Merge branch 'remove-auto-ssl-ff' into 'master'

Remove auto ssl feature flags See merge request gitlab-org/gitlab-ce!30628

Merge branch 'remove-auto-ssl-ff' into 'master'
Remove auto ssl feature flags See merge request gitlab-org/gitlab-ce!30628
7a729d67 · Nick Thomas · 66333bc7 · 7b5936eb · 7a729d67 · 7a729d67
Commit 7a729d67 authored Jul 12, 2019 by Nick Thomas
11 changed files
--- a/app/controllers/admin/application_settings_controller.rb
+++ b/app/controllers/admin/application_settings_controller.rb
@@ -103,7 +103,8 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController
    [
      *::ApplicationSettingsHelper.visible_attributes,
      *::ApplicationSettingsHelper.external_authorization_service_attributes,
-      *lets_encrypt_visible_attributes,
+      :lets_encrypt_notification_email,
+      :lets_encrypt_terms_of_service_accepted,
      :domain_blacklist_file,
      disabled_oauth_sign_in_sources: [],
      import_sources: [],
@@ -143,13 +144,4 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController
    render action
  end
-  def lets_encrypt_visible_attributes
-    return [] unless Feature.enabled?(:pages_auto_ssl)
-    [
-      :lets_encrypt_notification_email,
-      :lets_encrypt_terms_of_service_accepted
-    ]
-  end
 end
--- a/app/views/admin/application_settings/_pages.html.haml
+++ b/app/views/admin/application_settings/_pages.html.haml
@@ -15,22 +15,21 @@
      .form-text.text-muted
        = _("Domain verification is an essential security measure for public GitLab sites. Users are required to demonstrate they control a domain before it is enabled")
        = link_to icon('question-circle'), help_page_path('user/project/pages/getting_started_part_three.md', anchor: 'dns-txt-record')
-    - if Feature.enabled?(:pages_auto_ssl)
+    %h5
-      %h5
+      = _("Configure Let's Encrypt")
-        = _("Configure Let's Encrypt")
+    %p
-      %p
+      - lets_encrypt_link_start = '<a href="%{url}" target="_blank" rel="noopener noreferrer">'.html_safe % { url: "https://letsencrypt.org/" }
-        - lets_encrypt_link_start = '<a href="%{url}" target="_blank" rel="noopener noreferrer">'.html_safe % { url: "https://letsencrypt.org/" }
+      = _("%{lets_encrypt_link_start}Let's Encrypt%{lets_encrypt_link_end} is a free, automated, and open certificate authority (CA), that give digital certificates in order to enable HTTPS (SSL/TLS) for websites.").html_safe % { lets_encrypt_link_start: lets_encrypt_link_start, lets_encrypt_link_end: '</a>'.html_safe }
-        = _("%{lets_encrypt_link_start}Let's Encrypt%{lets_encrypt_link_end} is a free, automated, and open certificate authority (CA), that give digital certificates in order to enable HTTPS (SSL/TLS) for websites.").html_safe % { lets_encrypt_link_start: lets_encrypt_link_start, lets_encrypt_link_end: '</a>'.html_safe }
+    .form-group
-      .form-group
+      = f.label :lets_encrypt_notification_email, _("Email"), class: 'label-bold'
-        = f.label :lets_encrypt_notification_email, _("Email"), class: 'label-bold'
+      = f.text_field :lets_encrypt_notification_email, class: 'form-control'
-        = f.text_field :lets_encrypt_notification_email, class: 'form-control'
+      .form-text.text-muted
-        .form-text.text-muted
+        = _("A Let's Encrypt account will be configured for this GitLab installation using your email address. You will receive emails to warn of expiring certificates.")
-          = _("A Let's Encrypt account will be configured for this GitLab installation using your email address. You will receive emails to warn of expiring certificates.")
+    .form-group
-      .form-group
+      .form-check
-        .form-check
+        = f.check_box :lets_encrypt_terms_of_service_accepted, class: 'form-check-input'
-          = f.check_box :lets_encrypt_terms_of_service_accepted, class: 'form-check-input'
+        = f.label :lets_encrypt_terms_of_service_accepted, class: 'form-check-label' do
-          = f.label :lets_encrypt_terms_of_service_accepted, class: 'form-check-label' do
+          - terms_of_service_link_start = '<a href="%{url}" target="_blank" rel="noopener noreferrer">'.html_safe % { url: lets_encrypt_terms_of_service_admin_application_settings_path }
-            - terms_of_service_link_start = '<a href="%{url}" target="_blank" rel="noopener noreferrer">'.html_safe % { url: lets_encrypt_terms_of_service_admin_application_settings_path }
+          = _("I have read and agree to the Let's Encrypt %{link_start}Terms of Service%{link_end}").html_safe % { link_start: terms_of_service_link_start, link_end: '</a>'.html_safe }
-            = _("I have read and agree to the Let's Encrypt %{link_start}Terms of Service%{link_end}").html_safe % { link_start: terms_of_service_link_start, link_end: '</a>'.html_safe }
  = f.submit _('Save changes'), class: "btn btn-success"
--- a/app/views/projects/pages_domains/_form.html.haml
+++ b/app/views/projects/pages_domains/_form.html.haml
@@ -11,7 +11,7 @@
 - if Gitlab.config.pages.external_https
-  - auto_ssl_available = ::Gitlab::LetsEncrypt.enabled?(@domain)
+  - auto_ssl_available = ::Gitlab::LetsEncrypt.enabled?
  - auto_ssl_enabled = @domain.auto_ssl_enabled?
  - auto_ssl_available_and_enabled = auto_ssl_available && auto_ssl_enabled

