Merge branch 'feature/runners-v4-api' into 'master'

Add Runner registration/deletion API

See merge request !9246

changelogs/unreleased/feature-runners-registration-deletion-v4-api.yml

+---
+title: Add Runner's registration/deletion v4 API
+merge_request: 9246
+author:

lib/api/api.rb

@@ -91,6 +91,7 @@ module API
     mount ::API::Projects
     mount ::API::ProjectSnippets
     mount ::API::Repositories
+    mount ::API::Runner
     mount ::API::Runners
     mount ::API::Services
     mount ::API::Session

lib/api/entities.rb

@@ -618,6 +618,10 @@ module API
       end
     end
 
+    class RunnerRegistrationDetails < Grape::Entity
+      expose :id, :token
+    end
+
     class BuildArtifactFile < Grape::Entity
       expose :filename, :size
     end

lib/api/helpers/runner.rb

+module API
+  module Helpers
+    module Runner
+      def runner_registration_token_valid?
+        ActiveSupport::SecurityUtils.variable_size_secure_compare(params[:token],
+                                                                  current_application_settings.runners_registration_token)
+      end
+
+      def get_runner_version_from_params
+        return unless params['info'].present?
+        attributes_for_keys(%w(name version revision platform architecture), params['info'])
+      end
+
+      def authenticate_runner!
+        forbidden! unless current_runner
+      end
+
+      def current_runner
+        @runner ||= ::Ci::Runner.find_by_token(params[:token].to_s)
+      end
+    end
+  end
+end

lib/api/runner.rb

+module API
+  class Runner < Grape::API
+    helpers ::API::Helpers::Runner
+
+    resource :runners do
+      desc 'Registers a new Runner' do
+        success Entities::RunnerRegistrationDetails
+        http_codes [[201, 'Runner was created'], [403, 'Forbidden']]
+      end
+      params do
+        requires :token, type: String, desc: 'Registration token'
+        optional :description, type: String, desc: %q(Runner's description)
+        optional :info, type: Hash, desc: %q(Runner's metadata)
+        optional :locked, type: Boolean, desc: 'Should Runner be locked for current project'
+        optional :run_untagged, type: Boolean, desc: 'Should Runner handle untagged jobs'
+        optional :tag_list, type: Array[String], desc: %q(List of Runner's tags)
+      end
+      post '/' do
+        attributes = attributes_for_keys [:description, :locked, :run_untagged, :tag_list]
+
+        runner =
+          if runner_registration_token_valid?
+            # Create shared runner. Requires admin access
+            Ci::Runner.create(attributes.merge(is_shared: true))
+          elsif project = Project.find_by(runners_token: params[:token])
+            # Create a specific runner for project.
+            project.runners.create(attributes)
+          end
+
+        return forbidden! unless runner
+
+        if runner.id
+          runner.update(get_runner_version_from_params)
+          present runner, with: Entities::RunnerRegistrationDetails
+        else
+          not_found!
+        end
+      end
+
+      desc 'Deletes a registered Runner' do
+        http_codes [[200, 'Runner was deleted'], [403, 'Forbidden']]
+      end
+      params do
+        requires :token, type: String, desc: %q(Runner's authentication token)
+      end
+      delete '/' do
+        authenticate_runner!
+        Ci::Runner.find_by_token(params[:token]).destroy
+      end
+    end
+  end
+end

spec/requests/api/runner_spec.rb

+require 'spec_helper'
+
+describe API::Runner do
+  include ApiHelpers
+  include StubGitlabCalls
+
+  let(:registration_token) { 'abcdefg123456' }
+
+  before do
+    stub_gitlab_calls
+    stub_application_setting(runners_registration_token: registration_token)
+  end
+
+  describe '/api/v4/runners' do
+    describe 'POST /api/v4/runners' do
+      context 'when no token is provided' do
+        it 'returns 400 error' do
+          post api('/runners')
+          expect(response).to have_http_status 400
+        end
+      end
+
+      context 'when invalid token is provided' do
+        it 'returns 403 error' do
+          post api('/runners'), token: 'invalid'
+          expect(response).to have_http_status 403
+        end
+      end
+
+      context 'when valid token is provided' do
+        it 'creates runner with default values' do
+          post api('/runners'), token: registration_token
+
+          runner = Ci::Runner.first
+
+          expect(response).to have_http_status 201
+          expect(json_response['id']).to eq(runner.id)
+          expect(json_response['token']).to eq(runner.token)
+          expect(runner.run_untagged).to be true
+        end
+
+        context 'when project token is used' do
+          let(:project) { create(:empty_project) }
+
+          it 'creates runner' do
+            post api('/runners'), token: project.runners_token
+
+            expect(response).to have_http_status 201
+            expect(project.runners.size).to eq(1)
+          end
+        end
+      end
+
+      context 'when runner description is provided' do
+        it 'creates runner' do
+          post api('/runners'), token: registration_token,
+                                description: 'server.hostname'
+
+          expect(response).to have_http_status 201
+          expect(Ci::Runner.first.description).to eq('server.hostname')
+        end
+      end
+
+      context 'when runner tags are provided' do
+        it 'creates runner' do
+          post api('/runners'), token: registration_token,
+                                tag_list: 'tag1, tag2'
+
+          expect(response).to have_http_status 201
+          expect(Ci::Runner.first.tag_list.sort).to eq(%w(tag1 tag2))
+        end
+      end
+
+      context 'when option for running untagged jobs is provided' do
+        context 'when tags are provided' do
+          it 'creates runner' do
+            post api('/runners'), token: registration_token,
+                                  run_untagged: false,
+                                  tag_list: ['tag']
+
+            expect(response).to have_http_status 201
+            expect(Ci::Runner.first.run_untagged).to be false
+            expect(Ci::Runner.first.tag_list.sort).to eq(['tag'])
+          end
+        end
+
+        context 'when tags are not provided' do
+          it 'returns 404 error' do
+            post api('/runners'), token: registration_token,
+                                  run_untagged: false
+
+            expect(response).to have_http_status 404
+          end
+        end
+      end
+
+      context 'when option for locking Runner is provided' do
+        it 'creates runner' do
+          post api('/runners'), token: registration_token,
+                                locked: true
+
+          expect(response).to have_http_status 201
+          expect(Ci::Runner.first.locked).to be true
+        end
+      end
+
+      %w(name version revision platform architecture).each do |param|
+        context "when info parameter '#{param}' info is present" do
+          let(:value) { "#{param}_value" }
+
+          it %q(updates provided Runner's parameter) do
+            post api('/runners'), token: registration_token,
+                                  info: { param => value }
+
+            expect(response).to have_http_status 201
+            expect(Ci::Runner.first.read_attribute(param.to_sym)).to eq(value)
+          end
+        end
+      end
+    end
+
+    describe 'DELETE /api/v4/runners' do
+      context 'when no token is provided' do
+        it 'returns 400 error' do
+          delete api('/runners')
+          expect(response).to have_http_status 400
+        end
+      end
+
+      context 'when invalid token is provided' do
+        it 'returns 403 error' do
+          delete api('/runners'), token: 'invalid'
+          expect(response).to have_http_status 403
+        end
+      end
+
+      context 'when valid token is provided' do
+        let(:runner) { create(:ci_runner) }
+
+        it 'deletes Runner' do
+          delete api('/runners'), token: runner.token
+          expect(response).to have_http_status 200
+          expect(Ci::Runner.count).to eq(0)
+        end
+      end
+    end
+  end
+end