Do not try to obtain Let's Encrypt's certs if failed

8a53aa17 · Vladimir Shushlin · b6b8ee4e · 8a53aa17 · 8a53aa17 · 8a53aa17
Commit 8a53aa17 authored Mar 23, 2020 by Vladimir Shushlin
3 changed files
--- a/app/workers/pages_domain_ssl_renewal_cron_worker.rb
+++ b/app/workers/pages_domain_ssl_renewal_cron_worker.rb
@@ -10,6 +10,11 @@ class PagesDomainSslRenewalCronWorker # rubocop:disable Scalability/IdempotentWo
    return unless ::Gitlab::LetsEncrypt.enabled?

    PagesDomain.need_auto_ssl_renewal.with_logging_info.find_each do |domain|
+      # Ideally that should be handled in PagesDomain.need_auto_ssl_renewal scope
+      # but it's hard to make scope work with feature flags
+      # once we remove feature flag we can modify scope to implement this behaviour
+      next if Feature.enabled?(:pages_letsencrypt_errors, domain.project) && domain.auto_ssl_failed
+
      with_context(project: domain.project) do
        PagesDomainSslRenewalWorker.perform_async(domain.id)
      end

--- a/spec/workers/pages_domain_ssl_renewal_cron_worker_spec.rb
+++ b/spec/workers/pages_domain_ssl_renewal_cron_worker_spec.rb
@@ -21,6 +21,10 @@ describe PagesDomainSslRenewalCronWorker do
    let!(:domain_without_auto_certificate) do
      create(:pages_domain, :without_certificate, :without_key, project: project, auto_ssl_enabled: true)
    end
+    let!(:domain_with_failed_auto_ssl) do
+      create(:pages_domain, :without_certificate, :without_key, project: project,
+             auto_ssl_enabled: true, auto_ssl_failed: true)
+    end

    let!(:domain_with_expired_auto_ssl) do
      create(:pages_domain, :letsencrypt, :with_expired_certificate, project: project)
@@ -34,7 +38,8 @@ describe PagesDomainSslRenewalCronWorker do
      end

      [domain,
-       domain_with_obtained_letsencrypt].each do |domain|
+       domain_with_obtained_letsencrypt,
+       domain_with_failed_auto_ssl].each do |domain|
        expect(PagesDomainSslRenewalWorker).not_to receive(:perform_async).with(domain.id)
      end


--- a/spec/workers/pages_domain_ssl_renewal_worker_spec.rb
+++ b/spec/workers/pages_domain_ssl_renewal_worker_spec.rb
@@ -26,6 +26,8 @@ describe PagesDomainSslRenewalWorker do
    shared_examples 'does nothing' do
      it 'does nothing' do
        expect(::PagesDomains::ObtainLetsEncryptCertificateService).not_to receive(:new)
+
+        worker.perform(domain.id)
      end
    end