Merge request approvals API not consistent with GUI

Summary

Querying Merge Request Approvals API (GET /projects/:id/approvals) is not consistent with the GUI. The steps only shows the approvals_before_merge value but other fields returned by this API is also not being updated properly.

Another thing is that our documentation: https://docs.gitlab.com/12.8/ee/api/merge_request_approvals.html only shows this as the return value:

{
  "approvals_before_merge": 2,
  "reset_approvals_on_push": true,
  "disable_overriding_approvers_per_merge_request": false,
  "merge_requests_author_approval": true,
  "merge_requests_disable_committers_approval": false,
  "require_password_to_approve": true
}

but when I tried this in my instance and gitlab.com, I have the approvers and the approver_groups field.

{
  "approvers": [],
  "approver_groups": [],
  "approvals_before_merge": 2,
  "reset_approvals_on_push": true,
  "disable_overriding_approvers_per_merge_request": false,
  "merge_requests_author_approval": true,
  "merge_requests_disable_committers_approval": false,
  "require_password_to_approve": true
}

Steps to reproduce

  1. Create a new project.
  2. Query approvals API using curl
$ curl --header 'PRIVATE-TOKEN: xxxx' https://jdasmarinas-geo-01.do.gitlap.com/api/v4/projects/6/approvals | jq

{
  "approvers": [],
  "approver_groups": [],
  "approvals_before_merge": 0,
  "reset_approvals_on_push": true,
  "disable_overriding_approvers_per_merge_request": null,
  "merge_requests_author_approval": null,
  "merge_requests_disable_committers_approval": null,
  "require_password_to_approve": null
}
  1. Increase the number of approvals required to 1 using GUI'
  2. Query again the API using curl (note that the approvals_before_merge is still 0)
$ curl --header 'PRIVATE-TOKEN: xxxx' https://jdasmarinas-geo-01.do.gitlap.com/api/v4/projects/6/approvals | jq

{
  "approvers": [],
  "approver_groups": [],
  "approvals_before_merge": 0,
  "reset_approvals_on_push": true,
  "disable_overriding_approvers_per_merge_request": null,
  "merge_requests_author_approval": null,
  "merge_requests_disable_committers_approval": null,
  "require_password_to_approve": null
}

# however if we query the approval_rules endpoint, it is consistent with the GUI
curl --header 'PRIVATE-TOKEN: xxxx' https://jdasmarinas-geo-01.do.gitlap.com/api/v4/projects/6/approval_rules | jq

[
  {
    "id": 3,
    "name": "All Members",
    "rule_type": "any_approver",
    "eligible_approvers": [],
    "approvals_required": 1,
    "users": [],
    "groups": [],
    "contains_hidden_groups": false,
    "protected_branches": []
  }
]
  1. Doing a POST request however, will update the return value of the GET, and so is the value in the GUI.
curl -XPOST --header 'Content-Type: application/json' --header 'PRIVATE-TOKEN: xxxx' --data '{"approvals_before_merge":2}' https://jdasmarinas-geo-01.do.gitlap.com/api/v4/projects/6/approvals | jq

$ curl --header 'PRIVATE-TOKEN: xxxx' https://jdasmarinas-geo-01.do.gitlap.com/api/v4/projects/6/approvals | jq

{
  "approvers": [],
  "approver_groups": [],
  "approvals_before_merge": 2,
  "reset_approvals_on_push": true,
  "disable_overriding_approvers_per_merge_request": null,
  "merge_requests_author_approval": null,
  "merge_requests_disable_committers_approval": null,
  "require_password_to_approve": null
}

Example Project

Create a new project, I can even reproduce this behavior in gitlab.com

What is the current bug behavior?

Doesn't update the return value of GET /projects/:id/approvals when we update the settings via GUI.

What is the expected correct behavior?

Value in the GUI should be the same as the output.

Customer info

https://gitlab.zendesk.com/agent/tickets/149893 (internal)

Edited by Julian Paul Dasmarinas