Skip to content

Remove group secrets resource

Mireya Andres requested to merge ci-tanukey-for-projects into master

What does this MR do and why?

Implements #456419 (closed).

Development for group secrets is postponed until after the MVC is released. The ci_tanukey_ui feature flag will only be used to enable secrets for projects.

Originally, the feature flag was used on the root ancestor (group), allowing the user to view the Secrets Management page for projects and subgroups under the root ancestor. This was done with the intention of including group secrets and secrets inheritance in the MVC.

From this discussion, we will limit the scope of the MVC to projects only. This MR reflects this decision by removing the group secrets resource. With this change:

  • The user will not be able to view the Secrets Management page for groups or subgroups, regardless of feature flag status
  • The Secrets Management page is only available for projects if the feature flag is enabled for the project itself (and not for the root ancestor, like before)

There are some group-related code in the Vue/frontend, but we will not remove those for now. The frontend is, for the most part, set up to be reusable for both group and project views.

This feature flag is in development and has not been enable for any actors in production. See the rollout issue.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Additional tasks for the author:

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Before After
before_root_ancestor after_404

How to set up and validate locally

  1. Enable the feature flag on a group that has a project, and on a project that does not belong to the group. View this diagram on how the feature flag works. 
    Feature.enable(:ci_tanukey_ui, root_group)
Feature.enable(:ci_tanukey_ui, separate_project)
  2. The Secrets Management page should not be available for the project outside the root group (/groups/root_group/-/secrets). However, it should be available for the following entities:
    • Root group (/groups/root_group/-/secrets)
    • Any subgroups under the root group
    • Any project under the root group (/root_group/project/-/secrets)
  3. Apply the changes from this MR.
  4. The Secrets Management page should no longer be available for the root group and any subgroups or projects under that group. However, it should be available for separate_project.
Edited by Mireya Andres

Merge request reports