diff options
Diffstat (limited to 'app/graphql/mutations/ci')
-rw-r--r-- | app/graphql/mutations/ci/ci_cd_settings_update.rb | 4 | ||||
-rw-r--r-- | app/graphql/mutations/ci/runner/delete.rb | 44 | ||||
-rw-r--r-- | app/graphql/mutations/ci/runner/update.rb | 68 | ||||
-rw-r--r-- | app/graphql/mutations/ci/runners_registration_token/reset.rb | 66 |
4 files changed, 182 insertions, 0 deletions
diff --git a/app/graphql/mutations/ci/ci_cd_settings_update.rb b/app/graphql/mutations/ci/ci_cd_settings_update.rb index a484c2438a4..0973e9beae3 100644 --- a/app/graphql/mutations/ci/ci_cd_settings_update.rb +++ b/app/graphql/mutations/ci/ci_cd_settings_update.rb @@ -17,6 +17,10 @@ module Mutations required: false, description: 'Indicates if the latest artifact should be kept for this project.' + argument :job_token_scope_enabled, GraphQL::BOOLEAN_TYPE, + required: false, + description: 'Indicates CI job tokens generated in this project have restricted access to resources.' + field :ci_cd_settings, Types::Ci::CiCdSettingType, null: false, diff --git a/app/graphql/mutations/ci/runner/delete.rb b/app/graphql/mutations/ci/runner/delete.rb new file mode 100644 index 00000000000..8d9a5f15505 --- /dev/null +++ b/app/graphql/mutations/ci/runner/delete.rb @@ -0,0 +1,44 @@ +# frozen_string_literal: true + +module Mutations + module Ci + module Runner + class Delete < BaseMutation + graphql_name 'RunnerDelete' + + authorize :delete_runner + + RunnerID = ::Types::GlobalIDType[::Ci::Runner] + + argument :id, RunnerID, + required: true, + description: 'ID of the runner to delete.' + + def resolve(id:, **runner_attrs) + runner = authorized_find!(id) + + error = authenticate_delete_runner!(runner) + return { errors: [error] } if error + + runner.destroy! + + { errors: runner.errors.full_messages } + end + + def authenticate_delete_runner!(runner) + return if current_user.can_admin_all_resources? + + "Runner #{runner.to_global_id} associated with more than one project" if runner.projects.count > 1 + end + + def find_object(id) + # TODO: remove this line when the compatibility layer is removed + # See: https://gitlab.com/gitlab-org/gitlab/-/issues/257883 + id = RunnerID.coerce_isolated_input(id) + + GitlabSchema.find_by_gid(id) + end + end + end + end +end diff --git a/app/graphql/mutations/ci/runner/update.rb b/app/graphql/mutations/ci/runner/update.rb new file mode 100644 index 00000000000..5b61b2ffc0d --- /dev/null +++ b/app/graphql/mutations/ci/runner/update.rb @@ -0,0 +1,68 @@ +# frozen_string_literal: true + +module Mutations + module Ci + module Runner + class Update < BaseMutation + graphql_name 'RunnerUpdate' + + authorize :update_runner + + RunnerID = ::Types::GlobalIDType[::Ci::Runner] + + argument :id, RunnerID, + required: true, + description: 'ID of the runner to update.' + + argument :description, GraphQL::STRING_TYPE, + required: false, + description: 'Description of the runner.' + + argument :maximum_timeout, GraphQL::INT_TYPE, + required: false, + description: 'Maximum timeout (in seconds) for jobs processed by the runner.' + + argument :access_level, ::Types::Ci::RunnerAccessLevelEnum, + required: false, + description: 'Access level of the runner.' + + argument :active, GraphQL::BOOLEAN_TYPE, + required: false, + description: 'Indicates the runner is allowed to receive jobs.' + + argument :locked, GraphQL::BOOLEAN_TYPE, required: false, + description: 'Indicates the runner is locked.' + + argument :run_untagged, GraphQL::BOOLEAN_TYPE, + required: false, + description: 'Indicates the runner is able to run untagged jobs.' + + argument :tag_list, [GraphQL::STRING_TYPE], required: false, + description: 'Tags associated with the runner.' + + field :runner, + Types::Ci::RunnerType, + null: true, + description: 'The runner after mutation.' + + def resolve(id:, **runner_attrs) + runner = authorized_find!(id) + + unless ::Ci::UpdateRunnerService.new(runner).update(runner_attrs) + return { runner: nil, errors: runner.errors.full_messages } + end + + { runner: runner, errors: [] } + end + + def find_object(id) + # TODO: remove this line when the compatibility layer is removed + # See: https://gitlab.com/gitlab-org/gitlab/-/issues/257883 + id = RunnerID.coerce_isolated_input(id) + + GitlabSchema.find_by_gid(id) + end + end + end + end +end diff --git a/app/graphql/mutations/ci/runners_registration_token/reset.rb b/app/graphql/mutations/ci/runners_registration_token/reset.rb new file mode 100644 index 00000000000..e1cdd9a22a5 --- /dev/null +++ b/app/graphql/mutations/ci/runners_registration_token/reset.rb @@ -0,0 +1,66 @@ +# frozen_string_literal: true + +module Mutations + module Ci + module RunnersRegistrationToken + class Reset < BaseMutation + graphql_name 'RunnersRegistrationTokenReset' + + authorize :update_runners_registration_token + + ScopeID = ::GraphQL::ID_TYPE + + argument :type, ::Types::Ci::RunnerTypeEnum, + required: true, + description: 'Scope of the object to reset the token for.' + + argument :id, ScopeID, + required: false, + description: 'ID of the project or group to reset the token for. Omit if resetting instance runner token.' + + field :token, + GraphQL::STRING_TYPE, + null: true, + description: 'The runner token after mutation.' + + def resolve(**args) + { + token: reset_token(**args), + errors: [] + } + end + + private + + def find_object(type:, **args) + id = args[:id] + + case type + when 'group_type' + GitlabSchema.object_from_id(id, expected_type: ::Group) + when 'project_type' + GitlabSchema.object_from_id(id, expected_type: ::Project) + end + end + + def reset_token(type:, **args) + id = args[:id] + + case type + when 'instance_type' + raise Gitlab::Graphql::Errors::ArgumentError, "id must not be specified for '#{type}' scope" if id.present? + + authorize!(:global) + + ApplicationSetting.current.reset_runners_registration_token! + ApplicationSetting.current_without_cache.runners_registration_token + when 'group_type', 'project_type' + project_or_group = authorized_find!(type: type, id: id) + project_or_group.reset_runners_token! + project_or_group.runners_token + end + end + end + end + end +end |