Admin Token API: Revoke Runner authentication token

Proposal

The Admin Token API allows revoking about arbitrary tokens. It can be used in to identify what a token does, e.g. in the context of leaked tokens, and revoke it.

It currently lacks support to revoke Runner Authentication tokens. See the current implementation status.

It seems that Runner Authentication tokens cannot be reset nor revoked yet. Currently, UnregisterRunnerService is used to destroy a Runner. In a first iteration, this API should behave identical.

DELETE /api/v4/admin/token

{"token": "glrt-..."}

Should unregister the runner and return a 204.

Since the registration tokens are deprecated, I propose to not handle them at all in this API.

References

&15777
https://docs.gitlab.com/ee/api/admin/token.html

Edited Jan 24, 2025 by Nicholas Wittstruck