You need to sign in or sign up before continuing.
Alert notifications don't work for non-public projects
Summary
For non-public projects GitLab's notify endpoint is rejecting alert notifications coming from the Prometheus Alertmanager with 401 Unauthorized
.
Steps to reproduce
- Create a non-public project
- Send JSON payload to notify endpoint
- See
401
along withYou need to sign in or sign up before continuing.
Example Project
Private project ~bug
https://gitlab.com/splattael/notify-test-private
curl -w "\nHTTP code: %{http_code}\n" -X POST -H "Content-Type: application/json" -d '{"version":"4", "alerts": [{}]}' 'https://gitlab.com/splattael/notify-test-private/prometheus/alerts/notify.json'
{"error":"You need to sign in or sign up before continuing."}
HTTP code: 401
✅
Public project https://gitlab.com/splattael/notify-test-public
curl -w "\nHTTP code: %{http_code}\n" -X POST -H "Content-Type: application/json" -d '{"version":"4", "alerts": [{}]}' 'https://gitlab.com/splattael/notify-test-public/prometheus/alerts/notify.json'
HTTP code: 422
This request is missing a valid token so it responds with 422
which is OK in our case.
What is the current bug behavior?
Non-public projects cannot receive alert notifications from Prometheus.
What is the expected correct behavior?
Non-public projects should also be able to receive alert notifications from Prometheus.
Possible fixes
The notify endpoint should load the project without authorizing the current user as it always be nil
.
Edited by Peter Leitzen