TypeError: 'NoneType' object is not subscriptable

[NLincoln]

We're trying to get marge-bot up and running on our own gitlab instance, and might have found a bug?

> marge/project.py
>> return AccessLevel(self.info['permissions']['project_access']['access_level'])
>> TypeError: 'NoneType' object is not subscriptable

After looking into this a bit, it looks like gitlabs api will return permissions only on the /projects/:id request, but not for /projects.

[jcpetruzza]

Thanks for reporting this! What version of GitLab are you on? Also, if you launch marge-bot with --debug you should get the GitLab's REST API responses, could you paste that as well?

[jcpetruzza]

Looking at the docs the docs, their example call to GET /projects returns a list with two projects, one includes the permissions field, the other doesn't. Trying to figure out the logic...

[NLincoln]

It looks like only the call that gets a single project will return permissions.

[jcpetruzza]

The behaviour of the GitLab REST API can change with versions and this can be the reason why we see different results. What version of GitLab are you? You should be able to see it under Help or Settings

[NLincoln]

9.3.5 ee

[jcpetruzza]

Ok, that's a recent one.

What are the permissions the @marge-bot user has on your project? (e.g. Guest, Reporter, Developer, Master?).

Also, when you run it with --debug and get the list of projects for GET /projects, do you see many fields per project or just a few? (the REST call accepts a simple arg that may be defaulting to True in your version of GitLab).

[NLincoln]

This is curious... after looking at the debug output gitlab is sending the permissions field.

[NLincoln]

Sometimes though the permissions.project_access can be null. I think that's the issue here

[NLincoln]

We use group level permissions for our users (since we have several projects). Could that be part of it?

[david-duncan]

Believe it or not but some projects the user has access to come back with an empty permissions array:

    'permissions': {
      'project_access': None,
      'group_access': None
    }

Even though the user is a master on the group. We tracked this down to a gitlab bug that we have not reported(or found the issue tracking) where subgroups getting moved do not cascade proper permissions down.

So we removed our user from these groups and manually re-added. Now we still have group level access

    'permissions': {
      'project_access': None,
      'group_access': {
        'access_level': 40,
        'notification_level': 3
      }
    }

I see two things needing to happen here:

1. Fallback to group access if project is not present
2. Have some better handling if neither are present

[jcpetruzza]

Ok, it makes sense now, thank you both for looking into this!

It is definitely a bug that marge-bot only checks the project_access field and not the group_access. I'll hopefully push a fix for this later today.

The part where GitLab returns both project_access and group_access as None should probably be reported back to GitLab, but we could at least log something more useful when this happens.

[david-duncan]

I got interested. I can push the first requirement

[jcpetruzza]

Yes, please, just send us a PR. I can do the second part on top of that.

[jcpetruzza]

Ah, just saw you are doing both, even better :)

[david-duncan]

I believe this can be closed now - How does the docker pipeline work?

[aschmolck]

@david-duncan

We plan to push a new release to docker hub tomorrow, but If you want to build the docker image yourself, something like

curl https://nixos.org/nix/install | sh
make dockerize

should do the trick, but it will take a while to run the first time (and install the nix build system/package manager on your system in /nix, for which you will need root). It's slower now than it would normally be, something we'll fix in the near future.

[david-duncan]

Sounds good. I noticed the makefile but didn't see anything in travis for automating it. LMK if you need someone to take it

While we are in the same sphere of discussion - I wrote a small ktmpl k8s template for a deploy and a secrets file for this. is this a pr you are interested in? it relies upon ktmpl as a polyfilly until templates are part of core

[aschmolck]

I wasn't aware of ktmpl as templating solution for k8 and yes, certainly interested in seeing this!

Concerning properly automating the docker build, it wasn't in the critical path for getting out the initial release – but it's something we definitely want to do; I really need to go to bed now, but I'll open an issue tomorrow and we can discuss it there.

[aschmolck]

I think we can close this now, as the fix has made it into master.