From 97b2254146a4296e755a6c5fcae3cb9e5682c28d Mon Sep 17 00:00:00 2001
From: Tingluo Huang <tingluohuang@github.com>
Date: Wed, 3 Sep 2025 17:09:17 -0400
Subject: [PATCH] Break UseV2Flow into UseV2Flow and UseRunnerAdminFlow.
 (#4013)

---
 src/Runner.Common/ConfigurationStore.cs       |  3 ++
 .../Configuration/ConfigurationManager.cs     | 45 +++++++++----------
 .../Configuration/CredentialManager.cs        |  2 +-
 3 files changed, 26 insertions(+), 24 deletions(-)

diff --git a/src/Runner.Common/ConfigurationStore.cs b/src/Runner.Common/ConfigurationStore.cs
index 8d47f96c0..5418fcc51 100644
--- a/src/Runner.Common/ConfigurationStore.cs
+++ b/src/Runner.Common/ConfigurationStore.cs
@@ -53,6 +53,9 @@ namespace GitHub.Runner.Common
         [DataMember(EmitDefaultValue = false)]
         public bool UseV2Flow { get; set; }
 
+        [DataMember(EmitDefaultValue = false)]
+        public bool UseRunnerAdminFlow { get; set; }
+
         [DataMember(EmitDefaultValue = false)]
         public string ServerUrlV2 { get; set; }
 
diff --git a/src/Runner.Listener/Configuration/ConfigurationManager.cs b/src/Runner.Listener/Configuration/ConfigurationManager.cs
index c3da7f8e5..d30eb72ad 100644
--- a/src/Runner.Listener/Configuration/ConfigurationManager.cs
+++ b/src/Runner.Listener/Configuration/ConfigurationManager.cs
@@ -153,8 +153,8 @@ namespace GitHub.Runner.Listener.Configuration
                     registerToken = await GetRunnerTokenAsync(command, inputUrl, "registration");
                     GitHubAuthResult authResult = await GetTenantCredential(inputUrl, registerToken, Constants.RunnerEvent.Register);
                     runnerSettings.ServerUrl = authResult.TenantUrl;
-                    runnerSettings.UseV2Flow = authResult.UseV2Flow;
-                    Trace.Info($"Using V2 flow: {runnerSettings.UseV2Flow}");
+                    runnerSettings.UseRunnerAdminFlow = authResult.UseRunnerAdminFlow;
+                    Trace.Info($"Using runner-admin flow: {runnerSettings.UseRunnerAdminFlow}");
                     creds = authResult.ToVssCredentials();
                     Trace.Info("cred retrieved via GitHub auth");
                 }
@@ -211,7 +211,7 @@ namespace GitHub.Runner.Listener.Configuration
             string poolName = null;
             TaskAgentPool agentPool = null;
             List<TaskAgentPool> agentPools;
-            if (runnerSettings.UseV2Flow)
+            if (runnerSettings.UseRunnerAdminFlow)
             {
                 agentPools = await _dotcomServer.GetRunnerGroupsAsync(runnerSettings.GitHubUrl, registerToken);
             }
@@ -259,7 +259,7 @@ namespace GitHub.Runner.Listener.Configuration
                 var userLabels = command.GetLabels();
                 _term.WriteLine();
                 List<TaskAgent> agents;
-                if (runnerSettings.UseV2Flow)
+                if (runnerSettings.UseRunnerAdminFlow)
                 {
                     agents = await _dotcomServer.GetRunnerByNameAsync(runnerSettings.GitHubUrl, registerToken, runnerSettings.AgentName);
                 }
@@ -280,7 +280,7 @@ namespace GitHub.Runner.Listener.Configuration
 
