Fix 500 errors when renaming projects with underscores

https://gitlab.com/gitlab-org/gitlab/-/merge_requests/68357 added the `container_registry_migration_phase1` feature flag. When enabled, this change caused a `ContainerRepository` model to be instantiated every time the registry client checked for tags. For projects that had trailing/leading underscores in their paths, this would trigger a validation error and cause a `ContainerRegistry::Path::InvalidRegistryPathError` exception to be raised while trying to generate the `migration_eligible` flag in the access token. Previously this would not cause a 500 error because the access token was still generated, but the manifest would return empty since registry images cannot exist for project paths with trailing/leading underscores. To preserve the previous behavior, we now catch and log this exception in `ContainerRegistryAuthenticationService.migration_eligible`. Relates to https://gitlab.com/gitlab-org/gitlab/-/issues/27483 Changelog: fixed

Fix 500 errors when renaming projects with underscores
https://gitlab.com/gitlab-org/gitlab/-/merge_requests/68357 added the `container_registry_migration_phase1` feature flag. When enabled, this change caused a `ContainerRepository` model to be instantiated every time the registry client checked for tags. For projects that had trailing/leading underscores in their paths, this would trigger a validation error and cause a `ContainerRegistry::Path::InvalidRegistryPathError` exception to be raised while trying to generate the `migration_eligible` flag in the access token. Previously this would not cause a 500 error because the access token was still generated, but the manifest would return empty since registry images cannot exist for project paths with trailing/leading underscores. To preserve the previous behavior, we now catch and log this exception in `ContainerRegistryAuthenticationService.migration_eligible`. Relates to https://gitlab.com/gitlab-org/gitlab/-/issues/27483 Changelog: fixed
4a70f4ef · Stan Hu · 9dfe024e · 4a70f4ef · 4a70f4ef
Commit 4a70f4ef authored Jan 03, 2022 by Stan Hu
2 changed files
--- a/app/services/auth/container_registry_authentication_service.rb
+++ b/app/services/auth/container_registry_authentication_service.rb
@@ -145,6 +145,9 @@ module Auth
      # we'll remove them manually from this deny list, and their new repositories will become eligible.
      Feature.disabled?(:container_registry_migration_phase1_deny, project.root_ancestor) &&
        Feature.enabled?(:container_registry_migration_phase1_allow, project)
+    rescue ContainerRegistry::Path::InvalidRegistryPathError => ex
+      Gitlab::ErrorTracking.track_and_raise_for_dev_exception(ex, **Gitlab::ApplicationContext.current)
+      false
    end

    ##

--- a/spec/services/auth/container_registry_authentication_service_spec.rb
+++ b/spec/services/auth/container_registry_authentication_service_spec.rb
@@ -92,6 +92,35 @@ RSpec.describe Auth::ContainerRegistryAuthenticationService do

      it_behaves_like 'a modified token'
    end
+
+    context 'with a project with a path with trailing underscore' do
+      let(:bad_project) { create(:project) }
+
+      before do
+        bad_project.update!(path: bad_project.path + '_')
+        bad_project.add_developer(current_user)
+      end
+
+      describe '#full_access_token' do
+        let(:token) { described_class.full_access_token(bad_project.full_path) }
+        let(:access) do
+          [{ 'type' => 'repository',
+             'name' => bad_project.full_path,
+             'actions' => ['*'],
+             'migration_eligible' => false }]
+        end
+
+        subject { { token: token } }
+
+        it 'logs an exception and returns a valid access token' do
+          expect(Gitlab::ErrorTracking).to receive(:track_and_raise_for_dev_exception)
+
+          expect(token).to be_present
+          expect(payload).to be_a(Hash)
+          expect(payload).to include('access' => access)
+        end
+      end
+    end
  end

  context 'when not in migration mode' do