DevFW-CICD/garm
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2

Don't save runner registration tolen in DB

Browse source 
Signed-off-by: Gabriel Adrian Samfira <gsamfira@cloudbasesolutions.com>
This commit is contained in:
Gabriel Adrian Samfira 2022-12-06 19:48:00 +00:00
parent 0b50397b47
commit d3fe741cfe
26 changed files with 170 additions and 262 deletions
Download patch file Download diff file Expand all files Collapse all files

29
auth/context.go
View file

@ -23,21 +23,6 @@ import (
type contextFlags string
/*
// InstanceJWTClaims holds JWT claims
type InstanceJWTClaims struct {
ID string `json:"id"`
Name string `json:"name"`
PoolID string `json:"provider_id"`
// Scope is either repository or organization
Scope common.PoolType `json:"scope"`
// Entity is the repo or org name
Entity string `json:"entity"`
jwt.StandardClaims
}
*/
const (
isAdminKey contextFlags = "is_admin"
fullNameKey contextFlags = "full_name"
@ -52,7 +37,6 @@ const (
instancePoolTypeKey contextFlags = "scope"
instanceEntityKey contextFlags = "entity"
instanceRunnerStatus contextFlags = "status"
instanceGithubToken contextFlags = "github_token"
)
func SetInstanceID(ctx context.Context, id string) context.Context {
@ -79,18 +63,6 @@ func InstanceRunnerStatus(ctx context.Context) common.RunnerStatus {
return elem.(common.RunnerStatus)
}
func SetInstanceGithubToken(ctx context.Context, val string) context.Context {
return context.WithValue(ctx, instanceGithubToken, val)
}
func InstanceGithubToken(ctx context.Context) string {
elem := ctx.Value(instanceGithubToken)
if elem == nil {
return ""
}
return elem.(string)
}
func SetInstanceName(ctx context.Context, val string) context.Context {
return context.WithValue(ctx, instanceNameKey, val)
}
@ -144,7 +116,6 @@ func PopulateInstanceContext(ctx context.Context, instance params.Instance) cont
ctx = SetInstanceName(ctx, instance.Name)
ctx = SetInstancePoolID(ctx, instance.PoolID)
ctx = SetInstanceRunnerStatus(ctx, instance.RunnerStatus)
ctx = SetInstanceGithubToken(ctx, string(instance.GithubRegistrationToken))
return ctx
}

4
cloudconfig/templates.go
View file

@ -29,15 +29,12 @@ set -o pipefail
CALLBACK_URL="{{ .CallbackURL }}"
METADATA_URL="{{ .MetadataURL }}"
BEARER_TOKEN="{{ .CallbackToken }}"
GITHUB_TOKEN="{{ .GithubToken }}"
if [ -z "$GITHUB_TOKEN" ];then
if [ -z "$METADATA_URL" ];then
echo "no token is available and METADATA_URL is not set"
exit 1
fi
GITHUB_TOKEN=$(curl --fail -s -X GET -H 'Accept: application/json' -H "Authorization: Bearer ${BEARER_TOKEN}" "${METADATA_URL}/runner-registration-token/")
fi
function call() {
PAYLOAD="$1"
@ -106,7 +103,6 @@ type InstallRunnerParams struct {
RunnerUsername string
RunnerGroup string
RepoURL string
GithubToken string
MetadataURL string
RunnerName string
RunnerLabels string

6
config/config.go
View file

@ -185,17 +185,17 @@ func (d *Default) Validate() error {
if d.CallbackURL == "" {
return fmt.Errorf("missing callback_url")
}
_, err := url.Parse(d.CallbackURL)
if err != nil {
return errors.Wrap(err, "validating callback_url")
}
if d.MetadataURL != "" {
if d.MetadataURL == "" {
return fmt.Errorf("missing metadata-url")
}
if _, err := url.Parse(d.MetadataURL); err != nil {
return errors.Wrap(err, "validating metadata_url")
}
}
if d.ConfigDir == "" {
return fmt.Errorf("config_dir cannot be empty")

