Merge branch 'revert-d7ba793d' into 'master'

Revert "Merge branch '214607-ci-jwt-signing-key/check' into 'master'" See merge request gitlab-org/gitlab!34683

Merge branch 'revert-d7ba793d' into 'master'
Revert "Merge branch '214607-ci-jwt-signing-key/check' into 'master'" See merge request gitlab-org/gitlab!34683
61653f8f · Thong Kuah · 97ed0e26 · 78c0e901 · 97ed0e26 · 97ed0e26
Commit 61653f8f authored Jun 17, 2020 by Thong Kuah
4 changed files
--- a/changelogs/unreleased/214607-ci-jwt-signing-key-check.yml
+++ b/changelogs/unreleased/214607-ci-jwt-signing-key-check.yml
---
-title: Add system check for CI JWT signing key
-merge_request: 33920
-author:
-type: added
--- a/lib/system_check/app/ci_jwt_signing_key_check.rb
+++ b/lib/system_check/app/ci_jwt_signing_key_check.rb
-# frozen_string_literal: true
-
-module SystemCheck
-  module App
-    class CiJwtSigningKeyCheck < SystemCheck::BaseCheck
-      set_name 'Valid CI JWT signing key?'
-
-      def check?
-        key_data = Rails.application.secrets.ci_jwt_signing_key
-        return false unless key_data.present?
-
-        OpenSSL::PKey::RSA.new(key_data)
-
-        true
-      rescue OpenSSL::PKey::RSAError
-        false
-      end
-
-      def show_error
-        $stdout.puts '  Rails.application.secrets.ci_jwt_signing_key is missing or not a valid RSA key.'.color(:red)
-        $stdout.puts '  CI_JOB_JWT will not be generated for CI jobs.'.color(:red)
-
-        for_more_information(
-          'doc/ci/variables/predefined_variables.md',
-          'doc/ci/examples/authenticating-with-hashicorp-vault/index.md'
-        )
-      end
-    end
-  end
-end
--- a/lib/system_check/rake_task/app_task.rb
+++ b/lib/system_check/rake_task/app_task.rb
@@ -33,8 +33,7 @@ module SystemCheck
          SystemCheck::App::ActiveUsersCheck,
          SystemCheck::App::AuthorizedKeysPermissionCheck,
          SystemCheck::App::HashedStorageEnabledCheck,
-          SystemCheck::App::HashedStorageAllProjectsCheck,
-          SystemCheck::App::CiJwtSigningKeyCheck
+          SystemCheck::App::HashedStorageAllProjectsCheck
        ]
      end
    end

--- a/spec/lib/system_check/app/ci_jwt_signing_key_check_spec.rb
+++ b/spec/lib/system_check/app/ci_jwt_signing_key_check_spec.rb
-# frozen_string_literal: true
-
-require 'spec_helper'
-
-RSpec.describe SystemCheck::App::CiJwtSigningKeyCheck do
-  subject(:system_check) { described_class.new }
-
-  describe '#check?' do
-    it 'returns false when key is not present' do
-      expect(Rails.application.secrets).to receive(:ci_jwt_signing_key).and_return(nil)
-
-      expect(system_check.check?).to eq(false)
-    end
-
-    it 'returns false when key is not valid RSA key' do
-      invalid_key = OpenSSL::PKey::RSA.new(1024).to_s.delete("\n")
-      expect(Rails.application.secrets).to receive(:ci_jwt_signing_key).and_return(invalid_key)
-
-      expect(system_check.check?).to eq(false)
-    end
-
-    it 'returns true when key is valid RSA key' do
-      valid_key = OpenSSL::PKey::RSA.new(1024).to_s
-      expect(Rails.application.secrets).to receive(:ci_jwt_signing_key).and_return(valid_key)
-
-      expect(system_check.check?).to eq(true)
-    end
-  end
-end