Merge branch 'acme-account-private-key' into 'master'

Generate Let's Encrypt private key See merge request gitlab-org/gitlab-ce!27581

Merge branch 'acme-account-private-key' into 'master'
Generate Let's Encrypt private key See merge request gitlab-org/gitlab-ce!27581
269110b9 · Grzegorz Bizon · 81528a3a · 444959bf · 269110b9 · 269110b9
隐藏空白更改
内联并排

Showing with 17 addition and 1 deletion

config/initializers/01_secret_token.rb config/initializers/01_secret_token.rb +6 -1

spec/initializers/secret_token_spec.rb spec/initializers/secret_token_spec.rb +11 -0

未找到文件。
--- a/config/initializers/01_secret_token.rb
+++ b/config/initializers/01_secret_token.rb
@@ -28,7 +28,8 @@ def create_tokens
    secret_key_base: file_secret_key || generate_new_secure_token,
    otp_key_base: env_secret_key || file_secret_key || generate_new_secure_token,
    db_key_base: generate_new_secure_token,
-    openid_connect_signing_key: generate_new_rsa_private_key
+    openid_connect_signing_key: generate_new_rsa_private_key,
+    lets_encrypt_private_key: generate_lets_encrypt_private_key
  }
  missing_secrets = set_missing_keys(defaults)
@@ -49,6 +50,10 @@ def generate_new_rsa_private_key
  OpenSSL::PKey::RSA.new(2048).to_pem
 end
+def generate_lets_encrypt_private_key
+  OpenSSL::PKey::RSA.new(4096).to_pem
+end
 def warn_missing_secret(secret)
  warn "Missing Rails.application.secrets.#{secret} for #{Rails.env} environment. The secret will be generated and stored in config/secrets.yml."
 end

--- a/spec/initializers/secret_token_spec.rb
+++ b/spec/initializers/secret_token_spec.rb
@@ -45,11 +45,21 @@ describe 'create_tokens' do
        expect(keys).to all(match(RSA_KEY))
      end
+      it "generates private key for Let's Encrypt" do
+        create_tokens
+        keys = secrets.values_at(:lets_encrypt_private_key)
+        expect(keys.uniq).to eq(keys)
+        expect(keys).to all(match(RSA_KEY))
+      end
      it 'warns about the secrets to add to secrets.yml' do
        expect(self).to receive(:warn_missing_secret).with('secret_key_base')
        expect(self).to receive(:warn_missing_secret).with('otp_key_base')
        expect(self).to receive(:warn_missing_secret).with('db_key_base')
        expect(self).to receive(:warn_missing_secret).with('openid_connect_signing_key')
+        expect(self).to receive(:warn_missing_secret).with('lets_encrypt_private_key')
        create_tokens
      end
@@ -78,6 +88,7 @@ describe 'create_tokens' do
      before do
        secrets.db_key_base = 'db_key_base'
        secrets.openid_connect_signing_key = 'openid_connect_signing_key'
+        secrets.lets_encrypt_private_key = 'lets_encrypt_private_key'
        allow(File).to receive(:exist?).with('.secret').and_return(true)
        allow(File).to receive(:read).with('.secret').and_return('file_key')