Allow external Spamcheck API key to be blank

GitLab's Spamcheck service does not have authentication support on its own. So, on single-node omnibus-gitlab installations it runs unauthenticated over localhost. In this scenario, any random text, as long as it is not blank, will work as an API key. But, this doesn't look nice from a documentation perspective. Nor does it reflect the current realit with respect to authentication. Hence, removing the requirement of an API key to use external Spamcheck service at least until Spamcheck can do authentication on its own. Once that is the case, we can make omnibus use authentication for the connection over localhost and turn this requirement back on. Changelog: changed Signed-off-by: Balasankar "Balu" C <balasankar@gitlab.com>

Allow external Spamcheck API key to be blank
GitLab's Spamcheck service does not have authentication support on its own. So, on single-node omnibus-gitlab installations it runs unauthenticated over localhost. In this scenario, any random text, as long as it is not blank, will work as an API key. But, this doesn't look nice from a documentation perspective. Nor does it reflect the current realit with respect to authentication. Hence, removing the requirement of an API key to use external Spamcheck service at least until Spamcheck can do authentication on its own. Once that is the case, we can make omnibus use authentication for the connection over localhost and turn this requirement back on. Changelog: changed Signed-off-by: Balasankar "Balu" C <balasankar@gitlab.com>
b1877715 · Balasankar "Balu" C · 09a4bb5b · b1877715 · b1877715 · b1877715
Commit b1877715 authored Dec 08, 2021 by Balasankar "Balu" C
Showing with 0 additions and 14 deletions

app/models/application_setting.rb app/models/application_setting.rb +0 -4

lib/api/settings.rb lib/api/settings.rb +0 -1

spec/requests/api/settings_spec.rb spec/requests/api/settings_spec.rb +0 -9

No files found.
--- a/app/models/application_setting.rb
+++ b/app/models/application_setting.rb
@@ -144,10 +144,6 @@ class ApplicationSetting < ApplicationRecord
            length: { maximum: 2000, message: _('is too long (maximum is %{count} characters)') },
            allow_blank: true

-  validates :spam_check_api_key,
-            presence: true,
-            if: :spam_check_endpoint_enabled
-
  validates :unique_ips_limit_per_user,
            numericality: { greater_than_or_equal_to: 1 },
            presence: true,

--- a/lib/api/settings.rb
+++ b/lib/api/settings.rb
@@ -154,7 +154,6 @@ module API
      optional :spam_check_endpoint_enabled, type: Boolean, desc: 'Enable Spam Check via external API endpoint'
      given spam_check_endpoint_enabled: ->(val) { val } do
        requires :spam_check_endpoint_url, type: String, desc: 'The URL of the external Spam Check service endpoint'
-        requires :spam_check_api_key, type: String, desc: 'The API key used by GitLab for accessing the Spam Check service endpoint'
      end
      optional :terminal_max_session_time, type: Integer, desc: 'Maximum time for web terminal websocket connection (in seconds). Set to 0 for unlimited time.'
      optional :usage_ping_enabled, type: Boolean, desc: 'Every week GitLab will report license usage back to GitLab, Inc.'

--- a/spec/requests/api/settings_spec.rb
+++ b/spec/requests/api/settings_spec.rb
@@ -523,15 +523,6 @@ RSpec.describe API::Settings, 'Settings', :do_not_mock_admin_mode_setting do
      end
    end

-    context "missing spam_check_api_key value when spam_check_endpoint_enabled is true" do
-      it "returns a blank parameter error message" do
-        put api("/application/settings", admin), params: { spam_check_endpoint_enabled: true, spam_check_endpoint_url: "https://example.com/spam_check" }
-
-        expect(response).to have_gitlab_http_status(:bad_request)
-        expect(json_response['error']).to eq('spam_check_api_key is missing')
-      end
-    end
-
    context "overly long spam_check_api_key" do
      it "fails to update the settings with too long spam_check_api_key" do
        put api("/application/settings", admin), params: { spam_check_api_key: "0123456789" * 500 }