diff options
Diffstat (limited to 'lib/gitlab/background_migration/encrypt_ci_trigger_token.rb')
-rw-r--r-- | lib/gitlab/background_migration/encrypt_ci_trigger_token.rb | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/lib/gitlab/background_migration/encrypt_ci_trigger_token.rb b/lib/gitlab/background_migration/encrypt_ci_trigger_token.rb new file mode 100644 index 00000000000..b6e22e481fa --- /dev/null +++ b/lib/gitlab/background_migration/encrypt_ci_trigger_token.rb @@ -0,0 +1,40 @@ +# frozen_string_literal: true + +module Gitlab + module BackgroundMigration + # Migration to make sure that all the prevously saved tokens have their encrypted values in the db. + class EncryptCiTriggerToken < Gitlab::BackgroundMigration::BatchedMigrationJob + feature_category :continuous_integration + scope_to ->(relation) { relation.where(encrypted_token: nil) } + operation_name :update + # Class that is imitating Ci::Trigger + class CiTrigger < ::Ci::ApplicationRecord + ALGORITHM = 'aes-256-gcm' + + self.table_name = 'ci_triggers' + + attr_encrypted :encrypted_token_tmp, + attribute: :encrypted_token, + mode: :per_attribute_iv, + algorithm: 'aes-256-gcm', + key: Settings.attr_encrypted_db_key_base_32, + encode: false, + encode_vi: false + + before_save :copy_token_to_encrypted_token + + def copy_token_to_encrypted_token + self.encrypted_token_tmp = token + end + end + + def perform + each_sub_batch do |sub_batch| + sub_batch.each do |trigger| + Gitlab::BackgroundMigration::EncryptCiTriggerToken::CiTrigger.find(trigger.id).save! + end + end + end + end + end +end |