Add required_approval_count to Protected Environments API

f66b7341 · Alishan Ladhani · Shinya Maeda · 10709882 · f66b7341 · f66b7341
Commit f66b7341 authored Jan 05, 2022 by Alishan Ladhani Committed by Shinya Maeda Jan 05, 2022
6 changed files
--- a/doc/api/group_protected_environments.md
+++ b/doc/api/group_protected_environments.md
@@ -48,12 +48,13 @@ Example response:
      "name":"production",
      "deploy_access_levels":[
         {
-            "access_level":40,
-            "access_level_description":"Maintainers",
-            "user_id":null,
-            "group_id":null
+            "access_level": 40,
+            "access_level_description": "Maintainers",
+            "user_id": null,
+            "group_id": null
         }
-      ]
+      ],
+     "required_approval_count": 0
   }
 ]
 ```
@@ -87,7 +88,8 @@ Example response:
         "user_id":null,
         "group_id":null
      }
-   ]
+   ],
+   "required_approval_count": 0
 }
 ```

@@ -104,6 +106,7 @@ POST /groups/:id/protected_environments
 | `id`      | integer/string | yes | The ID or [URL-encoded path of the group](index.md#namespaced-path-encoding) maintained by the authenticated user. |
 | `name`    | string | yes    | The deployment tier of the protected environment. One of `production`, `staging`, `testing`, `development`, or `other`. Read more about [deployment tiers](../ci/environments/index.md#deployment-tier-of-environments).|
 | `deploy_access_levels`          | array          | yes | Array of access levels allowed to deploy, with each described by a hash. One of `user_id`, `group_id` or `access_level`. They take the form of `{user_id: integer}`, `{group_id: integer}` or `{access_level: integer}` respectively. |
+| `required_approval_count` | integer        | no       | The number of approvals required to deploy to this environment. This is part of Deployment Approvals, which isn't yet available for use. For details, see [issue](https://gitlab.com/gitlab-org/gitlab/-/issues/343864). |

 The assignable `user_id` are the users who belong to the given group with the Maintainer role (or above).
 The assignable `group_id` are the sub-groups under the given group.
@@ -119,12 +122,13 @@ Example response:
   "name":"production",
   "deploy_access_levels":[
      {
-         "access_level":40,
-         "access_level_description":"protected-access-group",
-         "user_id":null,
-         "group_id":9899826
+         "access_level": 40,
+         "access_level_description": "protected-access-group",
+         "user_id": null,
+         "group_id": 9899826
      }
-   ]
+   ],
+  "required_approval_count": 0
 }
 ```


--- a/doc/api/protected_environments.md
+++ b/doc/api/protected_environments.md
@@ -49,7 +49,8 @@ Example response:
            "user_id":null,
            "group_id":null
         }
-      ]
+      ],
+     "required_approval_count": 0
   }
 ]
 ```
@@ -78,12 +79,13 @@ Example response:
   "name":"production",
   "deploy_access_levels":[
      {
-         "access_level":40,
-         "access_level_description":"Maintainers",
-         "user_id":null,
-         "group_id":null
+         "access_level": 40,
+         "access_level_description": "Maintainers",
+         "user_id": null,
+         "group_id": null
      }
-   ]
+   ],
+  "required_approval_count": 0
 }
 ```

@@ -107,6 +109,7 @@ curl --header 'Content-Type: application/json' --request POST \
 | `id`                            | integer/string | yes | The ID or [URL-encoded path of the project](index.md#namespaced-path-encoding) owned by the authenticated user. |
 | `name`                          | string         | yes | The name of the environment. |
 | `deploy_access_levels`          | array          | yes | Array of access levels allowed to deploy, with each described by a hash. |
+| `required_approval_count` | integer        | no       | The number of approvals required to deploy to this environment. This is part of Deployment Approvals, which isn't yet available for use. For details, see [issue](https://gitlab.com/gitlab-org/gitlab/-/issues/343864). |

 Elements in the `deploy_access_levels` array should be one of `user_id`, `group_id` or
 `access_level`, and take the form `{user_id: integer}`, `{group_id: integer}` or
@@ -125,7 +128,8 @@ Example response:
         "user_id": null,
         "group_id": 9899826
      }
-   ]
+   ],
+  "required_approval_count": 0
 }
 ```


--- a/ee/lib/api/protected_environments.rb
+++ b/ee/lib/api/protected_environments.rb
@@ -51,6 +51,7 @@ module API
      end
      params do
        requires :name, type: String, desc: 'The name of the protected environment'
+        optional :required_approval_count, type: Integer, desc: 'The number of approvals required to deploy to this environment', default: 0

        requires :deploy_access_levels, type: Array, desc: 'An array of users/groups allowed to deploy environment' do
          optional :access_level, type: Integer, values: ::ProtectedEnvironment::DeployAccessLevel::ALLOWED_ACCESS_LEVELS
@@ -137,6 +138,7 @@ module API
      end
      params do
        requires :name, type: String, desc: 'The tier name of the protected environment'
+        optional :required_approval_count, type: Integer, desc: 'The number of approvals required to deploy to this environment', default: 0

        requires :deploy_access_levels, as: :deploy_access_levels_attributes, type: Array, desc: 'An array of users/groups allowed to deploy environment' do
          optional :access_level, type: Integer, values: ::ProtectedEnvironment::DeployAccessLevel::ALLOWED_ACCESS_LEVELS

