Expose on-call users for escalation policies via GraphQL
What does this MR do?
This extends the Escalations Policies type of the GraphQL API to expose who is currently on call for each policy.
Background
An Escalation Policy contains many Escalation Rules. Each rule is associated to either an Oncall Schedule
or an individual User
which gets notified when that rule is triggered. You can read the documentation on Escalation Policies for more background.
Behaviour
This API will return all users who are currently on-call for all rules in the Escalation Policy. If an Escalation Rule has an associated Oncall Schedule, then the user currently on-call for each rotation within the Schedule will be returned.
This matches the behaviour expected by the existing solution which uses another product.
GraphQL queries and responses
Query
{
project(fullPath: "root/autodevops-deploy-test") {
id
incidentManagementEscalationPolicies {
nodes {
name
onCallUsers {
user {
username
}
schedule {
name
}
}
}
}
}
}
Example Response
{
"data": {
"project": {
"id": "gid://gitlab/Project/21",
"incidentManagementEscalationPolicies": {
"nodes": [
{
"name": "Let the boss know 2",
"onCallUsers": [
{
"user": {
"username": "rozanne_shields"
},
"schedule": {
"name": "Schedule 1"
}
},
{
"user": {
"username": "namespace10"
},
"schedule": {
"name": "Second Schedule"
}
},
{
"user": {
"username": "namespace1"
},
"schedule": {
"name": "Second Schedule"
}
}
]
}
]
}
}
}
}
Implementation
To achieve this I have extended the existing IncidentManagement::OncallUsersFinder
to accept a pre-defined rotations
relation, which will be used instead of the existing logic.
I've also added a include_schedule
option, which returns the Oncall Schedule object alongside the user:
[
{
user: <user>,
schedule: <schedule>
}
]
With this option disabled the existing behaviour is presented: A relation of User
objects is returned.
Screenshots or Screencasts (strongly suggested)
How to setup and validate locally (strongly suggested)
Does this MR meet the acceptance criteria?
Conformity
-
I have included changelog trailers, or none are needed. (Does this MR need a changelog?) -
I have added/updated documentation, or it's not needed. (Is documentation required?) -
I have properly separated EE content from FOSS, or this MR is FOSS only. (Where should EE code go?) -
I have added information for database reviewers in the MR description, or it's not needed. (Does this MR have database related changes?) -
I have self-reviewed this MR per code review guidelines. -
This MR does not harm performance, or I have asked a reviewer to help assess the performance impact. (Merge request performance guidelines) -
I have followed the style guides. -
This change is backwards compatible across updates, or this does not apply.
Availability and Testing
-
I have added/updated tests following the Testing Guide, or it's not needed. (Consider all test levels. See the Test Planning Process.) -
I have tested this MR in all supported browsers, or it's not needed. -
I have informed the Infrastructure department of a default or new setting change per definition of done, or it's not needed.
Security
Does this MR contain changes to processing or storing of credentials or tokens, authorization and authentication methods or other items described in the security review guidelines? If not, then delete this Security section.
-
Label as security and @ mention @gitlab-com/gl-security/appsec
-
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods -
Security reports checked/validated by a reviewer from the AppSec team
Related to #251140 (closed)