Organization-level runner controller scoping — entire organization

Overview

Implement the full vertical slice for organization-level scoping of organization-level runner controllers. A controller with this scope applies to all jobs across the entire organization.

Context

This mirrors the instance-level scoping pattern from #582825 (closed), adapted for organizations. A controller can only have a single organization-level scoping (has_one).

Database Schema

org_ci_runner_controller_org_level_scopings

Column Type Notes
id bigint Primary key
runner_controller_id bigint FK → org_ci_runner_controllers
organization_id bigint Sharding key
  • gitlab_schema = gitlab_ci (sharding key: organization_id)
  • Unique constraint on runner_controller_id (has_one)

External REST API

Implement REST API endpoints for creating, listing, and deleting this scoping type.

Note: The exact API path structure is TBD — to be decided as part of implementation.

Requirements:

  • Service layer with invariant validation (e.g., only one org-level scoping per controller)
  • Authorization checks for organization admin role
  • API documentation

Internal REST API (Job Router)

Update the Job Router internal API to query org_ci_runner_controller_org_level_scopings when determining applicable controllers for a job/runner combination within an organization.

  • When a job is dequeued, query all enabled org-level controllers for the organization
  • Include these controllers in the admission control list returned to KAS

Audit Events

  • Organization scoping created
  • Organization scoping deleted

PDI Events

  • Internal Event: org_runner_controller_org_scoping_created
  • Internal Event: org_runner_controller_org_scoping_deleted

Acceptance Criteria

  • Database migration and model
  • External REST API endpoints with authorization
  • Internal API updated for Job Router evaluation
  • Audit events implemented
  • PDI events implemented
  • API documentation updated

Related

  • Parent epic: &20970 — Organization-level Runner (Admission) Controller
  • Instance-level scoping reference: #582825 (closed) — Runner Controller scoping - Database schema (instance & runner)
  • Instance-level external API reference: #586417 (closed) — Runner Controller scoping - External REST API
  • Instance-level internal API reference: #586418 (closed) — Runner Controller scoping - Internal API for Job Router
Edited by 🤖 GitLab Bot 🤖