Merge branch 'ak/fix-registration-token' into 'master'

Remove programmatic access to registration tokens See merge request gitlab-org/gitlab!57524

Merge branch 'ak/fix-registration-token' into 'master'
Remove programmatic access to registration tokens See merge request gitlab-org/gitlab!57524
99484a1a · Michael Kozono · 5d068c65 · 5f9bb026 · 99484a1a · 99484a1a
Commit 99484a1a authored Mar 26, 2021 by Michael Kozono
3 changed files
--- a/changelogs/unreleased/ak-fix-registration-token.yml
+++ b/changelogs/unreleased/ak-fix-registration-token.yml
+---
+title: Remove programmatic access to registration tokens
+merge_request: 57524
+author:
+type: changed
--- a/lib/gitlab/ci/runner_instructions.rb
+++ b/lib/gitlab/ci/runner_instructions.rb
@@ -117,20 +117,20 @@ module Gitlab
        return unless @project
        raise Gitlab::Access::AccessDeniedError unless can?(@current_user, :admin_pipeline, @project)

-        @project.runners_token
+        '$REGISTRATION_TOKEN'
      end

      def group_token
        return unless @group
        raise Gitlab::Access::AccessDeniedError unless can?(@current_user, :admin_group, @group)

-        @group.runners_token
+        '$REGISTRATION_TOKEN'
      end

      def instance_token
        raise Gitlab::Access::AccessDeniedError unless @current_user&.admin?

-        Gitlab::CurrentSettings.runners_registration_token
+        '$REGISTRATION_TOKEN'
      end
    end
  end

--- a/spec/lib/gitlab/ci/runner_instructions_spec.rb
+++ b/spec/lib/gitlab/ci/runner_instructions_spec.rb
@@ -123,7 +123,7 @@ RSpec.describe Gitlab::Ci::RunnerInstructions do
            result = subject.register_command

            expect(result).to include("#{commands[commands.each_key.first]} register")
-            expect(result).to include("--registration-token #{group.runners_token}")
+            expect(result).to include("--registration-token $REGISTRATION_TOKEN")
            expect(result).to include("--url #{Gitlab::Routing.url_helpers.root_url(only_path: false)}")
          end
        end
@@ -166,7 +166,7 @@ RSpec.describe Gitlab::Ci::RunnerInstructions do
            result = subject.register_command

            expect(result).to include("#{commands[commands.each_key.first]} register")
-            expect(result).to include("--registration-token #{project.runners_token}")
+            expect(result).to include("--registration-token $REGISTRATION_TOKEN")
            expect(result).to include("--url #{Gitlab::Routing.url_helpers.root_url(only_path: false)}")
          end
        end
@@ -205,7 +205,7 @@ RSpec.describe Gitlab::Ci::RunnerInstructions do
            result = subject.register_command

            expect(result).to include("#{commands[commands.each_key.first]} register")
-            expect(result).to include("--registration-token #{Gitlab::CurrentSettings.runners_registration_token}")
+            expect(result).to include("--registration-token $REGISTRATION_TOKEN")
            expect(result).to include("--url #{Gitlab::Routing.url_helpers.root_url(only_path: false)}")
          end
        end