Encrypt application settings with pre and post deployments

We had concerns about the cached values on Redis with the previous two releases strategy: First release (this commit): - Create new encrypted fields in the database. - Start populating new encrypted fields, read the encrypted fields or fallback to the plaintext fields. - Backfill the data removing the plaintext fields to the encrypted fields. Second release: - Remove the virtual attribute (created in step 2). - Drop plaintext columns from the database (empty columns after step 3). We end up with a better strategy only using migration scripts in one release: - Pre-deployment migration: Add columns required for storing encrypted values. - Pre-deployment migration: Store the encrypted values in the new columns. - Post-deployment migration: Remove the old unencrypted columns
author: Arturo Herrero <arturo.herrero@gmail.com> 2019-11-22 14:29:53 +0000
committer: Arturo Herrero <arturo.herrero@gmail.com> 2019-11-25 11:22:29 +0000
commit: cc9a30c758d5fc6aeed79ff15ba402a88604cd49 (patch)
tree: 57b173c242a1779500cec3dcd4d270f70c53cf79 /db
parent: 03ae75179400ea3e68e9ed491eaad316cc5b631c (diff)
download: gitlab-ce-cc9a30c758d5fc6aeed79ff15ba402a88604cd49.tar.gz
3 files changed, 29 insertions, 13 deletions
diff --git a/db/migrate/20191120115530_encrypt_plaintext_attributes_on_application_settings.rb b/db/migrate/20191120115530_encrypt_plaintext_attributes_on_application_settings.rb
index d7abb29fd75..e6b9a40ad4f 100644
--- a/db/migrate/20191120115530_encrypt_plaintext_attributes_on_application_settings.rb
+++ b/db/migrate/20191120115530_encrypt_plaintext_attributes_on_application_settings.rb
@@ -70,12 +70,6 @@ class EncryptPlaintextAttributesOnApplicationSettings < ActiveRecord::Migration[
         end
       )
       application_setting.save(validate: false)
-
-      application_setting.update_columns(
-        PLAINTEXT_ATTRIBUTES.each_with_object({}) do |plaintext_attribute, attributes|
-          attributes[plaintext_attribute] = nil
-        end
-      )
     end
   end
 
diff --git a/db/post_migrate/20191122135327_remove_plaintext_columns_from_application_settings.rb b/db/post_migrate/20191122135327_remove_plaintext_columns_from_application_settings.rb
new file mode 100644
index 00000000000..b5cd58b10a8
--- /dev/null
+++ b/db/post_migrate/20191122135327_remove_plaintext_columns_from_application_settings.rb
@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+class RemovePlaintextColumnsFromApplicationSettings < ActiveRecord::Migration[5.2]
+  include Gitlab::Database::MigrationHelpers
+
+  DOWNTIME = false
+
+  PLAINTEXT_ATTRIBUTES = %w[
+    akismet_api_key
+    elasticsearch_aws_secret_access_key
+    recaptcha_private_key
+    recaptcha_site_key
+    slack_app_secret
+    slack_app_verification_token
+  ].freeze
+
+  def up
+    PLAINTEXT_ATTRIBUTES.each do |plaintext_attribute|
+      remove_column :application_settings, plaintext_attribute
+    end
+  end
+
+  def down
+    PLAINTEXT_ATTRIBUTES.each do |plaintext_attribute|
+      add_column :application_settings, plaintext_attribute, :text
+    end
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
index 0f30be0e9c5..0dce19a29d7 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -10,7 +10,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 2019_11_20_115530) do
+ActiveRecord::Schema.define(version: 2019_11_22_135327) do
 
   # These are extensions that must be enabled in order to support this database
   enable_extension "pg_trgm"
@@ -180,11 +180,8 @@ ActiveRecord::Schema.define(version: 2019_11_20_115530) do
     t.integer "metrics_timeout", default: 10
     t.integer "metrics_method_call_threshold", default: 10
     t.boolean "recaptcha_enabled", default: false
-    t.string "recaptcha_site_key"
-    t.string "recaptcha_private_key"
     t.integer "metrics_port", default: 8089
     t.boolean "akismet_enabled", default: false
-    t.string "akismet_api_key"
     t.integer "metrics_sample_interval", default: 15
     t.boolean "email_author_in_body", default: false
     t.integer "default_group_visibility"
@@ -231,7 +228,6 @@ ActiveRecord::Schema.define(version: 2019_11_20_115530) do
     t.boolean "elasticsearch_aws", default: false, null: false
     t.string "elasticsearch_aws_region", default: "us-east-1"
     t.string "elasticsearch_aws_access_key"
-    t.string "elasticsearch_aws_secret_access_key"
     t.integer "geo_status_timeout", default: 10
     t.string "uuid"
     t.decimal "polling_interval_multiplier", default: "1.0", null: false
@@ -247,8 +243,6 @@ ActiveRecord::Schema.define(version: 2019_11_20_115530) do
     t.string "help_page_support_url"
     t.boolean "slack_app_enabled", default: false
     t.string "slack_app_id"
-    t.string "slack_app_secret"
-    t.string "slack_app_verification_token"
     t.integer "performance_bar_allowed_group_id"
     t.boolean "allow_group_owners_to_manage_ldap", default: true, null: false
     t.boolean "hashed_storage_enabled", default: true, null: false
author	Arturo Herrero <arturo.herrero@gmail.com>	2019-11-22 14:29:53 +0000
committer	Arturo Herrero <arturo.herrero@gmail.com>	2019-11-25 11:22:29 +0000
commit	cc9a30c758d5fc6aeed79ff15ba402a88604cd49 (patch)
tree	57b173c242a1779500cec3dcd4d270f70c53cf79 /db
parent	03ae75179400ea3e68e9ed491eaad316cc5b631c (diff)
download	gitlab-ce-cc9a30c758d5fc6aeed79ff15ba402a88604cd49.tar.gz