Document mutual TLS values on settings form

911a91a9 · Bob Van Landuyt · 2575f02c · 2575f02c · 911a91a9 · 911a91a9
Commit 911a91a9 authored Mar 23, 2018 by Bob Van Landuyt
4 changed files
--- a/doc/user/admin_area/settings/img/external_authorization_service_settings.png
+++ b/doc/user/admin_area/settings/img/external_authorization_service_settings.png
--- a/ee/app/helpers/ee/application_settings_helper.rb
+++ b/ee/app/helpers/ee/application_settings_helper.rb
@@ -19,6 +19,22 @@ module EE
        "external authorization checks.")
    end

+    def external_authorization_client_certificate_help_text
+      _("The X509 Certificate to use when mutual TLS is required to communicate "\
+        "with the external authorization service. If left blank, the server "\
+        "certificate is still validated when accessing over HTTPS.")
+    end
+
+    def external_authorization_client_key_help_text
+      _("The private key to use when a client certificate is provided. This value "\
+        "is encrypted at rest.")
+    end
+
+    def external_authorization_client_pass_help_text
+      _("The passphrase required to decrypt the private key. This is optional "\
+        "and the value is encrypted at rest.")
+    end
+
    override :visible_attributes
    def visible_attributes
      super + [

--- a/ee/app/views/admin/application_settings/_external_authorization_service_form.html.haml
+++ b/ee/app/views/admin/application_settings/_external_authorization_service_form.html.haml
@@ -26,14 +26,20 @@
      = f.label :external_auth_client_cert, _('Client authentication certificate'), class: 'control-label col-sm-2'
      .col-sm-10
        = f.text_area :external_auth_client_cert, class: 'form-control'
+        %span.help-block
+          = external_authorization_client_certificate_help_text
    .form-group
      = f.label :external_auth_client_key, _('Client authentication key'), class: 'control-label col-sm-2'
      .col-sm-10
        = f.text_area :external_auth_client_key, class: 'form-control'
+        %span.help-block
+          = external_authorization_client_key_help_text
    .form-group
      = f.label :external_auth_client_key_pass, _('Client authentication key password'), class: 'control-label col-sm-2'
      .col-sm-10
        = f.password_field :external_auth_client_key_pass, class: 'form-control'
+        %span.help-block
+          = external_authorization_client_pass_help_text
    .form-group
      = f.label :external_authorization_service_default_label, _('Default classification label'), class: 'control-label col-sm-2'
      .col-sm-10

--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -3847,6 +3847,9 @@ msgstr ""
 msgid "The Issue Tracker is the place to add things that need to be improved or solved in a project. You can register or sign in to create issues for this project."
 msgstr ""

+msgid "The X509 Certificate to use when mutual TLS is required to communicate with the external authorization service. If left blank, the server certificate is still validated when accessing over HTTPS."
+msgstr ""
+
 msgid "The coding stage shows the time from the first commit to creating the merge request. The data will automatically be added here once you create your first merge request."
 msgstr ""

@@ -3874,12 +3877,18 @@ msgstr ""
 msgid "The number of failures of after which GitLab will completely prevent access to the storage. The number of failures can be reset in the admin interface: %{link_to_health_page} or using the %{api_documentation_link}."
 msgstr ""

+msgid "The passphrase required to decrypt the private key. This is optional and the value is encrypted at rest."
+msgstr ""
+
 msgid "The phase of the development lifecycle."
 msgstr ""

 msgid "The planning stage shows the time from the previous step to pushing your first commit. This time will be added automatically once you push your first commit."
 msgstr ""

+msgid "The private key to use when a client certificate is provided. This value is encrypted at rest."
+msgstr ""
+
 msgid "The production stage shows the total time it takes between creating an issue and deploying the code to production. The data will be automatically added once you have completed the full idea to production cycle."
 msgstr ""

@@ -4688,6 +4697,9 @@ msgstr ""
 msgid "connecting"
 msgstr ""

+msgid "could not read private key, is the passphrase correct?"
+msgstr ""
+
 msgid "day"
 msgid_plural "days"
 msgstr[0] ""
@@ -4708,6 +4720,9 @@ msgstr ""
 msgid "is invalid because there is upstream lock"
 msgstr ""

+msgid "is not a valid X509 certificate."
+msgstr ""
+
 msgid "locked by %{path_lock_user_name} %{created_at}"
 msgstr ""

@@ -4916,6 +4931,9 @@ msgstr ""
 msgid "personal access token"
 msgstr ""

+msgid "private key does not match certificate."
+msgstr ""
+
 msgid "remove due date"
 msgstr ""