Expose security scanners in MR approval rules API

Return scanners when querying rules, and allow setting scanners
when creating or updating rules.

Changelog: added
EE: true

ee/lib/api/helpers/project_approval_rules_helpers.rb

@@ -12,6 +12,7 @@ module API
         optional :users, as: :user_ids, type: Array[Integer], coerce_with: ::API::Validations::Types::CommaSeparatedToIntegerArray.coerce, desc: 'The user ids for this rule'
         optional :groups, as: :group_ids, type: Array[Integer], coerce_with: ::API::Validations::Types::CommaSeparatedToIntegerArray.coerce, desc: 'The group ids for this rule'
         optional :protected_branch_ids, type: Array[Integer], coerce_with: ::API::Validations::Types::CommaSeparatedToIntegerArray.coerce, desc: 'The protected branch ids for this rule'
+        optional :scanners, type: Array[String], desc: 'The security scanners to be considered by the approval rule'
       end
 
       params :update_project_approval_rule do
@@ -22,6 +23,7 @@ module API
         optional :groups, as: :group_ids, type: Array[Integer], coerce_with: ::API::Validations::Types::CommaSeparatedToIntegerArray.coerce, desc: 'The group ids for this rule'
         optional :protected_branch_ids, type: Array[Integer], coerce_with: ::API::Validations::Types::CommaSeparatedToIntegerArray.coerce, desc: 'The protected branch ids for this rule'
         optional :remove_hidden_groups, type: Boolean, desc: 'Whether hidden groups should be removed'
+        optional :scanners, type: Array[String], desc: 'The security scanners to be considered by the approval rule'
       end
 
       params :delete_project_approval_rule do

ee/lib/ee/api/entities/project_approval_setting_rule.rb

@@ -9,6 +9,7 @@ module EE
       # To be removed in https://gitlab.com/gitlab-org/gitlab/issues/13574.
       class ProjectApprovalSettingRule < ProjectApprovalRule
         expose :approvers, using: ::API::Entities::UserBasic, override: true
+        expose :scanners, override: true
       end
     end
   end

ee/spec/fixtures/api/schemas/public_api/v4/project_approval_setting.json

@@ -33,6 +33,12 @@
         "type": "object",
         "properties": {}
       }
+    },
+    "scanners":{
+      "type": "array",
+      "items": {
+        "type": "string"
+      }
     }
   },
   "additionalProperties": false

ee/spec/support/shared_examples/requests/api/project_approval_rules_api_shared_examples.rb

@@ -72,6 +72,18 @@ RSpec.shared_examples 'an API endpoint for creating project approval rule' do
         end
       end
     end
+
+    context 'with valid scanners' do
+      let(:scanners) { ['sast'] }
+
+      it 'returns 201 status' do
+        expect do
+          post api(url, current_user), params: params.merge({ scanners: scanners })
+        end.to change { project.approval_rules.count}.from(0).to(1)
+        expect(response).to have_gitlab_http_status(:created)
+        expect(project.approval_rules.first.scanners).to eql(scanners)
+      end
+    end
   end
 end
 
@@ -98,6 +110,17 @@ RSpec.shared_examples 'an API endpoint for updating project approval rule' do
       end
     end
 
+    context 'with valid scanners' do
+      let(:scanners) { ['sast'] }
+
+      it 'returns 200 status' do
+        expect do
+          put api(url, current_user), params: { scanners: scanners }
+        end.to change { approval_rule.reload.scanners.count }.from(::Ci::JobArtifact::SECURITY_REPORT_FILE_TYPES.count).to(scanners.count)
+        expect(response).to have_gitlab_http_status(:ok)
+      end
+    end
+
     context 'when approver already exists' do
       before do
         approval_rule.users << approver