Fix deploy keys breaking protected branch dropdown in FIPS mode
What does this MR do and why?
In FIPS mode, if a deploy key were present, clicking on the "Allowed to push" dropdown would fail with a "Failed to load groups, users and deploy keys" message. This occurred because the
JavaScript attempted to use the fingerprint
attribute of the key. However, on a FIPS system, the MD5 fingerprint is not available, and the null
value breaks the dropdown.
To fix this, we use the fingerprint_sha256
attribute instead. This commit also puts the SHA256 fingerprint first in the HTML views to avoid confusion.
Relates to #364562 (closed)
Screenshots or screen recordings
Protected branch dropdown
Project deploy key list
Edit project deploy key list
/admin/deploy_keys
)
Admin deploy key list (
How to set up and validate locally
This was first identified via this test:
FIPS_MODE=true bundle exec rspec ee/spec/features/protected_branches_spec.rb
To test this locally:
- In your GDK's
Procfile
, addFIPS_MODE=true
after therails-web: exec /usr/bin/env
entry. gdk restart rails
- Go to a project's
Settings
->Respository
. - Scroll down to
Deploy keys
. - Add a deploy key with write access.
- Make sure the deploy key is enabled for the project.
- Go to
Settings
->Repository
->Protected Branches
. - Click on
Allowed to push
and ensure it loads with users and deploy keys.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.