Backend: Add more detail to 403 error message when user needs a validated credit card to perform pipeline actions
Problem
The 403 error message returned when a user is not authenticated does not have enough information to show useful information in the frontend.
Proposal
Add an error message, to the api response(backend only) that says Credit card required to be on file in order to retry a build
to match the error we return from same failure in the retry action for jobs
Steps
From #346304 (comment 824667142)
- Refactor RetryPipelineService and RetryBuildService to use response objects instead of exceptions
- Transform the response objects into usable error messages for the RESTful API and GraphQL
Technical details
From #346304 (comment 824667142)
The pipeline retry service is built on top of the jobs retry service by looping through the failed jobs and calling the retry job service for all of them. Both services use exceptions to control the execution flow.
For pipelines we have three ways in which we can call the retry service:
- RESTful API: https://gitlab.com/gitlab-org/gitlab/-/blob/82f1ec0fdb67e6b557e0c1caab6b0896bbaf0704/lib/api/ci/pipelines.rb#L216-230
- Rails API and web: https://gitlab.com/gitlab-org/gitlab/-/blob/82f1ec0fdb67e6b557e0c1caab6b0896bbaf0704/app/controllers/projects/pipelines_controller.rb#L168-179 - this one is interesting because it schedules the retry to be executed async
- GraphQL: https://gitlab.com/gitlab-org/gitlab/-/blob/82f1ec0fdb67e6b557e0c1caab6b0896bbaf0704/app/graphql/mutations/ci/pipeline/retry.rb#L16-25
It looks like GraphQL
is used for the retry button on the show pipeline page, but it doesn't handle the AccessDeniedError
exceptions and it returns a 500
error with this body:
For Rails and API we have generic code that transforms these exceptions into 403
responses. Modifying these handlers to include the error message might turn into a security problem if we end up showing a message that we're not supposed to because this change has far reaching impact.
For jobs we have more than one way to retry as well:
- RESTful API: https://gitlab.com/gitlab-org/gitlab/-/blob/82f1ec0fdb67e6b557e0c1caab6b0896bbaf0704/lib/api/ci/jobs.rb#L106-122
- Rails web: https://gitlab.com/gitlab-org/gitlab/-/blob/82f1ec0fdb67e6b557e0c1caab6b0896bbaf0704/app/controllers/projects/jobs_controller.rb#L77-82 used from job log page and this is interesting because it's also used as an API by the retry icon:
- GraphQL: https://gitlab.com/gitlab-org/gitlab/-/blob/82f1ec0fdb67e6b557e0c1caab6b0896bbaf0704/app/graphql/mutations/ci/job/retry.rb#L16-25