Commit 99484a1a authored by Michael Kozono's avatar Michael Kozono

Merge branch 'ak/fix-registration-token' into 'master'

Remove programmatic access to registration tokens

See merge request gitlab-org/gitlab!57524
parents 5d068c65 5f9bb026
---
title: Remove programmatic access to registration tokens
merge_request: 57524
author:
type: changed
...@@ -117,20 +117,20 @@ module Gitlab ...@@ -117,20 +117,20 @@ module Gitlab
return unless @project return unless @project
raise Gitlab::Access::AccessDeniedError unless can?(@current_user, :admin_pipeline, @project) raise Gitlab::Access::AccessDeniedError unless can?(@current_user, :admin_pipeline, @project)
@project.runners_token '$REGISTRATION_TOKEN'
end end
def group_token def group_token
return unless @group return unless @group
raise Gitlab::Access::AccessDeniedError unless can?(@current_user, :admin_group, @group) raise Gitlab::Access::AccessDeniedError unless can?(@current_user, :admin_group, @group)
@group.runners_token '$REGISTRATION_TOKEN'
end end
def instance_token def instance_token
raise Gitlab::Access::AccessDeniedError unless @current_user&.admin? raise Gitlab::Access::AccessDeniedError unless @current_user&.admin?
Gitlab::CurrentSettings.runners_registration_token '$REGISTRATION_TOKEN'
end end
end end
end end
......
...@@ -123,7 +123,7 @@ RSpec.describe Gitlab::Ci::RunnerInstructions do ...@@ -123,7 +123,7 @@ RSpec.describe Gitlab::Ci::RunnerInstructions do
result = subject.register_command result = subject.register_command
expect(result).to include("#{commands[commands.each_key.first]} register") expect(result).to include("#{commands[commands.each_key.first]} register")
expect(result).to include("--registration-token #{group.runners_token}") expect(result).to include("--registration-token $REGISTRATION_TOKEN")
expect(result).to include("--url #{Gitlab::Routing.url_helpers.root_url(only_path: false)}") expect(result).to include("--url #{Gitlab::Routing.url_helpers.root_url(only_path: false)}")
end end
end end
...@@ -166,7 +166,7 @@ RSpec.describe Gitlab::Ci::RunnerInstructions do ...@@ -166,7 +166,7 @@ RSpec.describe Gitlab::Ci::RunnerInstructions do
result = subject.register_command result = subject.register_command
expect(result).to include("#{commands[commands.each_key.first]} register") expect(result).to include("#{commands[commands.each_key.first]} register")
expect(result).to include("--registration-token #{project.runners_token}") expect(result).to include("--registration-token $REGISTRATION_TOKEN")
expect(result).to include("--url #{Gitlab::Routing.url_helpers.root_url(only_path: false)}") expect(result).to include("--url #{Gitlab::Routing.url_helpers.root_url(only_path: false)}")
end end
end end
...@@ -205,7 +205,7 @@ RSpec.describe Gitlab::Ci::RunnerInstructions do ...@@ -205,7 +205,7 @@ RSpec.describe Gitlab::Ci::RunnerInstructions do
result = subject.register_command result = subject.register_command
expect(result).to include("#{commands[commands.each_key.first]} register") expect(result).to include("#{commands[commands.each_key.first]} register")
expect(result).to include("--registration-token #{Gitlab::CurrentSettings.runners_registration_token}") expect(result).to include("--registration-token $REGISTRATION_TOKEN")
expect(result).to include("--url #{Gitlab::Routing.url_helpers.root_url(only_path: false)}") expect(result).to include("--url #{Gitlab::Routing.url_helpers.root_url(only_path: false)}")
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment