Add latest changes from gitlab-org/gitlab@master

7 files changed, 112 insertions, 2 deletions

diff --git a/db/migrate/20201120144823_create_tokens_with_iv.rb b/db/migrate/20201120144823_create_tokens_with_iv.rb
new file mode 100644
index 00000000000..f8dc75513fb
--- /dev/null
+++ b/db/migrate/20201120144823_create_tokens_with_iv.rb
@@ -0,0 +1,18 @@
+# frozen_string_literal: true
+
+class CreateTokensWithIv < ActiveRecord::Migration[6.0]
+  include Gitlab::Database::MigrationHelpers
+
+  DOWNTIME = false
+
+  def change
+    create_table :token_with_ivs do |t|
+      t.binary :hashed_token, null: false
+      t.binary :hashed_plaintext_token, null: false
+      t.binary :iv, null: false
+
+      t.index :hashed_token, name: 'index_token_with_ivs_on_hashed_token', unique: true, using: :btree
+      t.index :hashed_plaintext_token, name: 'index_token_with_ivs_on_hashed_plaintext_token', unique: true, using: :btree
+    end
+  end
+end
diff --git a/db/migrate/20210112202949_create_composer_cache_file.rb b/db/migrate/20210112202949_create_composer_cache_file.rb
new file mode 100644
index 00000000000..b1c2a1608dd
--- /dev/null
+++ b/db/migrate/20210112202949_create_composer_cache_file.rb
@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+class CreateComposerCacheFile < ActiveRecord::Migration[6.0]
+  include Gitlab::Database::MigrationHelpers
+
+  DOWNTIME = false
+
+  def up
+    # rubocop:disable Migration/AddLimitToTextColumns
+    create_table_with_constraints :packages_composer_cache_files do |t|
+      t.timestamps_with_timezone
+
+      # record can be deleted after `delete_at`
+      t.datetime_with_timezone :delete_at
+
+      # which namespace it belongs to
+      t.integer :namespace_id, null: true
+
+      # file storage related fields
+      t.integer :file_store, limit: 2, null: false, default: 1
+      t.text :file, null: false
+      t.binary :file_sha256, null: false
+
+      t.index [:namespace_id, :file_sha256], name: "index_packages_composer_cache_namespace_and_sha", using: :btree, unique: true
+      t.foreign_key :namespaces, column: :namespace_id, on_delete: :nullify
+
+      t.text_limit :file, 255
+    end
+  end
+
+  def down
+    drop_table :packages_composer_cache_files
+  end
+end
diff --git a/db/post_migrate/20190606175050_encrypt_feature_flags_clients_tokens.rb b/db/post_migrate/20190606175050_encrypt_feature_flags_clients_tokens.rb
index cb7d723670f..b8df41767f0 100644
--- a/db/post_migrate/20190606175050_encrypt_feature_flags_clients_tokens.rb
+++ b/db/post_migrate/20190606175050_encrypt_feature_flags_clients_tokens.rb
@@ -10,7 +10,7 @@ class EncryptFeatureFlagsClientsTokens < ActiveRecord::Migration[5.1]
   def up
     say_with_time("Encrypting tokens from operations_feature_flags_clients") do
       FeatureFlagsClient.where('token_encrypted is NULL AND token IS NOT NULL').find_each do |feature_flags_client|
-        token_encrypted = Gitlab::CryptoHelper.aes256_gcm_encrypt(feature_flags_client.token)
+        token_encrypted = Gitlab::CryptoHelper.aes256_gcm_encrypt(feature_flags_client.token, nonce: Gitlab::CryptoHelper::AES256_GCM_IV_STATIC)
         feature_flags_client.update!(token_encrypted: token_encrypted)
       end
     end
diff --git a/db/post_migrate/20190711201818_encrypt_deploy_tokens_tokens.rb b/db/post_migrate/20190711201818_encrypt_deploy_tokens_tokens.rb
index 2eb8d1ee11c..b2de98118b7 100644
--- a/db/post_migrate/20190711201818_encrypt_deploy_tokens_tokens.rb
+++ b/db/post_migrate/20190711201818_encrypt_deploy_tokens_tokens.rb
@@ -10,7 +10,7 @@ class EncryptDeployTokensTokens < ActiveRecord::Migration[5.1]
   def up
     say_with_time("Encrypting tokens from deploy_tokens") do
       DeploymentTokens.where('token_encrypted is NULL AND token IS NOT NULL').find_each(batch_size: 10000) do |deploy_token|
-        token_encrypted = Gitlab::CryptoHelper.aes256_gcm_encrypt(deploy_token.token)
+        token_encrypted = Gitlab::CryptoHelper.aes256_gcm_encrypt(deploy_token.token, nonce: Gitlab::CryptoHelper::AES256_GCM_IV_STATIC)
         deploy_token.update!(token_encrypted: token_encrypted)
       end
     end
diff --git a/db/schema_migrations/20201120144823 b/db/schema_migrations/20201120144823
new file mode 100644
index 00000000000..4f0c5c43978
--- /dev/null
+++ b/db/schema_migrations/20201120144823
@@ -0,0 +1 @@
+dde424c434c78e22087123fa30eec75c07268a9079fea44339915747aae235e0
\ No newline at end of file
diff --git a/db/schema_migrations/20210112202949 b/db/schema_migrations/20210112202949
new file mode 100644
index 00000000000..5926b701b1a
--- /dev/null
+++ b/db/schema_migrations/20210112202949
@@ -0,0 +1 @@
+56595e67e9e78a9558e6874d75bdcc295b89ab0096d1b37e4d9366e1574d241c
\ No newline at end of file
diff --git a/db/structure.sql b/db/structure.sql
index c042e83cdb6..91242ef5799 100644
--- a/db/structure.sql
+++ b/db/structure.sql
@@ -14786,6 +14786,27 @@ CREATE SEQUENCE packages_build_infos_id_seq
 
