Protected packages: GraphQL api for updating package protection rules

What does this MR do and why?

• This MR adds a new graphql endpoint for updating package protection rules.
• This MR is part of the EPIC &5574 and is planned to be included in the 1st version of this feature, see &5574 (comment 1437348728)

🛠 with ❤ at Siemens

DB queries

In this MR, package protection rule are updated. The following database query is issued to the database (query plan):

UPDATE "packages_protection_rules" SET "updated_at" = '2023-10-23 12:20:54.016168', "package_name_pattern" = '@flight/flight-js-3-*', "package_name_pattern_ilike_query" = '@flight/flight-js-3-%' WHERE "packages_protection_rules"."id" = 12

Open console

TRANSACTION (0.1ms)  BEGIN /*application:web,correlation_id:01HDE7P6ZP3ADVNMMAKQT0TC48,endpoint_id:graphql:unknown,db_config_name:main,line:/app/services/packages/protection/update_rule_service.rb:31:in `execute'*/
  ↳ app/services/packages/protection/update_rule_service.rb:31:in `execute'
  Packages::Protection::Rule Exists? (0.2ms)  SELECT 1 AS one FROM "packages_protection_rules" WHERE "packages_protection_rules"."package_name_pattern" = '@flight/flight-js-3-*' AND "packages_protection_rules"."id" != 12 AND "packages_protection_rules"."project_id" = 7 AND "packages_protection_rules"."package_type" = 2 LIMIT 1 /*application:web,correlation_id:01HDE7P6ZP3ADVNMMAKQT0TC48,endpoint_id:graphql:unknown,db_config_name:main,line:/app/services/packages/protection/update_rule_service.rb:31:in `execute'*/
  ↳ app/services/packages/protection/update_rule_service.rb:31:in `execute'
  Packages::Protection::Rule Update (0.3ms)  UPDATE "packages_protection_rules" SET "updated_at" = '2023-10-23 12:20:54.016168', "package_name_pattern" = '@flight/flight-js-3-*', "package_name_pattern_ilike_query" = '@flight/flight-js-3-%' WHERE "packages_protection_rules"."id" = 12 /*application:web,correlation_id:01HDE7P6ZP3ADVNMMAKQT0TC48,endpoint_id:graphql:unknown,db_config_name:main,line:/app/services/packages/protection/update_rule_service.rb:31:in `execute'*/
  ↳ app/services/packages/protection/update_rule_service.rb:31:in `execute'
  TRANSACTION (0.1ms)  COMMIT /*application:web,correlation_id:01HDE7P6ZP3ADVNMMAKQT0TC48,endpoint_id:graphql:unknown,db_config_name:main,line:/lib/gitlab/database.rb:392:in `commit'*/
  ↳ lib/gitlab/database.rb:392:in `commit'

Screenshots or screen recordings

With this MR, it is possible to send graphql requests in order to update existing package protection rules.

The body of the graphql request looks like this:

mutation {
	updatePackagesProtectionRule(
		input: {
			id: "gid://gitlab/Packages::Protection::Rule/12"
			packageNamePattern: "@flight/flight-js-1-*"
			pushProtectedUpToAccessLevel: MAINTAINER
		}
	) {
		packageProtectionRule {
			pushProtectedUpToAccessLevel
			packageNamePattern
			packageType
		}
		clientMutationId
		errors
	}
}

How to set up and validate locally

1. Enable feature flag via rails c

Feature.enable(:packages_protected_packages)

2. Create a package protection rule that we will update in the next step

Packages::Protection::Rule.create(
  project: Project.find(7),
  package_type: :npm,
  push_protected_up_to_access_level: Gitlab::Access::DEVELOPER,
  package_name_pattern: "@gitlab-org/npm-package-new-enum-*"
)

3. Find the global id of the package protection rule that we want to update

Packages::Protection::Rule.where(package_name_pattern: "@gitlab-org/npm-package-new-enum-*").first.to_global_id.to_s
# => "gid://gitlab/Packages::Protection::Rule/9"

4. Now, you should be able to send mutation requests via the graphql api

curl --request POST \
--url http://gdk.test:3000/api/graphql \
--header 'Authorization: Bearer ypCa3Dzb23o5nvsixwPA' \
--header 'Content-Type: application/json' \
--cookie 'perf_bar_enabled=true; BetterErrors-2.10.1-CSRF-Token=0b882179-5e4a-431b-a420-2be3701cece8' \
--data '{"query":"mutation {\n\tupdatePackagesProtectionRule(\n\t\tinput: {\n\t\t\tid: \"gid://gitlab/Packages::Protection::Rule/25\"\n\t\t\tpackageNamePattern: \"@gitlab-org/npm-package-new-enum-updated-*\"\n\t\t\tpushProtectedUpToAccessLevel: MAINTAINER\n\t\t}\n\t) {\n\t\tpackageProtectionRule {\n\t\t\tpushProtectedUpToAccessLevel\n\t\t\tpackageNamePattern\n\t\t\tpackageType\n\t\t}\n\t\tclientMutationId\n\t\terrors\n\t}\n}\n"}'

TODOs

• Finalize MR description
• Finalize tests

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

• I have evaluated the MR acceptance checklist for this MR.
  • Changelog entry added, if necessary
  • Documentation created/updated via this MR
  • Documentation reviewed by technical writer or follow-up review issue created
  • Tests added for this feature/bug
  • Tested in all supported browsers
  • Conforms to the code review guidelines
  • Conforms to the merge request performance guidelines
  • Conforms to the style guides
  • Conforms to the javascript style guides
  • Conforms to the database guides
  • Wait for MR Protected packages: GraphQL api for creating pa... (!125915 - merged)
  • Wait for MR Protected packages: GraphQL api for deleting pa... (!127659 - merged)

Related to #416381 (closed)