Project runners should have a clear root project
Problem
Our current model for Project runners allows users to link runners to multiple projects without a clear root project (where the runner stemmed from).
During the lifetime of a runner, it can be "passed around" between different projects, leading to poor accountability, and a weak permission model.
We already prevent users from removing deleting runners that belong to multiple projects, which leads to odd policy descriptions. See: !82023 (merged)
Proposal
Comes from: #345348 (comment 731608888)
Also from: #355766 (comment 876469262)
Project runners could have a clearer audit trail is by having the project that a runner registered as its root project
. Users could link other projects to it but the root project
cannot be changed (same as we have with groups).
From | To |
class Runner has_many :runner_projects # 1..* |
class Runner has_one :owner_project # 1..1 has_many :runner_projects # 0..* / optional |
The owners/maintainers of a project would get to administer their runners (updating them, deleting them, etc...), while owners of the other projects can only subscribe to the specific runner. This would benefit us because the permission model is more clear, a runner can only belong to a project, so users cannot "steal" runners.
We talked through this in #355766 (comment 876469262) as well, and this would allow us to take a step in the right direction to solve the association problem with runners today. It isn't clear where a project runner stems from, which makes it difficult to fix problems with that runner/locate the person/project responsible for managing that runner. (Note: The owner
would be the actual user who registers the runner, which is different than this issue)
The actual deprecations would be:
- If the
root project
of a runner is deleted, the deletion would have to include all runners that were registered by that project. - Once a project runner is registered to a project, this cannot be changed.
- Users of projects would be not able to update runners from other projects.
To find out which is the root project for a given runner, we can run the following query:
SELECT project_id
FROM ci_runner_projects
WHERE runner_id = ?
ORDER BY id
LIMIT 1