Skip to content

Remove GitLab WAF related models/services and workers

Why are we doing this work

More information about deprecation: #271276 (closed)

We have to remove all code related to GitLab WAF feature from gitlab-org/gitlab codebase.

Relevant links

Non-functional requirements

  • [-] Documentation
  • [-] Feature flag:
  • [-] Performance:
  • Testing:
    • Test if Ingress can be installed and is working properly,
    • Test if Fluentd can be installed and is working properly

Implementation plan

  • backend remove modsecurity_enabled, modsecurity_mode, waf_log_enabled from permitted params in method cluster_application_params in app/controllers/clusters/applications_controller.rb
  • backend remove extending log path to modsecurity logs in path_to_logs method and remove condition waf_log_enabled in method has_at_least_one_log_enabled? in app/models/clusters/applications/fluentd.rb
  • backend remove all consts that are matching MODSECURITY_*, default value definitions for modsecurity_enabled, modsecurity_mode; modsecurity_mode enum; modsecurity_not_installed, modsecurity_enabled modsecurity_disabled scopes; specification, modsecurity_config_content, modsecurity_config_file_path, modsecurity_snippet_content methods and modify content_values to not merge specification in app/models/clusters/applications/ingress.rb
  • backend remove with_enabled_modsecurity scope from app/models/clusters/cluster.rb,
  • backend remove modsecurity_enabled, modsecurity_mode, waf_log_enabled from exposed fields in app/serializers/cluster_application_entity.rb
  • backend remove waf_log_enabled from FLUENTD_KNOWN_ATTRS constant, and references to modsecurity_enabled and modsecurity_mode in expose method in app/services/clusters/applications/base_service.rb
  • backend remove ingress_mod_security_help_path from status_path variable in app/views/clusters/clusters/show.html.haml
  • backend remove web_application_firewall_metrics_worker from Settings.cron_jobs in config/initializers/1_settings.rb
  • backend remove :waf_anomalies from security namespace in ee/config/routes/project.rb
  • backend remove ::Gitlab::UsageDataCounters::IngressModsecurityCounter from usage_data_counters method from ee/lib/ee/gitlab/usage_data.rb
  • backend remove ingress_modsecurity_usage method, ingress_modsecurity_enabled key from features_usage_data_ce method and ingress_modsecurity_usage from system_usage_data method in lib/gitlab/usage_data.rb
  • backend remove modsecurity_blocking, modsecurity_logging, modsecurity_disabled, modsecurity_not_installed traits and settings value for modsecurity_enabled from spec/factories/clusters/applications/helm.rb
  • backend remove specs for counts.ingress_modsecurity_logging joined relations in spec/lib/gitlab/usage/metrics/names_suggestions/generator_spec.rb
  • backend remove specs for ingress_modsecurity_usage in spec/lib/gitlab/usage_data_spec.rb
  • backend remove settings value for waf_log_enabled and update specs to check if log paths can contain only cilium_log_path in spec/models/clusters/applications/fluentd_spec.rb
  • backend remove context for when modsecurity_enabled is enabled and modify context to ensure that modsecurity_enabled is disabled in spec/models/clusters/applications/ingress_spec.rb
  • backend remove specs for with_enabled_modsecurity context in spec/models/clusters/cluster_spec.rb
  • backend remove checking for waf_log_enabled value in for fluentd application context in spec/serializers/cluster_application_entity_spec.rb
  • backend remove settings and checking for modsecurity_enabled value in spec/services/clusters/applications/create_service_spec.rb
  • backend remove ingress_modsecurity_enabled from COUNTS_KEYS const in spec/support/helpers/usage_data_helpers.rb
  • backend remove decode_json_fields processor from filebeat -> enabled -> filebeatConfig -> filebeat.yml in vendor/elastic_stack/values.yaml
  • backend remove WAF related information from ingress on auto-deploy-app assets/auto-deploy-app/templates/ingress.yaml in gitlab-org/cluster-integration/auto-deploy-image project
  • backend remove reference to gitlab-waf.yaml.gotml in src/default-data/ingress/helmfile.yaml in gitlab-org/cluster-integration/cluster-applications project
  • backend remove gitlab-waf.yaml.gotmpl from values section in helmfile.yaml
  • backend remove file config/feature_flags/development/ingress_modsecurity.yml
  • backend remove file ee/app/controllers/projects/security/waf_anomalies_controller.rb
  • backend remove file ee/app/services/ee/security/ingress_modsecurity_usage_service.rb
  • backend remove file ee/app/services/security/waf_anomaly_summary_service.rb
  • backend remove file ee/app/workers/ingress_modsecurity_counter_metrics_worker.rb
  • backend remove file ee/config/feature_flags/development/usage_ingress_modsecurity_counter.yml
  • backend remove file ee/lib/gitlab/usage_data_counters/ingress_modsecurity_counter.rb
  • backend remove file ee/spec/controllers/projects/security/waf_anomalies_controller_spec.rb
  • backend remove file ee/spec/lib/gitlab/usage_data_counters/ingress_modsecurity_counter_spec.rb
  • backend remove file ee/spec/services/ee/security/ingress_modsecurity_usage_service_spec.rb
  • backend remove file ee/spec/services/security/waf_anomaly_summary_service_spec.rb
  • backend remove file ee/spec/workers/ingress_modsecurity_counter_metrics_worker_spec.rb
  • backend remove file vendor/ingress/modsecurity.conf
  • backend remove file src/default-data/ingress/gitlab-waf.yaml.gotmpl from gitlab-org/cluster-integration/cluster-applications project
Edited by Alan (Maciej) Paruszewski