1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
|
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe Gitlab::BackgroundMigration::EncryptCiTriggerToken, feature_category: :continuous_integration do
let(:ci_triggers) do
table(:ci_triggers, database: :ci) do |ci_trigger|
ci_trigger.send :attr_encrypted, :encrypted_token_tmp,
attribute: :encrypted_token,
mode: :per_attribute_iv,
key: ::Settings.attr_encrypted_db_key_base_32,
algorithm: 'aes-256-gcm',
encode: false,
encode_iv: false
end
end
let(:without_encryption) { ci_triggers.create!(token: "token", owner_id: 1) }
let(:without_encryption_2) { ci_triggers.create!(token: "token 2", owner_id: 1) }
let(:with_encryption) { ci_triggers.create!(token: 'token 3', owner_id: 1, encrypted_token_tmp: 'token 3') }
let(:start_id) { ci_triggers.minimum(:id) }
let(:end_id) { ci_triggers.maximum(:id) }
let(:migration_attrs) do
{
start_id: start_id,
end_id: end_id,
batch_table: :ci_triggers,
batch_column: :id,
sub_batch_size: 1,
pause_ms: 0,
connection: Ci::ApplicationRecord.connection
}
end
it 'ensures all unencrypted tokens are encrypted' do
expect(without_encryption.encrypted_token).to eq(nil)
expect(without_encryption_2.encrypted_token).to eq(nil)
expect(with_encryption.encrypted_token).not_to be(nil)
described_class.new(**migration_attrs).perform
updated_triggers = [without_encryption, without_encryption_2]
updated_triggers.each do |stale_trigger|
db_trigger = Ci::Trigger.find(stale_trigger.id)
expect(db_trigger.encrypted_token).not_to be(nil)
expect(db_trigger.encrypted_token_iv).not_to be(nil)
expect(db_trigger.token).to eq(db_trigger.encrypted_token_tmp)
end
already_encrypted_token = Ci::Trigger.find(with_encryption.id)
expect(already_encrypted_token.encrypted_token).to eq(with_encryption.encrypted_token)
expect(already_encrypted_token.encrypted_token_iv).to eq(with_encryption.encrypted_token_iv)
expect(with_encryption.token).to eq(with_encryption.encrypted_token_tmp)
end
end
|