Manage:Compliance Feature Flags
Summary
In the course of adding new features we use feature flags to ensure we ship a finished feature, even as an MVC, when there are elements of the feature that can be disruptive or problematic for users. In groupcompliance we find ourselves balancing between GitLab's philosophy to provide a great developer experience and the compliance requirements our enterprise customers have that tend to be disruptive and contrary to GitLab's core philosophies.
GitLab is adding working-by-default to the product principles handbook page and this issue serves as a tracking mechanism to know what feature flags are still default: off
and why they are that way even many months later when the expectation is these feature flags be short-lived.
While we should strive to adhere to this new product principle of working-by-default
, we should also be mindful that the changes we make and the problems we work on are generally very complex and changes can have direct impact on an enterprise's audit posture. Our features may, from time to time, need to be more complete and usable before we remove or toggle a feature flag.
Manage:Compliance Feature Flags
Group: Dev:Manage:Compliance
PM: @mattgonzales
Feature Name | Feature Flag | Why is it not on by default today? | Source MR | On by default issue |
---|---|---|---|---|
Export audit events as CSV | audit_log_export_csv |
Ongoing performance issues. Exploring an improvement that could change this to default on | !31191 (merged) | #285441 (closed) |
Revoke user PATs in Credential Inventory | revoke_managed_users_token |
It as previously off by default while we navigated the privacy and permissions control over PATs for users in SaaS groups | !44783 (merged) | #267184 (closed) |
Project events in group audit log | audit_log_group_level |
Database performance issues that are ongoing | !27785 (merged) | TBD |
User group counts | user_group_counts |
There are database performance issues to resolve, detailed here | !44069 (merged) | TBD |
? |
usage_data_a_compliance_audit_events_api |
? |
!41689 (merged) | TBD |
? |
usage_data_g_compliance_dashboard |
? |
? |
TBD |
Group level MR approvals | group_merge_request_approval_settings |
There is a large list of issues to implement before this feature will be functional and useful to users | TBD | #285410 (closed) |