Skip to content

Add Admin role to AccessLevelEnum in GraphQL

Ahmed Hemdan requested to merge add-admin-role-to-access-level-enum-in-graphql into master

What does this MR do and why?

This merge request adds the GitLab::Access::ADMIN role to the AccessLevelEnum in GraphQL.

This ensures that queries for protected environments in which an Admin is allowed to deploy will not result in a 500 error when trying to access stringValue of an accessLevel as can bee seen in the query below.

{
  project(fullPath: "<path>") {
    name
    environment(name: "production") {
      name
      protectedEnvironments {
        nodes {
          group { name }
          project { name }
          deployAccessLevels {
            nodes {
              user {
                name
              }
              group {
                name
              }
              accessLevel {
                stringValue
              }
            }
          }
        }
      }
    }
  }
}

Resolves #384120 (closed).

How to set up and validate locally

To validate locally, please do the following steps:

  • In your local GDK setup, create a new project if you don't have one already.
  • Inside that project, create an environment in Deployments > Environments.
  • From your terminal, run the following command to protect the environment you created above via the API:
    • Make sure to replace NAME_OF_ENVIRONMENT with the actual name of that environment.
    • Also, replace PROJECT_ID with the correct ID of your project.
    • And finally, replace ACCESS_TOKEN with your own access token.
curl --header 'Content-Type: application/json' \
     --header 'PRIVATE-TOKEN: ACCESS_TOKEN' \
     --request POST \
     --data '{"name": "NAME_OF_ENVIRONMENT", "deploy_access_levels": [{"access_level": 60, "access_level_description": "admins"}], "required_approval_count": 1}' \
     "http://gdk.test:3000/api/v4/projects/PROJECT_ID/protected_environments"

Note: the command above protects an environment while allowing Admin access level the ability to deploy.

  • Visit GraphiQL Explorer on your local GitLab instance.
  • Paste the GraphQL query from the section above.
  • Verify that:
    • You no longer receive a 500 error.
    • The response includes the correct stringValue as below:
{
  ...
  "deployAccessLevels": {
    "nodes": [
      {
        "user": null,
        "group": null,
        "accessLevel": {
          "stringValue": "ADMIN"
        }
      }
    ]
  }
  ...
}

Note: some parts of the response above are omitted.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Ahmed Hemdan

Merge request reports