diff options
author | Grzegorz Bizon <grzesiek.bizon@gmail.com> | 2018-11-16 15:16:37 +0100 |
---|---|---|
committer | Grzegorz Bizon <grzesiek.bizon@gmail.com> | 2018-11-16 15:16:37 +0100 |
commit | fa33a2eedc4014ffbc450a74fcd112e663ac5b01 (patch) | |
tree | 7781da6e28fa194ca793dfcd2ea99904ae674cfa | |
parent | 0df989ba06606b675b19e32a74edf03f47a28fbb (diff) | |
download | gitlab-ce-fa33a2eedc4014ffbc450a74fcd112e663ac5b01.tar.gz |
Encrypt group / project runners registration tokens
-rw-r--r-- | app/models/group.rb | 2 | ||||
-rw-r--r-- | app/models/project.rb | 2 | ||||
-rw-r--r-- | db/migrate/20181116141415_add_encrypted_runners_token_to_namespaces.rb | 12 | ||||
-rw-r--r-- | db/migrate/20181116141504_add_encrypted_runners_token_to_projects.rb | 12 | ||||
-rw-r--r-- | db/schema.rb | 4 |
5 files changed, 29 insertions, 3 deletions
diff --git a/app/models/group.rb b/app/models/group.rb index adb9169cfcd..e90b28bfa02 100644 --- a/app/models/group.rb +++ b/app/models/group.rb @@ -55,7 +55,7 @@ class Group < Namespace validates :two_factor_grace_period, presence: true, numericality: { greater_than_or_equal_to: 0 } - add_authentication_token_field :runners_token + add_authentication_token_field :runners_token, encrypted: true, fallback: true after_create :post_create_hook after_destroy :post_destroy_hook diff --git a/app/models/project.rb b/app/models/project.rb index d87fc1e4b86..e2b65fab3ee 100644 --- a/app/models/project.rb +++ b/app/models/project.rb @@ -76,7 +76,7 @@ class Project < ActiveRecord::Base default_value_for :snippets_enabled, gitlab_config_features.snippets default_value_for :only_allow_merge_if_all_discussions_are_resolved, false - add_authentication_token_field :runners_token + add_authentication_token_field :runners_token, encrypted: true, fallback: true before_validation :mark_remote_mirrors_for_removal, if: -> { RemoteMirror.table_exists? } diff --git a/db/migrate/20181116141415_add_encrypted_runners_token_to_namespaces.rb b/db/migrate/20181116141415_add_encrypted_runners_token_to_namespaces.rb new file mode 100644 index 00000000000..a5a6373dd38 --- /dev/null +++ b/db/migrate/20181116141415_add_encrypted_runners_token_to_namespaces.rb @@ -0,0 +1,12 @@ +# frozen_string_literal: true + +class AddEncryptedRunnersTokenToNamespaces < ActiveRecord::Migration + include Gitlab::Database::MigrationHelpers + + DOWNTIME = false + + def change + add_column :namespaces, :runners_token_encrypted, :string + # TODO index + end +end diff --git a/db/migrate/20181116141504_add_encrypted_runners_token_to_projects.rb b/db/migrate/20181116141504_add_encrypted_runners_token_to_projects.rb new file mode 100644 index 00000000000..32401629478 --- /dev/null +++ b/db/migrate/20181116141504_add_encrypted_runners_token_to_projects.rb @@ -0,0 +1,12 @@ +# frozen_string_literal: true + +class AddEncryptedRunnersTokenToProjects < ActiveRecord::Migration + include Gitlab::Database::MigrationHelpers + + DOWNTIME = false + + def change + add_column :projects, :runners_token_encrypted, :string + # TODO index + end +end diff --git a/db/schema.rb b/db/schema.rb index 82e9c8f28e0..9fd4e05361c 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -11,7 +11,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 20181115140140) do +ActiveRecord::Schema.define(version: 20181116141504) do # These are extensions that must be enabled in order to support this database enable_extension "plpgsql" @@ -1409,6 +1409,7 @@ ActiveRecord::Schema.define(version: 20181115140140) do t.integer "two_factor_grace_period", default: 48, null: false t.integer "cached_markdown_version" t.string "runners_token" + t.string "runners_token_encrypted" end add_index "namespaces", ["created_at"], name: "index_namespaces_on_created_at", using: :btree @@ -1753,6 +1754,7 @@ ActiveRecord::Schema.define(version: 20181115140140) do t.boolean "pages_https_only", default: true t.boolean "remote_mirror_available_overridden" t.integer "pool_repository_id", limit: 8 + t.string "runners_token_encrypted" end add_index "projects", ["ci_id"], name: "index_projects_on_ci_id", using: :btree |