Skip to content

Allow overrides for cascading settings

Alejandro Rodríguez requested to merge cascading-settings-overrides into master

What does this MR do and why?

Allow overrides for cascading settings

For some features relying on cascading settings, customers would like the ability to allow/block list certain projects such that regardless of the state of the setting in the group or instance, those projects always have the specified value. We implement this through a new model, CascadingSettingOverride, which stores those overrides. The overrides can be associated to a root namespace, so that the setting can be changed by root group admins, or not have a namespace association, in which case it will work as an instance-level override.

Closes #441532

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Before After

How to set up and validate locally

Since there's currently no interface, the easiest way to validate these settings is via a rails console the following way:

  1. Update the instance setting: ApplicationSetting.current.update(duo_features_enabled: false)
  2. Update the group setting: Group.find_by_full_path('gitlab-org').namespace_settings.update(duo_features_enabled: false)
  3. Update the project setting: Project.find_by_full_path('gitlab-org/gitlab-shell').update(duo_features_enabled: true)
  4. Create a namespace-scoped override: CascadingSettingOverride.create!(namespace: Group.find_by_full_path('gitlab-org'), project: Project.find_by_full_path('gitlab-org/gitlab-shell'), duo_features_enabled: true)
  5. Create a global override: CascadingSettingOverride.create!(project: Project.find_by_full_path('gitlab-org/gitlab-shell', duo_features_enabled: true)

You can play around with these value. The priority order should be (from most to least important):

  1. Global override
  2. Namespace-scoped override
  3. Project setting (depending on if it's locked by the group)
  4. Group setting (depending on if it's locked by the instance)
  5. Instance setting
Edited by Alejandro Rodríguez

Merge request reports