Update response code for bulk delete API for Container Registry
Problem to solve
The Container Registry API allows developers to delete registry tags in bulk. We currently limit this API call to one execution per hour. The limit makes sense, but we should return a different response code, when users attempt to execute it multiple times per hour.
- User runs
curl --request DELETE --data 'name_regex=.*' --data 'older_than=1month' --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/5/registry/repositories/2/tags"to delete all tags older than one month.
- User attempts to run
curl --request DELETE --data 'name_regex=.*' --data 'keep_n=5' --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/5/registry/repositories/2/tags"and receives a response code letting them know they can only execute this command once per hour.
Update the response code for the "Delete repository tags in bulk" API call if a user has already reached the 1x per hour limit to specify that they can only execute this command once per hour.
Permissions and Security
No permissions changes for this change. The Container Registry API should remain limited to Developers, Maintainers and Owners.
This limit is already listed in the Container Registry API documentation
- Test the API response to ensure it includes a message that this can only be executed once per hour.
What does success look like, and how can we measure that?
Success looks like users receive a response code that lets them know they are limited to once per hour.