Skip to content

Restrict pipeline cancellation by role

Allison Browne requested to merge 20207-add-setting-to-disallow-pipeline-cancel into master

What does this MR do and why?

What?

Allows the user to update which roles are allowed to cancel pipelines [:developer, :maintainer, :no_one] via the internal api, project controller (yet to be hooked up to the front end). Code in the project policy prevents users from canceling base on the role.

Why?

As part of implementing issue #20207 (closed)

What is not included

  • Public REST api
  • Graphql api
  • Front end changes

Database

Migration output:

up:

▶ rake db:migrate
WARNING: This version of GitLab depends on gitlab-shell 14.29.0, but you're running 14.28.0. Please update gitlab-shell.
main: == [advisory_lock_connection] object_id: 179980, pg_backend_pid: 13759
main: == 20231024212214 AddPipelineCancelRoleRestrictionEnum: migrating =============
main: -- add_column(:project_ci_cd_settings, :restrict_pipeline_cancellation_role, :integer, {:limit=>2, :default=>0, :null=>false})
main:    -> 0.0089s
main: == 20231024212214 AddPipelineCancelRoleRestrictionEnum: migrated (0.0146s) ====

main: == [advisory_lock_connection] object_id: 179980, pg_backend_pid: 13759
ci: == [advisory_lock_connection] object_id: 180240, pg_backend_pid: 13761
ci: == 20231024212214 AddPipelineCancelRoleRestrictionEnum: migrating =============
ci: -- add_column(:project_ci_cd_settings, :restrict_pipeline_cancellation_role, :integer, {:limit=>2, :default=>0, :null=>false})
ci:    -> 0.0017s
ci: == 20231024212214 AddPipelineCancelRoleRestrictionEnum: migrated (0.0131s) ====

ci: == [advisory_lock_connection] object_id: 180240, pg_backend_pid: 13761

down:

▶ rake db:rollback:ci VERSION=20231024212214
WARNING: This version of GitLab depends on gitlab-shell 14.29.0, but you're running 14.28.0. Please update gitlab-shell.
ci: == [advisory_lock_connection] object_id: 179620, pg_backend_pid: 15846
ci: == 20231024212214 AddPipelineCancelRoleRestrictionEnum: reverting =============
ci: -- remove_column(:project_ci_cd_settings, :restrict_pipeline_cancellation_role)
ci:    -> 0.0070s
ci: == 20231024212214 AddPipelineCancelRoleRestrictionEnum: reverted (0.0173s) ====

ci: == [advisory_lock_connection] object_id: 179620, pg_backend_pid: 15846

Screenshots or screen recordings

How to set up and validate locally

Edited by Allison Browne

Merge request reports