[security_configuration_redesign_ee] Enable Security Configuration redesign for Ultimate
Summary
This issue is to rollout the feature on production,
that is currently behind the security_configuration_redesign_ee
feature flag.
UPDATE: 20201-07-21 This feature has been partially rolled out on GitLab.com (for the https://gitlab.com/gitlab-org/secure/tests/no-longer-detected/-/security/configuration Project), currently waiting for the Page to be feature complete (currently missing: #333108 (closed)) This flag will enabled globally on prod as soon as feature completeness is achieved.
Owners
- Team: Secure Analyzer Frontend Team
- Most appropriate slack channel to reach out to:
#s_secure-analyzer-frontend
- Best individual to reach out to: @jannik_lehmann, @markrian
- PM: NAME
Stakeholders
The Rollout Plan
Partial Rollout on GitLab.com with testing groups- Rollout on GitLab.com for a certain period (~1 milestone)
Percentage Rollout on GitLab.com- Rollout Feature for everyone as soon as it's ready
Testing Groups/Projects/Users
Expectations
What are we expecting to happen?
The Security Configuration redesign should be visible on GitLab Ultimate projects.
What might happen if this goes wrong?
Controls/buttons/links on the Security Configuration page might not work, or some might not be visible (e.g., see #335435 (closed)).
If so:
- disable the feature flag
- create MR for fix (should be simple)
- re-enable once the fix is merged and deployed
What can we monitor to detect problems with this?
Rollout Steps
Rollout on non-production environments
-
Ensure that the feature MRs have been deployed to non-production environments. -
/chatops run auto_deploy status <merge-commit-of-your-feature>
-
-
Enable the feature globally on non-production environments. -
/chatops run feature set security_configuration_redesign_ee true --dev
-
/chatops run feature set security_configuration_redesign_ee true --staging
-
-
Verify that the feature works as expected. Posting the QA result in this issue is preferable.
Preparation before production rollout
-
Ensure that the feature MRs have been deployed to both production and canary. -
/chatops run auto_deploy status <merge-commit-of-your-feature>
-
- [-] Check if the feature flag change needs to be accompanied with a change management issue. Cross link the issue here if it does.
-
Ensure that you or a representative in development can be available for at least 2 hours after feature flag updates in production. If a different developer will be covering, or an exception is needed, please inform the oncall SRE by using the @sre-oncall
Slack alias. -
Ensure that documentation has been updated (More info). -
Announce on the feature issue an estimated time this will be enabled on GitLab.com. -
If the feature might impact the user experience, notify #support_gitlab-com
and your team channel (more guidance when this is necessary in the dev docs). -
If the feature flag in code has an actor, enable it on GitLab.com for testing groups/projects. -
/chatops run feature set --<actor-type>=<actor> security_configuration_redesign_ee true
-
-
Verify that the feature works as expected. Posting the QA result in this issue is preferable.
Global rollout on production
-
Incrementally roll out the feature. - If the feature flag in code has an actor, perform actor-based rollout.
- [-]
/chatops run feature set security_configuration_redesign_ee <rollout-percentage> --actors
- [-]
- If the feature flag in code does NOT have an actor, perform time-based rollout (random rollout).
- [-]
/chatops run feature set security_configuration_redesign_ee <rollout-percentage>
- [-]
- Enable the feature globally on production environment.
-
/chatops run feature set security_configuration_redesign_ee true
-
- If the feature flag in code has an actor, perform actor-based rollout.
-
Announce on the feature issue that the feature has been globally enabled. -
Wait for at least one day for the verification term.
Rollback Steps
-
This feature can be disabled by running the following Chatops command:
/chatops run feature set security_configuration_redesign_ee false
Edited by Mark Florian