Remove jira_connect_asymmetric_jwt feature flag (!72144) · Merge requests · GitLab.org / GitLab

Andy Schoenen requested to merge 342808-remove-feature-flag-jira_connect_asymmetric_jwt into master Oct 11, 2021

What does this MR do and why?

Removes the jira_connect_asymmetric_jwt feature flag. It was introduced to avoid the following scenario during deployment:

Atlassian loads the old version of app_descriptor_controller.rb from production.
A user installs the app and the installed request hits canary.
The JWT header does not contain a kid and the JWT verification fails.

Activated on staging on Oct 11, 2021 7:59pm GMT+0200
Activated on production on Oct 11, 2021 9:09pm GMT+0200

After a little hiccup the feature is now stable since Oct 12, 2021 7:25am GMT+0200

How to set up and validate locally

Start a Gitpod from this branch. (Read more about Gitpod and GDK here)
Follow the install the app in Jira guide using your Gitpod instance.
The installation should succeed.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Related to #342808 (closed)

Edited Nov 02, 2021 by Andy Schoenen

Remove jira_connect_asymmetric_jwt feature flag

What does this MR do and why?

How to set up and validate locally

MR acceptance checklist

Merge request reports