Add Detailed Error Message for Credit Card-less Users
What does this MR do and why?
This MR adds an error message for all types of json api's when access is denied to retrying a pipeline due to no credit card on file. There are a few changes to the UI. Mostly that a generic flash error message appears upon retry rather than a silent failure of the retry.
The graphql portion of this is complicated by an existing bug where raising Gitlab::Access::AccessDeniedError
returns a 500 from the graphql endpoint instead of a 200. This is not isolated to this mutation. #354023 (comment 859070887).
Since
Gitlab::Access::AccessDeniedError
is rescued globally in the rails api and application controller we have many services that raiseGitlab::Access::AccessDeniedError
and expect the application to serve a 403. Instead when these are called in graphql mutations we get a500
currently{ errors: [{message: 'Internal Server Error: GitLab::Access::AccessDeniedError'}] }
. This is a bug condidion since we should not throw a 500 in a mutation if access is denied but I think it should be a 200 with 'not found' or another custom error message in the case of a mutation. In a resolver we should return null and 200).Some examples:
Mutations::Ci::Job::Play
calls::Ci::PlayBuildService
which raisesGitlab::Access::AccessDeniedError
Mutations::Ci::Job::Retry
callsCi::RetryPipelineService
callsCi::RetryBuildService
both of which can raiseGitlab::Access::AccessDeniedError
We raise this is 48 services currently(some currently called in mutations and many with the potential to be called in mutations).
See the existing conditions and new conditions below:
Screenshots or screen recordings
Existing Conditions (Access Denied)
Changes (Access Denied)
Changes (Access Denied - Credit Card)
How to set up and validate locally
Example below:
- Set
has_required_credit_card_to_run_pipelines?
tofalse
def has_required_credit_card_to_run_pipelines?(project) false #has_valid_credit_card? || !requires_credit_card_to_run_pipelines?(project) end
- Visit any group or project member pages such as
http://127.0.0.1:3000/groups/flightjs/-/group_members
- Run a failing pipeline. ex
script: exit 0
- Click the
Pipelines
button. - Click the cirular 'retry' arrow
- Click the pipeline 'retry' arrow
- Navigate to the pipeline show page
- Click the 'retry' button on
- Use curl or httpie to run an http request against your pipeline:
$ http POST "http://localhost:3000/api/v4/projects/10/pipelines/39/retry" "PRIVATE-TOKEN: ***"
HTTP/1.1 403 Forbidden
Cache-Control: no-cache
Content-Length: 77
Content-Type: application/json
Date: Thu, 17 Feb 2022 15:05:29 GMT
Vary: Origin
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Request-Id: 01FW43EY2YGE8K1RR1HSE6AJ8A
X-Runtime: 1.985245
{
"message": "Credit card required to be on file in order to retry a pipeline"
}
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #346304 (closed)