Allow group owners to allow-list integrations
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
About
This issue was created as a follow-up feature to Ability to disable integrations through admin s... (&15666) see that epic for more context.
We will allow group owners to allow-list integrations. The feature will convert the existing application settings added in #500610 (closed) to cascading settings.
The feature is a GitLab Ultimate "global" licensed feature, which means it is checks against the instance license and not any namespace licenses. This means on GitLab.com the group-level allow list will be available to everyone.
Draft technical proposal
At time of writing this issue is unrefined and could become an epic.
Backend and frontend can refer to related MRs of #500610 (closed).
- Migrations
- Data migration to convert the existing application settings to cascading settings.
- Add a migration to set the lock columns for the new cascading settings on
application_settingstodefault: true, so by default the cascading settings will be locked at the instance-level. We will not lock the settings by default for thenamespace_settingstable.
- Filter available integrations based on the new settings cascading settings, which might come from a namespace settings (refer to spike MR !169687 (closed))).
- Note, as this is GitLab Ultimate always perform the license check added in #500610 (closed) before applying the allowlist. Note that the license check will be a "global" one, which means it is checks against the instance license and not any namespace licenses.
- Make the admin form UI for the allow list (added as part of #500610 (closed)) surfaced on the group admin UI.
- Convert the settings components to cascading settings components.
- Ensure #500613 is visible at group-level
- Ensure #500617 works at group-level
- Ensure #500609 works at group-level