diff options
author | Kamil TrzciĆski <ayufan@ayufan.eu> | 2019-03-06 15:18:53 +0300 |
---|---|---|
committer | Grzegorz Bizon <grzegorz@gitlab.com> | 2019-03-06 15:18:53 +0300 |
commit | c5f1f7f3dbd5e7094ae3f30823d6c87b7a72121d (patch) | |
tree | 0123c4e12a3a79d69c3c791c9cc797e577f5c822 /db | |
parent | f100c9ba158a0ab6f4edaa1de73e107737d4a9d0 (diff) |
Use encrypted runner tokens
This makes code to support encrypted runner tokens.
This code also finished previously started encryption
process.
Diffstat (limited to 'db')
-rw-r--r-- | db/migrate/20190225160300_steal_encrypt_runners_tokens.rb | 19 | ||||
-rw-r--r-- | db/migrate/20190225160301_add_runner_tokens_indexes.rb | 24 | ||||
-rw-r--r-- | db/schema.rb | 3 |
3 files changed, 46 insertions, 0 deletions
diff --git a/db/migrate/20190225160300_steal_encrypt_runners_tokens.rb b/db/migrate/20190225160300_steal_encrypt_runners_tokens.rb new file mode 100644 index 00000000000..18c0d2a2e1b --- /dev/null +++ b/db/migrate/20190225160300_steal_encrypt_runners_tokens.rb @@ -0,0 +1,19 @@ +# frozen_string_literal: true + +class StealEncryptRunnersTokens < ActiveRecord::Migration[5.0] + include Gitlab::Database::MigrationHelpers + + # This cleans after `EncryptRunnersTokens` + + DOWNTIME = false + + disable_ddl_transaction! + + def up + Gitlab::BackgroundMigration.steal('EncryptRunnersTokens') + end + + def down + # no-op + end +end diff --git a/db/migrate/20190225160301_add_runner_tokens_indexes.rb b/db/migrate/20190225160301_add_runner_tokens_indexes.rb new file mode 100644 index 00000000000..3230c2809de --- /dev/null +++ b/db/migrate/20190225160301_add_runner_tokens_indexes.rb @@ -0,0 +1,24 @@ +# frozen_string_literal: true + +class AddRunnerTokensIndexes < ActiveRecord::Migration[5.0] + include Gitlab::Database::MigrationHelpers + + DOWNTIME = false + + disable_ddl_transaction! + + # It seems that `ci_runners.token_encrypted` and `projects.runners_token_encrypted` + # are non-unique + + def up + add_concurrent_index :ci_runners, :token_encrypted + add_concurrent_index :projects, :runners_token_encrypted + add_concurrent_index :namespaces, :runners_token_encrypted, unique: true + end + + def down + remove_concurrent_index :ci_runners, :token_encrypted + remove_concurrent_index :projects, :runners_token_encrypted + remove_concurrent_index :namespaces, :runners_token_encrypted, unique: true + end +end diff --git a/db/schema.rb b/db/schema.rb index 2ddc8358433..c782524c391 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -556,6 +556,7 @@ ActiveRecord::Schema.define(version: 20190301081611) do t.index ["locked"], name: "index_ci_runners_on_locked", using: :btree t.index ["runner_type"], name: "index_ci_runners_on_runner_type", using: :btree t.index ["token"], name: "index_ci_runners_on_token", using: :btree + t.index ["token_encrypted"], name: "index_ci_runners_on_token_encrypted", using: :btree end create_table "ci_stages", force: :cascade do |t| @@ -1383,6 +1384,7 @@ ActiveRecord::Schema.define(version: 20190301081611) do t.index ["path"], name: "index_namespaces_on_path_trigram", using: :gin, opclasses: {"path"=>"gin_trgm_ops"} t.index ["require_two_factor_authentication"], name: "index_namespaces_on_require_two_factor_authentication", using: :btree t.index ["runners_token"], name: "index_namespaces_on_runners_token", unique: true, using: :btree + t.index ["runners_token_encrypted"], name: "index_namespaces_on_runners_token_encrypted", unique: true, using: :btree t.index ["type"], name: "index_namespaces_on_type", using: :btree end @@ -1752,6 +1754,7 @@ ActiveRecord::Schema.define(version: 20190301081611) do t.index ["repository_storage", "created_at"], name: "idx_project_repository_check_partial", where: "(last_repository_check_at IS NULL)", using: :btree t.index ["repository_storage"], name: "index_projects_on_repository_storage", using: :btree t.index ["runners_token"], name: "index_projects_on_runners_token", using: :btree + t.index ["runners_token_encrypted"], name: "index_projects_on_runners_token_encrypted", using: :btree t.index ["star_count"], name: "index_projects_on_star_count", using: :btree t.index ["visibility_level"], name: "index_projects_on_visibility_level", using: :btree end |