Skip to content

Add support for the url scheme 'tls' to force encryption for Spamcheck

What does this MR do and why?

NOTE: This is currently only available, and used, on GitLab.com. It is not deployed to any other instance so the effects are only to .com.

This is MR Part 1 of 2.

This allows admins to specify a secure connection to the Spamcheck anti-spam engine by specifying a url with the scheme tls in the admin panel.

Previously, only a scheme of grpc was allowed and GitLab would automatically choose an encrypted connection if it was production and unencrypted otherwise.

I left the options as tls and grpc only as an indicator to users that they couldn't not just add any endpoint they wanted.

This change preserves encryption via production env check to allow a smooth, low-maintenance rollout to proudction.

Screenshots or screen recordings

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #346397 (closed)

Edited by Ethan Urie

Merge request reports

Loading