[Feature flag] Enable Auditor Access to Group Runners
Summary
This issue is to rollout the feature on production,
that is currently behind the auditor_group_runner_access
feature flag.
Owners
- Team: grouppipeline execution
- Most appropriate slack channel to reach out to:
#g_pipeline-execution
- Best individual to reach out to: @kballon
- PM: @jheimbuck_gl
Stakeholders
Expectations
What are we expecting to happen?
When this feature is rolled out and the feature flag is enabled, an auditor user should have read only access runners from the group CI/CD view.
When is the feature viable?
N/A
What might happen if this goes wrong?
N/A
What can we monitor to detect problems with this?
Consider looking out for 4xx errors for *-auditor@gitlab.com accounts.
What can we check for monitoring production after rollouts?
Rollout Steps
Rollout on non-production environments
- Ensure that the feature MRs have been deployed to non-production environments.
-
/chatops run auto_deploy status f238b358e85cd396d506c1d72ad0121f36f94c09
-
-
Enable the feature globally on non-production environments. -
/chatops run feature set auditor_group_runner_access true --dev --staging --staging-ref
-
Specific rollout on production
- Ensure that the feature MRs have been deployed to both production and canary.
-
/chatops run auto_deploy status <merge-commit-of-your-feature>
-
- If you're using project-actor, you must enable the feature on these entries:
-
/chatops run feature set --project=gitlab-org/gitlab,gitlab-org/gitlab-foss,gitlab-com/www-gitlab-com auditor_group_runner_access true
-
Global rollout on production
For visibility, all /chatops
commands that target production should be executed in the #production
slack channel and cross-posted (with the command results) to the responsible team's slack channel (#g_TEAM_NAME
).
-
/chatops run feature set auditor_group_runner_access true
-
Announce on the feature issue that the feature has been globally enabled. -
Wait for at least one day for the verification term.
Release the feature
After the feature has been deemed stable, the clean up should be done as soon as possible to permanently enable the feature and reduce complexity in the codebase.
You can either create a follow-up issue for Feature Flag Cleanup or use the checklist below in this same issue.
-
Create a merge request to remove auditor_group_runner_access
feature flag. Ask for review and merge it.-
Remove all references to the feature flag from the codebase. -
Remove the YAML definitions for the feature from the repository. -
Create a changelog entry.
-
-
Ensure that the cleanup MR has been included in the release package. If the merge request was deployed before the monthly release was tagged, the feature can be officially announced in a release blog post. -
/chatops run release check <merge-request-url> <milestone>
-
-
Close the feature issue to indicate the feature will be released in the current milestone. -
If not already done, clean up the feature flag from all environments by running these chatops command in #production
channel:-
/chatops run auto_deploy status faae7b37e9c45cb2835f427ebb856f10a4300ca5
-
/chatops run feature delete auditor_group_runner_access --dev --staging --staging-ref --production
-
-
Close this rollout issue.
Rollback Steps
-
This feature can be disabled by running the following Chatops command:
/chatops run feature set auditor_group_runner_access false