MR approval endpoint fails with 401 authz error for non-authz problem
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
Summary
The merge request approval endpoint returns 401 auth error codes for a request that fails that have nothing to do with authz. My example is attempting to approve an MR twice.
Steps to reproduce
We have python wrapper functions to API calls, the implementations of which are not relevant but they make the story easy to read.
Attempting to approve an MR twice
# MR begins unapproved
>>> fetch_mr_approvals(headers, project_id, merge_request_iid)
[]
# Approve the MR
>>> approve_mr(headers, project_id, merge_request_iid)
# MR approved successfully
>>> fetch_mr_approvals(headers, project_id, merge_request_iid)
[{'user': {'id': 21582184, 'username': 'group_8794173_bot_b5827ad644a132afae20972d6b53fa4f', 'name': 'OSCI Bot', 'state': 'active', 'locked': False, 'avatar_url': 'https://secure.gravatar.com/avatar/26a87521c16c49d6204ddec443492cb58ad865555b5f3e7f516ed52ecc5a6a3e?s=80&d=identicon', 'web_url': 'https://gitlab.com/group_8794173_bot_b5827ad644a132afae20972d6b53fa4f'}}]
# Attempt to approve again
>>> approve_mr(headers, project_id, merge_request_iid)
Traceback (most recent call last):
File "<python-input-22>", line 1, in <module>
approve_mr(headers, project_id, merge_request_iid)
~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "<python-input-15>", line 7, in approve_mr
response.raise_for_status()
~~~~~~~~~~~~~~~~~~~~~~~~~^^
File "/usr/lib/python3.13/site-packages/requests/models.py", line 1024, in raise_for_status
raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 401 Client Error: Unauthorized for url: https://gitlab.com/api/v4/projects/51115677/merge_requests/800/approveExample Project
What is the current bug behavior?
The endpoint returns a HTTP 401 error, which led us on a fruitless hunt for a problem with token scopes and/or project approval permissions/RBAC.
What is the expected correct behavior?
The endpoint fails with a clearer error, indicating the actual problem. Or, better yet, the endpoint operation is idempotent and nothing happens - then there is no error at all.
Relevant logs and/or screenshots
Output of checks
Results of GitLab environment info
Expand for output related to GitLab environment info
(For installations with omnibus-gitlab package run and paste the output of: \`sudo gitlab-rake gitlab:env:info\`) (For installations from source run and paste the output of: \`sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production\`)
Results of GitLab application Check
Expand for output related to the GitLab application check
(For installations with omnibus-gitlab package run and paste the output of: `sudo gitlab-rake gitlab:check SANITIZE=true`) (For installations from source run and paste the output of: `sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true`) (we will only investigate if the tests are passing)