Frontend: Allow project owners to define secrets permissions
Why are we doing this work
Once the Secrets Manager is enabled and provisioned, Owners can set CRUD permissions for users, groups, or roles that manage the Secrets Manager. These settings will live in Settings > General > Visibility, project features, permissions, just below the toggle for enabling the Secrets Manager.
Maintainers can view these settings, but they cannot create or delete permissions.
This issue is only scoped to the creation of secrets permissions. For deletion, see #538090 (closed).
Relevant links
- Parent epic
- Closed Experiment/Beta Secrets Manager Placement Design SSOT - Figma link
- Design issue
- Backend API issue
Non-functional requirements
- [-] Documentation: Add instructions for navigating the UI (to be implemented in Docs: Basic documentation for Secrets Manager, ... (#470663 - closed))
-
Feature flag: secrets_managerandci_tanukey_ui -
Testing
Implementation plan
The settings should behave as follows:
- The Permissions Table (and the toggle for the Secrets Manager) is only available if the feature is licensed (on Ultimate).
- Owners can view the table and add permissions.
- Maintainers can only view the table. The
Addbutton is hidden from them. - Users can add permissions by user, group, or role. These are shown in three separate tabs in the permissions table.
This issue will be implemented in several MRs:
-
Create table, which should view-only for Maintainers (Owners can create and delete permissions). The form is only rendered when the Secrets Manager is provisioned. (!190007 (merged)) -
Create forms and fetch users/groups/roles that can be provided as input to the form. (!195994 (merged)) workflowin review -
Create the mutation for adding the permission and refresh the table. Toast message should also appear. (also included in !195994 (merged)) workflowin review
Verification steps
Edited by Mireya Andres