 ALTER SEQUENCE packages_build_infos_id_seq OWNED BY packages_build_infos.id;
 
+CREATE TABLE packages_composer_cache_files (
+    id bigint NOT NULL,
+    created_at timestamp with time zone NOT NULL,
+    updated_at timestamp with time zone NOT NULL,
+    delete_at timestamp with time zone,
+    namespace_id integer,
+    file_store smallint DEFAULT 1 NOT NULL,
+    file text NOT NULL,
+    file_sha256 bytea NOT NULL,
+    CONSTRAINT check_84f5ba81f5 CHECK ((char_length(file) <= 255))
+);
+
+CREATE SEQUENCE packages_composer_cache_files_id_seq
+    START WITH 1
+    INCREMENT BY 1
+    NO MINVALUE
+    NO MAXVALUE
+    CACHE 1;
+
+ALTER SEQUENCE packages_composer_cache_files_id_seq OWNED BY packages_composer_cache_files.id;
+
 CREATE TABLE packages_composer_metadata (
     package_id bigint NOT NULL,
     target_sha bytea NOT NULL,
@@ -17439,6 +17460,22 @@ CREATE SEQUENCE todos_id_seq
 
 ALTER SEQUENCE todos_id_seq OWNED BY todos.id;
 
+CREATE TABLE token_with_ivs (
+    id bigint NOT NULL,
+    hashed_token bytea NOT NULL,
+    hashed_plaintext_token bytea NOT NULL,
+    iv bytea NOT NULL
+);
+
+CREATE SEQUENCE token_with_ivs_id_seq
+    START WITH 1
+    INCREMENT BY 1
+    NO MINVALUE
+    NO MAXVALUE
+    CACHE 1;
+
+ALTER SEQUENCE token_with_ivs_id_seq OWNED BY token_with_ivs.id;
+
 CREATE TABLE trending_projects (
     id integer NOT NULL,
     project_id integer NOT NULL
@@ -18947,6 +18984,8 @@ ALTER TABLE ONLY operations_user_lists ALTER COLUMN id SET DEFAULT nextval('oper
 
 ALTER TABLE ONLY packages_build_infos ALTER COLUMN id SET DEFAULT nextval('packages_build_infos_id_seq'::regclass);
 
+ALTER TABLE ONLY packages_composer_cache_files ALTER COLUMN id SET DEFAULT nextval('packages_composer_cache_files_id_seq'::regclass);
+
 ALTER TABLE ONLY packages_conan_file_metadata ALTER COLUMN id SET DEFAULT nextval('packages_conan_file_metadata_id_seq'::regclass);
 
