Prevent anyone from deleting protected environments (#53905) · Issues · GitLab.org / GitLab Community Edition

Prevent anyone from deleting protected environments

Problem to solve

Right now, you'll see the stop button if the user is allowed to stop the environment. With !22292 (merged) this will also be in the merge request widget for post-merge environments.

Being able to easily delete/stop a production environment is not something that should be encouraged. To do this with !22292 (merged) within the context of a feature branch is even worse.

The same protections should be applied via the UX as in the API for this to be considered coherent.

Further details

Proposal

Similar to protected branches, protected environments should prevent anyone from stoping/deleting them.

Maintainers by default have access, but the protected environment is also configurable to have a list of users who have access.
Only maintainers are allowed to create or designate (including removal of designation) protected environments
Only maintainers or those given access are allowed to run pipelines targeting the environment
Nobody is allowed to stop or delete the environment; protected status must be removed to allow this

What does success look like, and how can we measure that?

Protected environments are no longer easily stoppable/deletable.
The button for this will automatically be non accessible anymore in the merge request widget (taken !22292 (merged) is merged)

Links / references

!22292 (merged)

### Problem to solve

Right now, you'll see the stop button if the user is allowed to stop the environment. With https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/22292 this will also be in the merge request widget for post-merge environments.

Being able to easily delete/stop a production environment is not something that should be encouraged.  To do this with https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/22292 within the context of a feature branch is even worse.

The same protections should be applied via the UX as in the API for this to be considered coherent.

### Further details

### Proposal

Similar to protected branches, protected environments should prevent anyone from stoping/deleting them.

- Maintainers by default have access, but the protected environment is also configurable to have a list of users who have access.
- Only maintainers are allowed to create or designate (including removal of designation) protected environments
- Only maintainers or those given access are allowed to run pipelines targeting the environment
- Nobody is allowed to stop or delete the environment; protected status must be removed to allow this

![image](/uploads/8a429fc56961724fe6d5480c37e35734/image.png)

### What does success look like, and how can we measure that?

- Protected environments are no longer easily stoppable/deletable.
- The button for this will automatically be non accessible anymore in the merge request widget (taken https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/22292 is merged)

### Links / references

https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/22292

Edited Oct 29, 2018 by Jason Lenny