Proposal: Remove feature that converts a Shared/Instance runner into a Specific/Project Runner
Release notes
We currently offer the possibility of converting a runner from Shared
to Specific
by restricting a project to it. However, this action is not reversible and it may cause Administrators to convert their shared runner inadvertently.
This feature removal makes all runners types immutable and stable thought the lifecycle of the runner.
Problem to solve
A runner of Specific
type cannot be transformed (back) into a Shared
runner for security reasons: A runner owned by a malicious actor that has access to all jobs may access private information. This causes confusion by allowing administrators to easily "lose" their shared runners to a single project.
Intended users
User experience goal
Given that each of the runner type exists in their own scopes, the difference in their capabilities is made clear.
A runner of a certain type cannot be changed, so the administration of runners is simplified.
Proposal
- Shared runners should not be made specific by selecting "Restrict Projects for this runner"
- As the list of projects is irrelevant for shared runners, the list of projects can be removed from the runners edit view.
- They should also be removed from the Group Runner edit page
Steps after feature removal
Users may ask how to perform this action after this feature is removed, to achieve the same end result user would have to delete and then add a new runner:
- Go to the Admin section
- Find runner
- Remove/delete runner
- Go to the Project -> CI/CD preferences
- Get Runner registration token
- Register new runner in this project
Further details
This is the area that would be removed runner administration area:
Permissions and Security
This change only affects instance administrators.
Documentation
Availability & Testing
Available Tier
- Free
- Premium/Silver
- Ultimate/Gold
What does success look like, and how can we measure that?
What is the type of buyer?
Links / references
This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.