Enforce variables
Release notes
Problem to solve
- Sometimes if a variable is being intentionally or unintentionally overridden at project level, it can cause problems in deployment causing downtime. There's no way to control the overriding of variables as one cascades down in the repository hierarchy.
Related insight: Actionable: Allow enforcing group variables at project level
- Maintainers are unable to restrict the use of variables. This means that anybody with the "developer" role, or bad actors with a leaked token, can perform actions that are unexpected from a maintainers perspective. There's a few sources this can originate from: trigger tokens, "Run Pipeline" UI etc. From #416619 (comment 1694042551)
Intended users
- Delaney (Development Team Lead)
- Sasha (Software Developer)
- Priyanka (Platform Engineer)
- Rachel (Release Manager)
- Allison (Application Ops)
- Ingrid (Infrastructure Operator)
- Alex (Security Operations Engineer)
- Cameron (Compliance Manager)
User experience goal
Users should be able to control the cascading variables from groups to project without having to employ complex workarounds.
Proposal
Add a setting at group level/sub-group level to disallow overriding of a variable at project level.
Further details
Permissions and Security
Documentation
Availability & Testing
Available Tier
Feature Usage Metrics
What does success look like, and how can we measure that?
Metrics: Time spent for managing variables in a group should reduce by 50%. I'm unsure if this could be measured using snowplow since users are using different tools to check for any overrides. But we can measure if they're using the variables page in GitLab for groups more.
Acceptance criteria: No manual overriding of variables
What is the type of buyer?
Is this a cross-stage feature?
What is the competitive advantage or differentiation for this feature?
Links / references
This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.