Remove mandatory requirement of API Key to use external Spamcheck service (!76303) · Merge requests · GitLab.org / GitLab

Balasankar 'Balu' C requested to merge 347295-remove-requirement-spamcheck-api into master Dec 08, 2021

What does this MR do and why?

GitLab's Spamcheck service does not have authentication support on its own - gitlab-com/gl-security/engineering-and-research/automation-team/spam/spamcheck#171 (moved)

On single-node omnibus-gitlab installations it runs unauthenticated over localhost. In this scenario, any random text, as long as it is not blank, will work as an API key. But, this doesn't look nice from a documentation perspective. Nor does it reflect the current realit with respect to authentication. Hence, removing the requirement of an API key to use external Spamcheck service at least until Spamcheck can do authentication on its own. Once that is the case, we can make omnibus use authentication for the connection over localhost and turn this requirement back on.

Closes: #347295 (closed)

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Dec 09, 2021 by Balasankar 'Balu' C

Remove mandatory requirement of API Key to use external Spamcheck service

What does this MR do and why?

MR acceptance checklist

Merge request reports