15.4 Planning for Manage::Authentication and Authorization

15.4 Milestone: 2022-08-18 to 2022-09-17

Boards

Capacity

Preliminary capacity - There is very little time off scheduled so far so I expect this to change

Team Weight
frontend 7w
backend 35w

Capacity Goals

60% typefeature 10% typemaintenance 30% typebug

Objectives & Themes

Security Issue Summary

If no security bugvulnerability roll over from %15.3, we will have 2 security issues for %15.4 which is within our expectations (~4 security issues per milestone). We are also done with past-SLO security issues 🎉

Product prioritized typefeature list

  1. New feature work - FY23:ROADMAP items, direction items

  • Main Themes: Customizable Roles, Domain Verification/Enterprise Users, FIPS follow up

  • See Feature Board. Items are stack ranked.

Quality prioritized typebug list

  1. https://gitlab.com/gitlab-org/gitlab/-/issues/368830+ (W? priority2 severity2 security bugvulnerability )
  2. https://gitlab.com/gitlab-org/gitlab/-/issues/368416+ (W? priority3 severity3 security bugvulnerability )
  3. Automatic Logouts Are Too Frequent (gitlab-org/gitlab#121569 - closed) ( W? priority2 severity2 SUSImpacting customer )
  4. Error when removing user's SCIM ID via API (gitlab-org/gitlab#368031 - closed) (W? priority2 severity2 customer )
  5. Cannot access Admin/credentials Project Access ... (gitlab-org/gitlab#354489 - closed) (W2 priority2 severity2 customer )
  6. Group owner cannot remove their group from a pr... (gitlab-org/gitlab#251137 - closed) ( W3 priority2 severity2 SUSImpacting customer )
  7. A group access token cannot be used to create a... (gitlab-org/gitlab#365904 - closed) (W? priority2 severity2 customer )
  8. Self-managed SAML - bypass 2 factor authenticat... (gitlab-org/gitlab#196131 - closed) (? priority4 severity4 SUSImpacting ) - Stretch?
  9. Expensive query on /admin/applications times ou... (gitlab-org/gitlab#366936 - closed) (W1 priority3 severity3 SUSImpacting ) - Stretch?
For consideration
  1. Show SAML status badge for members in subgroups... (gitlab-org/gitlab#11870 - closed) (W3 priority3 severity3 SUSImpacting customer )
  2. GitLab.com Group access tokens continue working... (gitlab-org/gitlab#367740 - closed) (W? priority3 severity2 security customer )
Slipped %15.3
  1. User approval: Rejecting reloads page (gitlab-org/gitlab#342845 - closed) (W2 severity4 priority2 SUSImpacting )
  2. Incorrect password while enabling 2FA does not ... (gitlab-org/gitlab#346494 - closed) (W2 priority2 severity2 customer)
  3. Overriding LDAP permissions no longer possible (gitlab-org/gitlab#337539 - closed) (W3 priority2 severity2)

Engineering prioritized typemaintenance list

See maintenance list, they are prioritized from top to bottom.

Release Post Items

Status Issue Release Post MR
merged Redesigned Login Page Release Post: Redesigned Login Page (gitlab-com/www-gitlab-com!110713 - merged)
waiting on feature merge Add new filters to private access token API (gitlab-org/gitlab#362248 - closed) gitlab-com/www-gitlab-com!109207 (merged)
N/A Domain Verification MVC using Domain(s) verifie... (gitlab-org/gitlab#353030 - closed) combined with [this])gitlab-com/www-gitlab-com!110823 (merged))
ready for merge Groups API: Add Restrict group access by IP add... (gitlab-org/gitlab#351493 - closed) gitlab-com/www-gitlab-com!110824 (merged)
drafted Add Bot Badge to Bot Users (gitlab-org/gitlab#330350 - closed) gitlab-com/www-gitlab-com!110825 (merged)
ready for merge, might need updated docs link Allow Group Owners to Selectively Bypass Email ... (gitlab-org/gitlab#238461 - closed) gitlab-com/www-gitlab-com!110823 (merged)
behind a FF that won't be enabled until later, moved to %15.5 gitlab-org/gitlab#23610 (closed) gitlab-com/www-gitlab-com!110858 (merged)

Other

Edited by Hannah Sutor