Allow TLS authentication for the external authorization service
What does this MR do?
This adds the possibility for an admin to provide a client certificate and key to perform TLS authentication on the external authorization service.
Tried this out locally using gitlab-development-kit!447 (diffs)
Are there points in the code the reviewer needs to double check?
There is no way to provide a custom CA for only this feature. Excon does not allow setting a CA for the scope of just one request. And we don't want to have the custom CA interfere with any other uses of Excon (fe. object storage uploads).
This means that the certificate needs to be present in the OpenSSL installation for the host running GitLab.
Screenshots (if relevant)
Does this MR meet the acceptance criteria?
-
Changelog entry added, if necessary -
Documentation created/updated -
API support added -
Tests added for this feature/bug - Review
-
Has been reviewed by UX -
Has been reviewed by Frontend -
Has been reviewed by Backend -
Has been reviewed by Database
-
-
Conform by the merge request performance guides -
Conform by the style guides -
Squashed related commits together -
Internationalization required/considered -
If paid feature, have we considered GitLab.com plan and how it works for groups and is there a design for promoting it to users who aren't on the correct plan -
End-to-end tests pass ( package-qa
manual pipeline job)
What are the relevant issue numbers?
Edited by Bob Van Landuyt