30
config/config_test.go
View file

@ -15,7 +15,6 @@
package config
import (
"io/ioutil"
"os"
"path/filepath"
"testing"
@ -33,6 +32,7 @@ func getDefaultSectionConfig(configDir string) Default {
return Default{
ConfigDir: configDir,
CallbackURL: "https://garm.example.com/",
MetadataURL: "https://garm.example.com/api/v1/metadata",
LogFile: filepath.Join(configDir, "garm.log"),
}
}
@ -105,7 +105,7 @@ func getDefaultJWTCofig() JWTAuth {
}
func getDefaultConfig(t *testing.T) Config {
dir, err := ioutil.TempDir("", "garm-config-test")
dir, err := os.MkdirTemp("", "garm-config-test")
if err != nil {
t.Fatalf("failed to create temporary directory: %s", err)
}
@ -129,7 +129,7 @@ func TestConfig(t *testing.T) {
}
func TestDefaultSectionConfig(t *testing.T) {
dir, err := ioutil.TempDir("", "garm-config-test")
dir, err := os.MkdirTemp("", "garm-config-test")
if err != nil {
t.Fatalf("failed to create temporary directory: %s", err)
}
@ -150,14 +150,25 @@ func TestDefaultSectionConfig(t *testing.T) {
name: "CallbackURL cannot be empty",
cfg: Default{
CallbackURL: "",
MetadataURL: cfg.MetadataURL,
ConfigDir: cfg.ConfigDir,
},
errString: "missing callback_url",
},
{
name: "MetadataURL cannot be empty",
cfg: Default{
CallbackURL: cfg.CallbackURL,
MetadataURL: "",
ConfigDir: cfg.ConfigDir,
},
errString: "missing metadata-url",
},
{
name: "ConfigDir cannot be empty",
cfg: Default{
CallbackURL: cfg.CallbackURL,
MetadataURL: cfg.MetadataURL,
ConfigDir: "",
},
errString: "config_dir cannot be empty",
@ -166,6 +177,7 @@ func TestDefaultSectionConfig(t *testing.T) {
name: "config_dir must exist and be accessible",
cfg: Default{
CallbackURL: cfg.CallbackURL,
MetadataURL: cfg.MetadataURL,
ConfigDir: "/i/do/not/exist",
},
errString: "accessing config dir: stat /i/do/not/exist:.*",
@ -306,14 +318,14 @@ func TestAPITLSconfig(t *testing.T) {
}
func TestTLSConfig(t *testing.T) {
dir, err := ioutil.TempDir("", "garm-config-test")
dir, err := os.MkdirTemp("", "garm-config-test")
if err != nil {
t.Fatalf("failed to create temporary directory: %s", err)
}
t.Cleanup(func() { os.RemoveAll(dir) })
invalidCert := filepath.Join(dir, "invalid_cert.pem")
err = ioutil.WriteFile(invalidCert, []byte("bogus content"), 0755)
err = os.WriteFile(invalidCert, []byte("bogus content"), 0755)
if err != nil {
t.Fatalf("failed to write file: %s", err)
}
@ -396,7 +408,7 @@ func TestTLSConfig(t *testing.T) {
}
func TestDatabaseConfig(t *testing.T) {
dir, err := ioutil.TempDir("", "garm-config-test")
dir, err := os.MkdirTemp("", "garm-config-test")
if err != nil {
t.Fatalf("failed to create temporary directory: %s", err)
}
@ -503,7 +515,7 @@ func TestDatabaseConfig(t *testing.T) {
}
func TestGormParams(t *testing.T) {
dir, err := ioutil.TempDir("", "garm-config-test")
dir, err := os.MkdirTemp("", "garm-config-test")
if err != nil {
t.Fatalf("failed to create temporary directory: %s", err)
}
@ -527,7 +539,7 @@ func TestGormParams(t *testing.T) {
}
func TestSQLiteConfig(t *testing.T) {
dir, err := ioutil.TempDir("", "garm-config-test")
dir, err := os.MkdirTemp("", "garm-config-test")
if err != nil {
t.Fatalf("failed to create temporary directory: %s", err)
}
@ -676,7 +688,7 @@ func TestNewConfig(t *testing.T) {
}
func TestNewConfigEmptyConfigDir(t *testing.T) {
dirPath, err := ioutil.TempDir("", "garm-config-test")
dirPath, err := os.MkdirTemp("", "garm-config-test")
if err != nil {
t.Fatalf("failed to create temporary directory: %s", err)
}

