[Feature flag] Enable `unify_security_configuration`
Summary
This issue is to rollout Unification of BE for Security Configuration on production,
that is currently behind the unify_security_configuration
feature flag.
It should be done after frontend is unified as well
Owners
- Team: groupcomposition analysis
- Most appropriate slack channel to reach out to:
#g_secure-composition-analysis
- Best individual to reach out to:
@brytannia
- PM:
@sam.white
Stakeholders
Expectations
What are we expecting to happen?
Backend response for JSON request with security configuration details for all tiers and FOSS GitLab
When is the feature viable?
What might happen if this goes wrong?
Feature flag should be turned off.
What can we monitor to detect problems with this?
Increase of 500 errors for GET -/security/configuration.json
What can we check for monitoring production after rollouts?
Production logs for 5xx for GET -/security/configuration.json
Rollout Steps
Rollout on non-production environments
-
Enable the feature globally on non-production environments. -
/chatops run feature set unify_security_configuration true --dev
-
/chatops run feature set unify_security_configuration true --staging
-
-
Verify that the feature works as expected. Posting the QA result in this issue is preferable.
Specific rollout on production
- If you're using project-actor, you must enable the feature on these entries:
-
/chatops run feature set --project=gitlab-org/gitlab unify_security_configuration true
-
/chatops run feature set --project=gitlab-org/gitlab-foss unify_security_configuration true
-
/chatops run feature set --project=gitlab-com/www-gitlab-com unify_security_configuration true
-
-
Verify that the feature works on the specific entries. Posting the QA result in this issue is preferable.
Preparation before global rollout
-
Ensure that you or a representative in development can be available for at least 2 hours after feature flag updates in production. If a different developer will be covering, or an exception is needed, please inform the oncall SRE by using the @sre-oncall
Slack alias. -
Ensure that documentation has been updated (More info).
Global rollout on production
For visibility, all /chatops
commands that target production should be executed in the #production
slack channel and cross-posted (with the command results) to the responsible team's slack channel (#g_TEAM_NAME
).
-
Incrementally roll out the feature. - Enable the feature globally on production environment.
-
/chatops run feature set unify_security_configuration true
-
-
Wait for at least one day for the verification term.
Clean up code
Will be done in #350179 (closed)
Rollback Steps
-
This feature can be disabled by running the following Chatops command:
/chatops run feature set <feature-flag-name> false