Skip to content

Adds ContainerTagsExpirationPolicy graphql type

Rahul Chanila requested to merge 471341-add-container-tags-expiration-policy-graphql-type into master

Context

A container registry can have a schedule to cleanup projects defined.

When a user navigates to the container registry for a project they can see when the next cleanup is scheduled: e.g. https://gitlab.com/gitlab-org/gitlab/container_registry

If a user clicks on a specific image repository, they will see Cleanup disabled rendered if they do not have MAINTAINER or above permissions. https://gitlab.com/gitlab-org/gitlab/container_registry/3728789

The expected behaviour here should be that all users should be able to see the next cleanup schedule run time irregardless of permissions when they are inside an image repository.

What does this MR do and why?

  1. Creates new ContainerTagsExpirationPolicy graphql type
  2. This is copied from ContainerExpirationPolicy with updated authorization
    1. Changed the authorization for the ContainerExpirationPolicyType from :admin_container_image to :read_container_image.
    2. This allows users with read access to container images to view the container expiration policy details.
  3. Deprecates ContainerExpirationPolicy graphql type, related issue
  4. Adds container_tags_expiration_policy to project_type graphql type
  5. Adds container_tags_expiration_policy to the update mutation

Why?

This was the original attempt Update authorization for ContainerExpirationPol... (!158703 - closed). We realised that this would need to be breaking change, so based on the decision, we want to deprecate existing fields to allow nullable fields.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Before After

How to set up and validate locally

Query:

  project(fullPath: "<project-path>") {
    containerTagsExpirationPolicy {
      nextRunAt
      cadence
      enabled
    }
    containerExpirationPolicy {
      nextRunAt
      cadence
      enabled
    }
  }

Mutation:

mutation {
  updateContainerExpirationPolicy(input: { cadence: EVERY_MONTH, projectPath: "<project-path>", enabled: true}) {
    containerTagsExpirationPolicy {
      cadence
      enabled
    }
    containerExpirationPolicy {
      cadence
      enabled
    }
    errors
  }
}

Related to #471341

Edited by Rahul Chanila

Merge request reports