Skip to content

Create group approval rules via API

Why are we doing this work

To support the management of MR approval rules at the group level, we need to add a create endpoint for the front-end app.

Relevant links

  • See #293957 for high-level design.
  • Existing project-level rule API

Functional requirements

  • Add a new endpoint POST /api/:version/groups/:id/approval_rules
Parameters
Attribute Type Required Description
id integer yes The ID of a group
name string yes The name of the approval rule
approvals_required integer yes The number of required approvals for this rule
user_ids Array no The ids of users as approvers
group_ids Array no The ids of groups as approvers
protected_branch_ids Array no The ids of protected branches to scope the rule by
Example payload 
{
  "id": 1,
  "name": "security",
  "rule_type": "regular",
  "approvals_required": 1,
  "users": [
    {
      "id": 2,
      "name": "John Doe",
      "username": "jdoe",
      "state": "active",
      "avatar_url": "https://www.gravatar.com/avatar/0?s=80&d=identicon",
      "web_url": "http://localhost/jdoe"
    }
  ],
  "groups": [
    {
      "id": 5,
      "name": "group1",
      "path": "group1",
      "description": "",
      "visibility": "public",
      "lfs_enabled": false,
      "avatar_url": null,
      "web_url": "http://localhost/groups/group1",
      "request_access_enabled": false,
      "full_name": "group1",
      "full_path": "group1",
      "parent_id": null,
      "ldap_cn": null,
      "ldap_access": null
    }
  ],
  "protected_branches": [
    {
      "id": 1,
      "name": "master",
      "push_access_levels": [
        {
          "access_level": 30,
          "access_level_description": "Developers + Maintainers"
        }
      ],
      "merge_access_levels": [
        {
          "access_level": 30,
          "access_level_description": "Developers + Maintainers"
        }
      ],
      "unprotect_access_levels": [
        {
          "access_level": 40,
          "access_level_description": "Maintainers"
        }
      ],
      "code_owner_approval_required": "false"
    }
  ]
}
  • Restrict access to user who has permission to admin_merge_request_approval_settings
  • Restrict to only the top-level group

Non-functional requirements

  • [-] Documentation: Not needed as it is behind a feature flag
  • Feature flag: approval_group_rules
  • [-] Performance:
  • Testing: add additional ee/spec/requests specs similar to the project approval rules spec

Implementation plan

  • backend Add new API class API::GroupApprovalRules.
graph LR
  API::GroupApprovalRules --> ApprovalRules::CreateService --> ApprovalRules::Updater
  ApprovalRules::Updater --> ApprovalGroupRule
Edited by Gavin Hinfey