Improve error messaging for CI_JOB_TOKEN
Problem to solve
Current error messaging for CI_JOB_TOKEN is vague. With the default scope change in 17.0, customer need an easier/more direct message which enables their users and support teams to easily identify if the access error is due to misconfiguration of the allowlist.
This is specific to the running pipeline. Configuration error messages will be addressed in #441583.
Proposal
Ideally, we should be able to indicate which project is declining to grant access. From below:
The technical implementation aspect is straightforward; we need to offer more granularity in capturing errors and presenting them in the UI or running job.
The main challenge is to look into the current permissions and different possibilities. We need to make a table for that:
User role on running pipeline | Is ci job token scope enabled | Type of action (fetch artifacts, repository API, etc) |
---|---|---|
Based on the table we have to discuss how detailed we should go with error messages in every case.
This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.