Protected containers: Integrate delete protection in GraphQL
-
Please check this box if this contribution uses AI-generated content (including content generated by GitLab Duo features) as outlined in the GitLab DCO & CLA. As a benefit of being a GitLab Community Contributor, you receive complimentary access to GitLab Duo.
What does this MR do and why?
Protected containers: Delete protection for new container repositories
- Delete protection for new container repositories in the container registry authentication mechanism
- Reusing the model scopes to quickly match container registry protection rules
- Code necessary for the implementation of
the feature
protected containers, see &9825
Changelog: added
References
Please include cross links to any resources that are relevant to this MR This will give reviewers and future readers helpful context to give an efficient review of the changes introduced.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
MR Checklist (@gerardo-navarro)
-
Changelog entry added, if necessary -
Documentation created/updated via this MR -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Tested in all supported browsers -
Conforms to the code review guidelines -
Conforms to the style guides -
Conforms to the javascript style guides -
Conforms to the database guides -
Conforms to the merge request performance guidelines -
Integrate error message in container image overview page -
Integrate error message in container image detail page
Screenshots or screen recordings
Before
Frontend frontend / UX UX
The container repository is deleted and a success alert is shown.
GraphQL GraphQL
Success output is shown after sending the GraphQL request destroyContainerRepository.
Click to expand response from the GraphQL
```json { "data": { "destroyContainerRepository": { "errors": [], "containerRepository": { "id": "gid://gitlab/ContainerRepository/14" } } }, "correlationId": "01JWXKJYFDSP66VF1T3KTYBF6B" } ```After
Frontend frontend / UX UX
The container repository cannot be deleted because it is protected. Please note that the frontend is currently showing a genereal error message and does not give more details to the user. In !185337 (merged), we are adding an improvement to shows the error details in the frontend as well.
GraphQL GraphQL
When sending the GraphQL request destroyContainerRepository to a protected container repository then the response includes an error message.
Click to expand the GraphQL response with the error
{
"data": {
"destroyContainerRepository": {
"errors": [
"Deleting protected repository path forbidden"
],
"containerRepository": {
"id": "gid://gitlab/ContainerRepository/14"
}
}
},
"correlationId": "01JWXK1AF6A05QJN7A3TQYNHMA"
}How to set up and validate locally
- Ensure you have the feature flag :container_registry_protected_containers_delete enabled.
Feature.enabled(:container_registry_protected_containers_delete)- Push a container image to the container registry of your GDK to the project http://gdk.test:3000/flightjs/Flight
- Go to http://gdk.test:3000/flightjs/Flight/-/settings/packages_and_registries and create (or alter) a container protection rule to protect the recently pushed container image
- Go to http://gdk.test:3000/flightjs/Flight/container_registry and attempt to delete an existing container image that should be protected
- Attempt to delete the container repository via GraphQL
mutation { destroyContainerRepository { id: "gid://gitlab/ContainerRepository/<<id of the container image>>" } }
Related to #406797