Add new section for secret detection in admin settings
What does this MR do and why?
This introduces the UI for toggling the pre_receive_secret_detection_enabled application setting from !135032 (merged).
The design and text copy used in the merge request is derived from:
#428637 (closed)Secret_detection_-pre-receive_scanning-instance-level_configuration-_enabled.png.
Resolves #428761 (closed), and built on top of !135164 (merged), !135036 (merged), and !135032 (merged).
Feature flags
The new section is behind a feature flag secret_detection_application_setting to ensure it's not displayed for customers when this is merged to master. A roll-out issue has been created to track rolling out the new section to users.
Additionally, there's the pre_receive_secret_detection_push_check feature flag introduced earlier in !135032 (merged) that ensures the actual secrets check does not run unless the flag is turned on for a particular project.
Related merge requests
| Step | Merge Request | Description |
|---|---|---|
| 1 | !135032 (merged) | Adds the secrets push check, and puts it behind a feature flag. |
| 2 | !135036 (merged) | Updates the secrets push check to check for license (only ultimate is allowed). |
| 3 | !135164 (merged) | Adds a new application setting for pre-receive SD, and updates the secrets push check accordingly. |
| 4 | This one. | Adds the UI for toggling the application setting of pre-receive SD |
Why are we introducing a feature flag and an application setting at the same time?
In the related merge requests (as shown above), we introduce an application setting (configurable via the UI) in addition to the feature flag introduced in this merge request, the reason is because this feature is planned for GitLab Dedicated first, and then for other types of instances.
GitLab Dedicated, however, does not support feature flags, and since this is an experimental feature at the moment, the solution is to put the feature behind an application setting (introduced in step number 3) for dedicated instances, and for all other types to have the feature behind the same application setting and a feature flag enabled per project.
Please read more about this decision in this thread.
How to set up and validate locally
- In your
railsconsole, enablesecret_detection_application_settingfeature flag:
pry(main)> Feature.enable(:secret_detection_application_setting)- Ensure your GDK is licensed as
ultimate. - In your GDK, navigate to http://gdk.test:3000/admin/application_settings/security_and_compliance.
- You should see the new section
Secret Detection. - Tick the checkbox to turn on the feature instance-wide.
- In the
railsconsole, check the feature is turned on:
pry(main)> Gitlab::CurrentSettings.pre_receive_secret_detection_enabledScreenshots or screen recordings
| Description | Screenshot |
|---|---|
| Section collapsed |  |
| Section expanded |  |
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.