Update visibility for pre-receive secret detection - project settings
Related issue: #458925 (closed)
What does this MR do and why?
This MR restrics the pre-receive secret detection feature card to be shown in only particular conditions:
- When it's a dedicated instance, or
- Both feature flags (
pre_receive_secret_detection_beta_release
andpre_receive_secret_detection_push_check
) are enabled
Why
Hiding the feature under all other conditions will not make it confusing for our customers since they can't utilize the feature unless it's available to them. This is also aligned with the guidance in Pajamas (quoted below):
A feature is hidden when the user shouldn't have access to it due to a lack of permissions. Hiding the feature is recommended because the user doesn't need to be aware of the functionality, and there is no UI that would allow them to obtain access. For example, we should hide the delete branch button if the user's role does not allow deletion of branches
- This MR also updates the project / group policy to allow dedicated instances to toggle Pre-receive Secret Detection feature.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
When pre_receive_secret_detection_push_check
feature flag is disabled
Before | After (hidden) |
---|---|
How to set up and validate locally
1. Verify dedicated instance
- Mock GDK to act as a dedicated instance, go to rails consoles (
rails c
)
setting = ApplicationSetting.first
setting.gitlab_dedicated_instance = true
setting.save!
- Visit project security configuration page, the pre-receive secret detection setting should be visible.
2. Verify feature flag
- Disable feature flag
Feature.disable(:pre_receive_secret_detection_push_check)
- Visit project security configuration page, the pre-receive secret detection setting should not be visible. ``