API project create always with visibility internal, and thus fail.
Summary
Creating a project using the /projects API ignores visibility and always uses "internal".
Steps to reproduce
Create a project using the v4 REST API. Pass visibility private (also tried visibility_level 0). Project gets created as visibility internal.
Confirmed parameters were passed in api_json.log; here is an example trying both keys:
{"time":"2019-06-12T20:28:22.336Z","severity":"INFO","duration":1198.09,"db":509.38,"view":688.7099999999999,"status":201,"method":"POST","path":"/api/v4/projects","params":[{"key":"description","value":"etckeeper for ryoko.metrics.net"},{"key":"name","value":"ryoko.metrics.net"},{"key":"visibility","value":"private"},{"key":"visibility_level","value":"0"}],"host":"git.metrics.net","ip":"172.16.1.244, 127.0.0.1","ua":"gitlab-add-machine/1.0","route":"/api/:version/projects","user_id":3,"username":"anthony-ldap","queue_duration":6.54,"gitaly_calls":14,"gitaly_duration":37.56,"correlation_id":"OrYxcutw8e5"}
... but that resulted in visibility of "internal"
Note this used to work (my scribe was using "visibility_level" before, I changed it to the documented "visibility" when it broke), as late as earlier this year.
(I noticed this when I started getting an inexplicable "internal is not allowed in a private group" error — the group I'm normally trying to create this in is set private, so creating them now fails. I also found one project that was created as internal in that group, before that was disallowed.)