 ALTER TABLE ONLY packages_conan_metadata ALTER COLUMN id SET DEFAULT nextval('packages_conan_metadata_id_seq'::regclass);
@@ -19161,6 +19200,8 @@ ALTER TABLE ONLY timelogs ALTER COLUMN id SET DEFAULT nextval('timelogs_id_seq':
 
 ALTER TABLE ONLY todos ALTER COLUMN id SET DEFAULT nextval('todos_id_seq'::regclass);
 
+ALTER TABLE ONLY token_with_ivs ALTER COLUMN id SET DEFAULT nextval('token_with_ivs_id_seq'::regclass);
+
 ALTER TABLE ONLY trending_projects ALTER COLUMN id SET DEFAULT nextval('trending_projects_id_seq'::regclass);
 
 ALTER TABLE ONLY u2f_registrations ALTER COLUMN id SET DEFAULT nextval('u2f_registrations_id_seq'::regclass);
@@ -20311,6 +20352,9 @@ ALTER TABLE ONLY operations_user_lists
 ALTER TABLE ONLY packages_build_infos
     ADD CONSTRAINT packages_build_infos_pkey PRIMARY KEY (id);
 
+ALTER TABLE ONLY packages_composer_cache_files
+    ADD CONSTRAINT packages_composer_cache_files_pkey PRIMARY KEY (id);
+
 ALTER TABLE ONLY packages_composer_metadata
     ADD CONSTRAINT packages_composer_metadata_pkey PRIMARY KEY (package_id);
 
@@ -20689,6 +20733,9 @@ ALTER TABLE ONLY timelogs
 ALTER TABLE ONLY todos
     ADD CONSTRAINT todos_pkey PRIMARY KEY (id);
 
+ALTER TABLE ONLY token_with_ivs
+    ADD CONSTRAINT token_with_ivs_pkey PRIMARY KEY (id);
+
 ALTER TABLE ONLY trending_projects
     ADD CONSTRAINT trending_projects_pkey PRIMARY KEY (id);
 
@@ -22549,6 +22596,8 @@ CREATE UNIQUE INDEX index_ops_strategies_user_lists_on_strategy_id_and_user_list
 
 CREATE INDEX index_packages_build_infos_on_pipeline_id ON packages_build_infos USING btree (pipeline_id);
 
+CREATE UNIQUE INDEX index_packages_composer_cache_namespace_and_sha ON packages_composer_cache_files USING btree (namespace_id, file_sha256);
+
 CREATE UNIQUE INDEX index_packages_composer_metadata_on_package_id_and_target_sha ON packages_composer_metadata USING btree (package_id, target_sha);
 
 CREATE UNIQUE INDEX index_packages_conan_file_metadata_on_package_file_id ON packages_conan_file_metadata USING btree (package_file_id);
@@ -23225,6 +23274,10 @@ CREATE INDEX index_todos_on_user_id_and_id_done ON todos USING btree (user_id, i
 
 CREATE INDEX index_todos_on_user_id_and_id_pending ON todos USING btree (user_id, id) WHERE ((state)::text = 'pending'::text);
 
+CREATE UNIQUE INDEX index_token_with_ivs_on_hashed_plaintext_token ON token_with_ivs USING btree (hashed_plaintext_token);
+
+CREATE UNIQUE INDEX index_token_with_ivs_on_hashed_token ON token_with_ivs USING btree (hashed_token);
+
 CREATE UNIQUE INDEX index_trending_projects_on_project_id ON trending_projects USING btree (project_id);
 
 CREATE INDEX index_u2f_registrations_on_key_handle ON u2f_registrations USING btree (key_handle);
@@ -25532,6 +25585,9 @@ ALTER TABLE ONLY namespace_aggregation_schedules
 ALTER TABLE ONLY approval_project_rules_protected_branches
     ADD CONSTRAINT fk_rails_b7567b031b FOREIGN KEY (protected_branch_id) REFERENCES protected_branches(id) ON DELETE CASCADE;
 
+ALTER TABLE ONLY packages_composer_cache_files
+    ADD CONSTRAINT fk_rails_b82cea43a0 FOREIGN KEY (namespace_id) REFERENCES namespaces(id) ON DELETE SET NULL;
+
 ALTER TABLE ONLY alerts_service_data
     ADD CONSTRAINT fk_rails_b93215a42c FOREIGN KEY (service_id) REFERENCES services(id) ON DELETE CASCADE;