Add option to disable JIT config

This change adds a flag on providers that allows users to disable JIT
configuration even when it's available. For context, JIT is available
on github.com and any GHES instance >=3.10.

This option is a stopgap measure for providers that have not yet been
updated to use JIT configs instead of runner registration tokens.

Signed-off-by: Gabriel Adrian Samfira <gsamfira@cloudbasesolutions.com>

config/config.go

@@ -219,8 +219,12 @@ type Provider struct {
 	Name         string              `toml:"name" json:"name"`
 	ProviderType params.ProviderType `toml:"provider_type" json:"provider-type"`
 	Description  string              `toml:"description" json:"description"`
-	LXD          LXD                 `toml:"lxd" json:"lxd"`
-	External     External            `toml:"external" json:"external"`
+	// DisableJITConfig explicitly disables JIT configuration and forces runner registration
+	// tokens to be used. This may happen if a provider has not yet been updated to support
+	// JIT configuration.
+	DisableJITConfig bool     `toml:"disable_jit_config" json:"disable-jit-config"`
+	LXD              LXD      `toml:"lxd" json:"lxd"`
+	External         External `toml:"external" json:"external"`
 }
 
 func (p *Provider) Validate() error {

runner/common/provider.go

@@ -37,6 +37,10 @@ type Provider interface {
 	Stop(ctx context.Context, instance string, force bool) error
 	// Start boots up an instance.
 	Start(ctx context.Context, instance string) error
+	// DisableJITConfig tells us if the provider explicitly disables JIT configuration and
+	// forces runner registration tokens to be used. This may happen if a provider has not yet
+	// been updated to support JIT configuration.
+	DisableJITConfig() bool
 
 	AsParams() params.Provider
 }

runner/pool/pool.go

@@ -693,12 +693,23 @@ func (r *basePoolManager) AddRunner(ctx context.Context, poolID string, aditiona
 		return errors.Wrap(err, "fetching pool")
 	}
 
+	provider, ok := r.providers[pool.ProviderName]
+	if !ok {
+		return fmt.Errorf("unknown provider %s for pool %s", pool.ProviderName, pool.ID)
+	}
+
 	name := fmt.Sprintf("%s-%s", pool.GetRunnerPrefix(), util.NewID())
 	labels := r.getLabelsForInstance(pool)
-	// Attempt to create JIT config
-	jitConfig, runner, err := r.helper.GetJITConfig(ctx, name, pool, labels)
-	if err != nil {
-		r.log("failed to get JIT config, falling back to registration token: %s", err)
+
+	jitConfig := make(map[string]string)
+	var runner *github.Runner
+
+	if !provider.DisableJITConfig() {
+		// Attempt to create JIT config
+		jitConfig, runner, err = r.helper.GetJITConfig(ctx, name, pool, labels)
+		if err != nil {
+			r.log("failed to get JIT config, falling back to registration token: %s", err)
+		}
 	}
 
 	createParams := params.CreateInstanceParams{

runner/providers/external/external.go

@@ -242,3 +242,13 @@ func (e *external) AsParams() params.Provider {
 		ProviderType: e.cfg.ProviderType,
 	}
 }
+
+// DisableJITConfig tells us if the provider explicitly disables JIT configuration and
+// forces runner registration tokens to be used. This may happen if a provider has not yet
+// been updated to support JIT configuration.
+func (e *external) DisableJITConfig() bool {
+	if e.cfg == nil {
+		return false
+	}
+	return e.cfg.DisableJITConfig
+}

runner/providers/lxd/lxd.go

@@ -518,3 +518,13 @@ func (l *LXD) Stop(ctx context.Context, instance string, force bool) error {
 func (l *LXD) Start(ctx context.Context, instance string) error {
 	return l.setState(instance, "start", false)
 }
+
+// DisableJITConfig tells us if the provider explicitly disables JIT configuration and
+// forces runner registration tokens to be used. This may happen if a provider has not yet
+// been updated to support JIT configuration.
+func (l *LXD) DisableJITConfig() bool {
+	if l.cfg == nil {
+		return false
+	}
+	return l.cfg.DisableJITConfig
+}