [ -n ${GITLAB_CLIENT_CERTIFICATE} ]; then + client_certificate=" --cert ${GITLAB_CLIENT_CERTIFICATE}" + if [ ! -n ${GITLAB_CLIENT_CERTIFICATE_PASSWORD} ]; then + client_certificate+=":${GITLAB_CLIENT_CERTIFICATE_PASSWORD}" + fi + client_certificate+=" --key ${GITLAB_PRIVATE_KEY}" +else + client_certificate="" +fi diff --git a/custom-config-sample/my-secrets-configuration.sh b/custom-config-sample/my-secrets-configuration.sh index 85cb98d..2c404dd 100644 --- a/custom-config-sample/my-secrets-configuration.sh +++ b/custom-config-sample/my-secrets-configuration.sh @@ -11,3 +11,8 @@ GITLAB_PRIVATE_TOKEN=__YOUR_GITLAB_TOKEN_HERE__ #GITLAB_USER=__YOUR_GIT_USER__ #GITLAB_PASSWORD=$(url_encode '__YOUR_GIT_USER_PASSWORD__') #GITLAB_CLONE_HTTP_PREFIX="https://${GITLAB_USER}:${GITLAB_PASSWORD}@${GITLAB_URL_PREFIX#"https://"}" + +# If client certificate is needed for HTTPS communication with GitLab server +#GITLAB_CLIENT_CERTIFICATE=__PATH_TO_YOUR_CLIENT_CERTIFICATE__ +#GITLAB_CLIENT_CERTIFICATE_PASSWORD=__PASSWORD_FOR_YOUR_CLIENT_CERTIFICATE__ +#GITLAB_PRIVATE_KEY=__PATH_TO_YOUR_PRIVATE_KEY__ From 440eefe5548db5b3b4e6c096fd43c1bb7dcbb3d3 Mon Sep 17 00:00:00 2001 From: claude Date: Sat, 20 Nov 2021 12:01:30 +0100 Subject: [PATCH 2/2] Allow to not define GITLAB_CLIENT_CERTIFICATE (backward compatibility) --- api/gitlab-bash-api.sh | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/api/gitlab-bash-api.sh b/api/gitlab-bash-api.sh index 4d219a2..71925c0 100644 --- a/api/gitlab-bash-api.sh +++ b/api/gitlab-bash-api.sh @@ -393,13 +393,15 @@ if [ -z "${PER_PAGE_MAX}" ]; then PER_PAGE_MAX=50 fi -#prepare client_certificate part of CURL -if [ -n ${GITLAB_CLIENT_CERTIFICATE} ]; then +# +# Prepare client_certificate part of CURL +# +if [ -n "${GITLAB_CLIENT_CERTIFICATE:-}" ]; then client_certificate=" --cert ${GITLAB_CLIENT_CERTIFICATE}" - if [ ! -n ${GITLAB_CLIENT_CERTIFICATE_PASSWORD} ]; then + if [ -n "${GITLAB_CLIENT_CERTIFICATE_PASSWORD}" ]; then client_certificate+=":${GITLAB_CLIENT_CERTIFICATE_PASSWORD}" fi client_certificate+=" --key ${GITLAB_PRIVATE_KEY}" else - client_certificate="" + client_certificate= fi