Create API endpoint to update a protected environment
What does this MR do and why?
This merge request adds two new endpoints to allow updating protected environments:
-
/groups/:id/protected_environments/:name
(for group-level protected environments) -
/projects/:id/protected_environments/:name
(for project-level protected environments)
Documentation was also added for both endpoints.
Please note: I had to expose id
attribute for the following two API entities:
API::Entities::ProtectedEnvironments::DeployAccessLevel
API::Entities::ProtectedEnvironments::ApprovalRule
To make sure API users can have the id
for these objects to be able to pass them when updating a protected environment. All example responses were also updated to include id
attribute for deploy_access_levels
and approval_rules
. Some of the examples had wrong indentation as well, so I fixed those too!
Resolves #351854 (closed).
How to set up and validate locally
The following describes how to validate this locally for project-level protected environments. Group-level should be similar, so I skipped adding instructions for that here.
- Create a project if you don't have one already.
- Create an environment for this project. Go to Deployments > Environments to create one. Let's call it
staging
. - Protect this environment using the UI from Settings > CI/CD > Protected Environments:
- Allow your own user (id: 1) to deploy to this environment.
- Set required approvals to 2.
- Create a new user (id: 2), and add the user to the project members.
- Ensure that you have a have an access token ready for use.
- Send a request to get the protected environment data:
- Replace
USE_YOUR_OWN_TOKEN_HERE
with your own. - Replace
PROJECT_ID
with theid
of the project.
- Replace
curl --header "PRIVATE-TOKEN: USE_YOUR_OWN_TOKEN_HERE" "http://gdk.test:3000/api/v4/projects/PROJECT_ID/protected_environments/staging"
- Keep track of the
id
ofdeploy_access_levels
object in the response. - Send the following request to update the protected environment:
- Replace
USE_YOUR_OWN_TOKEN_HERE
with your own. - Replace
DEPLOY_ACCESS_LEVEL_ID_FROM_ABOVE
with theid
you got above. - Replace
PROJECT_ID
with theid
of the project.
- Replace
curl --header 'Content-Type: application/json' --header 'PRIVATE-TOKEN: USE_YOUR_OWN_TOKEN_HERE` --request PUT --data '{"deploy_access_levels": [{ "id": DEPLOY_ACCESS_LEVEL_ID_FROM_ABOVE, "user_id": 2 }], "required_approval_count": 1}' "http://gdk.test:3000/api/v4/projects/PROJECT_ID/protected_environments/staging"
- Verify that:
-
deploy_access_level
object had itsuser_id
updated from1
to2
. -
required_approval_count
was updated from2
to1
.
-
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.