Add ability suppress the global "You won't be able [use] SSH" message

This fixes gitlab-org/gitlab-ce#49953, as noted in the documentation
this feature is intended to be used when SSH certificates are
enabled. Then this warning becomes not only pointless, but also
misleading.

This builds on top of gitlab-org/gitlab-ce!21009 since both need to
modify the same documentation, which avoids a merge conflict.

See also the gitlab-org/gitlab-ce#49218 issue and associated merge
request.

app/helpers/application_settings_helper.rb

@@ -254,6 +254,7 @@ module ApplicationSettingsHelper
       :usage_ping_enabled,
       :instance_statistics_visibility_private,
       :user_default_external,
+      :user_show_add_ssh_key_message,
       :user_oauth_applications,
       :version_check_enabled,
       :web_ide_clientside_preview_enabled

app/helpers/button_helper.rb

@@ -73,7 +73,11 @@ module ButtonHelper
   end
 
   def ssh_clone_button(project, append_link: true)
-    dropdown_description = _("You won't be able to pull or push project code via SSH until you add an SSH key to your profile") if current_user.try(:require_ssh_key?)
+    if Gitlab::CurrentSettings.user_show_add_ssh_key_message? &&
+        current_user.try(:require_ssh_key?)
+      dropdown_description = _("You won't be able to pull or push project code via SSH until you add an SSH key to your profile")
+    end
+
     append_url = project.ssh_url_to_repo if append_link
 
     dropdown_item_with_description('SSH', dropdown_description, href: append_url)

app/helpers/projects_helper.rb

@@ -192,7 +192,10 @@ module ProjectsHelper
   end
 
   def show_no_ssh_key_message?
-    cookies[:hide_no_ssh_message].blank? && !current_user.hide_no_ssh_key && current_user.require_ssh_key?
+    Gitlab::CurrentSettings.user_show_add_ssh_key_message? &&
+      cookies[:hide_no_ssh_message].blank? &&
+      !current_user.hide_no_ssh_key &&
+      current_user.require_ssh_key?
   end
 
   def show_no_password_message?

app/models/application_setting.rb

@@ -298,7 +298,8 @@ class ApplicationSetting < ActiveRecord::Base
       unique_ips_limit_time_window: 3600,
       usage_ping_enabled: Settings.gitlab['usage_ping_enabled'],
       instance_statistics_visibility_private: false,
-      user_default_external: false
+      user_default_external: false,
+      user_show_add_ssh_key_message: true
     }
   end
 

app/views/admin/application_settings/_account_and_limit.html.haml

@@ -29,5 +29,11 @@
         = f.check_box :user_default_external, class: 'form-check-input'
         = f.label :user_default_external, class: 'form-check-label' do
           Newly registered users will by default be external
+    .form-group
+      = f.label :user_show_add_ssh_key_message, 'Prompt users to upload SSH keys', class: 'label-bold'
+      .form-check
+        = f.check_box :user_show_add_ssh_key_message, class: 'form-check-input'
+        = f.label :user_show_add_ssh_key_message, class: 'form-check-label' do
+          Inform users without uploaded SSH keys that they can't push over SSH until one is added
 
   = f.submit 'Save changes', class: 'btn btn-success'

changelogs/unreleased/49953-add-user_show_add_ssh_key_message-setting.yml

+---
+title: Add ability to suppress the global "You won't be able to use SSH" message
+merge_request: 21027
+author: Ævar Arnfjörð Bjarmason
+type: added

db/migrate/20180808162000_add_user_show_add_ssh_key_message_to_application_settings.rb

+# See http://doc.gitlab.com/ce/development/migration_style_guide.html
+# for more information on how to write migrations for GitLab.
+
+class AddUserShowAddSshKeyMessageToApplicationSettings < ActiveRecord::Migration
+  include Gitlab::Database::MigrationHelpers
+
+  # Set this constant to true if this migration requires downtime.
+  DOWNTIME = false
+
+  disable_ddl_transaction!
+
+  def up
+    add_column_with_default :application_settings, :user_show_add_ssh_key_message, :boolean, default: true, allow_null: false
+  end
+
+  def down
+    remove_column :application_settings, :user_show_add_ssh_key_message
+  end
+end

db/schema.rb

@@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20180807153545) do
+ActiveRecord::Schema.define(version: 20180808162000) do
 
