Thanks @zhaochen_li @alexbuijs, LGTM for backend
What does this MR do and why?
Add SAML signed out notification to gPAT page
Because groups that require SAML sign-in are filtered from view when not signed in, show a notification with a signing button on gPAT create page.
References
Issue: #593699
Screenshots or screen recordings
| Before | After | After SAML Login |
|---|---|---|
 |
 |
 |
How to set up and validate locally
-
Feature.enable(:granular_personal_access_tokens)in Rails console - Setup SAML locally
- Create an Ultimate licensed group with SAML enabled and "Enforce SSO-only authentication for web activity" checked
- Invite
user_1to that group - Sign in as
user_1via SAML (go to the group, get redirected to SAML, authenticate with user1 / user1pass) ā this creates the group_saml identity - Sign out, sign back in as admin and impersonate
user_1 - Visit https://gdk.test:3000/-/user_settings/personal_access_tokens/granular/new
MR acceptance checklist
Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
@tkhandelwal3 Yeah, using a CR makes sense too for backfilling since we'll be enabling a bunch of them at once.
I prefer keeping the rollout issues as is for now. As far as issue management goes, agents could automate those, so I don't think it will be that much of a pain
On the topic of claiming, I see those claim feature flags rollout issues as part of the backfill/verification epic. Should we re-parent it to gitlab-com/gl-infra#1775?
Marco Gregorius (5c5abc89) at 18 Mar 11:35
Introduce Cells claims verification worker
@tkhandelwal3 Could you give this an initial review please?
Marco Gregorius (14ce01ee) at 18 Mar 10:25
Introduce Cells claims verification worker
... and 224 more commits
the rolling out issue?
Which rolling out issue are you referring to?
@tkhandelwal3 This is the standard process to have 1 rollout issue per feature flag. Technically we could also have these point to a single issue, but it won't be as convenient to tick the boxes like in a usual roll out issue gitlab-org/gitlab#593860.
Chatops also has some automation to label the feature flag state (~feature flag state::enabled) and comment when it's turned on/off, eg gitlab-org/gitlab#580062 (comment 3144830579), so it might look weird if we use 1 rollout issue for all the FFs.
Do you have a strong preference/reason to have them in a single rollout issue? A part of me also prefers to have a single rollout issue for convenience, but I'm not sure if it might break some automation down the line.
As far as claiming FF goes, we also have the same pattern with 1 rollout issue per feature flag.
Marco Gregorius (86d716ff) at 17 Mar 18:54
Introduce Cells claims verification workers and cron scheduling
Marco Gregorius (a9fc4e6c) at 17 Mar 17:45
Introduce Cells claims verification workers and cron scheduling
Marco Gregorius (66dbc00b) at 17 Mar 14:59
Introduce Cells claims verification workers and cron scheduling
Marco Gregorius (6ed7db4a) at 17 Mar 14:57
Introduce Cells claims verification workers and cron scheduling
... and 1046 more commits
We'll be rolling out the backfill gated by individual feature flag per model as the following:
| Model | Feature Flag | Rollout Issue |
|---|---|---|
user |
cells_claims_verification_worker_user_model |
gitlab-org/gitlab#593860 |
organizations_organization |
cells_claims_verification_worker_organizations_organization_model |
gitlab-org/gitlab#593861 |
project |
cells_claims_verification_worker_project_model |
gitlab-org/gitlab#593862 |
namespace |
cells_claims_verification_worker_namespace_model |
gitlab-org/gitlab#593863 |
key |
cells_claims_verification_worker_key_model |
gitlab-org/gitlab#593864 |
email |
cells_claims_verification_worker_email_model |
gitlab-org/gitlab#593865 |
gpg_key |
cells_claims_verification_worker_gpg_key_model |
gitlab-org/gitlab#593866 |
redirect_route |
cells_claims_verification_worker_redirect_route_model |
gitlab-org/gitlab#593867 |
route |
cells_claims_verification_worker_route_model |
gitlab-org/gitlab#593868 |
service_desk_setting |
cells_claims_verification_worker_service_desk_setting_model |
gitlab-org/gitlab#593869 |
Summary
This issue is to roll out the feature on production,
that is currently behind the cells_claims_verification_worker_service_desk_setting_model feature flag.
Owners
- Most appropriate Slack channel to reach out to:
#g_cells_infrastructure - Best individual to reach out to: @marcogreg
Expectations
What are we expecting to happen?
What can go wrong and how would we detect it?
Rollout Steps
Rollout on non-production environments
-
Enable the feature globally on non-production environments with
/chatops run feature set cells_claims_verification_worker_service_desk_setting_model true --dev --pre --staging --staging-ref - Verify that the feature works as expected.
Global rollout on production
- Incrementally roll out the feature on production.
- After the feature has been 100% enabled, wait for at least one day before releasing the feature.
Release the feature
-
Create a merge request to remove the
cells_claims_verification_worker_service_desk_setting_modelfeature flag. -
Once the cleanup MR has been deployed, delete the flag:
/chatops run feature delete cells_claims_verification_worker_service_desk_setting_model --dev --pre --staging --staging-ref --production - Close this rollout issue.
