Enhance feature flag permissions & auditing
Problem to solve
In order to actually use feature flags in production environment flows, being able to control the permissions on a per-environment basis is incredibly important. Furthermore, it's important to be able to see after the fact who changed a feature flag (and from what -> to what).
Permissions need to be definable on a per-environment basis. For example, review apps may be a free for all, stage may be controlled to developers-only (generally wide access but not everyone), and production/performance environments may be restricted to just a handful of specific people - not even a role like maintainer may be granular enough for an environment like that.
Very much related to being able to control who can change the permissions, is recording in the audit events what flag was changed, how, and by whom. This mainly serves troubleshooting use cases where the behavior in production has changed and recent changes need to be reviewed.
A key user for this feature is our own Delivery team as we look to replace the existing feature flags system we are using with our own feature.
Add new "Modify Feature Flag" permission to environments
- A default should be able to be set for a project
- For static environments, this should be able to be set specifically
- For 'review apps', this should be able to be set as a group
Record all feature flag changes as an audit events
- Includes how the feature flag was changed and by whom
What does success look like, and how can we measure that?
If successful here, this should unlock the ability of our own Delivery team to be able to use our feature flag capability in production for GitLab itself.
Links / references