Allow project developers to read runners
What does this MR do and why?
This MR adjusts the Ci::RunnerPolicy
to allow users to read runners (:read_runner
) and runner managers (read_runner_manager
) associated with projects on which they are developers, either directly or indirectly.
Fixes #424239 (closed)
Changelog: fixed
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
Before | After |
---|---|
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
The goal will be to create a runner on a project (gitlab-org/gitlab-test
) on which a user (@gudrun.boehm
) is not directly a maintainer. This is currently not allowed on master
.
- As
root
on your local GDK (http://gdk.test:3000/) - Create a group, e.g.
maintainers
(http://gdk.test:3000/groups/new) - Add
@gudrun.boehm
to themaintainers
group withmaintainer
permissions (clickInvite members
in http://gdk.test:3000/groups/maintainers/-/group_members?sort=last_joined) - Add the
maintainers
group withmaintainer
permissions to thegitlab-org/gitlab-test
project in its admin area (clickInvite group
in http://gdk.test:3000/gitlab-org/gitlab-test/-/project_members) - Impersonate
@gudrun.boehm
(http://gdk.test:3000/admin/users/gudrun.boehm) - Go to the Runners section in
Settings > CI/CD
(http://gdk.test:3000/gitlab-org/gitlab-test/-/settings/ci_cd) - Click on
New project runner
- Click on
Run untagged jobs
(otherwise you'll have to enter some tags) - Click on
Create runner
You should see a Runner created.
message:
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.