7 files changed, 37 insertions, 8 deletions

diff --git a/lib/api/entities/ci/reset_token_result.rb b/lib/api/entities/ci/reset_token_result.rb
index 4dbf831582b..f0b1de6a5a7 100644
--- a/lib/api/entities/ci/reset_token_result.rb
+++ b/lib/api/entities/ci/reset_token_result.rb
@@ -4,7 +4,8 @@ module API
   module Entities
     module Ci
       class ResetTokenResult < Grape::Entity
-        expose(:token) {|object| object}
+        expose(:token)
+        expose(:token_expires_at, if: -> (object, options) { object.expirable? })
       end
     end
   end
diff --git a/lib/api/entities/ci/runner.rb b/lib/api/entities/ci/runner.rb
index c17ff513479..a6944b8c925 100644
--- a/lib/api/entities/ci/runner.rb
+++ b/lib/api/entities/ci/runner.rb
@@ -7,7 +7,10 @@ module API
         expose :id
         expose :description
         expose :ip_address
-        expose :active
+        expose :active # TODO Remove in %15.0 in favor of `paused` for REST calls, see https://gitlab.com/gitlab-org/gitlab/-/issues/351109
+        expose :paused do |runner|
+          !runner.active
+        end
         expose :instance_type?, as: :is_shared
         expose :runner_type
         expose :name
diff --git a/lib/api/entities/ci/runner_details.rb b/lib/api/entities/ci/runner_details.rb
index 6ded1296f2a..9b1decca274 100644
--- a/lib/api/entities/ci/runner_details.rb
+++ b/lib/api/entities/ci/runner_details.rb
@@ -15,18 +15,18 @@ module API
         # rubocop: disable CodeReuse/ActiveRecord
         expose :projects, with: Entities::BasicProjectDetails do |runner, options|
           if options[:current_user].admin? # rubocop: disable Cop/UserAdmin
-            runner.projects.allow_cross_joins_across_databases(url: 'https://gitlab.com/gitlab-org/gitlab/-/issues/338659')
+            runner.projects
           else
-            options[:current_user].authorized_projects.where(id: runner.projects).allow_cross_joins_across_databases(url: 'https://gitlab.com/gitlab-org/gitlab/-/issues/338659')
+            options[:current_user].authorized_projects.where(id: runner.runner_projects.pluck(:project_id))
           end
         end
         # rubocop: enable CodeReuse/ActiveRecord
         # rubocop: disable CodeReuse/ActiveRecord
         expose :groups, with: Entities::BasicGroupDetails do |runner, options|
           if options[:current_user].admin? # rubocop: disable Cop/UserAdmin
-            runner.groups.allow_cross_joins_across_databases(url: 'https://gitlab.com/gitlab-org/gitlab/-/issues/338659')
+            runner.groups
           else
-            options[:current_user].authorized_groups.where(id: runner.groups).allow_cross_joins_across_databases(url: 'https://gitlab.com/gitlab-org/gitlab/-/issues/338659')
+            options[:current_user].authorized_groups.where(id: runner.runner_namespaces.pluck(:namespace_id))
           end
         end
         # rubocop: enable CodeReuse/ActiveRecord
diff --git a/lib/api/entities/ci/runner_registration_details.rb b/lib/api/entities/ci/runner_registration_details.rb
index fa7e44c9e40..53be918406f 100644
--- a/lib/api/entities/ci/runner_registration_details.rb
+++ b/lib/api/entities/ci/runner_registration_details.rb
@@ -4,7 +4,7 @@ module API
   module Entities
     module Ci
       class RunnerRegistrationDetails < Grape::Entity
-        expose :id, :token
+        expose :id, :token, :token_expires_at
       end
     end
   end
diff --git a/lib/api/entities/ci/secure_file.rb b/lib/api/entities/ci/secure_file.rb
new file mode 100644
index 00000000000..041c864156b
--- /dev/null
+++ b/lib/api/entities/ci/secure_file.rb
@@ -0,0 +1,15 @@
+# frozen_string_literal: true
+
+module API
+  module Entities
+    module Ci
+      class SecureFile < Grape::Entity
+        expose :id
+        expose :name
+        expose :permissions
+        expose :checksum
+        expose :checksum_algorithm
+      end
+    end
+  end
+end
diff --git a/lib/api/entities/deployment_extended.rb b/lib/api/entities/deployment_extended.rb
new file mode 100644
index 00000000000..74cfb61388b
--- /dev/null
+++ b/lib/api/entities/deployment_extended.rb
@@ -0,0 +1,10 @@
+# frozen_string_literal: true
+
+module API
+  module Entities
+    class DeploymentExtended < Deployment
+    end
+  end
+end
+
+API::Entities::DeploymentExtended.prepend_mod
diff --git a/lib/api/entities/user_safe.rb b/lib/api/entities/user_safe.rb
index 6006a076020..c7349026a88 100644
--- a/lib/api/entities/user_safe.rb
+++ b/lib/api/entities/user_safe.rb
@@ -7,7 +7,7 @@ module API
       expose :name do |user|
         next user.name unless user.project_bot?
 
-        next user.name if options[:current_user]&.can?(:read_resource_access_tokens, user.projects.first)
+        next user.name if options[:current_user]&.can?(:read_project, user.projects.first)
 
         # If the requester does not have permission to read the project bot name,
         # the API returns an arbitrary string. UI changes will be addressed in a follow up issue: