Use new runners registration token to register CI runners

e2e43a11 · Grzegorz Bizon · 219afbad · e2e43a11 · e2e43a11 · e2e43a11
Commit e2e43a11 authored Dec 10, 2015 by Grzegorz Bizon
4 changed files
--- a/config/initializers/4_ci_app.rb
+++ b/config/initializers/4_ci_app.rb
@@ -2,8 +2,6 @@ module GitlabCi
  VERSION = Gitlab::VERSION
  REVISION = Gitlab::REVISION

-  REGISTRATION_TOKEN = SecureRandom.hex(10)
-
  def self.config
    Settings
  end

--- a/lib/ci/api/helpers.rb
+++ b/lib/ci/api/helpers.rb
@@ -6,7 +6,7 @@ module Ci
      UPDATE_RUNNER_EVERY = 60

      def authenticate_runners!
-        forbidden! unless params[:token] == GitlabCi::REGISTRATION_TOKEN
+        forbidden! unless runner_registration_token_valid?
      end

      def authenticate_runner!
@@ -22,6 +22,10 @@ module Ci
        forbidden! unless token && build.valid_token?(token)
      end

+      def runner_registration_token_valid?
+        params[:token] == current_application_settings.runners_registration_token
+      end
+
      def update_runner_last_contact
        # Use a random threshold to prevent beating DB updates
        contacted_at_max_age = UPDATE_RUNNER_EVERY + Random.rand(UPDATE_RUNNER_EVERY)

--- a/lib/ci/api/runners.rb
+++ b/lib/ci/api/runners.rb
@@ -40,7 +40,7 @@ module Ci
          required_attributes! [:token]

          runner =
-            if params[:token] == GitlabCi::REGISTRATION_TOKEN
+            if runner_registration_token_valid?
              # Create shared runner. Requires admin access
              Ci::Runner.create(
                description: params[:description],

--- a/spec/requests/ci/api/runners_spec.rb
+++ b/spec/requests/ci/api/runners_spec.rb
@@ -4,8 +4,11 @@ describe Ci::API::API do
  include ApiHelpers
  include StubGitlabCalls

+  let(:registration_token) { 'abcdefg123456' }
+
  before do
    stub_gitlab_calls
+    stub_application_setting(runners_registration_token: registration_token)
  end

  describe "GET /runners" do
@@ -33,20 +36,20 @@ describe Ci::API::API do

  describe "POST /runners/register" do
    describe "should create a runner if token provided" do
-      before { post ci_api("/runners/register"), token: GitlabCi::REGISTRATION_TOKEN }
+      before { post ci_api("/runners/register"), token: registration_token }

      it { expect(response.status).to eq(201) }
    end

    describe "should create a runner with description" do
-      before { post ci_api("/runners/register"), token: GitlabCi::REGISTRATION_TOKEN, description: "server.hostname" }
+      before { post ci_api("/runners/register"), token: registration_token, description: "server.hostname" }

      it { expect(response.status).to eq(201) }
      it { expect(Ci::Runner.first.description).to eq("server.hostname") }
    end

    describe "should create a runner with tags" do
-      before { post ci_api("/runners/register"), token: GitlabCi::REGISTRATION_TOKEN, tag_list: "tag1, tag2" }
+      before { post ci_api("/runners/register"), token: registration_token, tag_list: "tag1, tag2" }

      it { expect(response.status).to eq(201) }
      it { expect(Ci::Runner.first.tag_list.sort).to eq(["tag1", "tag2"]) }