5
config/external_test.go
View file

@ -16,7 +16,6 @@ package config
import (
"fmt"
"io/ioutil"
"os"
"path/filepath"
"testing"
@ -25,13 +24,13 @@ import (
)
func getDefaultExternalConfig(t *testing.T) External {
dir, err := ioutil.TempDir("", "garm-test")
dir, err := os.MkdirTemp("", "garm-test")
if err != nil {
t.Fatalf("failed to create temporary directory: %s", err)
}
t.Cleanup(func() { os.RemoveAll(dir) })
err = ioutil.WriteFile(filepath.Join(dir, "garm-external-provider"), []byte{}, 0755)
err = os.WriteFile(filepath.Join(dir, "garm-external-provider"), []byte{}, 0755)
if err != nil {
t.Fatalf("failed to write file: %s", err)
}

1
config/testdata/test-empty-config-dir.toml vendored
View file

@ -1,5 +1,6 @@
[default]
callback_url = "https://garm.example.com/"
metadata_url = "https://garm.example.com/"
config_dir = ""
[apiserver]

1
config/testdata/test-valid-config.toml vendored
View file

@ -1,5 +1,6 @@
[default]
callback_url = "https://garm.example.com/"
metadata_url = "https://garm.example.com/"
config_dir = "./testdata"
[apiserver]

11
contrib/providers.d/openstack/garm-external-provider
View file

@ -191,7 +191,7 @@ function repoURL() {
echo "${REPO}"
}
function getRegistrationTokenFromAPI() {
function ghAccessToken() {
TOKEN_URL=$(runnerTokenURL)
BEARER_TOKEN=$(callbackToken)
TOKEN=$(curl --fail -s -X GET -H 'Accept: application/json' -H "Authorization: Bearer ${BEARER_TOKEN}" "${TOKEN_URL}")
@ -199,15 +199,6 @@ function getRegistrationTokenFromAPI() {
echo "${TOKEN}"
}
function ghAccessToken() {
TOKEN=$(echo "$INPUT" | jq -c -r '.github_runner_access_token')
if [ -z "$TOKEN" ];then
TOKEN=$(getRegistrationTokenFromAPI)
fi
checkValNotNull "${TOKEN}" "github_runner_access_token" || return $?
echo "${TOKEN}"
}
function callbackURL() {
CB_URL=$(echo "$INPUT" | jq -c -r '."callback-url"')
checkValNotNull "${CB_URL}" "callback-url" || return $?

2
database/common/mocks/Store.go
View file

@ -1,4 +1,4 @@
// Code generated by mockery v2.14.0. DO NOT EDIT.
// Code generated by mockery v2.15.0. DO NOT EDIT.
package mocks

7
database/sql/enterprise.go
View file

@ -250,13 +250,6 @@ func (s *sqlDatabase) ListEnterpriseInstances(ctx context.Context, enterpriseID
ret := []params.Instance{}
for _, pool := range pools {
for _, instance := range pool.Instances {
if instance.GithubRegistrationToken != nil {
decodedTk, err := util.Aes256DecodeString(instance.GithubRegistrationToken, s.cfg.Passphrase)
if err != nil {
return nil, errors.Wrap(err, "decrypting GithubRegistrationToken")
}
instance.GithubRegistrationToken = []byte(decodedTk)
}
ret = append(ret, s.sqlToParamsInstance(instance))
}
}

