Backend: GraphQL API to allow service object to create/update `VerifiedNamespace` record

Summary

Original summary including the service details

From a discussion in https://gitlab.com/gitlab-com/gl-infra/production/-/issues/17746#note_1827585472, we want to create a REST API which would allow a service object to create the `VerifiedNamespace` record and update the `verification_level` for all existing resources in that namespace.

Currently, verification_level levels are in Ci::Catalog::VerifiedNamespace

The PUT API would look like:

Something like this:

namespace = Namespace.find_by_full_path('components')
Ci::Catalog::VerifyNamespaceService
  .new(namespace: namespace, verification_level: :gitlab_maintained) # other options: `partner`, `verified_creator`
  .execute

• In ...Resources::CreateService, Set verification_level for the resource record
  • if exists - new resources inherit value from the verified namespace
    • if not - new records get the verification_level updated at the time we create the verified namespace record

The endpoint should have admin permissions.
It was decided to make this endpoint a GraphQL endpoint.

Create an API endpoint to run VerifiedNamespace service (either create or update existing record: VerifiedNamespace service and catalog resource)

Seeing that this is just the endpoint, not including service, I am updating the weight to 2 points.

Proposal

Important Note 📣

Once implementation is complete in this issue, details will need to be shared with SRE in https://gitlab.com/gitlab-com/gl-infra/production/-/issues/17746 as well as added to a badge request template in https://gitlab.com/gitlab-com/gl-infra/production/-/tree/master/.gitlab/issue_templates?ref_type=heads.

Confirm purpose and User Reception (how does this benefit the user?)

This would allow SREs when fulfilling partner badge requests similar to https://gitlab.com/gitlab-com/gl-infra/production/-/issues/17746 to call an API without needing Rails console access.

Links/References