Developer role does not have access to Protected Environments
Summary
According to the Protected Environment's documentation users assigned to a Developer role should be able to access Protected Environments if the are enabled on the project.
In the Allowed to Deploy dropdown menu, select the role, users, or groups you want to give deploy access to. Keep in mind that:
There are two roles to choose from: Maintainers: will allow access to all maintainers in the project. Developers: will allow access to all maintainers and all developers in the project. You can only select groups that are already associated with the project.
Steps to reproduce
- Create a GitLab repo using the yaml pasted below as
.gitlab-ci.yml
, with public visibility - Add a user to the project and assign them to Developer
- Change the
production
environment to be protected so that Allowed to deploy is set to Developers + Maintainers
- As the Administrator, run the pipeline against
master
- As the the Developer user, access the completed pipeline
-
It is not possible to manually execute the protected environment. It should be possible.
-
As the Administrator, change the permissions of the user to Maintainer
- The user can now execute the protected environment
Example Project
Create a project with a placeholder README.md
and this yaml
stages:
- test
- build
- review
- deploy
test:
stage: build
script:
- 'echo "Building and Testing Application: ${CI_PROJECT_NAME}"'
development:
stage: review
script:
- 'echo "Deploying to ${CI_ENVIRONMENT_NAME}"'
environment:
name: ${CI_JOB_NAME}
staging:
stage: deploy
script:
- 'echo "Deploying to ${CI_ENVIRONMENT_NAME}"'
environment:
name: ${CI_JOB_NAME}
production:
stage: deploy
when: manual
script:
- 'echo "Deploying to ${CI_ENVIRONMENT_NAME}"'
environment:
name: ${CI_JOB_NAME}
What is the current bug behavior?
(What actually happens)
What is the expected correct behavior?
(What you should see instead)
Relevant logs and/or screenshots
(Paste any relevant logs - please use code blocks (```) to format console output, logs, and code as it's tough to read otherwise.)
Output of checks
(If you are reporting a bug on GitLab.com, write: This bug happens on GitLab.com)
Results of GitLab environment info
Expand for output related to GitLab environment info
(For installations with omnibus-gitlab package run and paste the output of: `sudo gitlab-rake gitlab:env:info`) (For installations from source run and paste the output of: `sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)
Results of GitLab application Check
Expand for output related to the GitLab application check
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true
)(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true
)(we will only investigate if the tests are passing)
Possible fixes
(If you can, link to the line of code that might be responsible for the problem)