Enable/Disable Policies
Problem to solve
Currently all policies for Container Security can only be managed in code. Currently several pain points exist due to the lack of a policy management UI:
- Code does not allow an easy way to scan a page and visualize which policies are enabled vs disabled
- Users need to be able to disable a policy without deleting it
Intended users
This feature is targeted specifically at the Security team:
Further details
This is intended to be the Minimal Viable Change (MVC) toward a larger policy management portal. Eventually we will want to be able to provide audit trails, policy differentials, policy suggestions, and feedback on the performance and efficacy of the policies. To allow us to iterate quickly, rather than trying to build all the features at once, this issue is focused on delivering just the first piece of the longer-term solution.
Proposal
For the first MVC, we will limit the policy page to just Container Network Policy (Cilium) management.
The policy management portal will allow users to do the following:
- View whether those policies are currently enabled or disabled
- Enable and disable policies (we may need to contribute to the upstream project to add a setting for this)
Permissions and Security
Users must be an Owner or Maintainer on the project to access the policy configuration page.
Documentation
Documentation will be added to describe how to enable and disable policies on the policy management page.
Availability & Testing
- Verify that the enabled/disabled status shown in the UI matches what is shown in code
- Verify that enabling/disabling a policy pack in the UI accurately changes the state of the policy pack in the production environment
What does success look like, and how can we measure that?
What is the type of buyer?
This will be available for GitLab Ultimate