Add budget caps client methods and feature flag
What does this MR do and why?
Adds the foundation for the budget caps GraphQL API — a proxy layer that lets GitLab namespace owners (SaaS) and instance admins (SM) read and write per-user budget cap overrides via CDot.
This MR introduces:
- Feature flag
budget_caps_graphql_api(disabled by default) - Three CDot client methods on
SubscriptionUsageClient:get_budget_caps— reads subscription cap, flat user cap, and per-user overridesupsert_user_budget_cap_overrides— bulk upserts per-user cap overridesupsert_flat_user_cap— updates the flat user cap for a subscription
- Auth unification — extracts
execute_cdot_graphqlandhttp_post_graphqlso both queries and mutations share the same SaaS/SM auth routing ResolvesSubscriptionTargetshared concern for mutations (feature flag check, namespace resolution, authorization, client building)- Full specs for all three client methods covering SaaS and SM paths, entity_ids filtering, pagination, error handling, and nil data handling
Authorization model
- SaaS: Namespace owners can read/write budget caps for their root group
- Self-Managed: Instance admins can read/write budget caps for the instance. Admin mode must be active — the
admincondition inBasePolicyrequires bothuser.admin?andGitlab::Auth::CurrentUserMode#admin_mode?. API requests authenticated with a Personal Access Token (PAT) bypass admin mode automatically viasessionless_bypass_admin_mode!.
Stacked MR plan
| # | MR | Description | Status |
|---|---|---|---|
| 1 | This MR | Foundation — feature flag + client + shared concern | Merged |
| 2 | !230218 (merged) | Query — budget caps read API (BudgetCapsType, UserOverrideType, PORO) |
Merged |
| 3 | !230224 (merged) | Mutation — upsert flat user cap | In review |
| 4 | !230222 (merged) | Mutation — upsert user budget cap overrides | In review |
| 5 | !230226 (closed) | Enable feature flag by default (draft, blocked by 3-4) | Draft |
References
- Query issue: https://gitlab.com/gitlab-org/gitlab/-/issues/595490
- Mutation issue: https://gitlab.com/gitlab-org/gitlab/-/issues/595491
- Parent epic: https://gitlab.com/groups/gitlab-org/-/work_items/21415
- Feature flag rollout: #595730
Screenshots or screen recordings
Not applicable — API only, no UI changes.
How to set up and validate locally
- Enable the feature flag:
Feature.enable(:budget_caps_graphql_api) - This MR adds client methods only (no GraphQL schema changes). To validate, run the specs:
bin/rspec ee/spec/lib/gitlab/subscription_portal/subscription_usage_client_spec.rb - All 160 examples should pass.
MR acceptance checklist
Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Edited by Suraj Tripathi