GraphQL query for fetching environment/deployment permissions
Release notes
We have exposed user permissions for environments and deployments through GraphQL. Now you can fetch information about who has access to do particular actions for an environment via API.
Problem
In &8433 (closed), we're moving to GraphQL for rendering Environment Index/Details page and moving away from the internal Controller API. This issue is to extend the GraphQL API to let frontend fetch user permission to a particular environment/deployments.
Proposal
Add the following fields:
- A boolean field to
EnvironmentType
if the user can stop an environment. - A boolean field to
EnvironmentType
if the user can delete an environment.
We should use expose_permissions
according to the GraphQL guideline.
Since the permission check could execute an additional query, we should make sure that it doesn't cause N+1 problem when frontend fetches the permission for multiple environments/deployments. If it's difficult to solve, we should set Limit maximum field call count for now.
environments.json example
{
"name": "production",
"size": 1,
"latest": {
"id": 2235830,
"global_id": "gid://gitlab/Environment/2235830",
"name": "production",
"state": "available",
"external_url": "https://example.com",
"environment_type": null,
"name_without_type": "production",
"last_deployment": {
"id": 286402047,
"iid": 20992,
"sha": "b528a08ae17d2975741e1fc3dbfec47515ddf3ba",
"ref": {
"name": "release-tag-test-2",
"ref_path": "/shinya.maeda/pipeline-playground/-/tree/release-tag-test-2"
},
"status": "success",
"created_at": "2022-05-10T09:42:23.312Z",
"deployed_at": "2022-05-10T09:42:39.239Z",
"tag": true,
"last?": true,
"is_last": true,
"tier_in_yaml": null,
"user": {
"id": 758045,
"username": "shinya.maeda",
"name": "Shinya Maeda",
"state": "active",
"avatar_url": "https://gitlab.com/uploads/-/system/user/avatar/758045/avatar.png",
"web_url": "https://gitlab.com/shinya.maeda",
"show_status": false,
"path": "/shinya.maeda"
},
"deployable": {
"id": 2435419830,
"name": "deploy",
"started": true,
"started_at": "2022-05-10T09:42:23.736Z",
"complete": true,
"archived": false,
"build_path": "/shinya.maeda/pipeline-playground/-/jobs/2435419830",
"retry_path": "/shinya.maeda/pipeline-playground/-/jobs/2435419830/retry",
"playable": false,
"scheduled": false,
"created_at": "2022-05-10T09:42:23.233Z",
"queued_at": "2022-05-10T09:42:23.504Z",
"queued_duration": 0.232588,
"updated_at": "2022-05-10T09:42:39.203Z",
"status": {
"icon": "status_success",
"text": "passed",
"label": "passed",
"group": "success",
"tooltip": "passed",
"has_details": true,
"details_path": "/shinya.maeda/pipeline-playground/-/jobs/2435419830",
"illustration": {
"image": "/assets/illustrations/skipped-job_empty-29a8a37d8a61d1b6f68cf3484f9024e53cd6eb95e28eae3554f8011a1146bf27.svg",
"size": "svg-430",
"title": "This job does not have a trace."
},
"favicon": "/assets/ci_favicons/favicon_status_success-8451333011eee8ce9f2ab25dc487fe24a8758c694827a582f17f42b0a90446a2.png",
"action": {
"icon": "retry",
"title": "Retry",
"path": "/shinya.maeda/pipeline-playground/-/jobs/2435419830/retry",
"method": "post",
"button_title": "Retry this job"
}
}
},
"commit": {
"id": "b528a08ae17d2975741e1fc3dbfec47515ddf3ba",
"short_id": "b528a08a",
"created_at": "2022-04-22T09:52:30.000+00:00",
"parent_ids": ["4beb8a9bbd676cb4f80b0ccc70b1b3a7789315b0"],
"title": "Update .gitlab-ci.yml",
"message": "Update .gitlab-ci.yml",
"author_name": "Shinya Maeda",
"author_email": "shinya@gitlab.com",
"authored_date": "2022-04-22T09:52:30.000+00:00",
"committer_name": "Shinya Maeda",
"committer_email": "shinya@gitlab.com",
"committed_date": "2022-04-22T09:52:30.000+00:00",
"trailers": {},
"web_url": "https://gitlab.com/shinya.maeda/pipeline-playground/-/commit/b528a08ae17d2975741e1fc3dbfec47515ddf3ba",
"author": {
"id": 758045,
"username": "shinya.maeda",
"name": "Shinya Maeda",
"state": "active",
"avatar_url": "https://gitlab.com/uploads/-/system/user/avatar/758045/avatar.png",
"web_url": "https://gitlab.com/shinya.maeda",
"show_status": false,
"path": "/shinya.maeda"
},
"author_gravatar_url": "https://secure.gravatar.com/avatar/d99019d49e480c8654156065b29eeb6f?s=80\u0026d=identicon",
