<!--IssueSummary start--> <details> <summary> Everyone can contribute. [Help move this issue forward](https://handbook.gitlab.com/handbook/marketing/developer-relations/contributor-success/community-contributors-workflows/#contributor-links) while earning points, leveling up and collecting rewards. </summary> - [Close this issue](https://contributors.gitlab.com/manage-issue?action=close&projectId=278964&issueIid=500611) </details> <!--IssueSummary end--> ### About This issue was created as a follow-up feature to https://gitlab.com/groups/gitlab-org/-/epics/15666+ see that epic for more context. We will allow group owners to allow-list integrations. The feature will convert the existing application settings added in https://gitlab.com/gitlab-org/gitlab/-/issues/500610 to [cascading settings](https://docs.gitlab.com/ee/development/cascading_settings.html). The feature is a ~"GitLab Ultimate" ["global" licensed feature](https://docs.gitlab.com/ee/development/ee_features.html#implement-a-new-ee-feature), which means it is checks against the instance license and not any namespace licenses. This means on GitLab.com the group-level allow list will be available to everyone. ### Draft technical proposal At time of writing this issue is unrefined and could become an epic. Backend and frontend can refer to related MRs of https://gitlab.com/gitlab-org/gitlab/-/issues/500610. ~backend - Migrations - Data migration to convert the existing application settings to [cascading settings](https://docs.gitlab.com/ee/development/cascading_settings.html). - Add a migration to set the [lock columns](https://gitlab.com/gitlab-org/gitlab/-/blob/ed33ee68b4a5c71d2f4f0013c3904a1d5d83cd52/lib/gitlab/database/migration_helpers/cascading_namespace_settings.rb#L38) for the new cascading settings on `application_settings` to `default: true`, so by default the cascading settings will be locked at the instance-level. We will not lock the settings by default for the `namespace_settings` table. - Filter available integrations based on the new settings cascading settings, which might come from a namespace settings (refer to spike MR https://gitlab.com/gitlab-org/gitlab/-/merge_requests/169687)). - Note, as this is ~"GitLab Ultimate" always perform the license check added in https://gitlab.com/gitlab-org/gitlab/-/issues/500610 before applying the allowlist. Note that the license check will be a ["global" one](https://docs.gitlab.com/ee/development/ee_features.html#implement-a-new-ee-feature), which means it is checks against the instance license and not any namespace licenses. ~"frontend" - Make the admin form UI for the allow list (added as part of https://gitlab.com/gitlab-org/gitlab/-/issues/500610) surfaced on the group admin UI. - Convert the settings components to [cascading settings components](https://docs.gitlab.com/ee/development/cascading_settings.html). - Ensure https://gitlab.com/gitlab-org/gitlab/-/issues/500613 is visible at group-level - Ensure https://gitlab.com/gitlab-org/gitlab/-/issues/500617 works at group-level - Ensure https://gitlab.com/gitlab-org/gitlab/-/issues/500609 works at group-level