Feature flags management for Security Products
Problem to solve
New CD autodeploy process at GitLab will make heavy use of feature flags since there will be no feature freeze and no "release" for GitLab.com. But, currently, our GitLab feature flags influence does not propagate to our security products functionality. We have only "static" means to enable or disable features: Git tags and Docker image tags.
We need to add support for feature flags to our Security Products.
This can be actually not a typical feature flags solution but just a bunch of ENV variables that correspond to the feature flags set in the GitLab Rails application and are propagated to the Docker image by GitLab runner. A first step could be to investigate thoroughly what kind of configuration information is already propagated to Docker executor images by GitLab runner.
In general, 2 sets of changes are required:
- propagate (only chosen) feature flags information from GitLab Rails application to GitLab runner
- propagate feature flags information from GitLab runner (at least, as an MVC) to Docker executor images environment (in future - to any kind of executor)
- add utility functionality for feature flags (even as a subset of ENV vars) to the Security Products common library.
I'm not sure about in what project this issue should live at. Security Products changes belong to EE when feature flags propagation from Rails to Runner and from Runner to the executors belongs to CE. Maybe it's worth splitting this issue in two and cross-link them to each other.
Permissions and Security
No special permissions since this is not a user-involving change.
No test plan required. Unit tests for all affected areas would be enough.
What does success look like, and how can we measure that?
We are able to propagate the GitLab EE feature flag value to our security tools Docker images via GitLab Runner and test this at GitLab.com.
What is the type of buyer?
All types of GitLab users