61
database/sql/instances.go
View file

@ -16,10 +16,8 @@ package sql
import (
"context"
"fmt"
runnerErrors "garm/errors"
"garm/params"
"garm/util"
"github.com/pkg/errors"
uuid "github.com/satori/go.uuid"
@ -32,13 +30,7 @@ func (s *sqlDatabase) CreateInstance(ctx context.Context, poolID string, param p
if err != nil {
return params.Instance{}, errors.Wrap(err, "fetching pool")
}
var ghToken []byte
if param.GithubRegistrationToken != nil {
ghToken, err = util.Aes256EncodeString(string(param.GithubRegistrationToken), s.cfg.Passphrase)
if err != nil {
return params.Instance{}, fmt.Errorf("failed to encrypt gh token")
}
}
newInstance := Instance{
Pool: pool,
Name: param.Name,
@ -48,20 +40,12 @@ func (s *sqlDatabase) CreateInstance(ctx context.Context, poolID string, param p
OSArch: param.OSArch,
CallbackURL: param.CallbackURL,
MetadataURL: param.MetadataURL,
GithubRegistrationToken: ghToken,
}
q := s.conn.Create(&newInstance)
if q.Error != nil {
return params.Instance{}, errors.Wrap(q.Error, "creating instance")
}
if newInstance.GithubRegistrationToken != nil {
decodedTk, err := util.Aes256DecodeString(newInstance.GithubRegistrationToken, s.cfg.Passphrase)
if err != nil {
return params.Instance{}, errors.Wrap(err, "decrypting GithubRegistrationToken")
}
newInstance.GithubRegistrationToken = []byte(decodedTk)
}
return s.sqlToParamsInstance(newInstance), nil
}
@ -131,20 +115,6 @@ func (s *sqlDatabase) GetPoolInstanceByName(ctx context.Context, poolID string,
return params.Instance{}, errors.Wrap(err, "fetching instance")
}
if instance.GithubRegistrationToken != nil {
token, err := util.Aes256DecodeString(instance.GithubRegistrationToken, s.cfg.Passphrase)
if err != nil {
return params.Instance{}, errors.Wrap(err, "decoing token")
}
instance.GithubRegistrationToken = []byte(token)
}
if instance.GithubRegistrationToken != nil {
decodedTk, err := util.Aes256DecodeString(instance.GithubRegistrationToken, s.cfg.Passphrase)
if err != nil {
return params.Instance{}, errors.Wrap(err, "decrypting GithubRegistrationToken")
}
instance.GithubRegistrationToken = []byte(decodedTk)
}
return s.sqlToParamsInstance(instance), nil
}
@ -154,13 +124,6 @@ func (s *sqlDatabase) GetInstanceByName(ctx context.Context, instanceName string
return params.Instance{}, errors.Wrap(err, "fetching instance")
}
if instance.GithubRegistrationToken != nil {
token, err := util.Aes256DecodeString(instance.GithubRegistrationToken, s.cfg.Passphrase)
if err != nil {
return params.Instance{}, errors.Wrap(err, "decoing token")
}
instance.GithubRegistrationToken = []byte(token)
}
return s.sqlToParamsInstance(instance), nil
}
@ -246,13 +209,7 @@ func (s *sqlDatabase) UpdateInstance(ctx context.Context, instanceID string, par
return params.Instance{}, errors.Wrap(err, "updating addresses")
}
}
if instance.GithubRegistrationToken != nil {
decodedTk, err := util.Aes256DecodeString(instance.GithubRegistrationToken, s.cfg.Passphrase)
if err != nil {
return params.Instance{}, errors.Wrap(err, "decrypting GithubRegistrationToken")
}
instance.GithubRegistrationToken = []byte(decodedTk)
}
return s.sqlToParamsInstance(instance), nil
}
@ -264,13 +221,6 @@ func (s *sqlDatabase) ListPoolInstances(ctx context.Context, poolID string) ([]p
ret := make([]params.Instance, len(pool.Instances))
for idx, inst := range pool.Instances {
if inst.GithubRegistrationToken != nil {
decodedTk, err := util.Aes256DecodeString(inst.GithubRegistrationToken, s.cfg.Passphrase)
if err != nil {
return nil, errors.Wrap(err, "decrypting GithubRegistrationToken")
}
inst.GithubRegistrationToken = []byte(decodedTk)
}
ret[idx] = s.sqlToParamsInstance(inst)
}
return ret, nil
@ -285,13 +235,6 @@ func (s *sqlDatabase) ListAllInstances(ctx context.Context) ([]params.Instance,
}
ret := make([]params.Instance, len(instances))
for idx, instance := range instances {
if instance.GithubRegistrationToken != nil {
decodedTk, err := util.Aes256DecodeString(instance.GithubRegistrationToken, s.cfg.Passphrase)
if err != nil {
return nil, errors.Wrap(err, "decrypting GithubRegistrationToken")
}
instance.GithubRegistrationToken = []byte(decodedTk)
}
ret[idx] = s.sqlToParamsInstance(instance)
}
return ret, nil

1
database/sql/models.go
View file

@ -141,7 +141,6 @@ type Instance struct {
MetadataURL string
ProviderFault []byte `gorm:"type:longblob"`
CreateAttempt int
GithubRegistrationToken []byte `gorm:"type:longblob"`
PoolID uuid.UUID
Pool Pool `gorm:"foreignKey:PoolID"`

