Allow creation of protection tag rules up to a maximum

Adie (she/her)requested to merge
514896-restrict-tag-rule-creation-when-maximum into master

Overview

For https://gitlab.com/groups/gitlab-org/-/epics/15608+, we set a limit of 5 tag protection rules per project.

In this MR, we add that limit and raise an error when there is an attempt to create more than the maximum.

This 5-rule limit will eventually be increased and there are also plans of having an application setting to configure this limit https://gitlab.com/gitlab-org/gitlab/-/issues/504882.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

How to set up and validate locally

  1. In the Rails Console, try to create 5 protection rules. When 5 rules have been created, you should receive an error:
current_user = User.first # this is root or you can also set it to your account
project = Project.last # make sure that current_user has privileges on project
project.container_registry_protection_tag_rules.count

pattern = "sample1" # change the string for every try since this should be unique
::ContainerRegistry::Protection::CreateTagRuleService.new(project, current_user, {tag_name_pattern: pattern, minimum_access_level_for_push: :admin, minimum_access_level_for_delete: :admin}).execute

You should receive this error when you are trying to create more than 5.

=> #<ServiceResponse:0x000000016293b800
 @http_status=nil,
 @message="Maximum number of protection rules have been reached.",
 @payload={:container_protection_tag_rule=>nil},
 @reason=nil,
 @status=:error>

Related to #514896

Edited by Adie (she/her)

Merge request reports