Protected containers: Graphql mutation update container protection rules
requested to merge gitlab-community/gitlab:427547-protected-containers-graphql-mutation-update-container-registry-protection-rule into master
What does this MR do and why?
- This MR adds a new graphql endpoint for updating container registry protection rules.
- This MR is part of the EPIC &9825 and is planned to be included in the 1st version of this feature, see &9825 (comment 1461465889)
- This MR intends to follow the implementation the MR for the feature "protected packages", see Protected packages: GraphQL api for updating pa... (!127096 - merged)
DB queries
In this MR, package protection rule are updated. The following database query is issued to the database (query plan):
UPDATE "container_registry_protection_rules" SET "updated_at" = '2023-12-07 11:09:57.691561', "container_path_pattern" = 'flight/flight/stages-*' WHERE "container_registry_protection_rules"."id" = 2See terminal output
TRANSACTION (0.1ms) BEGIN /*application:web,correlation_id:01HH1ZGNB39G9MP7Z8SRHS147R,endpoint_id:graphql:unknown,db_config_name:main,line:/app/services/container_registry/protection/update_rule_service.rb:31:in `execute'*/
↳ app/services/container_registry/protection/update_rule_service.rb:31:in `execute'
ContainerRegistry::Protection::Rule Exists? (0.2ms) SELECT 1 AS one FROM "container_registry_protection_rules" WHERE "container_registry_protection_rules"."container_path_pattern" = 'flight/flight/stages-*' AND "container_registry_protection_rules"."id" != 2 AND "container_registry_protection_rules"."project_id" = 7 LIMIT 1 /*application:web,correlation_id:01HH1ZGNB39G9MP7Z8SRHS147R,endpoint_id:graphql:unknown,db_config_name:main,line:/app/services/container_registry/protection/update_rule_service.rb:31:in `execute'*/
↳ app/services/container_registry/protection/update_rule_service.rb:31:in `execute'
ContainerRegistry::Protection::Rule Update (0.6ms) UPDATE "container_registry_protection_rules" SET "updated_at" = '2023-12-07 11:09:57.691561', "container_path_pattern" = 'flight/flight/stages-*' WHERE "container_registry_protection_rules"."id" = 2 /*application:web,correlation_id:01HH1ZGNB39G9MP7Z8SRHS147R,endpoint_id:graphql:unknown,db_config_name:main,line:/app/services/container_registry/protection/update_rule_service.rb:31:in `execute'*/
↳ app/services/container_registry/protection/update_rule_service.rb:31:in `execute'
TRANSACTION (0.1ms) COMMIT /*application:web,correlation_id:01HH1ZGNB39G9MP7Z8SRHS147R,endpoint_id:graphql:unknown,db_config_name:main,line:/lib/gitlab/database.rb:392:in `commit'*/
↳ lib/gitlab/database.rb:392:in `commit'Screenshots or screen recordings
mutation {
updateContainerRegistryProtectionRule(
input: {
id: "gid://gitlab/ContainerRegistry::Protection::Rule/2"
containerPathPattern: "flight/flight/stage-*"
}
) {
containerRegistryProtectionRule {
containerPathPattern
deleteProtectedUpToAccessLevel
pushProtectedUpToAccessLevel
}
clientMutationId
errors
}
}
How to set up and validate locally
- Enable feature flag via
rails c
Feature.enable(:container_registry_protected_containers)- Create a container registry protection rule that we will delete in the next step
container_registry_protection_rule = ContainerRegistry::Protection::Rule.create(
project: Project.find(7),
container_path_pattern: Project.find(7).full_path.downcase,
push_protected_up_to_access_level: :developer,
delete_protected_up_to_access_level: :developer
)- Find the global id of the container registry protection rule that we want to update
container_registry_protection_rule.to_global_id.to_s
# => "gid://gitlab/ContainerRegistry::Protection::Rule/13"- Now, you should be able to send mutation requests via the graphql api
curl --request POST \
--url http://gdk.test:3000/api/graphql \
--header 'Authorization: Bearer ypCa3Dzb23o5nvsixwPA' \
--header 'Content-Type: application/json' \
--cookie 'perf_bar_enabled=true; BetterErrors-2.10.1-CSRF-Token=0b882179-5e4a-431b-a420-2be3701cece8' \
--data '{"query":"mutation {\n\tupdateContainerRegistryProtectionRule(\n\t\tinput: {\n\t\t\tid: \"gid://gitlab/ContainerRegistry::Protection::Rule/13\"\n\t\t\tcontainerPathPattern: \"flight/flight/stage-*\"\n\t\t}\n\t) {\n\t\tcontainerRegistryProtectionRule {\n\t\t\tcontainerPathPattern\n\t\t\tdeleteProtectedUpToAccessLevel\n\t\t\tpushProtectedUpToAccessLevel\n\t\t}\n\t\tclientMutationId\n\t\terrors\n\t}\n}\n"}'MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR. -
Changelog entry added, if necessary -
Documentation created/updated via this MR -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Tested in all supported browsers -
Conforms to the code review guidelines -
Conforms to the merge request performance guidelines -
Conforms to the style guides -
Conforms to the javascript style guides -
Conforms to the database guides
-
Related to #427547 (closed)
Edited by Gerardo Navarro