diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-05-04 00:17:41 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-05-04 00:17:41 +0000 |
commit | b301036d090d8a7365f98a0444d09f8a09664834 (patch) | |
tree | a0e106f732756b6b3e373b64890ffbf89a748e54 /app/services | |
parent | 456ab418aad4faa85ad1ad442d0745e6cfe160d6 (diff) | |
download | gitlab-ce-b301036d090d8a7365f98a0444d09f8a09664834.tar.gz |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'app/services')
-rw-r--r-- | app/services/ci/runners/register_runner_service.rb | 23 |
1 files changed, 22 insertions, 1 deletions
diff --git a/app/services/ci/runners/register_runner_service.rb b/app/services/ci/runners/register_runner_service.rb index 3a72e116cb8..8921acb9ff1 100644 --- a/app/services/ci/runners/register_runner_service.rb +++ b/app/services/ci/runners/register_runner_service.rb @@ -13,6 +13,10 @@ module Ci def execute return ServiceResponse.error(message: 'invalid token supplied', http_status: :forbidden) unless attrs_from_token + unless registration_token_allowed?(attrs_from_token) + return ServiceResponse.error(message: 'runner registration disallowed', http_status: :forbidden) + end + runner = ::Ci::Runner.new(attributes.merge(attrs_from_token)) Ci::BulkInsertableTags.with_bulk_insert_tags do @@ -46,6 +50,17 @@ module Ci end strong_memoize_attr :attrs_from_token + def registration_token_allowed?(attrs) + case attrs[:runner_type] + when :group_type + token_scope.allow_runner_registration_token? + when :project_type + token_scope.namespace.allow_runner_registration_token? + else + Gitlab::CurrentSettings.allow_runner_registration_token + end + end + def runner_registration_token_valid?(registration_token) ActiveSupport::SecurityUtils.secure_compare(registration_token, Gitlab::CurrentSettings.runners_registration_token) end @@ -55,7 +70,13 @@ module Ci end def token_scope - attrs_from_token[:projects]&.first || attrs_from_token[:groups]&.first + case attrs_from_token[:runner_type] + when :project_type + attrs_from_token[:projects]&.first + when :group_type + attrs_from_token[:groups]&.first + # No scope for instance type + end end end end |