Merge branch 'ci/api-runners' into 'master'

Add runners API

References #4264

See merge request !2640

3 files changed, 192 insertions, 2 deletions

diff --git a/lib/api/api.rb b/lib/api/api.rb
index 7efe0a0262f..7d65145176b 100644
--- a/lib/api/api.rb
+++ b/lib/api/api.rb
@@ -56,5 +56,6 @@ module API
     mount Triggers
     mount Builds
     mount Variables
+    mount Runners
   end
 end
diff --git a/lib/api/entities.rb b/lib/api/entities.rb
index a9c09ffdb31..857705dbf12 100644
--- a/lib/api/entities.rb
+++ b/lib/api/entities.rb
@@ -49,7 +49,7 @@ module API
       expose :enable_ssl_verification
     end
 
-    class ForkedFromProject < Grape::Entity
+    class BasicProjectDetails < Grape::Entity
       expose :id
       expose :name, :name_with_namespace
       expose :path, :path_with_namespace
@@ -67,7 +67,7 @@ module API
       expose :shared_runners_enabled
       expose :creator_id
       expose :namespace
-      expose :forked_from_project, using: Entities::ForkedFromProject, if: lambda{ |project, options| project.forked? }
+      expose :forked_from_project, using: Entities::BasicProjectDetails, if: lambda{ |project, options| project.forked? }
       expose :avatar_url
       expose :star_count, :forks_count
       expose :open_issues_count, if: lambda { |project, options| project.issues_enabled? && project.default_issues_tracker? }
@@ -377,6 +377,20 @@ module API
       expose :name
     end
 
