1 files changed, 106 insertions, 23 deletions

diff --git a/app/models/integration.rb b/app/models/integration.rb
index e9cd90649ba..274c16507b7 100644
--- a/app/models/integration.rb
+++ b/app/models/integration.rb
@@ -9,10 +9,18 @@ class Integration < ApplicationRecord
   include Integrations::HasDataFields
   include FromUnion
   include EachBatch
+  include IgnorableColumns
+
+  ignore_column :template, remove_with: '15.0', remove_after: '2022-04-22'
+  ignore_column :type, remove_with: '15.0', remove_after: '2022-04-22'
+
+  UnknownType = Class.new(StandardError)
+
+  self.inheritance_column = :type_new
 
   INTEGRATION_NAMES = %w[
     asana assembla bamboo bugzilla buildkite campfire confluence custom_issue_tracker datadog discord
-    drone_ci emails_on_push ewm external_wiki flowdock hangouts_chat irker jira
+    drone_ci emails_on_push ewm external_wiki flowdock hangouts_chat harbor irker jira
     mattermost mattermost_slash_commands microsoft_teams packagist pipelines_email
     pivotaltracker prometheus pushover redmine slack slack_slash_commands teamcity unify_circuit webex_teams youtrack zentao
   ].freeze
@@ -37,9 +45,21 @@ class Integration < ApplicationRecord
     Integrations::BaseSlashCommands
   ].freeze
 
+  SECTION_TYPE_CONNECTION = 'connection'
+
   serialize :properties, JSON # rubocop:disable Cop/ActiveRecordSerialize
 
-  attribute :type, Gitlab::Integrations::StiType.new
+  attr_encrypted :encrypted_properties_tmp,
+                 attribute: :encrypted_properties,
+                 mode: :per_attribute_iv,
+                 key: Settings.attr_encrypted_db_key_base_32,
+                 algorithm: 'aes-256-gcm',
+                 marshal: true,
+                 marshaler: ::Gitlab::Json,
+                 encode: false,
+                 encode_iv: false
+
+  alias_attribute :type, :type_new
 
   default_value_for :active, false
   default_value_for :alert_events, true
@@ -57,6 +77,8 @@ class Integration < ApplicationRecord
   default_value_for :wiki_page_events, true
 
   after_initialize :initialize_properties
+  after_initialize :copy_properties_to_encrypted_properties
+  before_save :copy_properties_to_encrypted_properties
 
   after_commit :reset_updated_properties
 
@@ -74,9 +96,10 @@ class Integration < ApplicationRecord
   validate :validate_belongs_to_project_or_group
 
   scope :external_issue_trackers, -> { where(category: 'issue_tracker').active }
-  scope :external_wikis, -> { where(type: 'ExternalWikiService').active }
+  scope :by_name, ->(name) { by_type(integration_name_to_type(name)) }
+  scope :external_wikis, -> { by_name(:external_wiki).active }
   scope :active, -> { where(active: true) }
-  scope :by_type, -> (type) { where(type: type) }
+  scope :by_type, ->(type) { where(type: type) } # INTERNAL USE ONLY: use by_name instead
   scope :by_active_flag, -> (flag) { where(active: flag) }
   scope :inherit_from_id, -> (id) { where(inherit_from_id: id) }
   scope :with_default_settings, -> { where.not(inherit_from_id: nil) }
@@ -99,6 +122,39 @@ class Integration < ApplicationRecord
   scope :alert_hooks, -> { where(alert_events: true, active: true) }
   scope :deployment, -> { where(category: 'deployment') }
 
+  class << self
+    private
+
+    attr_writer :field_storage
+
+    def field_storage
+      @field_storage || :properties
+    end
+  end
+
+  # :nocov: Tested on subclasses.
+  def self.field(name, storage: field_storage, **attrs)
+    fields << ::Integrations::Field.new(name: name, **attrs)
+
+    case storage
+    when :properties
+      prop_accessor(name)
+    when :data_fields
+      data_field(name)
+    else
+      raise ArgumentError, "Unknown field storage: #{storage}"
+    end
+  end
+  # :nocov:
+
+  def self.fields
+    @fields ||= []
+  end
+
+  def fields
+    self.class.fields
+  end
+
   # Provide convenient accessor methods for each serialized property.
   # Also keep track of updated properties in a similar way as ActiveModel::Dirty
   def self.prop_accessor(*args)
@@ -112,8 +168,10 @@ class Integration < ApplicationRecord
 
         def #{arg}=(value)
           self.properties ||= {}
+          self.encrypted_properties_tmp = properties
           updated_properties['#{arg}'] = #{arg} unless #{arg}_changed?
           self.properties['#{arg}'] = value
+          self.encrypted_properties_tmp['#{arg}'] = value
         end
 
         def #{arg}_changed?
@@ -158,10 +216,6 @@ class Integration < ApplicationRecord
     self.supported_events.map { |event| IntegrationsHelper.integration_event_field_name(event) }
   end
 
