Add Jira Connect public key store setting
What does this MR do and why?
This is the first step to replace the gitlab.jira_connect.enable_public_keys_storage config with an application setting.
The config was introduced as a quick way to improve the development experience for the GitLab for Jira app (!105257 (merged)). But our guidelines are to use ApplicationSetting instead of gitlab.yml for new settings.
We cannot replace the config in one step because we have to make sure it is enabled for GitLab.com but disabled for self-managed. The plan is to:
- Introduce the Enable public key storage setting. (This MR)
- Enable the setting on GitLab.com
- Remove the
jira_connect.enable_public_keys_storageconfig.
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
- Create a
JiraConnectInstallaion.jira_installation = JiraConnectInstallation.create(client_key: '1234', shared_secret: '123', base_url: 'http://test.atlassian.net', instance_url: 'https://example.com') - Generate a JWT token.
jwt = JiraConnect::CreateAsymmetricJwtService.new(jira_installation).execute - Fetch the
kidheader from the token.Atlassian::Jwt.decode(jwt, nil, false)[1]['kid'] - Fetch the public key using the
kidheader by visitinghttp://127.0.0.1:3000/-/jira_connect/public_keys/<kid>. - This should show a 404 error.
- Go to
http://127.0.0.1:3000/admin/application_settings/general. - expand the GitLab for Jira App section.
- Select Enable public key storage.
- Select Save changes.
- Repeat steps 2. - 4. (You can re-use the previous
kidbut public keys are only available for 5 minutes). - The page should now show the public key.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #384896 (closed)
Edited by Andy Schoenen