                         try
                         {
-                            if (runnerSettings.UseV2Flow)
+                            if (runnerSettings.UseRunnerAdminFlow)
                             {
                                 var runner = await _dotcomServer.ReplaceRunnerAsync(runnerSettings.PoolId, agent, runnerSettings.GitHubUrl, registerToken, publicKeyXML);
                                 runnerSettings.ServerUrlV2 = runner.RunnerAuthorization.ServerUrl;
@@ -330,7 +330,7 @@ namespace GitHub.Runner.Listener.Configuration
 
                     try
                     {
-                        if (runnerSettings.UseV2Flow)
+                        if (runnerSettings.UseRunnerAdminFlow)
                         {
                             var runner = await _dotcomServer.AddRunnerAsync(runnerSettings.PoolId, agent, runnerSettings.GitHubUrl, registerToken, publicKeyXML);
                             runnerSettings.ServerUrlV2 = runner.RunnerAuthorization.ServerUrl;
@@ -400,13 +400,26 @@ namespace GitHub.Runner.Listener.Configuration
             }
             else
             {
-
                 throw new NotSupportedException("Message queue listen OAuth token.");
             }
 
+            // allow the server to override the serverUrlV2 and useV2Flow
+            if (agent.Properties.TryGetValue("ServerUrlV2", out string serverUrlV2) &&
+                !string.IsNullOrEmpty(serverUrlV2))
+            {
+                Trace.Info($"Service enforced serverUrlV2: {serverUrlV2}");
+                runnerSettings.ServerUrlV2 = serverUrlV2;
+            }
+
+            if (agent.Properties.TryGetValue("UseV2Flow", out bool useV2Flow) && useV2Flow)
+            {
+                Trace.Info($"Service enforced useV2Flow: {useV2Flow}");
+                runnerSettings.UseV2Flow = useV2Flow;
+            }
+
             // Testing agent connection, detect any potential connection issue, like local clock skew that cause OAuth token expired.
 
-            if (!runnerSettings.UseV2Flow)
+            if (!runnerSettings.UseV2Flow && !runnerSettings.UseRunnerAdminFlow)
             {
                 var credMgr = HostContext.GetService<ICredentialManager>();
                 VssCredentials credential = credMgr.LoadCredentials(allowAuthUrlV2: false);
@@ -429,20 +442,6 @@ namespace GitHub.Runner.Listener.Configuration
                 }
             }
 
-            // allow the server to override the serverUrlV2 and useV2Flow
-            if (agent.Properties.TryGetValue("ServerUrlV2", out string serverUrlV2) &&
-                !string.IsNullOrEmpty(serverUrlV2))
-            {
-                Trace.Info($"Service enforced serverUrlV2: {serverUrlV2}");
-                runnerSettings.ServerUrlV2 = serverUrlV2;
-            }
-
-            if (agent.Properties.TryGetValue("UseV2Flow", out bool useV2Flow) && useV2Flow)
-            {
-                Trace.Info($"Service enforced useV2Flow: {useV2Flow}");
-                runnerSettings.UseV2Flow = useV2Flow;
-            }
-
             _term.WriteSection("Runner settings");
 
             // We will Combine() what's stored with root.  Defaults to string a relative path
@@ -538,7 +537,7 @@ namespace GitHub.Runner.Listener.Configuration
                 {
                     RunnerSettings settings = _store.GetSettings();
 
-                    if (settings.UseV2Flow)
+                    if (settings.UseRunnerAdminFlow)
                     {
                         var deletionToken = await GetRunnerTokenAsync(command, settings.GitHubUrl, "remove");
                         await _dotcomServer.DeleteRunnerAsync(settings.GitHubUrl, deletionToken, settings.AgentId);
diff --git a/src/Runner.Listener/Configuration/CredentialManager.cs b/src/Runner.Listener/Configuration/CredentialManager.cs
index 89e76a22d..395c8a1e8 100644
--- a/src/Runner.Listener/Configuration/CredentialManager.cs
+++ b/src/Runner.Listener/Configuration/CredentialManager.cs
@@ -89,7 +89,7 @@ namespace GitHub.Runner.Listener.Configuration
         public string Token { get; set; }
 
         [DataMember(Name = "use_v2_flow")]
-        public bool UseV2Flow { get; set; }
+        public bool UseRunnerAdminFlow { get; set; }
 
         public VssCredentials ToVssCredentials()
         {