Add feature flag for gradual rollout

7ad53afd · Thong Kuah · be71e069 · 7ad53afd · 7ad53afd · 7ad53afd
Commit 7ad53afd authored Feb 28, 2022 by Thong Kuah
3 changed files
--- a/app/models/concerns/sensitive_serializable_hash.rb
+++ b/app/models/concerns/sensitive_serializable_hash.rb
@@ -19,7 +19,8 @@ module SensitiveSerializableHash
  # In general, prefer NOT to use serializable_hash / to_json / as_json in favor
  # of serializers / entities instead which has an allowlist of attributes
  def serializable_hash(options = nil)
-    return super(options) if options && options[:unsafe_serialization_hash]
+    return super unless prevent_sensitive_fields_from_serializable_hash?
+    return super if options && options[:unsafe_serialization_hash]

    options = options.try(:dup) || {}
    options[:except] = Array(options[:except]).dup
@@ -36,4 +37,10 @@ module SensitiveSerializableHash

    super(options)
  end
+
+  private
+
+  def prevent_sensitive_fields_from_serializable_hash?
+    Feature.enabled?(:prevent_sensitive_fields_from_serializable_hash, default_enabled: :yaml)
+  end
 end
--- a/config/feature_flags/development/prevent_sensitive_fields_from_serializable_hash.yml
+++ b/config/feature_flags/development/prevent_sensitive_fields_from_serializable_hash.yml
+---
+name: prevent_sensitive_fields_from_serializable_hash
+introduced_by_url: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/81773
+rollout_issue_url: https://gitlab.com/gitlab-org/gitlab/-/issues/353878
+milestone: '14.9'
+type: development
+group: group::sharding
+default_enabled: false
--- a/spec/models/concerns/sensitive_serializable_hash_spec.rb
+++ b/spec/models/concerns/sensitive_serializable_hash_spec.rb
@@ -19,19 +19,27 @@ RSpec.describe SensitiveSerializableHash do
      end
    end

-    it 'does not include the field in serializable_hash' do
-      model = test_class.new
+    let(:model) { test_class.new }

+    it 'does not include the field in serializable_hash' do
      expect(model.serializable_hash).not_to include('super_secret')
    end

    context 'unsafe_serialization_hash option' do
      it 'includes the field in serializable_hash' do
-        model = test_class.new
-
        expect(model.serializable_hash(unsafe_serialization_hash: true)).to include('super_secret')
      end
    end
+
+    context 'when prevent_sensitive_fields_from_serializable_hash feature flag is disabled' do
+      before do
+        stub_feature_flags(prevent_sensitive_fields_from_serializable_hash: false)
+      end
+
+      it 'includes the field in serializable_hash' do
+        expect(model.serializable_hash).to include('super_secret')
+      end
+    end
  end

  describe '#serializable_hash' do