API: projects/🆔 /jobs requires authorization
Summary
Working on a deployment tool I discovered that the ci jobs
endpoint on the REST api requires authorization. I think this must be an oversight, since the same information is available both after round-tripping through the pipelines
endpoint and on the human-readable page.
In any case, it would be nice to be able to query the jobs endpoint of public projects directly.
Steps to reproduce
curl https://gitlab.com/api/v4/projects/gitlab-org%2Fgitlab/jobs
- receive
401 Unauthorized
- compare
curl https://gitlab.com/api/v4/projects/gitlab-org%2Fgitlab/pipelines
andcurl https://gitlab.com/api/v4/projects/gitlab-org%2Fgitlab/pipelines/273346187/jobs
which return the expected information.
Example Project
Originally discovered against https://gitlab.xiph.org/api/v4/projects/xiph%2Ficecast-website/jobs but reproducible with the main gitlab project. See above.
What is the current bug behavior?
The jobs
endpoint is 401
unless an auth token is provided, even for public projects.
What is the expected correct behavior?
Since the job index is publicly available at other endpoints, I expected it to be available through the v4 REST API jobs
endpoint, returning the same json for public projects as an authenticated client sees.
Relevant logs and/or screenshots
$ curl https://gitlab.com/api/v4/projects/gitlab-org%2Fgitlab/jobs
{"error":"404 Not Found"}