7
database/sql/organizations.go
View file

@ -255,13 +255,6 @@ func (s *sqlDatabase) ListOrgInstances(ctx context.Context, orgID string) ([]par
ret := []params.Instance{}
for _, pool := range pools {
for _, instance := range pool.Instances {
if instance.GithubRegistrationToken != nil {
decodedTk, err := util.Aes256DecodeString(instance.GithubRegistrationToken, s.cfg.Passphrase)
if err != nil {
return nil, errors.Wrap(err, "decrypting GithubRegistrationToken")
}
instance.GithubRegistrationToken = []byte(decodedTk)
}
ret = append(ret, s.sqlToParamsInstance(instance))
}
}

7
database/sql/repositories.go
View file

@ -264,13 +264,6 @@ func (s *sqlDatabase) ListRepoInstances(ctx context.Context, repoID string) ([]p
ret := []params.Instance{}
for _, pool := range pools {
for _, instance := range pool.Instances {
if instance.GithubRegistrationToken != nil {
decodedTk, err := util.Aes256DecodeString(instance.GithubRegistrationToken, s.cfg.Passphrase)
if err != nil {
return nil, errors.Wrap(err, "decrypting GithubRegistrationToken")
}
instance.GithubRegistrationToken = []byte(decodedTk)
}
ret = append(ret, s.sqlToParamsInstance(instance))
}
}

1
database/sql/util.go
View file

@ -45,7 +45,6 @@ func (s *sqlDatabase) sqlToParamsInstance(instance Instance) params.Instance {
StatusMessages: []params.StatusMessage{},
CreateAttempt: instance.CreateAttempt,
UpdatedAt: instance.UpdatedAt,
GithubRegistrationToken: instance.GithubRegistrationToken,
}
if len(instance.ProviderFault) > 0 {

4
params/params.go
View file

@ -79,7 +79,6 @@ type Instance struct {
CallbackURL string `json:"-"`
MetadataURL string `json:"-"`
CreateAttempt int `json:"-"`
GithubRegistrationToken []byte `json:"-"`
}
func (i Instance) GetName() string {
@ -95,9 +94,6 @@ type BootstrapInstance struct {
Tools []*github.RunnerApplicationDownload `json:"tools"`
// RepoURL is the URL the github runner agent needs to configure itself.
RepoURL string `json:"repo_url"`
// GithubRunnerAccessToken is the token we fetch from github to allow the runner to
// register itself.
GithubRunnerAccessToken string `json:"github_runner_access_token"`
// CallbackUrl is the URL where the instance can send a post, signaling
// progress or status.
CallbackURL string `json:"callback-url"`

2
runner/common/mocks/GithubClient.go
View file

@ -1,4 +1,4 @@
// Code generated by mockery v2.14.0. DO NOT EDIT.
// Code generated by mockery v2.15.0. DO NOT EDIT.
package mocks

2
runner/common/mocks/GithubEnterpriseClient.go
View file

@ -1,4 +1,4 @@
// Code generated by mockery v2.14.0. DO NOT EDIT.
// Code generated by mockery v2.15.0. DO NOT EDIT.
package mocks

23
runner/common/mocks/PoolManager.go
View file

@ -1,4 +1,4 @@
// Code generated by mockery v2.14.0. DO NOT EDIT.
// Code generated by mockery v2.15.0. DO NOT EDIT.
package mocks
@ -27,6 +27,27 @@ func (_m *PoolManager) ForceDeleteRunner(runner params.Instance) error {
return r0
}
// GithubRunnerRegistrationToken provides a mock function with given fields:
func (_m *PoolManager) GithubRunnerRegistrationToken() (string, error) {
ret := _m.Called()
var r0 string
if rf, ok := ret.Get(0).(func() string); ok {
r0 = rf()
} else {
r0 = ret.Get(0).(string)
}
var r1 error
if rf, ok := ret.Get(1).(func() error); ok {
r1 = rf()
} else {
r1 = ret.Error(1)
}
return r0, r1
}
// HandleWorkflowJob provides a mock function with given fields: job
func (_m *PoolManager) HandleWorkflowJob(job params.WorkflowJob) error {
ret := _m.Called(job)

