Add feature flag permissions
Problem to solve
In order to actually use feature flags in production environment flows, being able to control the permissions on a per-environment basis is incredibly important.
Permissions need to be definable on a per-environment basis. For example, review apps may be a free for all, stage may be controlled to developers-only (generally wide access but not everyone), and production/performance environments may be restricted to just a handful of specific people - not even a role like maintainer may be granular enough for an environment like that.
A key user for this feature is our own Delivery team as we look to replace the existing feature flags system we are using with our own feature.
- Protected environments receive an explicit entry in the environment specs list. Because these are exact matches, there's no way for any other rule to override them.
- The permission to edit the feature flag settings for protected environments should require the same permission to deploy to the protected environment.
What does success look like, and how can we measure that?
If successful here, this should unlock the ability of our own Delivery team to be able to use our feature flag capability in production for GitLab itself.
Links / references