Add configuration of access_level for runners on registration via API

Allow setting access_level of new runner to not_protected (default) or ref_protected Minor update to relevant docs and tests

Add configuration of access_level for runners on registration via API
Allow setting access_level of new runner to not_protected (default) or ref_protected Minor update to relevant docs and tests
52c19d4d · zelin-l · 7a4b4cff · 52c19d4d · 52c19d4d · 52c19d4d
Commit 52c19d4d authored Apr 18, 2019 by zelin-l
4 changed files
--- a/changelogs/unreleased/add-runner-access-level-registration.yml
+++ b/changelogs/unreleased/add-runner-access-level-registration.yml
+---
+title: Add option to set access_level of runners upon registration
+merge_request: 27490
+author: Zelin L
+type: added
--- a/doc/api/runners.md
+++ b/doc/api/runners.md
@@ -486,6 +486,7 @@ POST /runners
 | `locked`     | boolean| no       | Whether the Runner should be locked for current project |
 | `run_untagged` | boolean | no | Whether the Runner should handle untagged jobs |
 | `tag_list` | Array[String] | no | List of Runner's tags |
+| `access_level`    | string   | no       | The access_level of the runner; `not_protected` or `ref_protected` |
 | `maximum_timeout` | integer | no | Maximum timeout set when this Runner will handle the job |

 ```

--- a/lib/api/runner.rb
+++ b/lib/api/runner.rb
@@ -15,12 +15,14 @@ module API
        optional :info, type: Hash, desc: %q(Runner's metadata)
        optional :active, type: Boolean, desc: 'Should Runner be active'
        optional :locked, type: Boolean, desc: 'Should Runner be locked for current project'
+        optional :access_level, type: String, values: Ci::Runner.access_levels.keys,
+                                desc: 'The access_level of the runner'
        optional :run_untagged, type: Boolean, desc: 'Should Runner handle untagged jobs'
        optional :tag_list, type: Array[String], desc: %q(List of Runner's tags)
        optional :maximum_timeout, type: Integer, desc: 'Maximum timeout set when this Runner will handle the job'
      end
      post '/' do
-        attributes = attributes_for_keys([:description, :active, :locked, :run_untagged, :tag_list, :maximum_timeout])
+        attributes = attributes_for_keys([:description, :active, :locked, :run_untagged, :tag_list, :access_level, :maximum_timeout])
          .merge(get_runner_details_from_request)

        attributes =

--- a/spec/requests/api/runner_spec.rb
+++ b/spec/requests/api/runner_spec.rb
@@ -168,6 +168,32 @@ describe API::Runner, :clean_gitlab_redis_shared_state do
        end
      end

+      context 'when access_level is provided for Runner' do
+        context 'when access_level is set to ref_protected' do
+          it 'creates runner' do
+            post api('/runners'), params: {
+                                    token: registration_token,
+                                    access_level: 'ref_protected'
+                                  }
+
+            expect(response).to have_gitlab_http_status 201
+            expect(Ci::Runner.first.ref_protected?).to be true
+          end
+        end
+
+        context 'when access_level is set to not_protected' do
+          it 'creates runner' do
+            post api('/runners'), params: {
+                                    token: registration_token,
+                                    access_level: 'not_protected'
+                                  }
+
+            expect(response).to have_gitlab_http_status 201
+            expect(Ci::Runner.first.ref_protected?).to be false
+          end
+        end
+      end
+
      context 'when maximum job timeout is specified' do
        it 'creates runner' do
          post api('/runners'), params: {