Address gaps in API support for Secret Push Protection
### Overview As we built out [Secret Push Protection](https://docs.gitlab.com/ee/user/application_security/secret_detection/secret_push_protection) and took it through an [experimental](https://gitlab.com/groups/gitlab-org/-/epics/11587) and [beta](https://gitlab.com/groups/gitlab-org/-/epics/12729) phases, we had a number of gaps in our API support for the feature. This is despite [initially discussing and scoping](https://docs.google.com/document/d/1ti8NasCK-2_FAH4bVfY-ueRj-bI6UoM6xg-dEcOZE5k/edit#bookmark=id.6zl7i6s7xo06) GraphQL and REST API access as part of making the feature generally available (GA), which unfortunately was deprioritized at the time. With this epic, we are re-prioritizing this effort because of feedback we have received, as customers had noted that being able to toggle or retrieve the feature status via API interfaces is especially helpful in situations where they wanted to manage the feature via our terraform provider or through other automated workflows. ### Licensing and Product Tiers As the secret push protection feature is [Ultimate only](https://docs.gitlab.com/ee/user/application_security/secret_detection/secret_push_protection), all API resources created or exposed in the proposal above should also be licensed appropriately as such. Please check the guide on [how to handle EE only code](https://docs.gitlab.com/ee/development/ee_features.html#implement-a-new-ee-feature) for reference. ### Proposal We have identified the following gaps in API support for the feature: * **Feature Enablement** * ~Toggle the feature on instance-level via REST API is not available. **(gap, but [can be addressed easily](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/135273#note_1658921507))**~ * ~Toggle the feature on instance-level via GraphQL is not available. **(gap)**~ * Toggle the feature per project via REST API is not available. **(gap)** * :white_check_mark: Toggle the feature per project via GraphQL [is available](https://gitlab.com/gitlab-org/gitlab/-/blob/master/ee/app/graphql/mutations/security/ci_configuration/set_pre_receive_secret_detection.rb). * **Feature Status Retrieval** * ~Retrieve status for instance-level setting via REST API is not available. **(gap, but [can be addressed easily](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/135273#note_1658921507))~** * ~Retrieve status for instance-level setting via GraphQL is not available. **(gap)**~ * :white_check_mark: Retrieve status per project via REST API [is available](https://gitlab.com/gitlab-org/gitlab/-/blob/8b6c0f56291c00ddab005bd2c2ae19b230d788ab/ee/lib/ee/api/entities/project.rb#L41-43) (undocumented though). * Retrieve status per project via GraphQL is not available. **(gap)** Therefore, it would be great to address these gaps as follows: * [x] **Rest API**: * [x] **[Instance / Retrieval]** Expose `pre_receive_secret_detection_enabled` in [ApplicationSettings API](https://docs.gitlab.com/ee/api/settings.html) (see [comment](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/135273#note_1658921507)). * [x] **[Instance / Enablement]** Update `EE::API::Entities::ApplicationSetting` to toggle the instance-level setting on/off. * [x] **[Project / Enablement]** Create a new API endpoint to update a project security settings. * [x] **[Project / Enablement]** Ensure the new API endpoint created can toggle project-level on/off. * [x] **[Project / Documentation]** Update [Projects API documentation](https://docs.gitlab.com/ee/api/projects.html) to highlight the setting is [already exposed](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/160960). * [x] **GraphQL**: * [ ] ~**[Instance / Retrieval]** Create `ApplicationSettingType` to return instance settings.~ * [ ] ~**[Instance / Retrieval]** Add `pre_receive_secret_detection_enabled` field to `ApplicationSettingType`.~ * [ ] ~**[Instance / Enablement]** Create mutation `SetPreReceiveSecretDetection` to update `application_settings` record.~ * [x] **[Project / Retrieval]** Add `pre_receive_secret_detection_enabled` field to `EE::Types::Project`. **UPDATE – 2024-10-31** _While refining https://gitlab.com/groups/gitlab-org/-/epics/15756, we identified some changes to be no longer necessary as we plan to replace the [existing instance-level setting](https://docs.gitlab.com/ee/user/application_security/secret_detection/secret_push_protection/#allow-the-use-of-secret-push-protection-in-your-gitlab-instance) with the enhanced user experience discussed in https://gitlab.com/gitlab-org/gitlab/-/issues/494475 and https://gitlab.com/groups/gitlab-org/-/epics/15753. Those changes are ~struck through~ above._
epic