Skip to content

GitLab Duo Code Review menu option visible in groups without required subscription tier nor Duo Add-on

Summary

From projects in namespaces on the free + premium tiers, you can select the menu option for GitLab Duo Code Review. This was found after testing for the same visibility in a Premium group (raised through a customer ticket).

Duo Code Review when it has been selected will not work, but can cause confusion.

There has not been any prior purchase nor trial Duo subscription applied on the Premium namespace. The visible menu options in the group should only reflect purchased add-on's.

  • Tier: Ultimate
  • Add-on: GitLab Duo Enterprise
  • Offering: GitLab.com, GitLab Self-Managed, GitLab Dedicated
  • Status: Beta

Customer Ticket: 624598 (link to customer example within the ticket)

Steps to reproduce

From a free group project on gitlab.com confirm the option exists at Settings > Merge Requests > Duo code review, and that you can enable this.

Example Project

https://gitlab.com/cshl-free/projectc/-/settings/merge_requests

What is the current bug behavior?

Menu option available that requires a Duo add-on, and the Ultimate subscription. This option is visible from Premium groups and Free groups.

What is the expected correct behavior?

Menu option should not be visible.

Relevant logs and/or screenshots

image.png

Output of checks

Results of GitLab environment info

Expand for output related to GitLab environment info 

  (For installations with omnibus-gitlab package run and paste the output of: \\\`sudo gitlab-rake gitlab:env:info\\\`)  (For installations from source run and paste the output of: \\\`sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production\\\`)

Results of GitLab application Check

Expand for output related to the GitLab application check 

 (For installations with omnibus-gitlab package run and paste the output of: \`sudo gitlab-rake gitlab:check SANITIZE=true\`)  (For installations from source run and paste the output of: \`sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true\`)  (we will only investigate if the tests are passing)

Possible fixes

Edited by Kinshuk Singh