Support gitlab-shell ssl_cert_dir config setting

d2f07200 · Ash McKenzie · f778df3a · d2f07200 · d2f07200 · d2f07200
Unverified Commit d2f07200 authored 4 years ago by Ash McKenzie
--- a/changelogs/unreleased/ashmckenzie-gitlab-shell-ssl-cert-dir-support.yml
+++ b/changelogs/unreleased/ashmckenzie-gitlab-shell-ssl-cert-dir-support.yml
+---
+title: Support gitlab-shell ssl_cert_dir config setting
+merge_request: 4379
+author:
+type: added
--- a/files/gitlab-cookbooks/gitlab/attributes/default.rb
+++ b/files/gitlab-cookbooks/gitlab/attributes/default.rb
@@ -595,6 +595,7 @@ default['gitlab']['gitlab-shell']['auth_file'] = nil
 default['gitlab']['gitlab-shell']['git_trace_log_file'] = nil
 default['gitlab']['gitlab-shell']['custom_hooks_dir'] = nil
 default['gitlab']['gitlab-shell']['migration'] = { enabled: true, features: [] }
+default['gitlab']['gitlab-shell']['ssl_cert_dir'] = "#{node['package']['install-dir']}/embedded/ssl/certs/"
 # DEPRECATED! Not used by gitlab-shell
 default['gitlab']['gitlab-shell']['git_data_directories'] = {
  "default" => { "path" => "/var/opt/gitlab/git-data" }

--- a/files/gitlab-cookbooks/gitlab/recipes/gitlab-shell.rb
+++ b/files/gitlab-cookbooks/gitlab/recipes/gitlab-shell.rb
@@ -71,6 +71,7 @@ templatesymlink "Create a config.yml and create a symlink to Rails root" do
              git_trace_log_file: node['gitlab']['gitlab-shell']['git_trace_log_file'],
              custom_hooks_dir: node['gitlab']['gitlab-shell']['custom_hooks_dir'],
              migration: node['gitlab']['gitlab-shell']['migration'],
+              ssl_cert_dir: node['gitlab']['gitlab-shell']['ssl_cert_dir']
            })
  notifies :run, 'bash[Set proper security context on ssh files for selinux]', :delayed if SELinuxHelper.enabled?
 end

--- a/files/gitlab-cookbooks/gitlab/templates/default/gitlab-shell-config.yml.erb
+++ b/files/gitlab-cookbooks/gitlab/templates/default/gitlab-shell-config.yml.erb
@@ -23,6 +23,10 @@ http_settings:
 # File used as authorized_keys for gitlab user
 auth_file: "<%= @authorized_keys %>"
  
+# SSL certificate dir where custom certificates can be placed
+# https://golang.org/pkg/crypto/x509/
+ssl_cert_dir: "<%= @ssl_cert_dir %>"
+
 # Log file.
 # Default is gitlab-shell.log in the root directory.
 log_file: "<%= @log_file %>"

--- a/spec/chef/recipes/gitlab-shell_spec.rb
+++ b/spec/chef/recipes/gitlab-shell_spec.rb
@@ -50,7 +50,8 @@ RSpec.describe 'gitlab::gitlab-shell' do
          custom_hooks_dir: nil,
          migration: { enabled: true, features: [] },
          gitlab_url: 'http+unix://%2Fvar%2Fopt%2Fgitlab%2Fgitlab-workhorse%2Fsockets%2Fsocket',
-          gitlab_relative_path: ''
+          gitlab_relative_path: '',
+          ssl_cert_dir: '/opt/gitlab/embedded/ssl/certs/'
        )
      )
    end