diff options
author | Grzegorz Bizon <grzesiek.bizon@gmail.com> | 2018-11-23 11:55:38 +0100 |
---|---|---|
committer | Grzegorz Bizon <grzesiek.bizon@gmail.com> | 2018-11-23 11:55:38 +0100 |
commit | 9ab50c86a9cc62f924509265886ce89d5ac47584 (patch) | |
tree | 2a62ed8611a97c62bd10afda61aa0d57c9667977 | |
parent | 718ea942dc1b2ef749bf852a19a86f0928e4b36d (diff) | |
download | gitlab-ce-9ab50c86a9cc62f924509265886ce89d5ac47584.tar.gz |
Add specs for runners tokens encryption migration
-rw-r--r-- | lib/gitlab/background_migration/models/encrypt_columns/settings.rb | 10 | ||||
-rw-r--r-- | spec/lib/gitlab/background_migration/encrypt_runners_tokens_spec.rb | 79 |
2 files changed, 86 insertions, 3 deletions
diff --git a/lib/gitlab/background_migration/models/encrypt_columns/settings.rb b/lib/gitlab/background_migration/models/encrypt_columns/settings.rb index 458f1202929..578d2ee7fbf 100644 --- a/lib/gitlab/background_migration/models/encrypt_columns/settings.rb +++ b/lib/gitlab/background_migration/models/encrypt_columns/settings.rb @@ -13,13 +13,17 @@ module Gitlab self.table_name = 'application_settings' self.inheritance_column = :_type_disabled - def runners_token=(value) - self.runners_token_encrypted = + def runners_registration_token=(value) + self.runners_registration_token_encrypted = ::Gitlab::CryptoHelper.aes256_gcm_encrypt(value) end def self.encrypted_attributes - { runners_token: { attribute: :runners_token_encrypted } } + { + runners_registration_token: { + attribute: :runners_registration_token_encrypted + } + } end end end diff --git a/spec/lib/gitlab/background_migration/encrypt_runners_tokens_spec.rb b/spec/lib/gitlab/background_migration/encrypt_runners_tokens_spec.rb new file mode 100644 index 00000000000..b7f2fc73748 --- /dev/null +++ b/spec/lib/gitlab/background_migration/encrypt_runners_tokens_spec.rb @@ -0,0 +1,79 @@ +require 'spec_helper' + +describe Gitlab::BackgroundMigration::EncryptRunnersTokens, :migration, schema: 20181121111200 do + let(:settings) { table(:application_settings) } + let(:namespaces) { table(:namespaces) } + let(:projects) { table(:projects) } + let(:runners) { table(:ci_runners) } + + context 'when migrating application settings' do + before do + settings.create!(id: 1, runners_registration_token: 'plain-text-token1') + end + + it 'migrates runners registration tokens' do + migrate!(:settings, :runners_registration_token, 1, 1) + + encrypted_token = settings.first.runners_registration_token_encrypted + decrypted_token = ::Gitlab::CryptoHelper.aes256_gcm_decrypt(encrypted_token) + + expect(decrypted_token).to eq 'plain-text-token1' + expect(settings.first.runners_registration_token).to be_nil + end + end + + context 'when migrating namespaces' do + before do + namespaces.create!(id: 11, name: 'gitlab', path: 'gitlab-org', runners_token: 'my-token1') + namespaces.create!(id: 12, name: 'gitlab', path: 'gitlab-org', runners_token: 'my-token2') + namespaces.create!(id: 22, name: 'gitlab', path: 'gitlab-org', runners_token: 'my-token3') + end + + it 'migrates runners registration tokens' do + migrate!(:namespace, :runners_token, 11, 22) + + expect(namespaces.all.reload).to all( + have_attributes(runners_token: nil, runners_token_encrypted: be_a(String)) + ) + end + end + + context 'when migrating projects' do + before do + namespaces.create!(id: 11, name: 'gitlab', path: 'gitlab-org') + projects.create!(id: 111, namespace_id: 11, name: 'gitlab', path: 'gitlab-ce', runners_token: 'my-token1') + projects.create!(id: 114, namespace_id: 11, name: 'gitlab', path: 'gitlab-ce', runners_token: 'my-token2') + projects.create!(id: 116, namespace_id: 11, name: 'gitlab', path: 'gitlab-ce', runners_token: 'my-token3') + end + + it 'migrates runners registration tokens' do + migrate!(:project, :runners_token, 111, 116) + + expect(projects.all.reload).to all( + have_attributes(runners_token: nil, runners_token_encrypted: be_a(String)) + ) + end + end + + context 'when migrating runners' do + before do + runners.create!(id: 201, runner_type: 1, token: 'plain-text-token1') + runners.create!(id: 202, runner_type: 1, token: 'plain-text-token2') + runners.create!(id: 203, runner_type: 1, token: 'plain-text-token3') + end + + it 'migrates runners communication tokens' do + migrate!(:runner, :token, 201, 203) + + expect(runners.all.reload).to all( + have_attributes(token: nil, token_encrypted: be_a(String)) + ) + end + end + + def migrate!(model, attribute, from, to) + model = "::Gitlab::BackgroundMigration::Models::EncryptColumns::#{model.to_s.capitalize}" + + subject.perform(model, [attribute], from, to) + end +end |