Update the `/internal/pages` endpoint to return virtual domain
configuration for custom domains.

Just replace RSA.new with PKey.read

vshushlin authored 5 years ago and Nick Thomas committed 5 years ago

This validation prevents the domain from being saved from the UI
e.g. when user tries to enable Let's Encrypt integration

vshushlin authored 5 years ago and Nick Thomas committed 5 years ago

Add index for pages domain ssl auto renewal
Add PagesDomain.needs_ssl_renewal scope
Add cron worker for ssl renewal
Add worker for ssl renewal
Add pages ssl renewal worker queues settings

vshushlin authored 5 years ago and Nick Thomas committed 5 years ago

Adds enum certificate_source to pages_domains table
with default manually_uploaded

Mark certificates as 'gitlab_provided'
if the were obtained through Let's Encrypt

Mark certificates as 'user_provided' if they were uploaded through
controller or api

Only show private key in domain edit form if it is 'user_provided'

Only show LetsEncrypt option if is enabled by application settings
(and feature flag)

Refactor and fix some specs to match new logic

Don't show Let's Encrypt certificates as well

vshushlin authored 5 years ago and Nick Thomas committed 5 years ago

Save certificate validity time for pages domains on save
Fill validity time for existing pages domains in background migration

vshushlin authored 5 years ago and Nick Thomas committed 5 years ago

Extract acme double to helper

Create ACME challanges for pages domains

* Create order & challange through API
* save them to database
* request challenge validation

We're saving order and challenge as one entity,
that wouldn't be correct if we would order certificates for
several domains simultaneously, but we always order certificate
per domain

Add controller for processing acme challenges redirected from pages

Don't save acme challenge url - we don't use it

Validate acme challenge attributes

Encrypt private_key in acme orders

This reverts merge request !28743

vshushlin authored 5 years ago and Nick Thomas committed 5 years ago

Save certificate validity time for pages domains on save
Fill validity time for existing pages domains in background migration

vshushlin authored 5 years ago and Nick Thomas committed 5 years ago

Domain will be removed by verification worker after 1 week
of being disabled

Prepares us for upgrade to Rails 5.2

Jasper Maes authored 6 years ago and Heinrich Lee Yu committed 5 years ago

Model.new.attributes now also returns encrypted attributes.

This whitelists all existing offenses for the various CodeReuse cops, of
which most are triggered by the CodeReuse/ActiveRecord cop.

Partially addresses #47424.

Fixes that make this work:

* A change in Ruby (https://github.com/ruby/ruby/commit/ce635262f53b760284d56bb1027baebaaec175d1)
requires passing in the exact required length for OpenSSL keys and IVs.

* Ensure the secrets.yml is generated before any prepended modules are
loaded. This is done by renaming the `secret_token.rb` initializer to
`01_secret_token.rb`, which is a bit ugly but involves the least impact on
other files.

Closes #28857

Adds a rubocop rule (with autocorrect) to ensure line break after guard clauses.

Drew Blessing authored 7 years ago and Nick Thomas committed 7 years ago

Previously, `PagesDomain` would not allow a domain such as
123.example.com. With this change, this is now allowed, because
it is a perfectly valid domain.

Adds algorithm to the pages domain key and remote mirror credentials encrypted attributes for forward compatibility with attr_encrypted 3.0.0.

aes-256-cbc is the default algorithm for attr_encrypted 1.x, but the default is changed in 3.0 and thus must be declared explicitly.

See https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/4216/ for more information. This will prevent OpenSSL errors once the code from that MR is merged into EE.