Add FIPS compliance logic for experiments (!89680) · Merge requests · GitLab.org / GitLab

Jeremy Jackson requested to merge jejacks0n/add-fips-compliance-behavior-to-application-experiment into master Jun 09, 2022

What does this MR do and why?

Adds FIPS compliance logic to legacy gitlab experiment keys that we haven't been able to address in any other way yet.

This is a quick fix as requested in #361254 (comment 971282428)

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

Access the console:
```
FIPS_MODE=true rails c
```
In rails console run an experiment and look at the key generated in the signature.
```
include Gitlab::Experiment::Dsl
experiment(:example, foo: :bar).signature
```
Confirm the key in the signature is 64 bytes long, which indicates it was generated using SHA2.
Do the same without setting FIPS_MODE and the result should be 32 bytes long, which indicates that the key was generated using MD5.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Jun 09, 2022 by Jeremy Jackson

Add FIPS compliance logic for experiments

What does this MR do and why?

How to set up and validate locally

MR acceptance checklist

Merge request reports