Update container cleanup policy permissions (!86196) · Merge requests · GitLab.org / GitLab

Steve Abrams requested to merge 350682-container-expiration-policies-permissions into master Apr 28, 2022

🔎 What does this MR do and why?

This MR updates the permissions involving container repository cleanup policies from Developer to Maintainer.

The UI page that controls these settings requires maintainer access, however, the API only requires developer. This change is meant to make the two match each other to prevent confusion and also conform with most other similar settings throughout GitLab.

📷 Screenshots or screen recordings

💻 How to set up and validate locally

Create a project, or choose an existing project.
Create a user
Add the new user to the project as a Developer.

While logged in as the Developer user, use the graphql explorer: http://gdk.test:3000/-/graphql-explorer to try to update the container expiration policy settings using the query below:

mutation {
  updateContainerExpirationPolicy(input: {projectPath: "<project-full-path>", enabled:false, keepN:FIFTY_TAGS}) {
    containerExpirationPolicy {
	 enabled
      keepN
    }
  }
}

The request should be unsuccessful
Optionally, you could try the request again while logged in as a maintainer or the owner of the project, the request should be successful.

🛃 MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Related to #350682 (closed)

Edited May 05, 2022 by Steve Abrams

Update container cleanup policy permissions

🔎 What does this MR do and why?

📷 Screenshots or screen recordings

💻 How to set up and validate locally

🛃 MR acceptance checklist

Merge request reports