You need to sign in or sign up before continuing.
Add granular pats decorator for runner REST endpoints
What does this MR do and why?
Make following endpoints granular PATs compliant
GET /api/v4/projects/:id/runners
POST /api/v4/projects/:id/runners
DELETE /api/v4/projects/:id/runners/:runner_id
POST /api/v4/projects/:id/runners/reset_registration_token
GET /api/v4/groups/:id/runners
POST /api/v4/groups/:id/runners/reset_registration_tokenReferences
Screenshots or screen recordings
| Before | After |
|---|---|
How to set up and validate locally
- In Rails console, create a granular PAT for a user and copy a URL to create an issue with the token:
# Enable feature flag
Feature.enable(:authorize_granular_pats)
user = User.first
# Create granular token
token = PersonalAccessTokens::CreateService.new(
current_user: user,
target_user: user,
organization_id: user.organization_id,
params: { expires_at: 1.month.from_now, scopes: ['granular'], granular: true, name: 'gPAT' }
).execute[:personal_access_token]
# Get a project
project = user.projects.first
project_scope = Authz::GranularScope.new(namespace: project.project_namespace, permissions: [:read_runner])
Authz::GranularScopeService.new(token).add_granular_scopes(project_scope)
# Copy project avatar URL
IO.popen('pbcopy', 'w') { |f| f.puts "curl http://#{Gitlab.host_with_port}/api/v4/projects/#{project.id}/runners -X GET -H \"PRIVATE-TOKEN: #{token.token}\"" }- Paste the URL in another terminal. It should succeed.
MR acceptance checklist
Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Related to #575286
Edited by Alex Buijs