Support `trusted_user_ca_keys` configuration for gitlab-sshd

Vasilii Iakliushinrequested to merge
vi-support-trusted-user-ca-keys-in-gitlab-sshd into master

What does this MR do?

Contributes to gitlab-shell#841 (closed)

GitLab-Shell change: Add support for instance-level SSH certificates... (gitlab-shell!1396 - merged)

Problem

gitlab-shell added a trusted_user_ca_keys sshd configuration option for instance-level SSH certificate authentication, but there is no way to configure it through Omnibus.

Solution

Expose the trusted_user_ca_keys option as a pass-through attribute under gitlab_sshd. When set, it renders into the sshd section of gitlab-shell's config.yml as a list of CA public key file paths.

Related issues

Add support for instance-level SSH certificates... (gitlab-shell#841 - closed)

Checklist

See Definition of done.

For anything in this list which will not be completed, please provide a reason in the MR discussion.

Required

  • MR title and description are up to date, accurate, and descriptive.
  • MR targeting the appropriate branch.
  • Latest Merge Result pipeline is green.
  • When ready for review, MR is labeled workflowready for review per the Distribution MR workflow.

For GitLab team members

If you don't have access to this, the reviewer should trigger these jobs for you during the review process.

  • The manual Trigger:ee-package jobs have a green pipeline running against latest commit.
  • If config/software or config/patches directories are changed, make sure the build-package-on-all-os job within the Trigger:ee-package downstream pipeline succeeded.
  • If you are changing anything SSL related, then the Trigger:package:fips manual job within the Trigger:ee-package downstream pipeline must succeed.
  • If CI configuration is changed, the branch must be pushed to dev.gitlab.org to confirm regular branch builds aren't broken.

Expected (please provide an explanation if not completing)

Edited by João Alexandre Cunha

Merge request reports