"commit_url": "https://gitlab.com/shinya.maeda/pipeline-playground/-/commit/b528a08ae17d2975741e1fc3dbfec47515ddf3ba",
"commit_path": "/shinya.maeda/pipeline-playground/-/commit/b528a08ae17d2975741e1fc3dbfec47515ddf3ba"
},
"manual_actions": [],
"scheduled_actions": [],
"cluster": null,
"pending_approval_count": 0,
"approvals": [],
"can_approve_deployment": true
},
"has_stop_action": false,
"rollout_status": null,
"tier": "production",
"upcoming_deployment": {
"id": 260175067,
"iid": 20964,
"sha": "02d5d060e42b483515eaa99d0dea38ad28374ff5",
"ref": {
"name": "master",
"ref_path": "/shinya.maeda/pipeline-playground/-/tree/master"
},
"status": "blocked",
"created_at": "2022-03-14T09:31:46.489Z",
"deployed_at": null,
"tag": false,
"last?": false,
"is_last": false,
"tier_in_yaml": null,
"user": {
"id": 758045,
"username": "shinya.maeda",
"name": "Shinya Maeda",
"state": "active",
"avatar_url": "https://gitlab.com/uploads/-/system/user/avatar/758045/avatar.png",
"web_url": "https://gitlab.com/shinya.maeda",
"show_status": false,
"path": "/shinya.maeda"
},
"deployable": {
"id": 2198800255,
"name": "job",
"started": false,
"complete": false,
"archived": false,
"build_path": "/shinya.maeda/pipeline-playground/-/jobs/2198800255",
"playable": false,
"scheduled": false,
"created_at": "2022-03-14T09:31:46.312Z",
"queued_at": null,
"queued_duration": null,
"updated_at": "2022-03-14T09:31:46.785Z",
"status": {
"icon": "status_manual",
"text": "manual",
"label": "manual action",
"group": "manual",
"tooltip": "manual action",
"has_details": true,
"details_path": "/shinya.maeda/pipeline-playground/-/jobs/2198800255",
"illustration": {
"image": "/assets/illustrations/manual_action-c55aee2c5f9ebe9f72751480af8bb307be1a6f35552f344cc6d1bf979d3422f6.svg",
"size": "svg-394",
"title": "Waiting for approval",
"content": "This job deploys to the protected environment \"production\" which requires approvals."
},
"favicon": "/assets/ci_favicons/favicon_status_manual-829a0804612cef47d9efc1618dba38325483657c847dba0546c3b9f0295bb36c.png",
"action": {
"icon": null,
"title": null,
"path": "/shinya.maeda/pipeline-playground/-/environments",
"method": "get",
"button_title": "Go to environments page to approve or reject"
}
}
},
"commit": {
"id": "02d5d060e42b483515eaa99d0dea38ad28374ff5",
"short_id": "02d5d060",
"created_at": "2022-03-14T09:31:44.000+00:00",
"parent_ids": ["872f2c05da635df9b82e8abd7432877f15a2a3fb"],
"title": "Update .gitlab-ci.yml",
"message": "Update .gitlab-ci.yml",
"author_name": "Shinya Maeda",
"author_email": "shinya@gitlab.com",
"authored_date": "2022-03-14T09:31:44.000+00:00",
"committer_name": "Shinya Maeda",
"committer_email": "shinya@gitlab.com",
"committed_date": "2022-03-14T09:31:44.000+00:00",
"trailers": {},
"web_url": "https://gitlab.com/shinya.maeda/pipeline-playground/-/commit/02d5d060e42b483515eaa99d0dea38ad28374ff5",
"author": {
"id": 758045,
"username": "shinya.maeda",
"name": "Shinya Maeda",
"state": "active",
"avatar_url": "https://gitlab.com/uploads/-/system/user/avatar/758045/avatar.png",
"web_url": "https://gitlab.com/shinya.maeda",
"show_status": false,
"path": "/shinya.maeda"
},
"author_gravatar_url": "https://secure.gravatar.com/avatar/d99019d49e480c8654156065b29eeb6f?s=80\u0026d=identicon",
"commit_url": "https://gitlab.com/shinya.maeda/pipeline-playground/-/commit/02d5d060e42b483515eaa99d0dea38ad28374ff5",
"commit_path": "/shinya.maeda/pipeline-playground/-/commit/02d5d060e42b483515eaa99d0dea38ad28374ff5"
},
"pending_approval_count": 0,
"approvals": [],
"can_approve_deployment": true
},
"environment_path": "/shinya.maeda/pipeline-playground/-/environments/2235830",
"stop_path": "/shinya.maeda/pipeline-playground/-/environments/2235830/stop",
"cancel_auto_stop_path": "/shinya.maeda/pipeline-playground/-/environments/2235830/cancel_auto_stop",
"delete_path": "/api/v4/projects/19827008/environments/2235830",
"folder_path": "/shinya.maeda/pipeline-playground/-/environments/folders/production",
"created_at": "2020-07-10T11:24:32.164Z",
"updated_at": "2021-12-08T05:33:44.031Z",
"can_stop": true,
"can_delete": false,
"has_opened_alert": false,
"required_approval_count": 0
}
},