Skip to content

Mask runner token in QA tests

Mark Lapierre requested to merge ml-mask-runner-token into master

What does this MR do and why?

Masks the registration token used in QA tests to prevent accidentally revealing tokens in public logs.

In most cases our tests use project-specific runners, and the runner is a container that's removed when the test is finished, so there's little opportunity for abuse.

However, some tests use group runners, which keep the same registration token until they're rotated.

Screenshots or screen recordings

Logs and test failure reports that include the runner registration command will appear as:

QA::Service::Shellout::CommandError:
            Command: `docker run -d --rm --network test --name qa-runner-1658277745  --privileged registry.gitlab.com/gitlab-org/gitlab-runner:alpine   && docker exec --detach qa-runner-1658277745 sh -c "printf 'concurrent = 1\ncheck_interval = 0\n\n[session_server]\n  session_timeout = 1800' > /etc/gitlab-runner/config.toml && gitlab-runner register   --non-interactive --name qa-runner-1658277745 --url http://192.168.50.25:3000 --registration-token **** --tag-list qa-runner-1658277745 --executor shell && gitlab-runner run" ` failed! ✘

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Mark Lapierre

Merge request reports

Loading