Don't show private keys for letsencrypt certs

Adds enum certificate_source to pages_domains table
with default manually_uploaded

Mark certificates as 'gitlab_provided'
if the were obtained through Let's Encrypt

Mark certificates as 'user_provided' if they were uploaded through
controller or api

Only show private key in domain edit form if it is 'user_provided'

Only show LetsEncrypt option if is enabled by application settings
(and feature flag)

Refactor and fix some specs to match new logic

Don't show Let's Encrypt certificates as well

1 files changed, 96 insertions, 0 deletions

diff --git a/spec/models/pages_domain_spec.rb b/spec/models/pages_domain_spec.rb
index fdc81359d34..4fb7b71a3c7 100644
--- a/spec/models/pages_domain_spec.rb
+++ b/spec/models/pages_domain_spec.rb
@@ -356,6 +356,102 @@ describe PagesDomain do
     end
   end
 
+  describe '#user_provided_key' do
+    subject { domain.user_provided_key }
+
+    context 'when certificate is provided by user' do
+      let(:domain) { create(:pages_domain) }
+
+      it 'returns key' do
+        is_expected.to eq(domain.key)
+      end
+    end
+
+    context 'when certificate is provided by gitlab' do
+      let(:domain) { create(:pages_domain, :letsencrypt) }
+
+      it 'returns nil' do
+        is_expected.to be_nil
+      end
+    end
+  end
+
+  describe '#user_provided_certificate' do
+    subject { domain.user_provided_certificate }
+
+    context 'when certificate is provided by user' do
+      let(:domain) { create(:pages_domain) }
+
+      it 'returns key' do
+        is_expected.to eq(domain.certificate)
+      end
+    end
+
+    context 'when certificate is provided by gitlab' do
+      let(:domain) { create(:pages_domain, :letsencrypt) }
+
+      it 'returns nil' do
+        is_expected.to be_nil
+      end
+    end
+  end
+
+  shared_examples 'certificate setter' do |attribute, setter_name, old_certificate_source, new_certificate_source|
+    let(:domain) do
+      create(:pages_domain, certificate_source: old_certificate_source)
+    end
+
+    let(:old_value) { domain.public_send(attribute) }
+
+    subject { domain.public_send(setter_name, new_value) }
+
+    context 'when value has been changed' do
+      let(:new_value) { 'new_value' }
+
+      it "assignes new value to #{attribute}" do
+        expect do
+          subject
+        end.to change { domain.public_send(attribute) }.from(old_value).to('new_value')
+      end
+
+      it 'changes certificate source' do
+        expect do
+          subject
+        end.to change { domain.certificate_source }.from(old_certificate_source).to(new_certificate_source)
+      end
+    end
+
+    context 'when value has not been not changed' do
+      let(:new_value) { old_value }
+
+      it 'does not change certificate source' do
+        expect do
+          subject
+        end.not_to change { domain.certificate_source }.from(old_certificate_source)
+      end
+    end
+  end
+
+  describe '#user_provided_key=' do
+    include_examples('certificate setter', 'key', 'user_provided_key=',
+                     'gitlab_provided', 'user_provided')
+  end
+
+  describe '#gitlab_provided_key=' do
+    include_examples('certificate setter', 'key', 'gitlab_provided_key=',
+                     'user_provided', 'gitlab_provided')
+  end
+
+  describe '#user_provided_certificate=' do
+    include_examples('certificate setter', 'certificate', 'user_provided_certificate=',
+                     'gitlab_provided', 'user_provided')
+  end
+
+  describe '#gitlab_provided_certificate=' do
+    include_examples('certificate setter', 'certificate', 'gitlab_provided_certificate=',
+                     'user_provided', 'gitlab_provided')
+  end
+
   describe '.for_removal' do
     subject { described_class.for_removal }