From 85968598b0d6258e813e5d20cc578e512f67c37d Mon Sep 17 00:00:00 2001 From: Gabriel Adrian Samfira Date: Mon, 11 Dec 2023 12:37:33 +0000 Subject: [PATCH] Add option to disable JIT config This change adds a flag on providers that allows users to disable JIT configuration even when it's available. For context, JIT is available on github.com and any GHES instance >=3.10. This option is a stopgap measure for providers that have not yet been updated to use JIT configs instead of runner registration tokens. Signed-off-by: Gabriel Adrian Samfira --- config/config.go | 8 ++++++-- runner/common/mocks/Provider.go | 14 ++++++++++++++ runner/common/provider.go | 4 ++++ runner/pool/pool.go | 19 +++++++++++++++---- runner/providers/external/external.go | 10 ++++++++++ runner/providers/lxd/lxd.go | 10 ++++++++++ 6 files changed, 59 insertions(+), 6 deletions(-) diff --git a/config/config.go b/config/config.go index 15c349da..adab7fa0 100644 --- a/config/config.go +++ b/config/config.go @@ -219,8 +219,12 @@ type Provider struct { Name string `toml:"name" json:"name"` ProviderType params.ProviderType `toml:"provider_type" json:"provider-type"` Description string `toml:"description" json:"description"` - LXD LXD `toml:"lxd" json:"lxd"` - External External `toml:"external" json:"external"` + // DisableJITConfig explicitly disables JIT configuration and forces runner registration + // tokens to be used. This may happen if a provider has not yet been updated to support + // JIT configuration. + DisableJITConfig bool `toml:"disable_jit_config" json:"disable-jit-config"` + LXD LXD `toml:"lxd" json:"lxd"` + External External `toml:"external" json:"external"` } func (p *Provider) Validate() error { diff --git a/runner/common/mocks/Provider.go b/runner/common/mocks/Provider.go index 53ee2c95..4c9d5727 100644 --- a/runner/common/mocks/Provider.go +++ b/runner/common/mocks/Provider.go @@ -68,6 +68,20 @@ func (_m *Provider) DeleteInstance(ctx context.Context, instance string) error { return r0 } +// DisableJITConfig provides a mock function with given fields: +func (_m *Provider) DisableJITConfig() bool { + ret := _m.Called() + + var r0 bool + if rf, ok := ret.Get(0).(func() bool); ok { + r0 = rf() + } else { + r0 = ret.Get(0).(bool) + } + + return r0 +} + // GetInstance provides a mock function with given fields: ctx, instance func (_m *Provider) GetInstance(ctx context.Context, instance string) (garm_provider_commonparams.ProviderInstance, error) { ret := _m.Called(ctx, instance) diff --git a/runner/common/provider.go b/runner/common/provider.go index 1cdb7fbe..3a45bba9 100644 --- a/runner/common/provider.go +++ b/runner/common/provider.go @@ -37,6 +37,10 @@ type Provider interface { Stop(ctx context.Context, instance string, force bool) error // Start boots up an instance. Start(ctx context.Context, instance string) error + // DisableJITConfig tells us if the provider explicitly disables JIT configuration and + // forces runner registration tokens to be used. This may happen if a provider has not yet + // been updated to support JIT configuration. + DisableJITConfig() bool AsParams() params.Provider } diff --git a/runner/pool/pool.go b/runner/pool/pool.go index adc46af7..508b41f4 100644 --- a/runner/pool/pool.go +++ b/runner/pool/pool.go @@ -693,12 +693,23 @@ func (r *basePoolManager) AddRunner(ctx context.Context, poolID string, aditiona return errors.Wrap(err, "fetching pool") } + provider, ok := r.providers[pool.ProviderName] + if !ok { + return fmt.Errorf("unknown provider %s for pool %s", pool.ProviderName, pool.ID) + } + name := fmt.Sprintf("%s-%s", pool.GetRunnerPrefix(), util.NewID()) labels := r.getLabelsForInstance(pool) - // Attempt to create JIT config - jitConfig, runner, err := r.helper.GetJITConfig(ctx, name, pool, labels) - if err != nil { - r.log("failed to get JIT config, falling back to registration token: %s", err) + + jitConfig := make(map[string]string) + var runner *github.Runner + + if !provider.DisableJITConfig() { + // Attempt to create JIT config + jitConfig, runner, err = r.helper.GetJITConfig(ctx, name, pool, labels) + if err != nil { + r.log("failed to get JIT config, falling back to registration token: %s", err) + } } createParams := params.CreateInstanceParams{ diff --git a/runner/providers/external/external.go b/runner/providers/external/external.go index 3e58e0cd..bf4cd3fc 100644 --- a/runner/providers/external/external.go +++ b/runner/providers/external/external.go @@ -242,3 +242,13 @@ func (e *external) AsParams() params.Provider { ProviderType: e.cfg.ProviderType, } } + +// DisableJITConfig tells us if the provider explicitly disables JIT configuration and +// forces runner registration tokens to be used. This may happen if a provider has not yet +// been updated to support JIT configuration. +func (e *external) DisableJITConfig() bool { + if e.cfg == nil { + return false + } + return e.cfg.DisableJITConfig +} diff --git a/runner/providers/lxd/lxd.go b/runner/providers/lxd/lxd.go index 0ce490b6..f5aba1b6 100644 --- a/runner/providers/lxd/lxd.go +++ b/runner/providers/lxd/lxd.go @@ -518,3 +518,13 @@ func (l *LXD) Stop(ctx context.Context, instance string, force bool) error { func (l *LXD) Start(ctx context.Context, instance string) error { return l.setState(instance, "start", false) } + +// DisableJITConfig tells us if the provider explicitly disables JIT configuration and +// forces runner registration tokens to be used. This may happen if a provider has not yet +// been updated to support JIT configuration. +func (l *LXD) DisableJITConfig() bool { + if l.cfg == nil { + return false + } + return l.cfg.DisableJITConfig +}