Add Group/Project policies for Duo Nano
What does this MR do and why?
Adds group and project policies to enable access to Duo Nano features when:
- the user is a member of a group/project in the hierarchy of a top-level group with Nano enabled
- and with a Duo Nano add-on purchased (add-on to be provisioned automatically for existing subscriptions in https://gitlab.com/gitlab-org/gitlab/-/issues/527361+).
Note: Seat assignment is not required.
As per https://gitlab.com/gitlab-org/gitlab/-/issues/534429#implementation, this change is only relevant to GitLab.com. SM/Dedicated will be covered by a global policy as part of https://gitlab.com/gitlab-org/gitlab/-/issues/534433+
I haven't included documentation changes because the user-facing changes will be part of https://gitlab.com/gitlab-org/gitlab/-/issues/526079+ and https://gitlab.com/gitlab-org/gitlab/-/issues/526083+
References
How to set up and validate locally
u = User.first
g = Group.find_by_path('gitlab-duo')
g.add_member(u, :developer)
g.namespace_settings.update(duo_nano_features_enabled: true)
Ability.allowed?(u, :access_duo_nano_features, g) # false
add_on = GitlabSubscriptions::AddOn.create!(name: 'duo_nano', description: GitlabSubscriptions::AddOn.descriptions[:duo_nano])
add_on_purchase = GitlabSubscriptions::AddOnPurchase.create!(
add_on: add_on, namespace: g, started_at: Date.today, expires_on: 1.year.from_now, quantity: 100, purchase_xid: 'A-S0001', organization_id: 1
)
Ability.allowed?(u, :access_duo_nano_features, g) # trueMR acceptance checklist
Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Edited by Mark Lapierre