Replace attr_encrypted with Ruby 3 compatible vendored version
What does this MR do and why?
The attr_encrypted
gem is unmaintained and had no working build setup.
We also identified issues with Ruby 3 support.
We had initially forked it into gitlab-org and published the fork to RubyGems, but this caused problems with the dependency graph as we had renamed the gem to use the gitlab-
prefix. Since this gem is in maintenance mode and will not evolve outside of security/compatibility patches we decided it was better to vendor it with gitlab-rails
. This also allows us to remove various monkey patches since these issues are now fixed in the vendor module.
NOTE: Since we forked from upstream master
, there are additional changes that were not present in the previous 3.1.0 release: https://github.com/attr-encrypted/attr_encrypted/compare/3.1.0...master. I think the most notable one might be this: https://github.com/attr-encrypted/attr_encrypted/commit/333775b767cc18f22a283cb0631dc82b2227cb82 (it changes the timing for when the gem inserts its extensions into AR)
These changes we made are referenced as version 3.2.4
.
Here is the full diff of these changes: !98528 (comment 1118715801)
Some references:
- Fork repo (I will archive this now that we vendored the gem): https://gitlab.com/gitlab-org/ruby/gems/attr_encrypted
- RubyGems (I will
yank
this now that we vendored the gem): https://rubygems.org/gems/gitlab-attr_encrypted/ - MR that fixed all known issues: gitlab-org/ruby/gems/attr_encrypted!1 (merged). This MR also contains the commits that allow us to remove the monkey patches here in gitlab-rails.
Refs #372221 (closed)
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #372221 (closed)