Organization-level runner controller scoping — group-level
Overview
Implement the full vertical slice for group-level scoping. A controller with this scope applies to all jobs in all projects within the specified group (and its subgroups). Scopes apply "downward".
Database Schema
org_ci_runner_controller_scopings_group
| Column | Type | Notes |
|---|---|---|
id |
bigint | Primary key |
runner_controller_id |
bigint | FK → org_ci_runner_controllers
|
namespace_id |
bigint | FK → namespaces (group) |
organization_id |
bigint | Sharding key |
-
gitlab_schema=gitlab_ci(sharding key:organization_id)
External REST API
Implement REST API endpoints for creating, listing, and deleting this scoping type.
Note: The exact API path structure is TBD — to be decided as part of implementation.
Requirements:
- Service layer with invariant validation
- Authorization checks
- API documentation
Internal REST API (Job Router)
Update the Job Router internal API to query group-level scopings. When a job is dequeued, check if any org-level controllers are scoped to the group (or ancestor groups) that owns the project.
Audit Events
- Group-level scoping created
- Group-level scoping deleted
PDI Events
-
Internal Event:
org_runner_controller_group_scoping_created -
Internal Event:
org_runner_controller_group_scoping_deleted
Acceptance Criteria
-
Database migration and model with FK to
namespaces - External REST API endpoints with authorization
- Internal API updated for Job Router evaluation (including subgroup traversal)
- Audit events implemented
- PDI events implemented
- API documentation updated
Related
Edited by 🤖 GitLab Bot 🤖