GraphQL mutation ciJobTokenScopeRemoveProject always fails with "Target project is not in job scope"
Summary
The GraphQL mutation ciJobTokenScopeRemoveProject always seems to fail with "Target project is not in job scope" even when it is.
Steps to reproduce
For testing, I have created two projects on gitlab.com for testing purposes (these repositories contain no data and I allow GitLab staff to use them for reproducing and debugging this issue, although recreating it manually should be very easy as I documented all changes I made):
- https://gitlab.com/TheLastProject/ci_job_token_test_1
- https://gitlab.com/TheLastProject/ci_job_token_test_2
In the TheLastProject/ci_job_token_test_1 repository I have manually added TheLastProject/ci_job_token_test_2 to the CI/CD job token allowlist under Settings -> CI/CD -> Job token permissions.
When using GraphiQL on https://gitlab.com/-/graphql-explorer, I can confirm the project is in the inbound allow list:
Query:
query {
project(fullPath:"TheLastProject/ci_job_token_test_1") {
ciJobTokenScope {
inboundAllowlist {
nodes {
fullPath
}
}
}
}
}Result:
{
"data": {
"project": {
"ciJobTokenScope": {
"inboundAllowlist": {
"nodes": [
{
"fullPath": "TheLastProject/ci_job_token_test_2"
},
{
"fullPath": "TheLastProject/ci_job_token_test_1"
}
]
}
}
}
}
}Trying to remove the TheLastProject/ci_job_token_test_2 project however fails:
Mutation:
mutation {
ciJobTokenScopeRemoveProject(input:{
projectPath:"TheLastProject/ci_job_token_test_1",
targetProjectPath:"TheLastProject/ci_job_token_test_2"
}) {
errors
}
}Result:
{
"data": {
"ciJobTokenScopeRemoveProject": {
"errors": [
"Target project is not in the job token scope"
]
}
}
}Example Project
See above
What is the current bug behavior?
The project is not removed with the "Target project is not in the job token scope" message.
What is the expected correct behavior?
The project is removed from the "CI/CD job token allowlist".
Relevant logs and/or screenshots
See reproduction steps
Output of checks
This bug happens on GitLab.com
Activity
Hey @TheLastProject, thank you for creating this issue!
To get the right eyes on your issue more quickly, we encourage you to follow the issue triage best practices.
PLEASE NOTE: You will need to use the
@gitlab-bot label commandto apply labels to this issue.To set expectations, GitLab product managers or team members can't make any promise if they will proceed with this. However, we believe everyone can contribute, and welcome you to work on this proposed change, feature or bug fix. There is a bias for action, so you don't need to wait. Try and spin up that merge request yourself.
If you need help doing so, we're always open to mentor you to drive this change.
This message was generated automatically. You're welcome to improve it.
added automation:self-triage-encouraged label
This issue was automatically tagged with the label grouppipeline execution by TanukiStan, a machine learning classification model, with a probability of 0.97.
If this label is incorrect, please tag this issue with the correct group label as well as automation:ml wrong to help TanukiStan learn from its mistakes.
If you are unsure about the correct group, please do not leave the issue without a group label. Please refer to GitLab's shared responsibility functionality guidelines for more information on how to triage this kind of issues.
Authors who do not have permission to update labels can use the
@gitlab-bot label ~"group::<correct group name>"command, or leave the issue to be triaged by group leaders initially assigned by TanukiStan.This message was generated automatically. You're welcome to improve it.
- A deleted user
added automation:ml grouppipeline execution labels
added devopsverify sectionci labels
mentioned in issue gitlab-org/quality/triage-reports#20001 (closed)
added grouppipeline security label and removed grouppipeline execution label
mentioned in issue gitlab-org/quality/triage-reports#20135 (closed)
mentioned in issue gitlab-org/quality/triage-reports#20250 (closed)
mentioned in issue gitlab-org/quality/triage-reports#20332 (closed)
added devopssoftware supply chain security label and removed devopsverify label
added typebug label
