Skip to content

Move group-level IP address restriction to Premium

Overview

GitLab offers a useful capability to restrict group access to a range of IP addresses in Ultimate/Gold. This is particularly useful for GitLab.com, where this type of traffic filtering is not possible.

We should move this into Premium/Silver:

  • It's a capability related to securing the deployment, not application security: For some, it's a must-have and creates a hard barrier-to-entry when getting started with GitLab. This is particularly true for GitLab.com. This limits our ability to land-and-expand with the account to help them grow a more mature practice that does use CI/CD and ultimately be able to take advantage of Gold level functionality.

  • Current state disadvantages our SaaS offering: Given the importance, this extends the difference between SaaS vs. self-managed. Native functionality for IP access restriction is not necessary for self-hosted customers, because you can handle that with any gitlab tier at the network/LB level. However, if a customer needs to use gitlab.com and cannot host themselves (e.g. company mandate to use SaaS, they don't have the internal team to support it, etc) it forces the GTM team to sell them Gold even if it doesn't fit their needs.

  • Our competitors offer this in Premium-like tiers: Atlassian offers this in Premium for Bitbucket Cloud ($6/user/month). GitHub also offers this in Enterprise Cloud($21/user/month). Both could be compared to GitLab Premium.

As part of GitLab's process, this has been discussed internally (GitLab internal only link) and approved.

Proposal

  • Move group-level IP access restriction from Ultimate/Gold to Premium/Silver. Update associated specs and documentation.

Issue readiness

  • Product: issue description is accurate with an acceptable proposal for an MVC
  • Engineering: issue is implementable with few remaining questions, is sufficiently broken down, and is able to be estimated

Availability & Testing

Since this is a minor change, we would probably not need any automated test changes. However, we should manually test this to ensure that a Premium user is able to access the feature and that the Gold customer did not loose it.

Edited by Sanad Liaquat