Instrumentation for Environments search

Problem

We would like to better understand how the environment search feature is used.

Proposal

Temporarily start logging the "search" parameter for environments controller. Just add it to allowlist, so we see the actual search strings instead of the [FILTERED].

We can do that behind the feature flag on .com for a couple of weeks, and this information should be enough for us to make decisions about the future of environments search.

Security evaluation

We discussed with security team and confirmed that logging params[:search is not a concern. See: #374932 (comment 1200080352)

Implementation proposal

--- a/app/controllers/projects/environments_controller.rb
+++ b/app/controllers/projects/environments_controller.rb
@@ -296,6 +296,16 @@ def authorize_stop_environment!
   def authorize_update_environment!
     access_denied! unless can?(current_user, :update_environment, environment)
   end
+
+  def append_info_to_payload(payload)
+    super
+
+    if params[:search]
+      # Merging to :metadata will ensure these are logged as top level keys
+      payload[:metadata] ||= {}
+      payload[:metadata]['meta.environment.search'] = params[:search]
+    end
+  end
 end

 Projects::EnvironmentsController.prepend_mod_with('Projects::EnvironmentsController')

Future

Create new counters for:

• the number of times a search is executed
• the number of users that perform a search