Rollback Steps
-
/chatops run feature set cells_claims_verification_worker_service_desk_setting_model false -
/chatops run feature delete cells_claims_verification_worker_service_desk_setting_model --dev --pre --staging --staging-ref --production
Summary
This issue is to roll out the feature on production,
that is currently behind the cells_claims_verification_worker_route_model feature flag.
Owners
- Most appropriate Slack channel to reach out to:
#g_cells_infrastructure - Best individual to reach out to: @marcogreg
Expectations
What are we expecting to happen?
What can go wrong and how would we detect it?
Rollout Steps
Rollout on non-production environments
-
Enable the feature globally on non-production environments with
/chatops run feature set cells_claims_verification_worker_route_model true --dev --pre --staging --staging-ref - Verify that the feature works as expected.
Global rollout on production
- Incrementally roll out the feature on production.
- After the feature has been 100% enabled, wait for at least one day before releasing the feature.
Release the feature
-
Create a merge request to remove the
cells_claims_verification_worker_route_modelfeature flag. -
Once the cleanup MR has been deployed, delete the flag:
/chatops run feature delete cells_claims_verification_worker_route_model --dev --pre --staging --staging-ref --production - Close this rollout issue.
Rollback Steps
-
/chatops run feature set cells_claims_verification_worker_route_model false -
/chatops run feature delete cells_claims_verification_worker_route_model --dev --pre --staging --staging-ref --production
Summary
This issue is to roll out the feature on production,
that is currently behind the cells_claims_verification_worker_redirect_route_model feature flag.
Owners
- Most appropriate Slack channel to reach out to:
#g_cells_infrastructure - Best individual to reach out to: @marcogreg
Expectations
What are we expecting to happen?
What can go wrong and how would we detect it?
Rollout Steps
Rollout on non-production environments
-
Enable the feature globally on non-production environments with
/chatops run feature set cells_claims_verification_worker_redirect_route_model true --dev --pre --staging --staging-ref - Verify that the feature works as expected.
Global rollout on production
- Incrementally roll out the feature on production.
- After the feature has been 100% enabled, wait for at least one day before releasing the feature.
Release the feature
-
Create a merge request to remove the
cells_claims_verification_worker_redirect_route_modelfeature flag. -
Once the cleanup MR has been deployed, delete the flag:
/chatops run feature delete cells_claims_verification_worker_redirect_route_model --dev --pre --staging --staging-ref --production - Close this rollout issue.
Rollback Steps
-
/chatops run feature set cells_claims_verification_worker_redirect_route_model false -
/chatops run feature delete cells_claims_verification_worker_redirect_route_model --dev --pre --staging --staging-ref --production
Summary
This issue is to roll out the feature on production,
that is currently behind the cells_claims_verification_worker_gpg_key_model feature flag.
Owners
- Most appropriate Slack channel to reach out to:
#g_cells_infrastructure - Best individual to reach out to: @marcogreg
Expectations
What are we expecting to happen?
What can go wrong and how would we detect it?
Rollout Steps
Rollout on non-production environments
-
Enable the feature globally on non-production environments with
/chatops run feature set cells_claims_verification_worker_gpg_key_model true --dev --pre --staging --staging-ref - Verify that the feature works as expected.
Global rollout on production
- Incrementally roll out the feature on production.
- After the feature has been 100% enabled, wait for at least one day before releasing the feature.
Release the feature
-
Create a merge request to remove the
cells_claims_verification_worker_gpg_key_modelfeature flag. -
Once the cleanup MR has been deployed, delete the flag:
/chatops run feature delete cells_claims_verification_worker_gpg_key_model --dev --pre --staging --staging-ref --production - Close this rollout issue.
Rollback Steps
-
/chatops run feature set cells_claims_verification_worker_gpg_key_model false -
/chatops run feature delete cells_claims_verification_worker_gpg_key_model --dev --pre --staging --staging-ref --production
Summary
This issue is to roll out the feature on production,
that is currently behind the cells_claims_verification_worker_email_model feature flag.
Owners
- Most appropriate Slack channel to reach out to:
#g_cells_infrastructure - Best individual to reach out to: @marcogreg
Expectations
What are we expecting to happen?
What can go wrong and how would we detect it?
Rollout Steps
Rollout on non-production environments
-
Enable the feature globally on non-production environments with
/chatops run feature set cells_claims_verification_worker_email_model true --dev --pre --staging --staging-ref - Verify that the feature works as expected.
Global rollout on production
- Incrementally roll out the feature on production.
- After the feature has been 100% enabled, wait for at least one day before releasing the feature.
Release the feature
-
Create a merge request to remove the
cells_claims_verification_worker_email_modelfeature flag. -
Once the cleanup MR has been deployed, delete the flag:
/chatops run feature delete cells_claims_verification_worker_email_model --dev --pre --staging --staging-ref --production - Close this rollout issue.
Rollback Steps
-
/chatops run feature set cells_claims_verification_worker_email_model false -
/chatops run feature delete cells_claims_verification_worker_email_model --dev --pre --staging --staging-ref --production