Adjust update_runners_registration_token permission (!71965) · Merge requests · GitLab.org / GitLab

Dominic Couture requested to merge modify-update-runners-role into master Oct 07, 2021

What does this MR do and why?

There was an inconsistency detailed in #341311 (comment 684599010) with the update_runners_registration_token permission that's used when resetting the runner registration token.

This MR makes requires group owner role for update_runners_registration_token instead of group maintainer to better align with all other runner operations.

Screenshots or screen recordings

N/A

How to set up and validate locally

curl --header "Private-Token: $TOKEN" "http://localhost:3000/api/v4/groups/$GROUPID/runners/reset_registration_token"

It should fail with a group maintainer token and succeed with a group owner token.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Oct 07, 2021 by Dominic Couture

Adjust update_runners_registration_token permission

What does this MR do and why?

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

Merge request reports