Add client_cert_key_pairs, ca_certs parameters in gitlab.rb for GitLab Pages

Related: https://gitlab.com/gitlab-org/gitlab-pages/-/issues/548+

Changelog: added

files/gitlab-config-template/gitlab.rb.template

@@ -2072,6 +2072,11 @@ external_url 'GENERATED_EXTERNAL_URL'
 # Experimental - Enable namespace in path
 # gitlab_pages['namespace_in_path'] = false
 
+##! Configure GitLab Pages client cert and key pairs seperated by commas which will be used as mutual TLS with GitLab API
+# gitlab_pages['client_cert_key_pairs'] = "/path/to/client.crt:/path/to/client.key"
+##! Configure root CA certs used to sign client certs which will be used with GitLab API
+# gitlab_pages['ca_certs'] = "/path/to/ca.crt"
+
 ################################################################################
 ## GitLab Pages NGINX
 ################################################################################

files/gitlab-cookbooks/gitlab-pages/attributes/default.rb

@@ -84,6 +84,9 @@ default['gitlab_pages']['redirects_max_rule_count'] = nil
 default['gitlab_pages']['register_as_oauth_app'] = true
 # Experimental - Enable namespace in path
 default['gitlab_pages']['namespace_in_path'] = false
+# Mutual TLS used with GitLab API
+default['gitlab_pages']['client_cert_key_pairs'] = nil
+default['gitlab_pages']['ca_certs'] = nil
 
 # Temporarily retain support for `node['gitlab-pages'][*]` usage in
 # `/etc/gitlab/gitlab.rb`

files/gitlab-cookbooks/gitlab-pages/templates/default/gitlab-pages-config.erb

@@ -194,3 +194,9 @@ header=<%= @headers.join(';;') %>
 <%- if @namespace_in_path -%>
 namespace-in-path=<%= @namespace_in_path %>
 <%-end -%>
+<%- if @client_cert_key_pairs -%>
+client-cert-key-pairs=<%= @client_cert_key_pairs %>
+<%-end -%>
+<%- if @ca_certs -%>
+ca-certs=<%= @ca_certs %>
+<%-end -%>

spec/chef/cookbooks/gitlab-pages/recipes/gitlab-pages_spec.rb

@@ -294,6 +294,8 @@ RSpec.describe 'gitlab::gitlab-pages' do
             redirects_max_rule_count: 2000,
             enable_disk: true,
             namespace_in_path: true,
+            client_cert_key_pairs: "/path/to/client.crt:/path/to/client.key",
+            ca_certs: "/path/to/ca.crt",
             env: {
               GITLAB_CONTINUOUS_PROFILING: "stackdriver?service=gitlab-pages",
             },
@@ -369,6 +371,8 @@ RSpec.describe 'gitlab::gitlab-pages' do
             redirects-max-rule-count=2000
             header=X-XSS-Protection: 1; mode=block;;X-Content-Type-Options: nosniff;;Test: Header
             namespace-in-path=true
+            client-cert-key-pairs=/path/to/client.crt:/path/to/client.key
+            ca-certs=/path/to/ca.crt
         EOS
 
         expect(chef_run).to render_file("/var/opt/gitlab/pages/gitlab-pages-config").with_content(expected_content)