Group-level UI for Protected Environment settings
Previously, group-level configuration for protected environments was only available through the API. With this release, you can now view and edit configuration settings for protected environments at the group level in the UI.
Group-level protected environments is useful feature for the organizations that want to enforce additional authorization on deployments in all subsequent projects at once. However, currently, they must use Public API to configure it, which is unintuitive UX. We should add UI support to let them easily audit/configure the settings.
The group level setting will be similar to the project level setting. In this iteration, we specifically target the following spec:
- We support the group-base access setting (e.g. Members in the
@operator-groupcan deploy to production environments in the
XYZ org). This is the most practical usage in this feature that allows a specific group to authorize all deployment jobs.
- We do not support role-base access setting (e.g. Project members with
Maintainerrole can deploy to production environments in the
XYZ org). This is less practical because technically delegating the deployment authorization to the project maintainers.
- We do not support specific user access setting (e.g.
@johncan deploy to production environments in the
XYZ org). This causes a scalability issue because the single person in the organization blocks the deployments in the entire organization.
- Unlike project-level protected environments, the assignable groups must be a subgroup of the configuration group. (No invitation needed)
For more details, you can see the PoC.
Add Protected Environment instance variables to
Groups::Settings::CiCdController(similar to https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/app/controllers/ee/projects/settings/ci_cd_controller.rb#L27)
Groups::ProtectedEnvironmentsController(similar to https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/app/controllers/projects/protected_environments_controller.rb)
- Frontend code can mostly be copy-pasted from the project-level settings
Add form for protecting environments at the group level under
Group > CI/CD > Protected Environments
Add form for editing currently protected environments.
This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.