Validate ref early in deployments API (!139461) · Merge requests · GitLab.org / GitLab

Hordur Freyr Yngvason requested to merge validate-ref-early-in-deployments-api into master Dec 11, 2023

What does this MR do and why?

We are seeing a lot of rescued Deployment::StatusUpdateErrors caused by the late validation of the ref attribute on Deployment (internal link). We don't want to remove that error capture, because it could also help detect real problems.

We can, however, reduce the noise in our monitoring by performing the validation early in the API. The error structure is preserved; the only difference is that now we don't create the environment until after validating the ref, so in case the user is both unauthorized to deploy the environment, and the ref is invalid, then we will now return a 400 bad request instead of a 403 forbidden. This is hardly a notable change, but it is a user facing change nonetheless, hence the changelog entry.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Before	After

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Dec 11, 2023 by Hordur Freyr Yngvason

Validate ref early in deployments API

What does this MR do and why?

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

Merge request reports