--- a/app/views/projects/pages_domains/_helper_text.html.haml
+++ b/app/views/projects/pages_domains/_helper_text.html.haml
@@ -2,8 +2,4 @@
 - docs_link_start = "<a href=\"%{docs_link_url}\" target=\"_blank\" rel=\"noopener noreferrer\" class=\"text-nowrap\">".html_safe % { docs_link_url: docs_link_url }
 - docs_link_end = "</a>".html_safe
-# Hiding behind a feature flag to avoid any changes to this feature's implemention
+%p= _("Learn more about adding certificates to your project by following the %{docs_link_start}documentation on GitLab Pages%{docs_link_end}.").html_safe % { docs_link_url: docs_link_url, docs_link_start: docs_link_start, docs_link_end: docs_link_end }
-# when the :pages_auto_ssl feature flag is disabled.  This check should be removed
-# once the :pages_auto_ssl feature flag is removed.
- if Feature.enabled?(:pages_auto_ssl)
-  %p= _("Learn more about adding certificates to your project by following the %{docs_link_start}documentation on GitLab Pages%{docs_link_end}.").html_safe % { docs_link_url: docs_link_url, docs_link_start: docs_link_start, docs_link_end: docs_link_end }
--- a/app/workers/pages_domain_ssl_renewal_cron_worker.rb
+++ b/app/workers/pages_domain_ssl_renewal_cron_worker.rb
@@ -5,9 +5,9 @@ class PagesDomainSslRenewalCronWorker
  include CronjobQueue
  def perform
-    PagesDomain.need_auto_ssl_renewal.find_each do |domain|
+    return unless ::Gitlab::LetsEncrypt.enabled?
-      next unless ::Gitlab::LetsEncrypt.enabled?(domain)
+    PagesDomain.need_auto_ssl_renewal.find_each do |domain|
      PagesDomainSslRenewalWorker.perform_async(domain.id)
    end
  end

--- a/app/workers/pages_domain_ssl_renewal_worker.rb
+++ b/app/workers/pages_domain_ssl_renewal_worker.rb
@@ -6,7 +6,7 @@ class PagesDomainSslRenewalWorker
  def perform(domain_id)
    domain = PagesDomain.find_by_id(domain_id)
    return unless domain&.enabled?
-    return unless ::Gitlab::LetsEncrypt.enabled?(domain)
+    return unless ::Gitlab::LetsEncrypt.enabled?
    ::PagesDomains::ObtainLetsEncryptCertificateService.new(domain).execute
  end

