diff options
| author | Vladimir Shushlin <vshushlin@gitlab.com> | 2019-05-31 08:22:55 +0300 |
|---|---|---|
| committer | Stan Hu <stanhu@gmail.com> | 2019-05-31 08:22:55 +0300 |
| commit | 39e21fb2661693fed914012a39fb3a53b2b687c2 (patch) | |
| tree | 70a5fdd93cea81aed9c1638bc32513a1fdf84bb7 /spec/lib/gitlab/lets_encrypt | |
| parent | c8c08d326942f30ad87d0702cc8b9c5896d296ad (diff) | |
Generate lets_encrypt_private_key on the fly
Remove migration generating lets encrypt key
Don't generate private_key if database is readonly
For reference:
This reverts commit 988a7f70489b99383b95e9f271a2caf6bb5b3a44.
This reverts commit 21acbe531592d55caf0e5b8716a3b551dafd6233.
Diffstat (limited to 'spec/lib/gitlab/lets_encrypt')
| -rw-r--r-- | spec/lib/gitlab/lets_encrypt/client_spec.rb | 46 |
1 files changed, 43 insertions, 3 deletions
diff --git a/spec/lib/gitlab/lets_encrypt/client_spec.rb b/spec/lib/gitlab/lets_encrypt/client_spec.rb index d63a2fbee04..5454d9c1af4 100644 --- a/spec/lib/gitlab/lets_encrypt/client_spec.rb +++ b/spec/lib/gitlab/lets_encrypt/client_spec.rb @@ -5,14 +5,12 @@ require 'spec_helper' describe ::Gitlab::LetsEncrypt::Client do include LetsEncryptHelpers - set(:private_key) { OpenSSL::PKey::RSA.new(4096).to_pem } let(:client) { described_class.new } before do stub_application_setting( lets_encrypt_notification_email: 'myemail@test.example.com', - lets_encrypt_terms_of_service_accepted: true, - lets_encrypt_private_key: private_key + lets_encrypt_terms_of_service_accepted: true ) end @@ -28,6 +26,36 @@ describe ::Gitlab::LetsEncrypt::Client do ) end + it 'generates and stores private key and initialize acme client with it' do + expect(Gitlab::CurrentSettings.lets_encrypt_private_key).to eq(nil) + + subject + + saved_private_key = Gitlab::CurrentSettings.lets_encrypt_private_key + + expect(saved_private_key).to be + expect(Acme::Client).to have_received(:new).with( + hash_including(private_key: eq_pem(saved_private_key)) + ) + end + + context 'when private key is saved in settings' do + let!(:saved_private_key) do + key = OpenSSL::PKey::RSA.new(4096).to_pem + Gitlab::CurrentSettings.current_application_settings.update(lets_encrypt_private_key: key) + key + end + + it 'uses current value of private key' do + subject + + expect(Acme::Client).to have_received(:new).with( + hash_including(private_key: eq_pem(saved_private_key)) + ) + expect(Gitlab::CurrentSettings.lets_encrypt_private_key).to eq(saved_private_key) + end + end + context 'when acme integration is disabled' do before do stub_application_setting(lets_encrypt_terms_of_service_accepted: false) @@ -94,6 +122,18 @@ describe ::Gitlab::LetsEncrypt::Client do context 'when terms of service are accepted' do it { is_expected.to eq(true) } + context "when private_key isn't present and database is read only" do + before do + allow(::Gitlab::Database).to receive(:read_only?).and_return(true) + end + + it 'returns false' do + expect(::Gitlab::CurrentSettings.lets_encrypt_private_key).to eq(nil) + + is_expected.to eq(false) + end + end + context 'when feature flag is disabled' do before do stub_feature_flags(pages_auto_ssl: false) |