Improve API error for invalid JWT sub claim component
What does this MR do and why?
Improve the error response of the project API when submitting an invalid value for ci_id_token_sub_claim_component.
Prior to this change, the API returns a generic error when the submitted value had components that aren't allowed.
{"error":"ci_id_token_sub_claim_components does not have a valid value"}It now returns errors specific to the project attribute.
{
"message": {
"ci_cd_settings.id_token_sub_claim_components": [
"project_path must be the first element of the sub claim",
"invalid-component is not an allowed sub claim component"
]
}
}Note: It should be ci_id_token_sub_claim_components instead of ci_cd_settings.id_token_sub_claim_components
but this unrelated bug is out of scope.
Please not that prior to this MR validation errors other than "component not allowed" were already returned correctly. For example, the API returned the following response for an empty array.
{
"message": {
"ci_cd_settings.id_token_sub_claim_components": [
"is too short (minimum is 1 character)",
"project_path must be the first element of the sub claim"
]
}
}References
Please include cross links to any resources that are relevant to this MR. This will give reviewers and future readers helpful context to give an efficient review of the changes introduced.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
How to set up and validate locally
Attempt to change the attribute to an invalid value (component not allowed) on a project.
curl -XPUT "https://$GITLAB_API/$PROJECT_ID" \
-H "PRIVATE-TOKEN: $GITLAB_TOKEN" \
-H 'Content-Type: application/json' \
--data-binary "{\"ci_id_token_sub_claim_components\":["x"]}"Related to #477260 (closed)