Add FIPS compliance logic for experiments
What does this MR do and why?
Adds FIPS compliance logic to legacy gitlab experiment keys that we haven't been able to address in any other way yet.
This is a quick fix as requested in #361254 (comment 971282428)
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
- Access the console:
FIPS_MODE=true rails c
- In rails console run an experiment and look at the key generated in the signature.
include Gitlab::Experiment::Dsl experiment(:example, foo: :bar).signature
- Confirm the key in the signature is 64 bytes long, which indicates it was generated using SHA2.
- Do the same without setting
FIPS_MODE
and the result should be 32 bytes long, which indicates that the key was generated using MD5.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Jeremy Jackson