Use new runners registration token to register CI runners

e2e43a11 · Grzegorz Bizon · 219afbad · e2e43a11 · e2e43a11 · e2e43a11
Commit e2e43a11 authored Dec 10, 2015 by Grzegorz Bizon
4 changed files
--- a/config/initializers/4_ci_app.rb
+++ b/config/initializers/4_ci_app.rb
 module GitlabCi
  VERSION = Gitlab::VERSION
  REVISION = Gitlab::REVISION
-  REGISTRATION_TOKEN = SecureRandom.hex(10)
  def self.config
    Settings

--- a/lib/ci/api/helpers.rb
+++ b/lib/ci/api/helpers.rb
@@ -6,7 +6,7 @@ module Ci
      UPDATE_RUNNER_EVERY = 60
      def authenticate_runners!
-        forbidden! unless params[:token] == GitlabCi::REGISTRATION_TOKEN
+        forbidden! unless runner_registration_token_valid?
      end
      def authenticate_runner!
@@ -22,6 +22,10 @@ module Ci
        forbidden! unless token && build.valid_token?(token)
      end
+      def runner_registration_token_valid?
+        params[:token] == current_application_settings.runners_registration_token
+      end
      def update_runner_last_contact
        # Use a random threshold to prevent beating DB updates
        contacted_at_max_age = UPDATE_RUNNER_EVERY + Random.rand(UPDATE_RUNNER_EVERY)

--- a/lib/ci/api/runners.rb
+++ b/lib/ci/api/runners.rb
@@ -40,7 +40,7 @@ module Ci
          required_attributes! [:token]
          runner =
-            if params[:token] == GitlabCi::REGISTRATION_TOKEN
+            if runner_registration_token_valid?
              # Create shared runner. Requires admin access
              Ci::Runner.create(
                description: params[:description],

--- a/spec/requests/ci/api/runners_spec.rb
+++ b/spec/requests/ci/api/runners_spec.rb
@@ -4,8 +4,11 @@ describe Ci::API::API do
  include ApiHelpers
  include StubGitlabCalls
+  let(:registration_token) { 'abcdefg123456' }
  before do
    stub_gitlab_calls
+    stub_application_setting(runners_registration_token: registration_token)
  end
  describe "GET /runners" do
@@ -33,20 +36,20 @@ describe Ci::API::API do
  describe "POST /runners/register" do
    describe "should create a runner if token provided" do
-      before { post ci_api("/runners/register"), token: GitlabCi::REGISTRATION_TOKEN }
+      before { post ci_api("/runners/register"), token: registration_token }
      it { expect(response.status).to eq(201) }
    end
    describe "should create a runner with description" do
-      before { post ci_api("/runners/register"), token: GitlabCi::REGISTRATION_TOKEN, description: "server.hostname" }
+      before { post ci_api("/runners/register"), token: registration_token, description: "server.hostname" }
      it { expect(response.status).to eq(201) }
      it { expect(Ci::Runner.first.description).to eq("server.hostname") }
    end
    describe "should create a runner with tags" do
-      before { post ci_api("/runners/register"), token: GitlabCi::REGISTRATION_TOKEN, tag_list: "tag1, tag2" }
+      before { post ci_api("/runners/register"), token: registration_token, tag_list: "tag1, tag2" }
      it { expect(response.status).to eq(201) }
      it { expect(Ci::Runner.first.tag_list.sort).to eq(["tag1", "tag2"]) }