Don't show private keys for letsencrypt certs
What does this MR do?
Part of https://gitlab.com/gitlab-org/gitlab-ce/issues/28996
We need to know source of pages domain certificate to fix:
- https://gitlab.com/gitlab-org/gitlab-ce/issues/61752
- https://gitlab.com/gitlab-org/gitlab-ce/issues/61500
Also fixes https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/27947
These 3 issues are all followups for https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/26438 , first to fixed by the same logic below, and the last one fixed by one line in _form
We will not show private keys to user, if certificates are obtained through GitLab.
EE port - https://gitlab.com/gitlab-org/gitlab-ee/merge_requests/14318
We also want to be able to show to user that certificate was uploaded manually/automatically obtained
(see discussion https://gitlab.com/gitlab-org/gitlab-ce/issues/61752#note_169384254)
This MR
Adds enum certificate_source to pages_domains table with default manually_uploaded
Mark certificates as 'gitlab_provided' if the were obtained through Let's Encrypt
Mark certificates as 'user_provided' if they were uploaded through controller or api
Only show private key in domain edit form if it is 'user_provided'
Only show LetsEncrypt option if is enabled by application settings (and feature flag)
Refactor and fix some specs to match new logic
Still don't have visible changes(FF is disabled), so changelog isn't necessary
Does this MR meet the acceptance criteria?
Conformity
-
Changelog entry -
Documentation created/updated or follow-up review issue created -
Code review guidelines -
Merge request performance guidelines -
Style guides -
Database guides -
Separation of EE specific content
Performance and testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. -
Tested in all supported browsers
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
-
Label as security and @ mention @gitlab-com/gl-security/appsec
-
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods -
Security reports checked/validated by a reviewer from the AppSec team