diff options
| author | Patrick Steinhardt <psteinhardt@gitlab.com> | 2021-08-13 15:48:21 +0300 |
|---|---|---|
| committer | Patrick Steinhardt <psteinhardt@gitlab.com> | 2021-08-30 13:03:20 +0300 |
| commit | 773668f55279f89f5f9439064329866608e9b35a (patch) | |
| tree | 30881b1ebe724381e30fe16d98fb2baf99b309c7 /cmd | |
| parent | dec431eac82653b5478837548b992a874aa302ca (diff) | |
hook: Fix prereceive returning AllowedError for generic errors
The pre-receive hook implementation is responsible for calling GitLab's
`/internal/allowed` API to do access checks. In case this API endpoint
tells us that a change is not allowed, we need to make the error message
available to the original caller, which then knows to return the error
message via the response's `PreReceiveError` field.
Our current implementation of this is wrong though: while we correctly
pass up information via a `NotAllowedError` in case the access check
indicates that the change is not allowed, we also pass up information
when invoking the endpoint itself failed. But this really is an internal
error, and we don't ever want to return such information to the user.
Fix this issue by returning a normal error in such cases.
Changelog: fixed
Diffstat (limited to 'cmd')
| -rw-r--r-- | cmd/gitaly-hooks/hooks_test.go | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/cmd/gitaly-hooks/hooks_test.go b/cmd/gitaly-hooks/hooks_test.go index 60f24f227..1f1c538d1 100644 --- a/cmd/gitaly-hooks/hooks_test.go +++ b/cmd/gitaly-hooks/hooks_test.go @@ -491,7 +491,7 @@ func TestHooksNotAllowed(t *testing.T) { cmd.Dir = repoPath require.Error(t, cmd.Run()) - require.Equal(t, "GitLab: 401 Unauthorized\n", stderr.String()) + require.Equal(t, "invoking access checks: 401 Unauthorized\n", stderr.String()) require.Equal(t, "", stdout.String()) require.NoFileExists(t, customHookOutputPath) } |