Skip to content

Deployment Approval Rules in Group-level protected environments setting UI

Problem

In the initial MVC, both Deployment Executors and Deployment Approvers were managed in the same access level. This could be a problem that Approvers can accidentally gain an access to the critical environment, where they are supposed to approve/reject only. To resolve the problem, we should separate access levels between executors and approvers. For example:

  • Production Environment:
    • Who can deploy?: @operator-group
    • Needs approval for deployment?:
      • At least one approval from @qa-tester-group
      • At least one approval from @security-group

In the previous issue, we added a API-basis support for the Multi Access Levels. In this issue, we extend the feature to frontend part, so that users can easily interact with the multi access levels.

Here is a very rough sketch to give idea how the interface should be changed:

2022-05-12_22-00

Proposal

Protected Environments Table Upstream Table Popover
Screenshot_2024-02-01_at_3.54.08_PM Screenshot_2024-01-30_at_2.53.39_PM Screenshot_2024-01-30_at_2.56.26_PM
  • Replace the current Environment dropdown with a dropdown that is titled Environment tiers. This is then populated with available tiers for the user to select.
  • Add new section to the Upstream table at the project level for approvers.
  • Full flow found here.

Technical Proposal

Most of the code in ee/apps/assets/javascripts/protected_environments should be reusable, with only minor tweaks to:

  • Select environment tiers instead of environments
  • Hit the group protected environments instead of the project one

Once that is done, we need to update ee/app/views/groups/settings/ci_cd/_protected_environments.html.haml and ee/app/assets/javascripts/pages/groups/settings/ci_cd/show/index.js to mount the new group app.

This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.

Edited by Andrew Fontaine