feat: add option to use a pre-registered Runner

[kayman-mk]

Description

GitLab announced then Next GitLab Runner Token Architecture. Runners have to be registered manually.

This PR adds a new import parameter runner_gitlab.preregistered_runner_token_ssm_parameter_name holding the name of a SSM parameter (type: SecuredString). This parameter contains the GitLab Runner token obtained from GitLab. All other registration methods will still work, but have been marked as deprecated and will be removed with v8.0.0 end of the year.

This also solves the problems with Runners removed from GitLab at shutdown, resulting in new Runners not able to start.

Closes #1074 and #1109

Verification

• [x] deployed the module using the new registration version. Runner is online.
• [x] deployed the module using the old authentication schema. Runner is online.

[github-actions[bot]]

Hey @kayman-mk! 👋

Thank you for your contribution to the project. Please refer to the contribution rules for a quick overview of the process.

Make sure that this PR clearly explains:

• the problem being solved
• the best way a reviewer and you can test your changes

With submitting this PR you confirm that you hold the rights of the code added and agree that it will published under this LICENSE.

The following ChatOps commands are supported:

• /help: notifies a maintainer to help you out

Simply add a comment with the command in the first line. If you need to pass more information, separate it with a blank line from the command.

This message was generated automatically. You are welcome to improve it.

[kayman-mk]

We already have several options to configure the Runner registration. I used a new parameter to be able to remove all the old methods easily with v8.0.0

[kayman-mk]

@woz5999 @lpsm-nuageit Can you please have a quick look here? Are there any better names for the new variable coming into your mind?

[github-actions[bot]]

🦙 MegaLinter status: ✅ SUCCESS

Descriptor	Linter	Files	Fixed	Errors	Elapsed time
✅ COPYPASTE	jscpd	yes		no	1.54s
✅ MARKDOWN	markdownlint	1	0	0	0.6s
✅ MARKDOWN	markdown-link-check	1		0	1.46s
✅ REPOSITORY	checkov	yes		no	16.16s
✅ REPOSITORY	dustilock	yes		no	0.28s
✅ REPOSITORY	gitleaks	yes		no	1.36s
✅ REPOSITORY	git_diff	yes		no	0.01s
✅ REPOSITORY	grype	yes		no	10.61s
✅ REPOSITORY	secretlint	yes		no	1.27s
✅ REPOSITORY	syft	yes		no	0.2s
✅ REPOSITORY	trivy-sbom	yes		no	1.53s
✅ REPOSITORY	trufflehog	yes		no	7.71s
✅ SPELL	cspell	14		0	3.46s
✅ TERRAFORM	terraform-fmt	12	0	0	0.76s

See detailed report in MegaLinter reports _Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff_

_MegaLinter is graciously provided by _

[kayman-mk]

Still to do: update examples to new registration method, update docs and describe new registration method

EDIT: done

[lpsm-nuageit]

@kayman-mk I believe we can use the same config nomenclatures that gitlab runner uses in the helm chart version.

But since we're in a different stream, I think the name preregistered_runner_token_ssm_parameter_name makes more sense and avoids ambiguity.

[woz5999]

This all looks reasonable to me

[czomo]

Are there any plans to support AWS Secret Manager as secret store for Gitlab tokens?

[bck01215]

The docs are still unclear to me (new to project) preregistered_runner_token_ssm_parameter_name gets created so it can't exist beforehand. Does that mean I need to pass the token into the resource after it's created?