-  def self.supported_event_actions
-    %w[]
-  end
-
   def self.supported_events
     %w[commit push tag_push issue confidential_issue merge_request wiki_page]
   end
@@ -226,7 +280,7 @@ class Integration < ApplicationRecord
   end
 
   # Returns a list of available integration types.
-  # Example: ["AsanaService", ...]
+  # Example: ["Integrations::Asana", ...]
   def self.available_integration_types(include_project_specific: true, include_dev: true)
     available_integration_names(include_project_specific: include_project_specific, include_dev: include_dev).map do
       integration_name_to_type(_1)
@@ -234,22 +288,27 @@ class Integration < ApplicationRecord
   end
 
   # Returns the model for the given integration name.
-  # Example: "asana" => Integrations::Asana
+  # Example: :asana => Integrations::Asana
   def self.integration_name_to_model(name)
     type = integration_name_to_type(name)
     integration_type_to_model(type)
   end
 
   # Returns the STI type for the given integration name.
-  # Example: "asana" => "AsanaService"
+  # Example: "asana" => "Integrations::Asana"
   def self.integration_name_to_type(name)
-    "#{name}_service".camelize
+    name = name.to_s
+    if available_integration_names.exclude?(name)
+      Gitlab::ErrorTracking.track_and_raise_for_dev_exception(UnknownType.new(name.inspect))
+    else
+      "Integrations::#{name.camelize}"
+    end
   end
 
   # Returns the model for the given STI type.
-  # Example: "AsanaService" => Integrations::Asana
+  # Example: "Integrations::Asana" => Integrations::Asana
   def self.integration_type_to_model(type)
-    Gitlab::Integrations::StiType.new.cast(type).constantize
+    type.constantize
   end
   private_class_method :integration_type_to_model
 
@@ -298,7 +357,7 @@ class Integration < ApplicationRecord
     from_union([
       active.where(instance: true),
       active.where(group_id: group_ids, inherit_from_id: nil)
-    ]).order(Arel.sql("type ASC, array_position(#{array}::bigint[], #{table_name}.group_id), instance DESC")).group_by(&:type).each do |type, records|
+    ]).order(Arel.sql("type_new ASC, array_position(#{array}::bigint[], #{table_name}.group_id), instance DESC")).group_by(&:type).each do |type, records|
       build_from_integration(records.first, association => scope.id).save
     end
   end
@@ -330,6 +389,10 @@ class Integration < ApplicationRecord
     true
   end
 
+  def activate_disabled_reason
+    nil
+  end
+
   def category
     read_attribute(:category).to_sym
   end
@@ -338,6 +401,12 @@ class Integration < ApplicationRecord
     self.properties = {} if has_attribute?(:properties) && properties.nil?
   end
 
+  def copy_properties_to_encrypted_properties
+    self.encrypted_properties_tmp = properties
+  rescue ActiveModel::MissingAttributeError
+    # ignore - in a record built from using a restricted select list
+  end
+
   def title
     # implement inside child
   end
@@ -355,8 +424,7 @@ class Integration < ApplicationRecord
     self.class.to_param
   end
 
-  def fields
-    # implement inside child
+  def sections
     []
   end
 
@@ -371,8 +439,24 @@ class Integration < ApplicationRecord
     %w[active]
   end
 
+  # return a hash of columns => values suitable for passing to insert_all
   def to_integration_hash
-    as_json(methods: :type, except: %w[id instance project_id group_id])
+    column = self.class.attribute_aliases.fetch('type', 'type')
+    copy_properties_to_encrypted_properties
+
+    as_json(except: %w[id instance project_id group_id encrypted_properties_tmp])
+      .merge(column => type)
+      .merge(reencrypt_properties)
+  end
+
+  def reencrypt_properties
+    unless properties.nil? || properties.empty?
+      alg = self.class.encrypted_attributes[:encrypted_properties_tmp][:algorithm]
+      iv = generate_iv(alg)
+      ep = self.class.encrypt(:encrypted_properties_tmp, properties, { iv: iv })
+    end
+
+    { 'encrypted_properties' => ep, 'encrypted_properties_iv' => iv }
   end
 
   def to_data_fields_hash
@@ -392,7 +476,10 @@ class Integration < ApplicationRecord
   end
 
   def api_field_names
-    fields.pluck(:name).grep_v(/password|token|key|title|description/)
+    fields
+      .reject { _1[:type] == 'password' }
+      .pluck(:name)
+      .grep_v(/password|token|key/)
   end
 
   def global_fields
@@ -410,10 +497,6 @@ class Integration < ApplicationRecord
     end
   end
 
-  def configurable_event_actions
-    self.class.supported_event_actions
-  end
-
   def supported_events
     self.class.supported_events
   end