New runner registration workflow doesn't check instance valid runner registrar settings
Summary
When an instance restricts runner registration by all users in an instance, the new runner registration workflow does not prevent users from registering new runners.
Steps to reproduce
- Restrict runner registration by all users in an instance.
- Register a new group/project runner
What is the current bug behavior?
Runner registration is allowed.
What is the expected correct behavior?
Runner registration to be restricted.
Relevant logs and/or screenshots
Registration with authentication token - Successful
Click to expand
root@runner-instance:~# gitlab-runner register --url https://gitlab.example.com --token glrt-authentication_token
Runtime platform arch=amd64 os=linux pid=5731 revision=f5da3c5a version=16.6.1
Running in system-mode.
Enter the GitLab instance URL (for example, https://gitlab.com/):
[https://gitlab.example.com]:
Verifying runner... is valid runner=authentication_token
Enter a name for the runner. This is stored only in the local config.toml file:
[runner-instance]:
Enter an executor: virtualbox, docker-autoscaler, instance, kubernetes, docker-windows, parallels, shell, ssh, docker+machine, custom, docker:
docker
Enter the default Docker image (for example, ruby:2.7):
ruby
Runner registered successfully. Feel free to start it, but if it's running already the config should be automatically reloaded!
Configuration (with the authentication token) was saved in "/etc/gitlab-runner/config.toml"
Registration with registration token - Unsuccessful
Click to expand
root@runner-instance:~# sudo gitlab-runner register --url https://gitlab.example.com --registration-token registration_token
Runtime platform arch=amd64 os=linux pid=5812 revision=f5da3c5a version=16.6.1
Running in system-mode.
Enter the GitLab instance URL (for example, https://gitlab.com/):
[https://gitlab.example.com]:
Enter the registration token:
[registration_token]:
Enter a description for the runner:
[runner-instance]:
Enter tags for the runner (comma-separated):
Enter optional maintenance note for the runner:
WARNING: Support for registration tokens and runner parameters in the 'register' command has been deprecated in GitLab Runner 15.6 and will be replaced with support for authentication tokens. For more information, see https://docs.gitlab.com/ee/ci/runners/new_creation_workflow
ERROR: Registering runner... forbidden (check registration token) runner=registration_token status=POST https://omnibus-instance.a690d49de.gcp.gitlabsandbox.net/api/v4/runners: 403 Forbidden (403 Forbidden - invalid token supplied)
PANIC: Failed to register the runner.
Proposal for bug resolution
- {placeholder}
Edited by Darren Eastman