Restrict tag rule operations when the Gitlab API is not supported
In this MR, we want to block creating, updating, and deleting ContainerRegistry::Protection::TagRule when the GitLab API is not supported (i.e. the container registry is not migrated)
MR acceptance checklist
How to set up and validate locally
Prerequisite: The GitLab API is supported when you have the next generation container registry running.
ContainerRegistry::GitlabApiClient.supports_gitlab_api? # => true1. When the GitLab API is supported:
current_user = User.first # this is root or you can also set it to your account
project = Project.last # make sure that current_user has privileges on project
::ContainerRegistry::Protection::CreateTagRuleService.new(project, current_user, {tag_name_pattern: 'samplestring', minimum_access_level_for_push: :admin, minimum_access_level_for_delete: :admin}).executeSuccess when creating:
=> #<ServiceResponse:0x00000001631950a0
@http_status=:ok,
@message=nil,
@payload=
{:container_protection_tag_rule=>
#<ContainerRegistry::Protection::TagRule:0x000000016305ccd8
id: 14,
project_id: 28,
created_at: Wed, 22 Jan 2025 06:44:15.926600000 UTC +00:00,
updated_at: Wed, 22 Jan 2025 06:44:15.926600000 UTC +00:00,
minimum_access_level_for_push: "admin",
minimum_access_level_for_delete: "admin",
tag_name_pattern: "asasa">},
@reason=nil,
@status=:success>2. When the GitLab API is NOT supported:
ContainerRegistry::GitlabApiClient.supports_gitlab_api? # false::ContainerRegistry::Protection::CreateTagRuleService.new(project, current_user, {tag_name_pattern: 'samplestring', minimum_access_level_for_push: :admin, minimum_access_level_for_delete: :admin}).executeError when creating:
=> #<ServiceResponse:0x0000000162996890
@http_status=nil,
@message="Feature is only available for migrated container registries",
@payload={:container_protection_tag_rule=>nil},
@reason=nil,
@status=:error>
Related to #506402
Edited by Adie (she/her)