Add API endpoints to sync add-on purchases
What does this MR do and why?
Part of https://gitlab.com/gitlab-org/gitlab/-/issues/414605+
To be able to sync data from an add-on purchase from CustomersDot to GitLab.com new API endpoints are needed. This change adds endpoints to create, get and update an add-on purchase for a specific namespace and add-on. The endpoints are behind the feature flag purchase_code_suggestions.
How to set up and validate locally
-
Create the code suggestions add-on in the rails console (note: This record will be added as a post migration in another MR):
GitlabSubscriptions::AddOn.create(name: :code_suggestions, description: 'Add-on for code suggestions') -
Enable the feature flag
purchase_code_suggestions:Feature.enable(:purchase_code_suggestions). -
Test the POST endpoint:
Test scenarios
- With invalid access (same logic for all endpoints):
curl --request POST \ --url http://gdk.test:3000/api/v4/namespaces/<NAMESPACE_ID>/subscription_add_on_purchase/code_suggestions \ --header 'Content-Type: application/json' \ --header 'PRIVATE-TOKEN: invalid-access-token' \ --data '{ "quantity": 1, "expires_on": "2023-08-01", "purchase_xid": "1a2b3c" }'-
With feature flag disabled namespace (same logic for all endpoints):
- Disable the feature flag in the rails console:
Feature.disable(:purchase_code_suggestions)(turn it back on afterwards). -
curl --request POST \ --url http://gdk.test:3000/api/v4/namespaces/<NAMESPACE_ID>/subscription_add_on_purchase/code_suggestions \ --header 'Content-Type: application/json' \ --header 'PRIVATE-TOKEN: <PRIVATE_TOKEN>' \ --data '{ "quantity": 0, "expires_on": "2023-08-01", "purchase_xid": "1a2b3c" }'
- Disable the feature flag in the rails console:
-
With invalid namespace (same logic for all endpoints):
curl --request GET \ --url http://gdk.test:3000/api/v4/namespaces/123456789/subscription_add_on_purchase/code_suggestions \ --header 'Content-Type: application/json' \ --header 'PRIVATE-TOKEN: invalid-access-token'- With invalid add-on (same logic for all endpoints):
curl --request GET \ --url http://gdk.test:3000/api/v4/namespaces/123456789/subscription_add_on_purchase/non-existing-add-on \ --header 'Content-Type: application/json' \ --header 'PRIVATE-TOKEN: invalid-access-token'- With validation errors:
curl --request POST \ --url http://gdk.test:3000/api/v4/namespaces/<NAMESPACE_ID>/subscription_add_on_purchase/code_suggestions \ --header 'Content-Type: application/json' \ --header 'PRIVATE-TOKEN: <PRIVATE_TOKEN>' \ --data '{ "quantity": 0, "expires_on": "2023-08-01", "purchase_xid": "1a2b3c" }'- With successful request:
curl --request POST \ --url http://gdk.test:3000/api/v4/namespaces/<NAMESPACE_ID>/subscription_add_on_purchase/code_suggestions \ --header 'Content-Type: application/json' \ --header 'PRIVATE-TOKEN: <PRIVATE_TOKEN>' \ --data '{ "quantity": 1, "expires_on": "2023-08-01", "purchase_xid": "1a2b3c" }' -
Test the GET endpoint:
curl --request GET \ --url http://gdk.test:3000/api/v4/namespaces/264/subscription_add_on_purchase/code_suggestions \ --header 'Content-Type: application/json' \ --header 'PRIVATE-TOKEN: <PRIVATE_TOKEN>' -
Test the PUT endpoint:
Test scenarios
- With validation errors:
curl --request PUT \ --url http://gdk.test:3000/api/v4/namespaces/<NAMESPACE_ID>/subscription_add_on_purchase/code_suggestions \ --header 'Content-Type: application/json' \ --header 'PRIVATE-TOKEN: <PRIVATE_TOKEN>' \ --data '{ "quantity": 0, "expires_on": "2023-08-15", "purchase_xid": "1a2b3c" }'- With successful request:
curl --request PUT \ --url http://gdk.test:3000/api/v4/namespaces/<NAMESPACE_ID>/subscription_add_on_purchase/code_suggestions \ --header 'Content-Type: application/json' \ --header 'PRIVATE-TOKEN: <PRIVATE_TOKEN>' \ --data '{ "quantity": 5, "expires_on": "2023-08-15", "purchase_xid": "1a2b3c" }'
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.