[Feature flag] Rollout of `enforce_pat_expiration`
What
Rollout of the :enforce_pat_expiration
feature flag.
Owners
- Team: Manage::Compliance
- Most appropriate slack channel to reach out to:
#g_manage_compliance
- Best individual to reach out to: @asubramanian1
Expectations
The Optional enforcement of PAT expiration feature was released in 13.2. The feature allows administrators to select whether the PAT created in the system will have the expiration enforced or not.
It was gated behind enforce_pat_expiration
. The goal of this issue is to make this feature GA.
What are we expecting to happen?
Administrators will have the ability to control the enforcement of PAT expiration.
What might happen if this goes wrong?
PAT expiration may not work as expected.
What can we monitor to detect problems with this?
Reports of any incidents where expiration is not working as expected. There is otherwise no specific logging for this feature.
Sentry
Beta groups/projects
NA - since this is an instance wide feature
Roll Out Steps
-
Confirm that QA tests pass with the feature flag enabled (if you're unsure how, contact the relevant stable counterpart in the Quality department) -
Enable on staging ( /chatops run feature set feature_name true --staging
) -
Test on staging (verification complete as part of gitlab-org/quality/testcases#916 (comment 380650662)) -
Ensure that documentation has been updated
The feature is for ULTIMATE (SELF)
- [-] Enable on GitLab.com for individual groups/projects listed above and verify behaviour (
/chatops run feature set --project=gitlab-org/gitlab feature_name true
) - [-] Coordinate a time to enable the flag with the SRE oncall and release managers
- In
#production
mention@sre-oncall
and@release-managers
. Once an SRE on call and Release Manager on call confirm, you can proceed with the rollout
- In
- [-] Announce on the issue an estimated time this will be enabled on GitLab.com
- [-] Enable on GitLab.com by running chatops command in
#production
(/chatops run feature set feature_name true
) -
Cross post chatops Slack command to #support_gitlab-com
(more guidance when this is necessary in the dev docs) and in your team channel -
Announce on the issue that the flag has been enabled -
Remove feature flag and add changelog entry -
After the flag removal is deployed, clean up the feature flag by running chatops command in #production
channel
Rollback Steps
-
This feature can be disabled by running the following Chatops command:
/chatops run feature set enforce_pat_expiration false
Edited by Aishwarya Subramanian