Draft: Protected packages: PyPI package push protection

What does this MR do and why?

• Push protecting pypi packages when a package protection rule exists.
• Enabling pypi as a valid package type for package protection rules.
• This MR enables the package protection for the package format 'pypi'.
• When a PackageProtectionRule exists then newly pushed pypi packages will be protected / rejected.
• This MR concentrates only on push protection for pypi packages; delete protection of pypi packages is out of scope for this MR.
• This MR is part of the EPIC Identify packages as protected to prevent accid... (&5574)

🛠 with ❤ at Siemens

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

MR Checklist (@gerardo-navarro)

• Changelog entry added, if necessary
• Documentation created/updated via this MR
• Documentation reviewed by technical writer or follow-up review issue created
• Tests added for this feature/bug
• Tested in all supported browsers
• Conforms to the code review guidelines
• Conforms to the merge request performance guidelines
• Conforms to the style guides
• Conforms to the javascript style guides
• Conforms to the database guides

Individal Notes (@gerardo-navarro)

Todos

Other refactoring opportunities

• Rename helper on top of file
• Expect to be like the param
• Extract to sharede examples
• Assess why is is possible to define a user with no attachment to project => check if there is a bug
• Check if deploy token can be used with the pypi create package service
• Return propoer error message when package is already taekn push same python pacakge over and over again
• Warnings

be rspec /Users/client-siemens/Development/gitlab-development-kit/gitlab/spec/requests/api/pypi_packages_spec.rb
WARNING: Shared example group 'creating pypi package files' has been previously defined at:
  /Users/client-siemens/Development/gitlab-development-kit/gitlab/spec/support/shared_examples/requests/api/pypi_packages_shared_examples.rb:4
...and you are now defining it at:
  /Users/client-siemens/Development/gitlab-development-kit/gitlab/spec/support/shared_examples/requests/api/pypi_packages_shared_examples.rb:4
The new definition will overwrite the original one.
WARNING: Shared example group 'creating pypi package files' has been previously defined at:
  /Users/client-siemens/Development/gitlab-development-kit/gitlab/spec/support/shared_examples/requests/api/pypi_packages_shared_examples.rb:4
...and you are now defining it at:
  /Users/client-siemens/Development/gitlab-development-kit/gitlab/spec/support/shared_examples/requests/api/pypi_packages_shared_examples.rb:4
The new definition will overwrite the original one.
WARNING: Shared example group 'creating pypi package files' has been previously defined at:
  /Users/client-siemens/Development/gitlab-development-kit/gitlab/spec/support/shared_examples/requests/api/pypi_packages_shared_examples.rb:4
...and you are now defining it at:
  /Users/client-siemens/Development/gitlab-development-kit/gitlab/spec/support/shared_examples/requests/api/pypi_packages_shared_examples.rb:4
The new definition will overwrite the original one.
Run options: include {:focus=>true}

Screenshots or screen recordings

There are no frontend changes in this MR. The local validation steps contain a demo of the rejected command when a package is pushed.

How to set up and validate locally

1. Enable feature flag via rails c

Feature.enable(:packages_protected_packages)

2. Open the rails console (rails c) and start playing around with the new model

Packages::Protection::Rule.create(
  project: Project.find_by(name: "Flight"),
  package_name_pattern: "protected-packages-examples-pypi-python-package",
  package_type: :pypi,
  minimum_access_level_for_push: :admin
)

4. Create a dummy pypi python package
5. Adjust the package name in pyproject.toml and set it to "protected-packages-examples-pypi-python-package" <= this should match the given package_name_pattern in step 2
6. Create or adjust file .pypirc in order to push the pypi package to your local GitLab registry, see https://docs.gitlab.com/ee/user/packages/pypi_repository/#publish-a-pypi-package the given package_name_pattern in step 3
7. Build the pypi package and publish the pypi package

rm dist/* &&
python3 -m build &&
python3 -m twine upload --verbose --repository gitlab_gdk_test dist/* 

8. Pushing the pypi package should be blocked by the Packages::Protection::Rule created in step 3 💥
9. Now, change the package name in pyproject.toml and set it to "protected-packages-examples-pypi-python-package-other" <= this will not match the given package_name_pattern in step 3
10. Build the pypi package and publish the pypi package again

rm dist/* &&
python3 -m build &&
python3 -m twine upload --verbose --repository gitlab_gdk_test dist/* 

11. Pushing the pypi package should not be blocked by the Packages::Protection::Rule as the package name does not match 👍

Related to #323971