Skip to content

Add create, update, and delete endpoints for tag protection rules in GraphQL

Adie (she/her) requested to merge 499870-add-create-endpoint into master

What does this MR do and why?

In this MR, we add mutations to create, update, and delete a tag protection rule in GraphQL. These mutations are behind the feature flag: container_registry_protected_tags.

The added mutations are:

  • createContainerProtectionTagRule
  • DeleteContainerProtectionTagRule
  • UpdateContainerProtectionTagRule

These mutations will then be used by frontend to create, update, and delete tag rules.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

How to set up and validate locally

☀️ Prerequisites

  1. Enable the feature flag: container_registry_protected_tags via the Rails console
Feature.enable(:container_registry_protected_tags)
  1. Prepare or create a project where you have admin_container_image permissions. If you don't have a project yet, easiest way is to create one so you are the owner and thus the admin.

💃 Mutation 1: Create

  1. Create a tag protection rule with the following code. Replace the projectPath with the full path of the project that you can get from Project.find(id).full_path where id is the ID of the project you are testing with.
mutation {
  createContainerProtectionTagRule(input: {projectPath: "full/project/path", tagNamePattern: "v1", minimumAccessLevelForPush: ADMIN, minimumAccessLevelForDelete: ADMIN}) {
    containerProtectionTagRule {
      id
      tagNamePattern
    }
    errors
  }
}

When the call is successful, you will see errors: [] and the id and tagNamePattern of the created rule is returned. Sample successful result:

{
  "data": {
    "createContainerProtectionTagRule": {
      "containerProtectionTagRule": {
        "id": "gid://gitlab/ContainerRegistry::Protection::TagRule/7",
        "tagNamePattern": "v1"
      },
      "errors": []
    }
  },
  "correlationId": "01JFGSSVSFJ2GG1AQBSQD0AY0S"
}

💃 Mutation 2: Update

  1. You can use the created tag protection rule to test the update mutation. Getting the id that was returned during create, let's try to supply a different tagNamePattern.
mutation {
  updateContainerProtectionTagRule(input: {id: "gid://gitlab/ContainerRegistry::Protection::TagRule/7", tagNamePattern: "v2"}) {
    containerProtectionTagRule {
      id
      tagNamePattern
    }
  }
}

Once it is successful, it would also return empty errors as well as the id and the new tagNamePattern.

{
  "data": {
    "updateContainerProtectionTagRule": {
      "containerProtectionTagRule": {
        "id": "gid://gitlab/ContainerRegistry::Protection::TagRule/7",
        "tagNamePattern": "v2"
      }
    }
  },
  "correlationId": "01JFGSX6RVQ611C416KTB6H0AD"
}

💃 Mutation 3: Delete

  1. Finally, we can also use the created tag to test the delete mutation. copying the id from the result,
mutation {
  deleteContainerProtectionTagRule(input: {id: "gid://gitlab/ContainerRegistry::Protection::TagRule/7" }) {
    containerProtectionTagRule {
      id
    }
  }
}

And if successful, the result will be (note that the id will be different depending on your setup):

{
  "data": {
    "deleteContainerProtectionTagRule": {
      "containerProtectionTagRule": {
        "id": "gid://gitlab/ContainerRegistry::Protection::TagRule/7"
      }
    }
  },
  "correlationId": "01JFGT43RMQD28JYNXSBFWTETA"
}

Related to #499870

Edited by Adie (she/her)

Merge request reports