[go: up one dir, main page]
Skip to content

api call to modify push rules return 403 error when push rules already set on subgroup

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

Summary

When the push rule Reject unverified users is set to true in the subgroup, doing an api call to change this on the project level fails with a {"message":"403 Forbidden"} error.

Happened to a customer on this ticket internal link.

Steps to reproduce

  • Create a group gold/premium (push rules is a premium feature)
  • Create a subgroup with Reject unverified users set to true in push rules
  • Create a project in this subgroup
  • Try this api call on the project
curl --location --request PUT 'https://gitlab.com/api/v4/projects/PROJECT_ID/push_rule' \
--header 'Private-Token: TOKEN' \
--header 'Content-Type: application/json' \
--data-raw '{
"commit_committer_check": true,
"reject_unsigned_commits": false
}'

Example Project

https://gitlab.com/olivier_test_193947 (ping me on slack to have access to it if needed)

What is the current bug behavior?

The api call fails with a {"message":"403 Forbidden"} error.

What is the expected correct behavior?

Ideally, the error message should lead to the push rules error, something like the Reject Unverified Users push rules is already set on the subgroup level or cannot override the push rules of the subgroup.

I spent couple of hours trying to figure out if that was a user authorization issue, token issue, etc. Having a clear error message would drastically reduce troubleshooting time.

Relevant logs and/or screenshots

With Reject unverified users at true:

olivier@onemoz-laptop ~ $ curl --location --request PUT 'https://gitlab.com/api/v4/projects/PROJECT/push_rule' --header 'Private-Token: TOKEN' --header 'Content-Type: application/json' --data-raw '{
"commit_committer_check": true,
"reject_unsigned_commits": false
}'
{"message":"403 Forbidden"}

With Reject unverified users at false:

olivier@onemoz-laptop ~ $ curl --location --request PUT 'https://gitlab.com/api/v4/projects/PROJECT/push_rule' --header 'Private-Token: <TOKEN>' --header 'Content-Type: application/json' --data-raw '{
"commit_committer_check": true,
"reject_unsigned_commits": false
}'
{"id":9952881,"project_id":24888569,"created_at":"2021-03-05T07:32:45.063Z","commit_message_regex":"","commit_message_negative_regex":"","branch_name_regex":"","deny_delete_tag":false,"member_check":false,"prevent_secrets":false,"author_email_regex":"","file_name_regex":"","max_file_size":0,"commit_committer_check":true,"reject_unsigned_commits":null}olivier@onemoz-laptop ~ $

Output of checks

This bug happens on GitLab.com 13.10.0-pre 9a85e8ba

Edited by 🤖 GitLab Bot 🤖