2
runner/common/mocks/Provider.go
View file

@ -1,4 +1,4 @@
// Code generated by mockery v2.14.0. DO NOT EDIT.
// Code generated by mockery v2.15.0. DO NOT EDIT.
package mocks

1
runner/common/pool.go
View file

@ -43,6 +43,7 @@ const (
type PoolManager interface {
ID() string
WebhookSecret() string
GithubRunnerRegistrationToken() (string, error)
HandleWorkflowJob(job params.WorkflowJob) error
RefreshState(param params.UpdatePoolStateParams) error
ForceDeleteRunner(runner params.Instance) error

2
runner/mocks/PoolManagerController.go
View file

@ -1,4 +1,4 @@
// Code generated by mockery v2.14.0. DO NOT EDIT.
// Code generated by mockery v2.15.0. DO NOT EDIT.
package mocks

21
runner/pool/pool.go
View file

@ -522,19 +522,6 @@ func (r *basePoolManager) addInstanceToProvider(instance params.Instance) error
labels = append(labels, r.controllerLabel())
labels = append(labels, r.poolLabel(pool.ID))
if instance.GithubRegistrationToken == nil {
tk, err := r.helper.GetGithubRegistrationToken()
if err != nil {
if errors.Is(err, runnerErrors.ErrUnauthorized) {
failureReason := fmt.Sprintf("failed to fetch registration token: %q", err)
r.setPoolRunningState(false, failureReason)
log.Print(failureReason)
}
return errors.Wrap(err, "fetching registration token")
}
instance.GithubRegistrationToken = []byte(tk)
}
jwtValidity := pool.RunnerTimeout()
var poolType common.PoolType = common.RepositoryPool
if pool.OrgID != "" {
@ -562,10 +549,6 @@ func (r *basePoolManager) addInstanceToProvider(instance params.Instance) error
CACertBundle: r.credsDetails.CABundle,
}
if instance.MetadataURL == "" {
bootstrapArgs.GithubRunnerAccessToken = string(instance.GithubRegistrationToken)
}
var instanceIDToDelete string
defer func() {
@ -986,6 +969,10 @@ func (r *basePoolManager) WebhookSecret() string {
return r.helper.WebhookSecret()
}
func (r *basePoolManager) GithubRunnerRegistrationToken() (string, error) {
return r.helper.GetGithubRegistrationToken()
}
func (r *basePoolManager) ID() string {
return r.helper.ID()
}

1
runner/providers/external/util.go vendored
View file

@ -29,7 +29,6 @@ func bootstrapParamsToEnv(param params.BootstrapInstance) []string {
fmt.Sprintf("%s_BOOTSTRAP_CALLBACK_URL='%s'", envPrefix, param.CallbackURL),
fmt.Sprintf("%s_BOOTSTRAP_REPO_URL='%s'", envPrefix, param.RepoURL),
fmt.Sprintf("%s_BOOTSTRAP_LABELS='%s'", envPrefix, strings.Join(param.Labels, ",")),
fmt.Sprintf("%s_BOOTSTRAP_GITHUB_ACCESS_TOKEN='%s'", envPrefix, param.GithubRunnerAccessToken),
}
for idx, tool := range param.Tools {

