Commit b08b036d authored by Nick Thomas's avatar Nick Thomas

Merge branch 'pages-ssl-project-aware-feature-flag' into 'master'

Use project depended feature flag for pages ssl and get certificates only for enabled domains

See merge request gitlab-org/gitlab-ce!29609
parents 32806aee 432f2bbc
......@@ -11,7 +11,7 @@
- if Gitlab.config.pages.external_https
- auto_ssl_available = ::Gitlab::LetsEncrypt::Client.new.enabled?
- auto_ssl_available = ::Gitlab::LetsEncrypt.enabled?(@domain)
- auto_ssl_enabled = @domain.auto_ssl_enabled?
- auto_ssl_available_and_enabled = auto_ssl_available && auto_ssl_enabled
......
......@@ -5,9 +5,9 @@ class PagesDomainSslRenewalCronWorker
include CronjobQueue
def perform
return unless ::Gitlab::LetsEncrypt::Client.new.enabled?
PagesDomain.need_auto_ssl_renewal.find_each do |domain|
next unless ::Gitlab::LetsEncrypt.enabled?(domain)
PagesDomainSslRenewalWorker.perform_async(domain.id)
end
end
......
......@@ -4,11 +4,9 @@ class PagesDomainSslRenewalWorker
include ApplicationWorker
def perform(domain_id)
return unless ::Gitlab::LetsEncrypt::Client.new.enabled?
domain = PagesDomain.find_by_id(domain_id)
return unless domain
return unless domain&.enabled?
return unless ::Gitlab::LetsEncrypt.enabled?(domain)
::PagesDomains::ObtainLetsEncryptCertificateService.new(domain).execute
end
......
# frozen_string_literal: true
module Gitlab
module LetsEncrypt
def self.enabled?(pages_domain = nil)
return false unless Gitlab::CurrentSettings.lets_encrypt_terms_of_service_accepted
return false unless Feature.enabled?(:pages_auto_ssl)
# If no domain is passed, just check whether we're enabled globally
return true unless pages_domain
!!pages_domain.project && Feature.enabled?(:pages_auto_ssl_for_project, pages_domain.project)
end
end
end
......@@ -34,14 +34,6 @@ module Gitlab
acme_client.terms_of_service
end
def enabled?
return false unless Feature.enabled?(:pages_auto_ssl)
return false unless private_key
Gitlab::CurrentSettings.lets_encrypt_terms_of_service_accepted
end
private
def acme_client
......@@ -65,7 +57,7 @@ module Gitlab
end
def ensure_account
raise 'Acme integration is disabled' unless enabled?
raise 'Acme integration is disabled' unless ::Gitlab::LetsEncrypt.enabled?
@acme_account ||= acme_client.new_account(contact: contact, terms_of_service_agreed: true)
end
......
......@@ -116,42 +116,6 @@ describe ::Gitlab::LetsEncrypt::Client do
end
end
describe '#enabled?' do
subject { client.enabled? }
context 'when terms of service are accepted' do
it { is_expected.to eq(true) }
context "when private_key isn't present and database is read only" do
before do
allow(::Gitlab::Database).to receive(:read_only?).and_return(true)
end
it 'returns false' do
expect(::Gitlab::CurrentSettings.lets_encrypt_private_key).to eq(nil)
is_expected.to eq(false)
end
end
context 'when feature flag is disabled' do
before do
stub_feature_flags(pages_auto_ssl: false)
end
it { is_expected.to eq(false) }
end
end
context 'when terms of service are not accepted' do
before do
stub_application_setting(lets_encrypt_terms_of_service_accepted: false)
end
it { is_expected.to eq(false) }
end
end
describe '#terms_of_service_url' do
subject { client.terms_of_service_url }
......
# frozen_string_literal: true
require 'spec_helper'
describe ::Gitlab::LetsEncrypt do
include LetsEncryptHelpers
before do
stub_lets_encrypt_settings
end
describe '.enabled?' do
let(:project) { create(:project) }
let(:pages_domain) { create(:pages_domain, project: project) }
subject { described_class.enabled?(pages_domain) }
context 'when terms of service are accepted' do
it { is_expected.to eq(true) }
context 'when feature flag is disabled' do
before do
stub_feature_flags(pages_auto_ssl: false)
end
it { is_expected.to eq(false) }
end
end
context 'when terms of service are not accepted' do
before do
stub_application_setting(lets_encrypt_terms_of_service_accepted: false)
end
it { is_expected.to eq(false) }
end
context 'when feature flag for project is disabled' do
before do
stub_feature_flags(pages_auto_ssl_for_project: false)
end
it 'returns false' do
is_expected.to eq(false)
end
end
context 'when domain has not project' do
let(:pages_domain) { create(:pages_domain) }
it 'returns false' do
is_expected.to eq(false)
end
end
end
end
......@@ -12,15 +12,18 @@ describe PagesDomainSslRenewalCronWorker do
end
describe '#perform' do
let!(:domain) { create(:pages_domain) }
let!(:domain_with_enabled_auto_ssl) { create(:pages_domain, auto_ssl_enabled: true) }
let!(:domain_with_obtained_letsencrypt) { create(:pages_domain, :letsencrypt, auto_ssl_enabled: true) }
let(:project) { create :project }
let!(:domain) { create(:pages_domain, project: project) }
let!(:domain_with_enabled_auto_ssl) { create(:pages_domain, project: project, auto_ssl_enabled: true) }
let!(:domain_with_obtained_letsencrypt) do
create(:pages_domain, :letsencrypt, project: project, auto_ssl_enabled: true)
end
let!(:domain_without_auto_certificate) do
create(:pages_domain, :without_certificate, :without_key, auto_ssl_enabled: true)
create(:pages_domain, :without_certificate, :without_key, project: project, auto_ssl_enabled: true)
end
let!(:domain_with_expired_auto_ssl) do
create(:pages_domain, :letsencrypt, :with_expired_certificate)
create(:pages_domain, :letsencrypt, :with_expired_certificate, project: project)
end
it 'enqueues a PagesDomainSslRenewalWorker for domains needing renewal' do
......
......@@ -7,7 +7,8 @@ describe PagesDomainSslRenewalWorker do
subject(:worker) { described_class.new }
let(:domain) { create(:pages_domain) }
let(:project) { create(:project) }
let(:domain) { create(:pages_domain, project: project) }
before do
stub_lets_encrypt_settings
......@@ -22,14 +23,24 @@ describe PagesDomainSslRenewalWorker do
worker.perform(domain.id)
end
shared_examples 'does nothing' do
it 'does nothing' do
expect(::PagesDomains::ObtainLetsEncryptCertificateService).not_to receive(:new)
end
end
context 'when domain was deleted' do
before do
domain.destroy!
end
it 'does nothing' do
expect(::PagesDomains::ObtainLetsEncryptCertificateService).not_to receive(:new)
include_examples 'does nothing'
end
context 'when domain is disabled' do
let(:domain) { create(:pages_domain, :disabled) }
include_examples 'does nothing'
end
end
end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment