[Feature flag] Enable admin mode
What
Remove the user_mode_in_session
feature flag ...
Owners
- Team: ~"group::access"
- Most appropriate slack channel to reach out to:
#g_manage_access
- Best individual to reach out to: @ifarkas, @reprazent
Expectations
What are we expecting to happen?
With the feature enabled, admins don't have access to all resources by default. They will need to active admin mode (a new button in the top bar) and reauthenticate. This should not affect API access, git access, and background jobs.
What might happen if this goes wrong?
- Admins to experience access denied errors even with admin mode enabled.
- Sidekiq jobs to fail due to insufficient access level.
- API endpoints to return access denied.
What can we monitor to detect problems with this?
- Error rate in Sidekiq queues: https://dashboards.gitlab.net/d/sidekiq-queue-detail/sidekiq-queue-detail
- API responses when queried using admin Personal Access Token.
Beta groups/projects
If applicable, any groups/projects that are happy to have this feature turned on early. Some organizations may wish to test big changes they are interested in with a small subset of users ahead of time for example.
Roll Out Steps
-
Enable on staging ( /chatops run feature set feature_name true --staging
) -
Test on staging -
Ensure that documentation has been updated -
Enable on GitLab.com for individual groups/projects listed above and verify behaviour ( /chatops run feature set --project=gitlab-org/gitlab feature_name true
) -
Coordinate a time to enable the flag with the SRE oncall and release managers - In
#production
mention@sre-oncall
and@release-managers
. Once an SRE on call and Release Manager on call confirm, you can proceed with the rollout
- In
-
Announce on the issue an estimated time this will be enabled on GitLab.com -
Enable on GitLab.com by running chatops command in #production
(/chatops run feature set feature_name true
) -
Cross post chatops Slack command to #support_gitlab-com
(more guidance when this is necessary in the dev docs) and in your team channel -
Announce on the issue that the flag has been enabled -
Remove feature flag and add changelog entry -
After the flag removal is deployed, clean up the feature flag by running chatops command in #production
channel
Rollback Steps
-
This feature can be disabled by running the following Chatops command:
/chatops run feature set user_mode_in_session false
Edited by Imre Farkas