diff options
Diffstat (limited to 'app/models/concerns/ci')
-rw-r--r-- | app/models/concerns/ci/has_variable.rb | 36 | ||||
-rw-r--r-- | app/models/concerns/ci/maskable.rb | 25 | ||||
-rw-r--r-- | app/models/concerns/ci/new_has_variable.rb | 16 |
3 files changed, 77 insertions, 0 deletions
diff --git a/app/models/concerns/ci/has_variable.rb b/app/models/concerns/ci/has_variable.rb new file mode 100644 index 00000000000..9bf2b409080 --- /dev/null +++ b/app/models/concerns/ci/has_variable.rb @@ -0,0 +1,36 @@ +# frozen_string_literal: true + +module Ci + module HasVariable + extend ActiveSupport::Concern + + included do + enum variable_type: { + env_var: 1, + file: 2 + } + + validates :key, + presence: true, + length: { maximum: 255 }, + format: { with: /\A[a-zA-Z0-9_]+\z/, + message: "can contain only letters, digits and '_'." } + + scope :order_key_asc, -> { reorder(key: :asc) } + + attr_encrypted :value, + mode: :per_attribute_iv_and_salt, + insecure_mode: true, + key: Settings.attr_encrypted_db_key_base, + algorithm: 'aes-256-cbc' + + def key=(new_key) + super(new_key.to_s.strip) + end + end + + def to_runner_variable + { key: key, value: value, public: false, file: file? } + end + end +end diff --git a/app/models/concerns/ci/maskable.rb b/app/models/concerns/ci/maskable.rb new file mode 100644 index 00000000000..15bc48bf964 --- /dev/null +++ b/app/models/concerns/ci/maskable.rb @@ -0,0 +1,25 @@ +# frozen_string_literal: true + +module Ci + module Maskable + extend ActiveSupport::Concern + + # * Single line + # * No escape characters + # * No variables + # * No spaces + # * Minimal length of 8 characters + # * Characters must be from the Base64 alphabet (RFC4648) with the addition of @ and : + # * Absolutely no fun is allowed + REGEX = /\A[a-zA-Z0-9_+=\/@:-]{8,}\z/.freeze + + included do + validates :masked, inclusion: { in: [true, false] } + validates :value, format: { with: REGEX }, if: :masked? + end + + def to_runner_variable + super.merge(masked: masked?) + end + end +end diff --git a/app/models/concerns/ci/new_has_variable.rb b/app/models/concerns/ci/new_has_variable.rb new file mode 100644 index 00000000000..546d243e5de --- /dev/null +++ b/app/models/concerns/ci/new_has_variable.rb @@ -0,0 +1,16 @@ +# frozen_string_literal: true + +module Ci + module NewHasVariable + extend ActiveSupport::Concern + include Ci::HasVariable + + included do + attr_encrypted :value, + mode: :per_attribute_iv, + algorithm: 'aes-256-gcm', + key: Settings.attr_encrypted_db_key_base_32, + insecure_mode: false + end + end +end |