Create group approval rules via API

Why are we doing this work

To support the management of MR approval rules at the group level, we need to add a create endpoint for the front-end app.

Relevant links

  • See #293957 for high-level design.
  • Existing project-level rule API

Functional requirements

  • Add a new endpoint POST /api/:version/groups/:id/approval_rules
Parameters
Attribute Type Required Description
id integer yes The ID of a group
name string yes The name of the approval rule
approvals_required integer yes The number of required approvals for this rule
user_ids Array no The ids of users as approvers
group_ids Array no The ids of groups as approvers
protected_branch_ids Array no The ids of protected branches to scope the rule by
Example payload 
{
  "id": 1,
  "name": "security",
  "rule_type": "regular",
  "approvals_required": 1,
  "users": [
    {
      "id": 2,
      "name": "John Doe",
      "username": "jdoe",
      "state": "active",
      "avatar_url": "https://www.gravatar.com/avatar/0?s=80&d=identicon",
      "web_url": "http://localhost/jdoe"
    }
  ],
  "groups": [
    {
      "id": 5,
      "name": "group1",
      "path": "group1",
      "description": "",
      "visibility": "public",
      "lfs_enabled": false,
      "avatar_url": null,
      "web_url": "http://localhost/groups/group1",
      "request_access_enabled": false,
      "full_name": "group1",
      "full_path": "group1",
      "parent_id": null,
      "ldap_cn": null,
      "ldap_access": null
    }
  ],
  "protected_branches": [
    {
      "id": 1,
      "name": "master",
      "push_access_levels": [
        {
          "access_level": 30,
          "access_level_description": "Developers + Maintainers"
        }
      ],
      "merge_access_levels": [
        {
          "access_level": 30,
          "access_level_description": "Developers + Maintainers"
        }
      ],
      "unprotect_access_levels": [
        {
          "access_level": 40,
          "access_level_description": "Maintainers"
        }
      ],
      "code_owner_approval_required": "false"
    }
  ]
}
  • Restrict access to user who has permission to admin_merge_request_approval_settings
  • Restrict to only the top-level group

Non-functional requirements

  • [-] Documentation: Not needed as it is behind a feature flag
  • Feature flag: approval_group_rules
  • [-] Performance:
  • Testing: add additional ee/spec/requests specs similar to the project approval rules spec

Implementation plan

  • backend Add new API class API::GroupApprovalRules.
graph LR
  API::GroupApprovalRules --> ApprovalRules::CreateService --> ApprovalRules::Updater
  ApprovalRules::Updater --> ApprovalGroupRule
Edited by Gavin Hinfey