Commit 269110b9 authored by Grzegorz Bizon's avatar Grzegorz Bizon

Merge branch 'acme-account-private-key' into 'master'

Generate Let's Encrypt private key

See merge request gitlab-org/gitlab-ce!27581
parents 81528a3a 444959bf
...@@ -28,7 +28,8 @@ def create_tokens ...@@ -28,7 +28,8 @@ def create_tokens
secret_key_base: file_secret_key || generate_new_secure_token, secret_key_base: file_secret_key || generate_new_secure_token,
otp_key_base: env_secret_key || file_secret_key || generate_new_secure_token, otp_key_base: env_secret_key || file_secret_key || generate_new_secure_token,
db_key_base: generate_new_secure_token, db_key_base: generate_new_secure_token,
openid_connect_signing_key: generate_new_rsa_private_key openid_connect_signing_key: generate_new_rsa_private_key,
lets_encrypt_private_key: generate_lets_encrypt_private_key
} }
missing_secrets = set_missing_keys(defaults) missing_secrets = set_missing_keys(defaults)
...@@ -49,6 +50,10 @@ def generate_new_rsa_private_key ...@@ -49,6 +50,10 @@ def generate_new_rsa_private_key
OpenSSL::PKey::RSA.new(2048).to_pem OpenSSL::PKey::RSA.new(2048).to_pem
end end
def generate_lets_encrypt_private_key
OpenSSL::PKey::RSA.new(4096).to_pem
end
def warn_missing_secret(secret) def warn_missing_secret(secret)
warn "Missing Rails.application.secrets.#{secret} for #{Rails.env} environment. The secret will be generated and stored in config/secrets.yml." warn "Missing Rails.application.secrets.#{secret} for #{Rails.env} environment. The secret will be generated and stored in config/secrets.yml."
end end
......
...@@ -45,11 +45,21 @@ describe 'create_tokens' do ...@@ -45,11 +45,21 @@ describe 'create_tokens' do
expect(keys).to all(match(RSA_KEY)) expect(keys).to all(match(RSA_KEY))
end end
it "generates private key for Let's Encrypt" do
create_tokens
keys = secrets.values_at(:lets_encrypt_private_key)
expect(keys.uniq).to eq(keys)
expect(keys).to all(match(RSA_KEY))
end
it 'warns about the secrets to add to secrets.yml' do it 'warns about the secrets to add to secrets.yml' do
expect(self).to receive(:warn_missing_secret).with('secret_key_base') expect(self).to receive(:warn_missing_secret).with('secret_key_base')
expect(self).to receive(:warn_missing_secret).with('otp_key_base') expect(self).to receive(:warn_missing_secret).with('otp_key_base')
expect(self).to receive(:warn_missing_secret).with('db_key_base') expect(self).to receive(:warn_missing_secret).with('db_key_base')
expect(self).to receive(:warn_missing_secret).with('openid_connect_signing_key') expect(self).to receive(:warn_missing_secret).with('openid_connect_signing_key')
expect(self).to receive(:warn_missing_secret).with('lets_encrypt_private_key')
create_tokens create_tokens
end end
...@@ -78,6 +88,7 @@ describe 'create_tokens' do ...@@ -78,6 +88,7 @@ describe 'create_tokens' do
before do before do
secrets.db_key_base = 'db_key_base' secrets.db_key_base = 'db_key_base'
secrets.openid_connect_signing_key = 'openid_connect_signing_key' secrets.openid_connect_signing_key = 'openid_connect_signing_key'
secrets.lets_encrypt_private_key = 'lets_encrypt_private_key'
allow(File).to receive(:exist?).with('.secret').and_return(true) allow(File).to receive(:exist?).with('.secret').and_return(true)
allow(File).to receive(:read).with('.secret').and_return('file_key') allow(File).to receive(:read).with('.secret').and_return('file_key')
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment