Avoid namespace fetch from customersDot when trial creation triggered from GitLab

Summary

Currently, the (/trials/new) process is:

1. In GitLab after selecting or creating a group, trigger a trial on CustomersDot
2. On CustomersDot, ask GitLab(via api call) some things about the namespace - 'id', 'name', 'path', 'kind', 'trial_ends_on'.
3. Create the trial on CustomersDot
4. Respond to initial Post from GitLab.
5. Update the namespace on GitLab with an admin token from CustomersDot in the background

Sometimes we are seeing step #2 fail due to token expiration or other reasons.

Solution

We could likely send the info that customersDot needs from #2 in the initial payload from GitLab in #1 and forgo asking GitLab for it again in #2.

This would eliminate the token error issues and also improve the process as we would remove a network call if the information was already in the trial creation payload.

Detailed plan from #403054 (comment 1342685135)

• GitLab Side

  • Validate post to trial generation first checks namespace for proper access for the user to send
  • Send needed namespace info that CustomersDot needs in order to skip the get back to GitLab

• CustomersDot side

  • Validate X-Admin-Email and X-Admin-Token sent

  • Validate needed namespace info exists in the payload from GitLab

  • If all of the above is true, then skip the get back to GitLab for namespace info as we:

    1. Already have it.
    2. Are confident it is coming from GitLab and user has proper permissions to apply a trial on that namespace.

  • If namespace info isn't provided in the payload and/or admin creds aren't used, then default to the current setup of using get.

Concerns

Does possibly removing this get from GitLab in #2 remove any layers of security that it is implicitly providing? i.e. could someone post namespace info for a namespace they don't own and apply a trial to it? If so, is that different than it is today? - resolved see #403054 (comment 1333629325)