Skip to content

Maven dependency proxy, project not found bug

David Fernandez requested to merge 428171-fix-dependency-proxy-pkgs-settings-mutation-project-not-found into master

🌳 Context

In Add GraphQL mutation for the dependency proxy f... (!133179 - merged), we added a GraphQL mutation to update (or create) the settings object of the dependency proxy for packages.

The settings object doesn't have a dedicated primary key because we have a 1:1 relationship with Project. More details in Add GraphQL mutation for the dependency proxy f... (!133179 - merged).

As such, the way to get an settings object is:

  1. Get the Project object (by its full path).
  2. Navigate to the settings object.

Unfortunately, (2.) was implemented in a way that didn't take into account that (1.) could fail and return nil (Project not found).

Guess what happens?

Yeah, 💥 undefined method dependency_proxy_packages_setting' for nil:NilClass`.

🔬 What does this MR do and why?

  • Update the mutation logic so that if the project is nil, we work on a nil settings object.
    • Thus, the permission check will fail as the target object is nil.
  • Update the related specs.

This mutation is part of the Maven dependency proxy which is behind a general feature flag. See [Feature flag] Enable packages_dependency_proxy... (#415218 - closed).

The Maven dependency proxy is not release yet and you can see that the mutation we update here is marked as alpha.

🖼 Screenshots or screen recordings

🔧 How to set up and validate locally

  1. Make sure that you have a license in the local instance.
  2. In a rails console, enable the dependency proxy feature flag: 
    Feature.enable(:packages_dependency_proxy_maven)
  3. Open http://gdk.test:8000/-/graphql-explorer
  4. Run the following query: 
    mutation {
  updateDependencyProxyPackagesSettings(input: { projectPath: "this/does/not/exist", enabled: true, mavenExternalRegistryUrl: "http://test"}) {
    dependencyProxyPackagesSetting {
      enabled
      mavenExternalRegistryUrl
      mavenExternalRegistryUsername
    }
    errors
  }
}

1️⃣ On master

We are greeted with:

{
  "errors": [
    {
      "message": "Internal server error"
    }
  ]
}

2️⃣ With this MR

{
  "data": {
    "updateDependencyProxyPackagesSettings": null
  },
  "errors": [
    {
      "message": "The resource that you are attempting to access does not exist or you don't have permission to perform this action",
      "locations": [
        {
          "line": 2,
          "column": 3
        }
      ],
      "path": [
        "updateDependencyProxyPackagesSettings"
      ]
    }
  ]
}

🎉

🛵 MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #428171 (closed)

Edited by David Fernandez

Merge request reports