Class: Gitlab::SecretDetection::GRPC::Client

Inherits:

Object

Object
Gitlab::SecretDetection::GRPC::Client

show all

Includes:: Utils::StrongMemoize, SDLogger

Defined in:: lib/gitlab/secret_detection/grpc/client/grpc_client.rb

Constant Summary collapse

REQUEST_TIMEOUT_SECONDS = Time to wait for the response from the service

MAX_PAYLOAD_SIZE_PER_REQUEST = Total payload size limit allowed per scan request

4_000_000

Instance Method Summary collapse

#initialize(host, secure: false, compression: true, logger: nil) ⇒ Client constructor

3.8MiB (0.2MiB buffer for other request props).
#run_scan(request:, auth_token:, extra_headers: {}) ⇒ Object

Triggers Secret Detection service’s ‘/Scan` gRPC endpoint.
#run_scan_stream(requests:, auth_token:, extra_headers: {}) ⇒ Object

Triggers Secret Detection service’s ‘/ScanStream` gRPC endpoint.

Methods included from Utils::StrongMemoize

#clear_memoization, included, normalize_key, #strong_memoize, #strong_memoize_with, #strong_memoize_with_expiration, #strong_memoized?

Constructor Details

#initialize(host, secure: false, compression: true, logger: nil) ⇒ `Client`

3.8MiB (0.2MiB buffer for other request props)

# File 'lib/gitlab/secret_detection/grpc/client/grpc_client.rb', line 23

def initialize(host, secure: false, compression: true, logger: nil)
  @host = host
  @secure = secure
  @compression = compression
  @logger = logger.nil? ? LOGGER : logger
end

Instance Method Details

#run_scan(request:, auth_token:, extra_headers: {}) ⇒ `Object`

Triggers Secret Detection service’s ‘/Scan` gRPC endpoint. To keep it consistent with SDS gem interface, this method transforms the gRPC response to Gitlab::SecretDetection::Core::Response. Furthermore, any errors that are raised by the service will be translated to Gitlab::SecretDetection::Core::Response type by assiging a appropriate status value to it.

# File 'lib/gitlab/secret_detection/grpc/client/grpc_client.rb', line 34

def run_scan(request:, auth_token:, extra_headers: {})
  with_rescued_errors do
    payload_size = calculate_payload_size(request)
    if payload_size >= MAX_PAYLOAD_SIZE_PER_REQUEST
      @logger.info(
        message: "Skipping to send Scan Request to Secret Detection server due to request size overlimit",
        payload_size:
      )

      next Gitlab::SecretDetection::GRPC::ScanResponse.new(
        results: [],
        status: SecretDetection::Core::Status::INPUT_ERROR,
        applied_exclusions: []
      )
    end

    grpc_response = stub.scan(
      request,
      metadata: build_metadata(auth_token, extra_headers),
      deadline: request_deadline
    )

    grpc_response
  end
end

#run_scan_stream(requests:, auth_token:, extra_headers: {}) ⇒ `Object`

Triggers Secret Detection service’s ‘/ScanStream` gRPC endpoint.

To keep it consistent with SDS gem interface, this method transforms the gRPC response to Gitlab::SecretDetection::Core::Response type. Furthermore, any errors that are raised by the service will be translated to Gitlab::SecretDetection::Core::Response type by assiging a appropriate status value to it.

Note: If one of the stream requests result in an error, the stream will end immediately without processing the remaining requests.

# File 'lib/gitlab/secret_detection/grpc/client/grpc_client.rb', line 68

def run_scan_stream(requests:, auth_token:, extra_headers: {})
  request_stream = Gitlab::SecretDetection::GRPC::StreamRequestEnumerator.new(requests)
  results = []
  with_rescued_errors do
    has_oversized_request = requests.any? do |request|
      payload_size = calculate_payload_size(request)
      payload_size >= MAX_PAYLOAD_SIZE_PER_REQUEST
    end

    if has_oversized_request
      @logger.info("Skipping to send Scan Request to Secret Detection server due to request size overlimit")
      response = Gitlab::SecretDetection::GRPC::ScanResponse.new(
        status: SecretDetection::Core::Status::INPUT_ERROR
      )
      next (block_given? ? response : [response])
    end

    stub.scan_stream(
      request_stream.each_item,
      metadata: build_metadata(auth_token, extra_headers),
      deadline: request_deadline
    ).each do |grpc_response|
      if block_given?
        yield grpc_response
      else
        results << grpc_response
      end
    end
    results
  end
end