Skip to content

Don't show private keys for letsencrypt certs

Vladimir Shushlin requested to merge pages-domains-auth-ssl-flag into master

What does this MR do?

Part of https://gitlab.com/gitlab-org/gitlab-ce/issues/28996

We need to know source of pages domain certificate to fix:

Also fixes https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/27947

These 3 issues are all followups for https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/26438 , first to fixed by the same logic below, and the last one fixed by one line in _form

We will not show private keys to user, if certificates are obtained through GitLab.

EE port - https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/14318

We also want to be able to show to user that certificate was uploaded manually/automatically obtained (see discussion https://gitlab.com/gitlab-org/gitlab-ce/issues/61752#note_169384254)

This MR

Adds enum certificate_source to pages_domains table with default manually_uploaded

Mark certificates as 'gitlab_provided' if the were obtained through Let's Encrypt

Mark certificates as 'user_provided' if they were uploaded through controller or api

Only show private key in domain edit form if it is 'user_provided'

Only show LetsEncrypt option if is enabled by application settings (and feature flag)

Refactor and fix some specs to match new logic

Still don't have visible changes(FF is disabled), so changelog isn't necessary

Does this MR meet the acceptance criteria?

Conformity

Performance and testing

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

  • Label as security and @ mention @gitlab-com/gl-security/appsec
  • The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • Security reports checked/validated by a reviewer from the AppSec team
Edited by Vladimir Shushlin

Merge request reports