--- a/changelogs/unreleased/remove-auto-ssl-ff.yml
+++ b/changelogs/unreleased/remove-auto-ssl-ff.yml
+---
+title: Add support for generating SSL certificates for custon pages domains through
+  Let's Encrypt
+merge_request:
+author:
+type: added
--- a/lib/gitlab/lets_encrypt.rb
+++ b/lib/gitlab/lets_encrypt.rb
@@ -2,15 +2,8 @@
 module Gitlab
  module LetsEncrypt
-    def self.enabled?(pages_domain = nil)
+    def self.enabled?
-      return false unless Gitlab::CurrentSettings.lets_encrypt_terms_of_service_accepted
+      Gitlab::CurrentSettings.lets_encrypt_terms_of_service_accepted
-      return false unless Feature.enabled?(:pages_auto_ssl)
-      # If no domain is passed, just check whether we're enabled globally
-      return true unless pages_domain
-      !!pages_domain.project && Feature.enabled?(:pages_auto_ssl_for_project, pages_domain.project)
    end
  end
 end
--- a/spec/features/admin/admin_settings_spec.rb
+++ b/spec/features/admin/admin_settings_spec.rb
@@ -400,35 +400,16 @@ describe 'Admin updates settings' do
        .to have_content "The form contains the following error: Polling interval multiplier must be greater than or equal to 0"
    end
-    context 'When pages_auto_ssl is enabled' do
+    it "Change Pages Let's Encrypt settings" do
-      before do
+      visit preferences_admin_application_settings_path
-        stub_feature_flags(pages_auto_ssl: true)
+      page.within('.as-pages') do
-        visit preferences_admin_application_settings_path
+        fill_in 'Email', with: 'my@test.example.com'
-      end
+        check "I have read and agree to the Let's Encrypt Terms of Service"
+        click_button 'Save changes'
-      it "Change Pages Let's Encrypt settings" do
-        page.within('.as-pages') do
-          fill_in 'Email', with: 'my@test.example.com'
-          check "I have read and agree to the Let's Encrypt Terms of Service"
-          click_button 'Save changes'
-        end
-        expect(current_settings.lets_encrypt_notification_email).to eq 'my@test.example.com'
-        expect(current_settings.lets_encrypt_terms_of_service_accepted).to eq true
-      end
-    end
-    context 'When pages_auto_ssl is disabled' do
-      before do
-        stub_feature_flags(pages_auto_ssl: false)
-        visit preferences_admin_application_settings_path
      end
-      it "Doesn't show Let's Encrypt options" do
+      expect(current_settings.lets_encrypt_notification_email).to eq 'my@test.example.com'
-        page.within('.as-pages') do
+      expect(current_settings.lets_encrypt_terms_of_service_accepted).to eq true
-          expect(page).not_to have_content('Email')
-        end
-      end
    end
  end

--- a/spec/lib/gitlab/lets_encrypt_spec.rb
+++ b/spec/lib/gitlab/lets_encrypt_spec.rb
@@ -10,21 +10,10 @@ describe ::Gitlab::LetsEncrypt do
  end
  describe '.enabled?' do
-    let(:project) { create(:project) }
+    subject { described_class.enabled? }
-    let(:pages_domain) { create(:pages_domain, project: project) }
-    subject { described_class.enabled?(pages_domain) }
    context 'when terms of service are accepted' do
      it { is_expected.to eq(true) }
-      context 'when feature flag is disabled' do
-        before do
-          stub_feature_flags(pages_auto_ssl: false)
-        end
-        it { is_expected.to eq(false) }
-      end
    end
    context 'when terms of service are not accepted' do
@@ -34,23 +23,5 @@ describe ::Gitlab::LetsEncrypt do
      it { is_expected.to eq(false) }
    end
-    context 'when feature flag for project is disabled' do
-      before do
-        stub_feature_flags(pages_auto_ssl_for_project: false)
-      end
-      it 'returns false' do
-        is_expected.to eq(false)
-      end
-    end
-    context 'when domain has not project' do
-      let(:pages_domain) { create(:pages_domain) }
-      it 'returns false' do
-        is_expected.to eq(false)
-      end
-    end
  end
 end
--- a/spec/services/pages_domains/obtain_lets_encrypt_certificate_service_spec.rb
+++ b/spec/services/pages_domains/obtain_lets_encrypt_certificate_service_spec.rb
@@ -12,6 +12,12 @@ describe PagesDomains::ObtainLetsEncryptCertificateService do
    stub_lets_encrypt_settings
  end
+  around do |example|
+    Sidekiq::Testing.fake! do
+      example.run
+    end
+  end
  def expect_to_create_acme_challenge
    expect(::PagesDomains::CreateAcmeOrderService).to receive(:new).with(pages_domain)
      .and_wrap_original do |m, *args|