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
@@ -170,6 +170,7 @@ ActiveRecord::Schema.define(version: 20180807153545) do
     t.boolean "hide_third_party_offers", default: false, null: false
     t.boolean "instance_statistics_visibility_private", default: false, null: false
     t.boolean "web_ide_clientside_preview_enabled", default: false, null: false
+    t.boolean "user_show_add_ssh_key_message", default: true, null: false
   end
 
   create_table "audit_events", force: :cascade do |t|

doc/administration/operations/ssh_certificates.md

@@ -163,3 +163,20 @@ Such a restriction can currently be hacked in by e.g. providing a
 custom `AuthorizedKeysCommand` which checks if the discovered key-ID
 returned from `gitlab-shell-authorized-keys-check` is a deploy key or
 not (all non-deploy keys should be refused).
+
+## Disabling the global warning about users lacking SSH keys
+
+By default GitLab will show a "You won't be able to pull or push
+project code via SSH" warning to users who have not uploaded an SSH
+key to their profile.
+
+This is counterproductive when using SSH certificates, since users
+aren't expected to upload their own keys.
+
+To disable this warning globally, go to "Application settings ->
+Account and limit settings" and disable the "Show user add SSH key
+message" setting.
+
+This setting was added specifically for use with SSH certificates, but
+can be turned off without using them if you'd like to hide the warning
+for some other reason.

doc/api/settings.md

@@ -56,7 +56,8 @@ Example response:
    "enforce_terms": true,
    "terms": "Hello world!",
    "performance_bar_allowed_group_id": 42,
-   "instance_statistics_visibility_private": false
+   "instance_statistics_visibility_private": false,
+   "user_show_add_ssh_key_message": true
 }
 ```
 
@@ -161,6 +162,8 @@ PUT /application/settings
 | `enforce_terms`                          | boolean          | no                                            | Enforce application ToS to all users                                                                                                                                                                                                                                                                                                                                                                                                         |
 | `terms`                                  | text             | yes (if `enforce_terms` is true)              | Markdown content for the ToS                                                                                                                                                                                                                                                                                                                                                                                                                 |
 | `instance_statistics_visibility_private` | boolean          | no                                            | When set to `true` Instance statistics will only be available to admins                                                                                                                                                                                                                                                                                                                                                                      |
+| `user_show_add_ssh_key_message`          | boolean          | no                                            | When set to `false` disable the "You won't be able to pull or push
++project code via SSH" warning shown to users with no uploaded SSH key                                                                                                                                                                                                                                                                   |
 
 ```bash
 curl --request PUT --header "PRIVATE-TOKEN: 9koXpg98eAheJpvBs5tK" https://gitlab.example.com/api/v4/application/settings?signup_enabled=false&default_project_visibility=internal
@@ -206,6 +209,7 @@ Example response:
   "enforce_terms": true,
   "terms": "Hello world!",
   "performance_bar_allowed_group_id": 42,
-  "instance_statistics_visibility_private": false
+  "instance_statistics_visibility_private": false,
+  "user_show_add_ssh_key_message": true
 }
 ```

spec/helpers/button_helper_spec.rb

@@ -79,6 +79,18 @@ describe ButtonHelper do
       end
     end
 
+    context 'without an ssh key on the user and user_show_add_ssh_key_message unset' do
+      before do
+        stub_application_setting(user_show_add_ssh_key_message: false)
+      end
+
+      it 'there is no warning on the dropdown description' do
+        description = element.search('.dropdown-menu-inner-content').first
+
+        expect(description).to be_nil
+      end
+    end
+
     context 'with an ssh key on the user' do
       before do
         create(:key, user: user)