Add regex fields to the container expiration policy update mutation
requested to merge 220789-10io-add-missing-attributes-to-graphql-container-expiration-policy-mutation into master
What does this MR do?
In !32944 (merged), a GraphQL update mutation for container expiration policies was added.
It was later find out that two input fields were missing (#196784 (comment 357409416)): name_regex and name_regex_keep. #220789 (closed) has been created to deal with this.
This MR adds them as input fields.
Design choices
- Note that in !34063 (merged), we added validation at the model level so that a container expiration policy can't be saved.
- We could just add the two missing input fields and let the model go
💥 when an invalid regex is passed - We can also do a much better thing (implemented in this MR)
- Add a GraphQL Scalar that will take a
Stringand transform it into aStringin both ways input <-> ruby code. - The Scalar will validate the string as an untrusted regex when coercing input -> ruby code.
- The validation is based on the existing component: https://gitlab.com/gitlab-org/gitlab/-/blob/master/lib/gitlab/untrusted_regexp.rb
- Add a GraphQL Scalar that will take a
- The result is that the code flow doesn't execute the
#resolvefunction of the mutation. The parameters are rejected by the GraphQL scalar itself = shorter code execution = several database requests saved =🚀 - Nice bonus. Being a custom scalar, the type can be re-used by any other custom type.
Screenshots
GraphiQL editor:
Does this MR meet the acceptance criteria?
Conformity
-
Changelog entry -
Documentation (if required) -
Code review guidelines -
Merge request performance guidelines -
Style guides -
Database guides -
Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. -
Tested in all supported browsers -
Informed Infrastructure department of a default or new setting change, if applicable per definition of done
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
-
Label as security and @ mention @gitlab-com/gl-security/appsec -
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods -
Security reports checked/validated by a reviewer from the AppSec team
Edited by David Fernandez