Add specs for runners tokens encryption migration

author: Grzegorz Bizon <grzesiek.bizon@gmail.com> 2018-11-23 11:55:38 +0100
committer: Grzegorz Bizon <grzesiek.bizon@gmail.com> 2018-11-23 11:55:38 +0100
commit: 9ab50c86a9cc62f924509265886ce89d5ac47584 (patch)
tree: 2a62ed8611a97c62bd10afda61aa0d57c9667977
parent: 718ea942dc1b2ef749bf852a19a86f0928e4b36d (diff)
download: gitlab-ce-9ab50c86a9cc62f924509265886ce89d5ac47584.tar.gz
2 files changed, 86 insertions, 3 deletions
diff --git a/lib/gitlab/background_migration/models/encrypt_columns/settings.rb b/lib/gitlab/background_migration/models/encrypt_columns/settings.rb
index 458f1202929..578d2ee7fbf 100644
--- a/lib/gitlab/background_migration/models/encrypt_columns/settings.rb
+++ b/lib/gitlab/background_migration/models/encrypt_columns/settings.rb
@@ -13,13 +13,17 @@ module Gitlab
           self.table_name = 'application_settings'
           self.inheritance_column = :_type_disabled
 
-          def runners_token=(value)
-            self.runners_token_encrypted =
+          def runners_registration_token=(value)
+            self.runners_registration_token_encrypted =
               ::Gitlab::CryptoHelper.aes256_gcm_encrypt(value)
           end
 
           def self.encrypted_attributes
-            { runners_token: { attribute: :runners_token_encrypted } }
+            {
+              runners_registration_token: {
+                attribute: :runners_registration_token_encrypted
+              }
+            }
           end
         end
       end
diff --git a/spec/lib/gitlab/background_migration/encrypt_runners_tokens_spec.rb b/spec/lib/gitlab/background_migration/encrypt_runners_tokens_spec.rb
new file mode 100644
index 00000000000..b7f2fc73748
--- /dev/null
+++ b/spec/lib/gitlab/background_migration/encrypt_runners_tokens_spec.rb
@@ -0,0 +1,79 @@
+require 'spec_helper'
+
+describe Gitlab::BackgroundMigration::EncryptRunnersTokens, :migration, schema: 20181121111200 do
+  let(:settings) { table(:application_settings) }
+  let(:namespaces) { table(:namespaces) }
+  let(:projects) { table(:projects) }
+  let(:runners) { table(:ci_runners) }
+
+  context 'when migrating application settings' do
+    before do
+      settings.create!(id: 1, runners_registration_token: 'plain-text-token1')
+    end
+
+    it 'migrates runners registration tokens' do
+      migrate!(:settings, :runners_registration_token, 1, 1)
+
+      encrypted_token = settings.first.runners_registration_token_encrypted
+      decrypted_token = ::Gitlab::CryptoHelper.aes256_gcm_decrypt(encrypted_token)
+
+      expect(decrypted_token).to eq 'plain-text-token1'
+      expect(settings.first.runners_registration_token).to be_nil
+    end
+  end
+
+  context 'when migrating namespaces' do
+    before do
+      namespaces.create!(id: 11, name: 'gitlab', path: 'gitlab-org', runners_token: 'my-token1')
+      namespaces.create!(id: 12, name: 'gitlab', path: 'gitlab-org', runners_token: 'my-token2')
+      namespaces.create!(id: 22, name: 'gitlab', path: 'gitlab-org', runners_token: 'my-token3')
+    end
+
+    it 'migrates runners registration tokens' do
+      migrate!(:namespace, :runners_token, 11, 22)
+
+      expect(namespaces.all.reload).to all(
+        have_attributes(runners_token: nil, runners_token_encrypted: be_a(String))
+      )
+    end
+  end
+
+  context 'when migrating projects' do
+    before do
+      namespaces.create!(id: 11, name: 'gitlab', path: 'gitlab-org')
+      projects.create!(id: 111, namespace_id: 11, name: 'gitlab', path: 'gitlab-ce', runners_token: 'my-token1')
+      projects.create!(id: 114, namespace_id: 11, name: 'gitlab', path: 'gitlab-ce', runners_token: 'my-token2')
+      projects.create!(id: 116, namespace_id: 11, name: 'gitlab', path: 'gitlab-ce', runners_token: 'my-token3')
+    end
+
+    it 'migrates runners registration tokens' do
+      migrate!(:project, :runners_token, 111, 116)
+
+      expect(projects.all.reload).to all(
+        have_attributes(runners_token: nil, runners_token_encrypted: be_a(String))
+      )
+    end
+  end
+
+  context 'when migrating runners' do
+    before do
+      runners.create!(id: 201, runner_type: 1, token: 'plain-text-token1')
+      runners.create!(id: 202, runner_type: 1, token: 'plain-text-token2')
+      runners.create!(id: 203, runner_type: 1, token: 'plain-text-token3')
+    end
+
+    it 'migrates runners communication tokens' do
+      migrate!(:runner, :token, 201, 203)
+
+      expect(runners.all.reload).to all(
+        have_attributes(token: nil, token_encrypted: be_a(String))
+      )
+    end
+  end
+
+  def migrate!(model, attribute, from, to)
+    model = "::Gitlab::BackgroundMigration::Models::EncryptColumns::#{model.to_s.capitalize}"
+
+    subject.perform(model, [attribute], from, to)
+  end
+end
author	Grzegorz Bizon <grzesiek.bizon@gmail.com>	2018-11-23 11:55:38 +0100
committer	Grzegorz Bizon <grzesiek.bizon@gmail.com>	2018-11-23 11:55:38 +0100
commit	9ab50c86a9cc62f924509265886ce89d5ac47584 (patch)
tree	2a62ed8611a97c62bd10afda61aa0d57c9667977
parent	718ea942dc1b2ef749bf852a19a86f0928e4b36d (diff)
download	gitlab-ce-9ab50c86a9cc62f924509265886ce89d5ac47584.tar.gz