Support require_password_to_approve in POST /projects/:id/approvals API endpoint
Problem to solve
Starting in GitLab version 12.0, you can force the merge request approver to enter a password in order to authenticate who is approving the merge request by enabling Require user password to approve via your project’s Settings > General > Merge request approvals. This was introduced in the MR: !10364 (merged)
While you can change this setting via the UI, there is no support for passing this attribute via the API. This issue proposes adding a feature supporting the require_password_to_approve
attribute for the POST /projects/:id/approvals
. This feature would allow you to pass this attribute in that endpoint with either true
or false
, in order to set the corresponding UI setting.
13000 seat Premium customer requesting this feature --> https://gitlab.zendesk.com/agent/tickets/144281 (internal use only)
MR Approvals Docs: https://docs.gitlab.com/ee/user/project/merge_requests/merge_request_approvals.html#require-authentication-when-approving-a-merge-request-starter
MR Approvals API Docs: https://docs.gitlab.com/ee/api/merge_request_approvals.html#change-configuration
Intended users
Developers, DevOps Engineers, anyone administering the MR approvals.
Further details
It's currently supported via the UI, so should also be supported in the API.
Proposal
Add require_password_to_approve
as a parameter for this API endpoint: https://gitlab.com/gitlab-org/gitlab/blob/master/ee/lib/api/project_approvals.rb
Permissions and Security
Need to be authenticated for the require_password_to_approve
endpoint, which is already configured.
Documentation
Add attribute to the API docs: https://docs.gitlab.com/ee/api/merge_request_approvals.html#change-configuration
Testing
Add test that project MR approvals API accepts and displays the require_password_to_approve
attribute: https://gitlab.com/gitlab-org/gitlab/blob/master/ee/spec/requests/api/project_approvals_spec.rb
What does success look like, and how can we measure that?
Customers can pass the require_password_to_approve
in the POST /projects/:id/approvals
API endpoint to require authentication when approving a merge request
What is the type of buyer?
EE feature: Starter/Bronze level