Skip to content

Add auto_ssl_failed to pages_domains

What does this MR do?

We want to properly handle Let's Encrypt errors(mostly domain validation errors) occurring during obtaining SSL certificates for pages domains: #30146 (closed)

This MR just adds a boolean column to pages_domains table indicating that some error occured.

In future we might want to add a column for storing some other error info, but ATM we don't need to it to implement proposal in ttps://gitlab.com/gitlab-org/gitlab/-/issues/30146

I'll also need to modify the index:

-    t.index ["certificate_source", "certificate_valid_not_after"], name: "index_pages_domains_need_auto_ssl_renewal", where: "(auto_ssl_enabled = true)"
+    t.index ["certificate_source", "certificate_valid_not_after"], name: "index_pages_domains_need_auto_ssl_renewal", where: "(auto_ssl_enabled = true AND auto_ssl_failed = false)"

But that will be done with update usage of related query since modifying it will make index unusable for current code

Screenshots

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

  • Label as security and @ mention @gitlab-com/gl-security/appsec
  • The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • Security reports checked/validated by a reviewer from the AppSec team
Edited by Vladimir Shushlin

Merge request reports