The message received when push to a protected branch is rejected has changed since 11.3.0-rc4
Prior to https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/21034#6e60f94696b534ed16ff1d4f8ca1a742242805bf_58_64, the message received when trying to push to a protected branch from an unauthorized user was You are not allowed to push code to protected branches on this project
, but now it changed to the cryptic API is not accessible
, which isn't really helpful anymore... :(
This regression was discovered while running QA against staging running 11.3.0-rc4: https://gitlab.com/gitlab-org/quality/staging/-/jobs/95453012
This was originally reported in the QA issue: gitlab-org/release/tasks#428 (comment 99538282)
I believe the change in https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/21034 is semantically correct, as returning a 401 status code is definitely a good idea, but I think gitlab-shell
should probably use the provided message
from the response if present instead of always returning API is not accessible
One important thing to note is that QA wasn't run for !21034 (merged), and that would have caught the behavior change in advance! /cc @meks
I've set the ~Geo and ~Manage labels because there were set on !21034 (merged), and the ~Create label because I think it's the internal API is belonging to this team (but I think that would be unfair to assign the regression the ~Create team)
I've set the ~P1 label because this is a regression from the latest RC, and the ~S3 label because this isn't breaking any functionality but it can confuse users that are used to the previous behavior.
/cc @ash.mckenzie @stanhu @smcgivern
/cc @mlapierre because ~Create
/cc @sliaquat because ~Manage