102
runner/runner.go
View file

@ -724,8 +724,8 @@ func (r *Runner) AddInstanceStatusMessage(ctx context.Context, param params.Inst
}
func (r *Runner) GetInstanceGithubRegistrationToken(ctx context.Context) (string, error) {
instanceID := auth.InstanceID(ctx)
if instanceID == "" {
instanceName := auth.InstanceName(ctx)
if instanceName == "" {
return "", runnerErrors.ErrUnauthorized
}
@ -733,10 +733,65 @@ func (r *Runner) GetInstanceGithubRegistrationToken(ctx context.Context) (string
if status != providerCommon.RunnerPending && status != providerCommon.RunnerInstalling {
return "", runnerErrors.ErrUnauthorized
}
token := auth.InstanceGithubToken(ctx)
instance, err := r.store.GetInstanceByName(ctx, instanceName)
if err != nil {
return "", errors.Wrap(err, "fetching instance")
}
poolMgr, err := r.getPoolManagerFromInstance(ctx, instance)
if err != nil {
return "", errors.Wrap(err, "fetching pool manager for instance")
}
token, err := poolMgr.GithubRunnerRegistrationToken()
if err != nil {
return "", errors.Wrap(err, "fetching runner token")
}
return token, nil
}
func (r *Runner) getPoolManagerFromInstance(ctx context.Context, instance params.Instance) (common.PoolManager, error) {
pool, err := r.store.GetPoolByID(ctx, instance.PoolID)
if err != nil {
return nil, errors.Wrap(err, "fetching pool")
}
var poolMgr common.PoolManager
if pool.RepoID != "" {
repo, err := r.store.GetRepositoryByID(ctx, pool.RepoID)
if err != nil {
return nil, errors.Wrap(err, "fetching repo")
}
poolMgr, err = r.findRepoPoolManager(repo.Owner, repo.Name)
if err != nil {
return nil, errors.Wrapf(err, "fetching pool manager for repo %s", pool.RepoName)
}
} else if pool.OrgID != "" {
org, err := r.store.GetOrganizationByID(ctx, pool.OrgID)
if err != nil {
return nil, errors.Wrap(err, "fetching org")
}
poolMgr, err = r.findOrgPoolManager(org.Name)
if err != nil {
return nil, errors.Wrapf(err, "fetching pool manager for org %s", pool.OrgName)
}
} else if pool.EnterpriseID != "" {
enterprise, err := r.store.GetEnterpriseByID(ctx, pool.EnterpriseID)
if err != nil {
return nil, errors.Wrap(err, "fetching enterprise")
}
poolMgr, err = r.findEnterprisePoolManager(enterprise.Name)
if err != nil {
return nil, errors.Wrapf(err, "fetching pool manager for enterprise %s", pool.EnterpriseName)
}
}
return poolMgr, nil
}
func (r *Runner) ForceDeleteRunner(ctx context.Context, instanceName string) error {
if !auth.IsAdmin(ctx) {
return runnerErrors.ErrUnauthorized
@ -747,46 +802,9 @@ func (r *Runner) ForceDeleteRunner(ctx context.Context, instanceName string) err
return errors.Wrap(err, "fetching instance")
}
switch instance.Status {
case providerCommon.InstanceRunning, providerCommon.InstanceError:
default:
return runnerErrors.NewBadRequestError("runner must be in %q or %q state", providerCommon.InstanceRunning, providerCommon.InstanceError)
}
pool, err := r.store.GetPoolByID(ctx, instance.PoolID)
poolMgr, err := r.getPoolManagerFromInstance(ctx, instance)
if err != nil {
return errors.Wrap(err, "fetching pool")
}
var poolMgr common.PoolManager
if pool.RepoID != "" {
repo, err := r.store.GetRepositoryByID(ctx, pool.RepoID)
if err != nil {
return errors.Wrap(err, "fetching repo")
}
poolMgr, err = r.findRepoPoolManager(repo.Owner, repo.Name)
if err != nil {
return errors.Wrapf(err, "fetching pool manager for repo %s", pool.RepoName)
}
} else if pool.OrgID != "" {
org, err := r.store.GetOrganizationByID(ctx, pool.OrgID)
if err != nil {
return errors.Wrap(err, "fetching org")
}
poolMgr, err = r.findOrgPoolManager(org.Name)
if err != nil {
return errors.Wrapf(err, "fetching pool manager for org %s", pool.OrgName)
}
} else if pool.EnterpriseID != "" {
enterprise, err := r.store.GetEnterpriseByID(ctx, pool.EnterpriseID)
if err != nil {
return errors.Wrap(err, "fetching enterprise")
}
poolMgr, err = r.findEnterprisePoolManager(enterprise.Name)
if err != nil {
return errors.Wrapf(err, "fetching pool manager for enterprise %s", pool.EnterpriseName)
}
return errors.Wrap(err, "fetching pool manager for instance")
}
if err := poolMgr.ForceDeleteRunner(instance); err != nil {

5
util/util.go
View file

@ -222,11 +222,6 @@ func GetCloudConfig(bootstrapParams params.BootstrapInstance, tools github.Runne
CallbackToken: bootstrapParams.InstanceToken,
}
if bootstrapParams.MetadataURL == "" {
// Token URL is not set. Add the GH runner registration token to userdata.
installRunnerParams.GithubToken = bootstrapParams.GithubRunnerAccessToken
}
installScript, err := cloudconfig.InstallRunnerScript(installRunnerParams)
if err != nil {
return "", errors.Wrap(err, "generating script")