Skip to content

Add Approval Gate Rules [RUN ALL RSPEC] [RUN AS-IF-FOSS]

Max Woolf requested to merge 267511-approval-gate-rule-type into master

What does this MR do?

  • Adds a new model ExternalApprovalRule
  • Adds two new database tables external_approval_rules and external_approval_rules_protected_branches to fasciliate a many-to-many association between ExternalApprovalRule and ProtectedBranch.
  • Adds four two new API endpoints and matching documentation
    • POST /projects/:id/external_approval_rules - To add a new external approval rule to a project
    • GET /projects/:id/external_approval_rules - To list all external approval rules for a project
  • These two API endpoints will be added in a new MR to keep this MR a manageable size.
    • PATCH /projects/:project_id/external_approval_rules/:id - Update an approval rule
    • DELETE /projects/:project_id/external_approval_rules/:id - Delete an approval rule

This MR isn't designed to do anything other than create the ability to add the rules. It doesn't evaluate them or trigger them in any way. As such, its functionality is behind a default-off feature flag.

database review

Migrate

== 20210209110019 CreateExternalApprovalRules: migrating ======================
-- create_table(:external_approval_rules, {:if_not_exists=>false})
-- quote_column_name(:external_url)
   -> 0.0000s
-- quote_column_name(:name)
   -> 0.0000s
   -> 0.0069s
-- quote_table_name("check_b634ca168d")
   -> 0.0000s
-- quote_table_name("check_1c64b53ea5")
   -> 0.0000s
-- quote_table_name(:external_approval_rules)
   -> 0.0000s
-- execute("ALTER TABLE \"external_approval_rules\"\nADD CONSTRAINT \"check_b634ca168d\" CHECK (char_length(\"external_url\") <= 255),\nADD CONSTRAINT \"check_1c64b53ea5\" CHECK (char_length(\"name\") <= 255)\n")
   -> 0.0009s
-- transaction_open?()
   -> 0.0000s
-- index_exists?(:external_approval_rules, [:project_id, :name], {:unique=>true, :name=>"idx_on_external_approval_rules_project_id_name", :algorithm=>:concurrently})
   -> 0.0011s
-- execute("SET statement_timeout TO 0")
   -> 0.0004s
-- add_index(:external_approval_rules, [:project_id, :name], {:unique=>true, :name=>"idx_on_external_approval_rules_project_id_name", :algorithm=>:concurrently})
   -> 0.0026s
-- execute("RESET ALL")
   -> 0.0004s
-- transaction_open?()
   -> 0.0000s
-- index_exists?(:external_approval_rules, [:project_id, :external_url], {:unique=>true, :name=>"idx_on_external_approval_rules_project_id_external_url", :algorithm=>:concurrently})
   -> 0.0011s
-- add_index(:external_approval_rules, [:project_id, :external_url], {:unique=>true, :name=>"idx_on_external_approval_rules_project_id_external_url", :algorithm=>:concurrently})
   -> 0.0022s
-- create_table(:external_approval_rules_protected_branches)
   -> 0.0068s
== 20210209110019 CreateExternalApprovalRules: migrated (0.0305s) =============

Rollback

== 20210209110019 CreateExternalApprovalRules: reverting ======================
-- drop_table(:external_approval_rules, {:force=>:cascade})
   -> 0.0020s
-- drop_table(:external_approval_rules_protected_branches, {:force=>:cascade})
   -> 0.0006s
== 20210209110019 CreateExternalApprovalRules: reverted (0.0027s) =============

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

  • Label as security and @ mention @gitlab-com/gl-security/appsec
  • The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • Security reports checked/validated by a reviewer from the AppSec team

Related to #267511 (closed)

Edited by Max Woolf

Merge request reports