+    class RunnerDetails < Runner
+      expose :tag_list
+      expose :version, :revision, :platform, :architecture
+      expose :contacted_at
+      expose :token, if: lambda { |runner, options| options[:current_user].is_admin? || !runner.is_shared? }
+      expose :projects, with: Entities::BasicProjectDetails do |runner, options|
+        if options[:current_user].is_admin?
+          runner.projects
+        else
+          options[:current_user].authorized_projects.where(id: runner.projects)
+        end
+      end
+    end
+
     class Build < Grape::Entity
       expose :id, :status, :stage, :name, :ref, :tag, :coverage
       expose :created_at, :started_at, :finished_at
diff --git a/lib/api/runners.rb b/lib/api/runners.rb
new file mode 100644
index 00000000000..8ec91485b26
--- /dev/null
+++ b/lib/api/runners.rb
@@ -0,0 +1,175 @@
+module API
+  # Runners API
+  class Runners < Grape::API
+    before { authenticate! }
+
+    resource :runners do
+      # Get runners available for user
+      #
+      # Example Request:
+      #   GET /runners
+      get do
+        runners = filter_runners(current_user.ci_authorized_runners, params[:scope], without: ['specific', 'shared'])
+        present paginate(runners), with: Entities::Runner
+      end
+
+      # Get all runners - shared and specific
+      #
+      # Example Request:
+      #   GET /runners/all
+      get 'all' do
+        authenticated_as_admin!
+        runners = filter_runners(Ci::Runner.all, params[:scope])
+        present paginate(runners), with: Entities::Runner
+      end
+
+      # Get runner's details
+      #
+      # Parameters:
+      #   id (required) - The ID of ther runner
+      # Example Request:
+      #   GET /runners/:id
+      get ':id' do
+        runner = get_runner(params[:id])
+        authenticate_show_runner!(runner)
+
+        present runner, with: Entities::RunnerDetails, current_user: current_user
+      end
+
+      # Update runner's details
+      #
+      # Parameters:
+      #   id (required) - The ID of ther runner
+      #   description (optional) - Runner's description
+      #   active (optional) - Runner's status
+      #   tag_list (optional) - Array of tags for runner
+      # Example Request:
+      #   PUT /runners/:id
+      put ':id' do
+        runner = get_runner(params[:id])
+        authenticate_update_runner!(runner)
+
+        attrs = attributes_for_keys [:description, :active, :tag_list]
+        if runner.update(attrs)
+          present runner, with: Entities::RunnerDetails, current_user: current_user
+        else
+          render_validation_error!(runner)
+        end
+      end
+
+      # Remove runner
+      #
+      # Parameters:
+      #   id (required) - The ID of ther runner
+      # Example Request:
+      #   DELETE /runners/:id
+      delete ':id' do
+        runner = get_runner(params[:id])
+        authenticate_delete_runner!(runner)
+        runner.destroy!
+
+        present runner, with: Entities::Runner
+      end
+    end
+
+    resource :projects do
+      before { authorize_admin_project }
+
+      # Get runners available for project
+      #
+      # Example Request:
+      #   GET /projects/:id/runners
+      get ':id/runners' do
+        runners = filter_runners(Ci::Runner.owned_or_shared(user_project.id), params[:scope])
+        present paginate(runners), with: Entities::Runner
+      end
+
+      # Enable runner for project
+      #
+      # Parameters:
+      #   id (required) - The ID of the project
+      #   runner_id (required) - The ID of the runner
+      # Example Request:
+      #   POST /projects/:id/runners/:runner_id
+      post ':id/runners' do
+        required_attributes! [:runner_id]
+
+        runner = get_runner(params[:runner_id])
+        authenticate_enable_runner!(runner)
+        Ci::RunnerProject.create(runner: runner, project: user_project)
+
+        present runner, with: Entities::Runner
+      end
+
+      # Disable project's runner
+      #
+      # Parameters:
+      #   id (required) - The ID of the project
+      #   runner_id (required) - The ID of the runner
+      # Example Request:
+      #   DELETE /projects/:id/runners/:runner_id
+      delete ':id/runners/:runner_id' do
+        runner_project = user_project.runner_projects.find_by(runner_id: params[:runner_id])
+        not_found!('Runner') unless runner_project
+
+        runner = runner_project.runner
+        forbidden!("Only one project associated with the runner. Please remove the runner instead") if runner.projects.count == 1
+
+        runner_project.destroy
+
+        present runner, with: Entities::Runner
+      end
+    end
+
+    helpers do
+      def filter_runners(runners, scope, options = {})
+        return runners unless scope.present?
+
+        available_scopes = ::Ci::Runner::AVAILABLE_SCOPES
+        if options[:without]
+          available_scopes = available_scopes - options[:without]
+        end
+
+        if (available_scopes & [scope]).empty?
+          render_api_error!('Scope contains invalid value', 400)
+        end
+
+        runners.send(scope)
+      end
+
+      def get_runner(id)
+        runner = Ci::Runner.find(id)
+        not_found!('Runner') unless runner
+        runner
+      end
+
+      def authenticate_show_runner!(runner)
+        return if runner.is_shared || current_user.is_admin?
+        forbidden!("No access granted") unless user_can_access_runner?(runner)
+      end
+
+      def authenticate_update_runner!(runner)
+        return if current_user.is_admin?
+        forbidden!("Runner is shared") if runner.is_shared?
+        forbidden!("No access granted") unless user_can_access_runner?(runner)
+      end
+
+      def authenticate_delete_runner!(runner)
+        return if current_user.is_admin?
+        forbidden!("Runner is shared") if runner.is_shared?
+        forbidden!("Runner associated with more than one project") if runner.projects.count > 1
+        forbidden!("No access granted") unless user_can_access_runner?(runner)
+      end
+
+      def authenticate_enable_runner!(runner)
+        forbidden!("Runner is shared") if runner.is_shared?
+        return if current_user.is_admin?
+        forbidden!("No access granted") unless user_can_access_runner?(runner)
+      end
+
+      def user_can_access_runner?(runner)
+        current_user.ci_authorized_runners.exists?(runner.id)
+      end
+    end
+  end
+end