Backend: GraphQL API to allow service object to create/update `VerifiedNamespace` record
Summary
Original summary including the service details
From a discussion in https://gitlab.com/gitlab-com/gl-infra/production/-/issues/17746#note_1827585472, we want to create a REST API which would allow a service object to create the `VerifiedNamespace` record and update the `verification_level` for all existing resources in that namespace.Currently, verification_level
levels are in Ci::Catalog::VerifiedNamespace
The PUT API would look like:
Something like this:
namespace = Namespace.find_by_full_path('components')
Ci::Catalog::VerifyNamespaceService
.new(namespace: namespace, verification_level: :gitlab_maintained) # other options: `partner`, `verified_creator`
.execute
- In
...Resources::CreateService
, Setverification_level
for the resource record-
if exists - new resources inherit value from the verified namespace
-
if not - new records get the
verification_level
updated at the time we create the verified namespace record
-
if not - new records get the
-
if exists - new resources inherit value from the verified namespace
The endpoint should have admin permissions.
It was decided to make this endpoint a GraphQL endpoint.
Create an API endpoint to run VerifiedNamespace service (either create or update existing record: VerifiedNamespace service and catalog resource)
Seeing that this is just the endpoint, not including service, I am updating the weight to 2 points.
Proposal
📣
Important Note Once implementation is complete in this issue, details will need to be shared with SRE in https://gitlab.com/gitlab-com/gl-infra/production/-/issues/17746 as well as added to a badge request template in https://gitlab.com/gitlab-com/gl-infra/production/-/tree/master/.gitlab/issue_templates?ref_type=heads.
Confirm purpose and User Reception (how does this benefit the user?)
This would allow SREs when fulfilling partner badge requests similar to https://gitlab.com/gitlab-com/gl-infra/production/-/issues/17746 to call an API without needing Rails console access.