The mirror_user_id param is not listed in API::Helpers::ProjectsHelperupdate_params_at_least_one_of and is causing needless 400 on a PUT request
Summary
Some of our REST API endpoints, like projects, will respond with a 400 error "at least one parameter must be provided" if particular params are not present in the PUT. If a developer doesn’t explicitly list a new param as being in the “at least one of” required group, then the request will fail if a client attempts to PUT with just that param.
Our tests of this behaviour are only verifying that the API “returns a 400 when nothing is sent”. This raises the suspicion that the intention of this check is that just something was posted, rather than the API needs to check that specific params were posted.
A customer’s request is failing because a particular param isn’t in that list. Not sure why we have two lists - one for params, and one for at_least_one_of.
Steps to reproduce
1 - Create a project which is a mirror
2 - Using out API, update this project's owner, using the mirror_user_id param:
curl --request PUT --header "private-token: <personal-access-token>" "http://<gitlab-url>/api/v4/projects/<project-id>?mirror_user_id=<user-id>"What is the current bug behavior?
The API responds with:
{"error":"allow_merge_on_skipped_pipeline, autoclose_referenced_issues, auto_devops_enabled, auto_devops_deploy_strategy, auto_cancel_pending_pipelines, build_coverage_regex, build_git_strategy, build_timeout, builds_access_level, ci_config_path, ci_default_git_depth, ci_forward_deployment_enabled, container_registry_enabled, container_expiration_policy_attributes, default_branch, description, emails_disabled, forking_access_level, issues_access_level, lfs_enabled, merge_requests_access_level, merge_method, name, only_allow_merge_if_all_discussions_are_resolved, only_allow_merge_if_pipeline_succeeds, pages_access_level, path, printing_merge_request_link_enabled, public_builds, remove_source_branch_after_merge, repository_access_level, request_access_enabled, resolve_outdated_diff_discussions, shared_runners_enabled, snippets_access_level, tag_list, visibility, wiki_access_level, avatar, suggestion_commit_message, repository_storage, compliance_framework_setting, packages_enabled, service_desk_enabled, issues_enabled, jobs_enabled, merge_requests_enabled, wiki_enabled, snippets_enabled, approvals_before_merge, external_authorization_classification_label, import_url, fallback_approvals_required are missing, at least one parameter must be provided"}And adding a value to any of the params mentioned fixes the error (whether or not the value is valid)
What is the expected correct behavior?
The project is either updated, or a specific parameter which might be missing is specified in the response