Merge branch 'add_severity_levels_as_optional_to_api_entity' into 'master'

Add severity_levels as optional

See merge request gitlab-org/gitlab!67067

ee/lib/api/helpers/project_approval_rules_helpers.rb

@@ -14,6 +14,7 @@ module API
         optional :protected_branch_ids, type: Array[Integer], coerce_with: ::API::Validations::Types::CommaSeparatedToIntegerArray.coerce, desc: 'The protected branch ids for this rule'
         optional :scanners, type: Array[String], desc: 'The security scanners to be considered by the approval rule'
         optional :vulnerabilities_allowed, type: Integer, desc: 'The number of vulnerabilities allowed for this rule'
+        optional :severity_levels, type: Array[String], desc: 'The security levels to be considered by the approval rule'
       end
 
       params :update_project_approval_rule do
@@ -26,6 +27,7 @@ module API
         optional :remove_hidden_groups, type: Boolean, desc: 'Whether hidden groups should be removed'
         optional :scanners, type: Array[String], desc: 'The security scanners to be considered by the approval rule'
         optional :vulnerabilities_allowed, type: Integer, desc: 'The number of vulnerabilities allowed for this rule'
+        optional :severity_levels, type: Array[String], desc: 'The security levels to be considered by the approval rule'
       end
 
       params :delete_project_approval_rule do

ee/lib/ee/api/entities/project_approval_setting_rule.rb

@@ -11,6 +11,7 @@ module EE
         expose :approvers, using: ::API::Entities::UserBasic, override: true
         expose :scanners, override: true
         expose :vulnerabilities_allowed, override: true
+        expose :severity_levels, override: true
       end
     end
   end

ee/spec/fixtures/api/schemas/public_api/v4/project_approval_setting.json

@@ -40,7 +40,13 @@
         "type": "string"
       }
     },
-    "vulnerabilities_allowed": { "type": "integer" }
+    "vulnerabilities_allowed": { "type": "integer" },
+    "severity_levels":{
+      "type": "array",
+      "items": {
+        "type": "string"
+      }
+    }
   },
   "additionalProperties": false
 }

ee/spec/support/shared_examples/requests/api/project_approval_rules_api_shared_examples.rb

@@ -84,6 +84,18 @@ RSpec.shared_examples 'an API endpoint for creating project approval rule' do
         expect(project.approval_rules.first.scanners).to eql(scanners)
       end
     end
+
+    context 'with valid severity_levels' do
+      let(:severity_levels) { ['critical'] }
+
+      it 'returns 201 status' do
+        expect do
+          post api(url, current_user), params: params.merge({ severity_levels: severity_levels })
+        end.to change { project.approval_rules.count }.from(0).to(1)
+        expect(response).to have_gitlab_http_status(:created)
+        expect(project.approval_rules.first.severity_levels).to eql(severity_levels)
+      end
+    end
   end
 
   context 'with vulnerabilities_allowed' do
@@ -133,6 +145,17 @@ RSpec.shared_examples 'an API endpoint for updating project approval rule' do
       end
     end
 
+    context 'with valid severity_levels' do
+      let(:severity_levels) { ['critical'] }
+
+      it 'returns 200 status' do
+        expect do
+          put api(url, current_user), params: { severity_levels: severity_levels }
+        end.to change { approval_rule.reload.severity_levels.count }.from(::Enums::Vulnerability.severity_levels.keys.count).to(severity_levels.count)
+        expect(response).to have_gitlab_http_status(:ok)
+      end
+    end
+
     context 'when approver already exists' do
       before do
         approval_rule.users << approver