Add support for the url scheme 'tls' to force encryption for Spamcheck (!75677) · Merge requests · GitLab.org / GitLab

Ethan Urie requested to merge 346397-eurie-configure-spamcheck-tls-via-url-schema into master Dec 01, 2021

What does this MR do and why?

NOTE: This is currently only available, and used, on GitLab.com. It is not deployed to any other instance so the effects are only to .com.

This is MR Part 1 of 2.

This allows admins to specify a secure connection to the Spamcheck anti-spam engine by specifying a url with the scheme tls in the admin panel.

Previously, only a scheme of grpc was allowed and GitLab would automatically choose an encrypted connection if it was production and unencrypted otherwise.

I left the options as tls and grpc only as an indicator to users that they couldn't not just add any endpoint they wanted.

This change preserves encryption via production env check to allow a smooth, low-maintenance rollout to proudction.

Screenshots or screen recordings

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Related to #346397 (closed)

Edited Dec 10, 2021 by Ethan Urie

Add support for the url scheme 'tls' to force encryption for Spamcheck

What does this MR do and why?

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

Merge request reports