[Feature flag] Enable secure_security_and_compliance_configuration_page_on_ce in production
What
Enable the :secure_security_and_compliance_configuration_page_on_ce
feature flag in production and add/update documentation.
Why not enable by default?
See #294076 (comment 525046038).
Owners
- Team: groupstatic analysis
- Most appropriate slack channel to reach out to:
#s_secure-frontend
- Best individual to reach out to: @markrian or @jannik_lehmann
Expectations
What are we expecting to happen?
The Security Configuration navbar entry and page would become available to non-Ultimate users.
What might happen if this goes wrong?
- The existing Ultimate version of the page might break;
- The non-Ultimate version might be displayed under the wrong circumstances.
What can we monitor to detect problems with this?
Easy to verify manually; i.e., it's very low risk.
Beta groups/projects
If applicable, any groups/projects that are happy to have this feature turned on early. Some organizations may wish to test big changes they are interested in with a small subset of users ahead of time for example.
- Any non-public project will do, so as it doesn't get Ultimate features (no point linking to one, since by definition you won't be able to access it unless explicitly given permission).
Roll Out Steps
-
Confirm that QA tests pass with the feature flag enabled (if you're unsure how, contact the relevant stable counterpart in the Quality department) -
Enable on staging ( /chatops run feature set secure_security_and_compliance_configuration_page_on_ce true --staging
) https://gitlab.slack.com/archives/C101F3796/p1613131618327600 -
Test on staging (test once !53919 (merged) has reached staging) -
Ensure that documentation has been updated: !54683 (merged) -
Enable on GitLab.com for individual groups/projects listed above and verify behaviour ( /chatops run feature set --project=gitlab-org/gitlab secure_security_and_compliance_configuration_page_on_ce true
) -
Wait for !53919 (merged) to reach GitLab.com -
Wait for !54250 (merged) to reach GitLab.com -
Coordinate a time to enable the flag with the SRE oncall and release managers - In
#production
mention@sre-oncall
and@release-managers
. Once an SRE on call and Release Manager on call confirm, you can proceed with the rollout
- In
-
Announce on the issue an estimated time this will be enabled on GitLab.com -
Enable on GitLab.com by running chatops command in #production
(/chatops run feature set secure_security_and_compliance_configuration_page_on_ce true
) -
Cross post chatops Slack command to #support_gitlab-com
(more guidance when this is necessary in the dev docs) and in your team channel -
Announce on the issue that the flag has been enabled
Rollback Steps
-
This feature can be disabled by running the following Chatops command:
/chatops run feature set --project=FIXME secure_security_and_compliance_configuration_page_on_ce false
Edited by Mark Florian