Skip to content

`default_branch_protection_defaults` object `access_level` fields cannot be set to 0 via REST API (but can via UI)

Summary

There are certain "Default Branch" settings that appear to be valid when set via the web UI, but are not able to be set via the groups API.
Specifically, the default_branch_protection_defaults object will reject default_branch_protection_defaults[allowed_to_push][0][access_level] of 0 and default_branch_protection_defaults[allowed_to_merge][0][access_level] of 0
Note access levels are highlighted here

Steps to reproduce

  1. Create a sub/group
  2. Navigate to Settings > Repository > Default branch
  3. Set "Initial default branch protection" to be
  • Protected
  • "no one" allowed to push
  • "no one" allowed to merge
  • allow developers to push to the initial commit
  1. Save changes
  2. Use curl to read the group object and confirm values set against default_branch_protection_defaults
  • curl -s -X GET -H "PRIVATE-TOKEN: ${GITLAB_API_TOKEN}" https://gitlab.com/api/v4/groups/12345678 | jq .
  "default_branch_protection_defaults": {
    "allowed_to_push": [
      {
        "access_level": 0
      }
    ],
    "allowed_to_merge": [
      {
        "access_level": 0
      }
    ],
    "developer_can_initial_push": true
  },
  1. Use curl to "PUT" the same object back into the group
  • curl -X PUT -H "PRIVATE-TOKEN: ${GITLAB_API_TOKEN}" -H "Content-Type: application/json" -d '{"default_branch_protection_defaults":{"allowed_to_push":[{"access_level":0}],"allowed_to_merge":[{"access_level":0}],"developer_can_initial_push":true}}' https://gitlab.com/api/v4/groups/12345678
  • response received back:
{"error":"default_branch_protection_defaults[allowed_to_push][0][access_level] does not have a valid value, default_branch_protection_defaults[allowed_to_merge][0][access_level] does not have a valid value"}

Example Project

What is the current bug behavior?

  • The access_level values of default_branch_protection_defaults can be set to "no one"/0 via the UI
  • The access_level values of default_branch_protection_defaults cannot be set to "no one"/0 via the API

What is the expected correct behavior?

  • The access_level values of default_branch_protection_defaults can be set to "no one"/0 via the UI
  • The access_level values of default_branch_protection_defaults can be set to "no one"/0 via the API

Relevant logs and/or screenshots

UI Settings
image

GET group (relevant snippet) image

PUT group image

Output of checks

This bug happens on GitLab.com

Edited by Steve Stevens