Add Duo Workflow access to link MR vulnerabilities

Scott Hamptonrequested to merge
503408-grant-access-to-link-mr-to-vuln-to-duo into master

What does this MR do and why?

Add ai_workflows scope to the link merge request to vulnerabilities mutation and the related fields needed by the tool.

References

Related to #503408

Related to #556999

How to set up and validate locally

  1. In the rails console of the GDK, create a new OAuth access token with ai_workflows scope.
[1] pry(main)> application = Doorkeeper::Application.create!(
  name: "AI Workflows App",
  redirect_uri: "urn:ietf:wg:oauth:2.0:oob",
  scopes: "ai_workflows",
  owner: User.find_by_username("root")
)
=> #<Doorkeeper::Application:0x00000003301b4d50

[2] pry(main)> Doorkeeper::AccessToken.create!(
  application_id: application.id,
  resource_owner_id: application.owner.id,
  scopes: "ai_workflows",
  expires_in: 1.year.to_i,
  organization_id: Namespace.first.id
).plaintext_token
...
=> "0af770272ed1984efc874994dc7bb0bd5ed0a1577e8782a194966a94e740a1eb"
  1. Find a project that has vulnerabilities, and get the ID of one that you can dismiss.
  2. Send a request to the new token to a relevant endpoint to link an MR to a vulnerability

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Merge request reports