Skip to content

Deprecate pre_receive_secret_detection_enabled REST API

Deprecation Summary

Add a brief description of the feature or functionality that is deprecated. Clearly state the potential impact of the deprecation to end users.

What's changing

We are renaming some API fields to reflect the name change of the feature pre_receive_secret_detection to secret_push_protection.

  • Toggle a project's secret_push_protection_enabled status
    • Update the param from pre_receive_secret_detection_enabled to secret_push_protection_enabled
    • We are supporting both params until %18.0
    • Example:
      • Old param name: curl --request PUT --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/7/security_settings?pre_receive_secret_detection_enabled=false"
      • New param name: curl --request PUT --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/7/security_settings?secret_push_protection_enabled=false"
    • https://docs.gitlab.com/ee/api/project_security_settings.html
  • Fields returned by application_settings and projects API calls

Customer steps

Customers should transition from using the old pre_receive_secret_detection_enabled to the new secret_push_protection_enabled before 18.0 to avoid breaking any workflows that still use the old naming.

Notes to self (you can ignore this)

Since we have renamed pre_receive_secret_detection to secret_push_protection, we also need to rename anything API-related that uses the old name. This issue tracks the deprecation of pre_receive_secret_detection_enabled REST API.

In these files we support using either pre_receive_secret_detection_enabled or secret_push_protection_enabled as a param to toggle the feature. Remove the support for pre_receive_secret_detection_enabled in 18.0:

  • ee/lib/api/project_security_settings.rb
  • ee/lib/api/group_security_settings.rb

In these files we are exposing both pre_receive_secret_detection_enabled and secret_push_protection_enabled and returning both fields during an api call. Remove pre_receive_secret_detection_enabled field.

  • ee/lib/ee/api/entities/application_setting.rb
  • ee/lib/ee/api/entities/project.rb

Documentation

Product Usage

Describe why deprecation of this feature is necessary, ideally with dashboards/metrics that show product usage. add links to the documentation

Breaking Change?

Affected Customers

  • GitLab.com
  • Self-managed
  • Dedicated

Deprecation Milestone

17.9

Planned Removal Milestone

18.0

Links

Checklists

Timeline

Rollout Plan

DRIs:

  • Engineers: @serenafang

  • Engineering Manager: @amarpatel

  • Describe rollout plans on GitLab.com

    • Link to a feature flag rollout issue that covers:
      • Expected release date on GitLab.com and GitLab version
      • Rollout timelines, such as a percentage rollout on GitLab.com
      • Creation of any clean-up issues, such as code removal

  • Determine how to migrate users still using the existing functionality

  • Document ways to migrate with the tooling available

  • Automate any users who have not yet migrated, but ensure it's a two-way door decision

Communication Plan

DRIs:

Add links to the relevant merge requests.

!177950 (merged)

  • As soon as possible, but no later than the third milestone preceding the major release (for example, given the following release schedule: 17.8, 17.9, 17.10, 17.11, 18.017.9 is the third milestone preceding the major release):
  • On the major milestone:
    • The deprecated item has been removed.
    • If the removal of the deprecated item is a breaking change, the merge request is labeled breaking change.
    • Document the migration plan for users, clearly outlining the actions they need to take to mitigate the impact of the breaking change.

Development

DRIs:

  • Engineers: @engineer(s)

  • Engineering Manager: @EM

  • Measure usage of the impacted product feature

    • Evaluate metrics across GitLab.com, Self-Managed, Dedicated
    • add issue link
    • list any metrics and/or dashboards

  • Create tooling for customers to manually migrate their data or workflows

    • add issue link

  • Build mechanism for users to manually enable the breaking change ahead of time

    • add issue link

  • Automate the migration for those who do not take any manual steps (ensure the automation can be reverted)

    • add issue link

  • Develop rollout plan of breaking change on GitLab.com

    • add feature flag rollout issue

  • Dogfood the changes on GitLab.com or a Self-Managed test instance

    • add issue link

  • (Optional) Create UI controls for instance admins to disable the breaking change, providing flexibility to Self-Managed / Dedicated customers. Optional as this depends on the breaking change.

    • add issue link

Approvals

  • Product Manager @PM
  • Engineering Manager @EM
  • Senior Engineering Manager / Director @senior-eng-leader
  • Group / Director of Product Management @senior-product-leader

Mentions (as applicable)

  • Product Designer @ProductDesigner
  • Tech Writer @TW
  • Software Engineering in Test @SET
  • Any other stable counterparts based on the product categories:
    • Add Sales/CS counterpart or mention @timtams
    • Add Support counterpart or mention @gitlab-com/support/managers
    • Add Marketing counterpart or mention @cfoster3

Labels

  • This issue is labeled deprecation, and with the relevant ~devops::, ~group::, and ~Category: labels.
  • This issue is labeled breaking change if the removal of the deprecated item will be a breaking change.

References

Edited by Serena Fang