Namespace is not valid error when configuring scan result policies
Summary
When setting up a Scan Result Policy on the top-level of a group, a customer is receiving a Namespace is not valid
error when attempting to create the Merge Request.
We appear to send a GraphQL query createPolicyProject
but the resulting response is:
[{"data":{"securityPolicyProjectCreate":{"project":null,"errors":["Namespace is not valid"],"__typename":"SecurityPolicyProjectCreatePayload"}}}]
This message appears to be returned when project creation fails but it's not fully clear on the problem.
I initially thought this was related to group IP restrictions, as all calls to Groups::Security::PoliciesController
resulted in another info
level log item that showed Attempting to access IP restricted group
. However, I couldn't replicate this directly on another group with IP restrictions enabled. When I tested this on my own group with IP restrictions enabled, I instead received Variable $input of type MergeRequestCreateInput! was provided invalid value for projectPath (Expected value to not be null), targetBranch (Expected value to not be null)
.
Steps to reproduce
See example ticket, not able to reproduce.
Example Project
See example ticket(Internal)
What is the current bug behavior?
Attempting to use the Scan results policy editor and clicking on Create merge request
results in a Namespace is not valid
error.
What is the expected correct behavior?
Create merge request
should result in the creation of the merge request or display a more clear error on how to resolve.
Relevant logs and/or screenshots
- Kibana logs(Internal)
Output of checks
This bug happens on GitLab.com
Results of GitLab environment info
Expand for output related to GitLab environment info
(For installations with omnibus-gitlab package run and paste the output of: `sudo gitlab-rake gitlab:env:info`) (For installations from source run and paste the output of: `sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)
Results of GitLab application Check
Expand for output related to the GitLab application check
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true
)(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true
)(we will only investigate if the tests are passing)
Possible fixes
-
backend Update Security::SecurityOrchestrationPolicies::ProjectCreateService
to check if the current_user hascreate_projects
permission and return error if the user does not have access
return error('User does not have permission to create project.') if current_user.can?(:create_projects, project_container? ? container.namespace : container)