Merge branch 'acme-account-private-key' into 'master'
Generate Let's Encrypt private key See merge request gitlab-org/gitlab-ce!27581
This commit is contained in:
commit
269110b9bb
|
@ -28,7 +28,8 @@ def create_tokens
|
||||||
secret_key_base: file_secret_key || generate_new_secure_token,
|
secret_key_base: file_secret_key || generate_new_secure_token,
|
||||||
otp_key_base: env_secret_key || file_secret_key || generate_new_secure_token,
|
otp_key_base: env_secret_key || file_secret_key || generate_new_secure_token,
|
||||||
db_key_base: generate_new_secure_token,
|
db_key_base: generate_new_secure_token,
|
||||||
openid_connect_signing_key: generate_new_rsa_private_key
|
openid_connect_signing_key: generate_new_rsa_private_key,
|
||||||
|
lets_encrypt_private_key: generate_lets_encrypt_private_key
|
||||||
}
|
}
|
||||||
|
|
||||||
missing_secrets = set_missing_keys(defaults)
|
missing_secrets = set_missing_keys(defaults)
|
||||||
|
@ -49,6 +50,10 @@ def generate_new_rsa_private_key
|
||||||
OpenSSL::PKey::RSA.new(2048).to_pem
|
OpenSSL::PKey::RSA.new(2048).to_pem
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def generate_lets_encrypt_private_key
|
||||||
|
OpenSSL::PKey::RSA.new(4096).to_pem
|
||||||
|
end
|
||||||
|
|
||||||
def warn_missing_secret(secret)
|
def warn_missing_secret(secret)
|
||||||
warn "Missing Rails.application.secrets.#{secret} for #{Rails.env} environment. The secret will be generated and stored in config/secrets.yml."
|
warn "Missing Rails.application.secrets.#{secret} for #{Rails.env} environment. The secret will be generated and stored in config/secrets.yml."
|
||||||
end
|
end
|
||||||
|
|
|
@ -45,11 +45,21 @@ describe 'create_tokens' do
|
||||||
expect(keys).to all(match(RSA_KEY))
|
expect(keys).to all(match(RSA_KEY))
|
||||||
end
|
end
|
||||||
|
|
||||||
|
it "generates private key for Let's Encrypt" do
|
||||||
|
create_tokens
|
||||||
|
|
||||||
|
keys = secrets.values_at(:lets_encrypt_private_key)
|
||||||
|
|
||||||
|
expect(keys.uniq).to eq(keys)
|
||||||
|
expect(keys).to all(match(RSA_KEY))
|
||||||
|
end
|
||||||
|
|
||||||
it 'warns about the secrets to add to secrets.yml' do
|
it 'warns about the secrets to add to secrets.yml' do
|
||||||
expect(self).to receive(:warn_missing_secret).with('secret_key_base')
|
expect(self).to receive(:warn_missing_secret).with('secret_key_base')
|
||||||
expect(self).to receive(:warn_missing_secret).with('otp_key_base')
|
expect(self).to receive(:warn_missing_secret).with('otp_key_base')
|
||||||
expect(self).to receive(:warn_missing_secret).with('db_key_base')
|
expect(self).to receive(:warn_missing_secret).with('db_key_base')
|
||||||
expect(self).to receive(:warn_missing_secret).with('openid_connect_signing_key')
|
expect(self).to receive(:warn_missing_secret).with('openid_connect_signing_key')
|
||||||
|
expect(self).to receive(:warn_missing_secret).with('lets_encrypt_private_key')
|
||||||
|
|
||||||
create_tokens
|
create_tokens
|
||||||
end
|
end
|
||||||
|
@ -78,6 +88,7 @@ describe 'create_tokens' do
|
||||||
before do
|
before do
|
||||||
secrets.db_key_base = 'db_key_base'
|
secrets.db_key_base = 'db_key_base'
|
||||||
secrets.openid_connect_signing_key = 'openid_connect_signing_key'
|
secrets.openid_connect_signing_key = 'openid_connect_signing_key'
|
||||||
|
secrets.lets_encrypt_private_key = 'lets_encrypt_private_key'
|
||||||
|
|
||||||
allow(File).to receive(:exist?).with('.secret').and_return(true)
|
allow(File).to receive(:exist?).with('.secret').and_return(true)
|
||||||
allow(File).to receive(:read).with('.secret').and_return('file_key')
|
allow(File).to receive(:read).with('.secret').and_return('file_key')
|
||||||
|
|
Loading…
Reference in New Issue