Skip to content

Update dependency proxy settings permissions

Steve Abrams requested to merge 350682-dependency-proxy-permissions into master

🍔 What does this MR do and why?

This MR updates the permissions involving dependency proxy settings and dependency proxy cleanup policies from Developer to Maintainer.

The UI page that controls these settings requires maintainer access, however, the API only requires developer. This change is meant to make the two match each other to prevent confusion and also conform with most other similar settings throughout GitLab. We are doing this in a few places throughout the package stage in #350682 (closed).

There is also some poorly named permissions in the dependency proxy code. This MR takes us down to two permissions:

  • read_dependency_proxy - This is the permission level required to pull images from the Dependency Proxy
  • admin_dependency_proxy - This is the permission level required to change group-level settings related to the Dependency Proxy

By fixing up the permission naming, we also resolve #340461 (closed).

🍟 Screenshots or screen recordings

Screen_Shot_2022-05-05_at_3.28.32_PM

Screen_Shot_2022-05-05_at_3.28.02_PM

🍦 How to set up and validate locally

  1. Create a group (or pick an existing one)

  2. Create a user

  3. Add the user to the group as a Developer

  4. While logged in as the Developer user, use the graphql explorer: http://gdk.test:3000/-/graphql-explorer to try to update the Dependency Proxy settings using one of the queries below.

    mutation {
  updateDependencyProxySettings(input: {groupPath: "<your-group-full-path", enabled:true}) {
    dependencyProxySetting {
      enabled
    }
  }
}
    mutation {
  updateDependencyProxyImageTtlGroupPolicy(input: {groupPath: "sabrams-public-group", enabled:true, ttl:11}) {
    dependencyProxyImageTtlPolicy {
      ttl
      enabled
      updatedAt
    }
  }
}

  5. The request should be unsuccessful

  6. Optionally, you can log back in as the root user or owner/maintainer of the group and make the request again, it should be successful.

🌭 MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #350682 (closed)

Edited by Steve Abrams

Merge request reports