Skip to content

BE: Add approval_policies to GraphQL API and deprecate scan_result_policies

Why are we doing this work

We plan to move from "Scan result policy" to a new name "Merge request approval policy". Because of this, we should adapt backend to support both types.

In this issue, we should add approval_policies as a field to our GraphQL API and return the same results as for scan_result_policies.

We should also deprecate scan_result_policies.

Relevant links

Non-functional requirements

  • Documentation: should be updated
  • Feature flag:
  • Performance:
  • Testing:

Implementation plan

  • Update NamespaceType and expose the data from scan result policies under approval_policies field
  • Update ProjectType and expose the data from scan result policies under approval_policies field

Verification steps

  1. Query for project's approvalPolicies and verify it returns the same data as for scanResultPolicies:
    query projectScanResultPolicies {
        namespace: project(fullPath: "gitlab-org/approval-policy-project") {
            id
            approvalPolicies(relationship: INHERITED) {
                nodes {
                    name
                    yaml
                    editPath
                    enabled
                    updatedAt
                    userApprovers {
                        id
                        name
                        webUrl
                    }
                    allGroupApprovers {
                        id
                        fullPath
                        webUrl
                    }
                    roleApprovers
                }
            }
        }
    }
  2. Query for group's approvalPolicies and verify it returns the same data as for scanResultPolicies:
    query groupScanResultPolicies {
        namespace: group(fullPath: "gitlab-org/approval-policy-group") {
            id
            approvalPolicies(relationship: INHERITED) {
                nodes {
                    name
                    yaml
                    editPath
                    enabled
                    updatedAt
                    userApprovers {
                        id
                        name
                        webUrl
                    }
                    allGroupApprovers {
                        id
                        fullPath
                        webUrl
                    }
                    roleApprovers
                }
            }
        }
    }
Edited by Martin Čavoj