--- a/ee/lib/ee/api/entities/protected_environment.rb
+++ b/ee/lib/ee/api/entities/protected_environment.rb
@@ -6,6 +6,7 @@ module EE
      class ProtectedEnvironment < Grape::Entity
        expose :name
        expose :deploy_access_levels, using: ::API::Entities::ProtectedRefAccess
+        expose :required_approval_count
      end
    end
  end

--- a/ee/spec/fixtures/api/schemas/public_api/v4/protected_environment.json
+++ b/ee/spec/fixtures/api/schemas/public_api/v4/protected_environment.json
@@ -6,7 +6,8 @@
  ],
  "properties": {
    "name": { "type": "string" },
-    "deploy_access_levels": { "type": "array", "items": { "$ref": "protected_ref_access.json" } }
+    "deploy_access_levels": { "type": "array", "items": { "$ref": "protected_ref_access.json" } },
+    "required_approval_count": { "type":  "integer" }
  },
  "additionalProperties": false
 }
--- a/ee/spec/requests/api/protected_environments_spec.rb
+++ b/ee/spec/requests/api/protected_environments_spec.rb
@@ -12,8 +12,8 @@ RSpec.describe API::ProtectedEnvironments do
  let(:protected_environment_name) { 'production' }

  before do
-    create(:protected_environment, :maintainers_can_deploy, :project_level, project: project, name: protected_environment_name)
-    create(:protected_environment, :maintainers_can_deploy, :group_level, group: group, name: protected_environment_name)
+    create(:protected_environment, :maintainers_can_deploy, :project_level, project: project, name: protected_environment_name, required_approval_count: 1)
+    create(:protected_environment, :maintainers_can_deploy, :group_level, group: group, name: protected_environment_name, required_approval_count: 2)
  end

  shared_examples 'requests for non-maintainers' do
@@ -64,6 +64,7 @@ RSpec.describe API::ProtectedEnvironments do
        expect(response).to match_response_schema('public_api/v4/protected_environment', dir: 'ee')
        expect(json_response['name']).to eq(protected_environment_name)
        expect(json_response['deploy_access_levels'][0]['access_level']).to eq(::Gitlab::Access::MAINTAINER)
+        expect(json_response['required_approval_count']).to eq(1)
      end

      context 'when protected environment does not exist' do
@@ -90,12 +91,13 @@ RSpec.describe API::ProtectedEnvironments do
        deployer = create(:user)
        project.add_developer(deployer)

-        post api_url, params: { name: 'staging', deploy_access_levels: [{ user_id: deployer.id }] }
+        post api_url, params: { name: 'staging', deploy_access_levels: [{ user_id: deployer.id }], required_approval_count: 3 }

        expect(response).to have_gitlab_http_status(:created)
        expect(response).to match_response_schema('public_api/v4/protected_environment', dir: 'ee')
        expect(json_response['name']).to eq('staging')
        expect(json_response['deploy_access_levels'].first['user_id']).to eq(deployer.id)
+        expect(json_response['required_approval_count']).to eq(3)
      end

      it 'protects the environment with group allowed to deploy' do
@@ -207,6 +209,7 @@ RSpec.describe API::ProtectedEnvironments do
        expect(response).to match_response_schema('public_api/v4/protected_environment', dir: 'ee')
        expect(json_response['name']).to eq(protected_environment_name)
        expect(json_response['deploy_access_levels'][0]['access_level']).to eq(::Gitlab::Access::MAINTAINER)
+        expect(json_response['required_approval_count']).to eq(2)
      end

      context 'when protected environment does not exist' do
@@ -233,12 +236,13 @@ RSpec.describe API::ProtectedEnvironments do
        deployer = create(:user)
        group.add_maintainer(deployer)

-        post api_url, params: { name: 'staging', deploy_access_levels: [{ user_id: deployer.id }] }
+        post api_url, params: { name: 'staging', deploy_access_levels: [{ user_id: deployer.id }], required_approval_count: 3 }

        expect(response).to have_gitlab_http_status(:created)
        expect(response).to match_response_schema('public_api/v4/protected_environment', dir: 'ee')
        expect(json_response['name']).to eq('staging')
        expect(json_response['deploy_access_levels'].first['user_id']).to eq(deployer.id)
+        expect(json_response['required_approval_count']).to eq(3)
      end

      it 'protects the environment with group allowed to deploy' do