Don't show private keys for letsencrypt certs

Adds enum certificate_source to pages_domains table
with default manually_uploaded

Mark certificates as 'gitlab_provided'
if the were obtained through Let's Encrypt

Mark certificates as 'user_provided' if they were uploaded through
controller or api

Only show private key in domain edit form if it is 'user_provided'

Only show LetsEncrypt option if is enabled by application settings
(and feature flag)

Refactor and fix some specs to match new logic

Don't show Let's Encrypt certificates as well

1 files changed, 30 insertions, 0 deletions

diff --git a/app/models/pages_domain.rb b/app/models/pages_domain.rb
index 524df30289e..07195c0bfd3 100644
--- a/app/models/pages_domain.rb
+++ b/app/models/pages_domain.rb
@@ -4,6 +4,8 @@ class PagesDomain < ApplicationRecord
   VERIFICATION_KEY = 'gitlab-pages-verification-code'.freeze
   VERIFICATION_THRESHOLD = 3.days.freeze
 
+  enum certificate_source: { user_provided: 0, gitlab_provided: 1 }, _prefix: :certificate
+
   belongs_to :project
   has_many :acme_orders, class_name: "PagesDomainAcmeOrder"
 
@@ -143,6 +145,34 @@ class PagesDomain < ApplicationRecord
     self.certificate_valid_not_after = x509&.not_after
   end
 
+  def user_provided_key
+    key if certificate_user_provided?
+  end
+
+  def user_provided_key=(key)
+    self.key = key
+    self.certificate_source = 'user_provided' if key_changed?
+  end
+
+  def user_provided_certificate
+    certificate if certificate_user_provided?
+  end
+
+  def user_provided_certificate=(certificate)
+    self.certificate = certificate
+    self.certificate_source = 'user_provided' if certificate_changed?
+  end
+
+  def gitlab_provided_certificate=(certificate)
+    self.certificate = certificate
+    self.certificate_source = 'gitlab_provided' if certificate_changed?
+  end
+
+  def gitlab_provided_key=(key)
+    self.key = key
+    self.certificate_source = 'gitlab_provided' if key_changed?
+  end
+
   private
 
   def set_verification_code