Protected containers: Allow nil value for fields `minimum_access_level` (!146997) · Merge requests · GitLab.org / GitLab

The 17.0 major release is coming on May 16, 2024! This version brings many exciting improvements to GitLab, but also removes some deprecated features. We are introducing three breaking change windows during which we expect breaking changes to be deployed to GitLab.com. You can read more about it on our blogpost . The second breaking change window begins 2024-04-29 09:00 UTC and ends 2024-05-01 22:00 UTC.

Gerardo Navarro requested to merge gitlab-community/gitlab:427546-protected-containters-write-protection-for-container-repositories-follow-up-allow-nil-for-minimum-access-level-for-action into master Mar 08, 2024

What does this MR do and why?

Allows nil value for attributes minimum_access_level_for_delete and minimum_access_level_for_push.
Why? At the moment it is only possible to create container protection rules where both attributes have to be set. But, there are certainly situtation where the project team wants to protect a certain container repository from being deleted, but not from being pushed. With this MR, it will be possible to define such a container protection rule.
Adding validation that ensures that at least one of the fields is present
Adjusting grapqhl field types
This MR needs to wait for Protected containers: Rename attributes to mini... (!139413 - merged)

🛠 with ❤ at Siemens

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

MR Checklist (@gerardo-navarro)

Screenshots or screen recordings

This MR mostly includes backend -related changes.

In the frontend, the project setting UX needs to consider that one of the related attributes minimumAccessLevelForPush and minimumAccessLevelForDelete can be blank.

The following screenshot shows the list of container protection rules that displays a meaningful label when the attribute is blank.

The following screenshot shows the alert error message that appears when container protection rule is created with both attributes (minimumAccessLevelForPush and minimumAccessLevelForDelete) being blank.

How to set up and validate locally

Migrate the database

rails db:migrate

Create container protection rules

ContainerRegistry::Protection::Rule.create(
  project: Project.find(7),
  repository_path_pattern: "flightjs/flight-minimum-access-level-for-delete-blank",
  minimum_access_level_for_push: :maintainer,
  minimum_access_level_for_delete: nil
)

ContainerRegistry::Protection::Rule.create(
  project: Project.find(7),
  repository_path_pattern: "flightjs/flight-minimum-access-level-for-push-blank",
  minimum_access_level_for_push: nil,
  minimum_access_level_for_delete: :owner
)

Go to project settings page: http://gdk.test:3000/flightjs/Flight/-/settings/packages_and_registries
Scroll down to the section Protected containers and asses the table

Related to #427546

Edited Apr 25, 2024 by Gerardo Navarro

Admin message

Protected containers: Allow nil value for fields `minimum_access_level`

What does this MR do and why?

MR acceptance checklist

Screenshots or screen recordings

How to set up and validate locally

Merge request reports