From 466371a06c6d4d5b206b6fc2b09d7a44d80e8679 Mon Sep 17 00:00:00 2001
From: Nick Thomas <nick@gitlab.com>
Date: Fri, 14 Sep 2018 18:21:28 +0100
Subject: Migrate sensitive web hook data in the background

---
 .../20180914162043_encrypt_web_hooks_columns.rb    | 33 ++++++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 db/post_migrate/20180914162043_encrypt_web_hooks_columns.rb

(limited to 'db/post_migrate')

diff --git a/db/post_migrate/20180914162043_encrypt_web_hooks_columns.rb b/db/post_migrate/20180914162043_encrypt_web_hooks_columns.rb
new file mode 100644
index 00000000000..05ec4864a9e
--- /dev/null
+++ b/db/post_migrate/20180914162043_encrypt_web_hooks_columns.rb
@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+class EncryptWebHooksColumns < ActiveRecord::Migration
+  include Gitlab::Database::MigrationHelpers
+
+  DOWNTIME = false
+
+  BATCH_SIZE = 10000
+  RANGE_SIZE = 100
+  MIGRATION = 'EncryptColumns'
+  COLUMNS = [:token, :url]
+
+  WebHook = ::Gitlab::BackgroundMigration::Models::EncryptColumns::WebHook
+
+  disable_ddl_transaction!
+
+  def up
+    WebHook.each_batch(of: BATCH_SIZE) do |relation, index|
+      delay = index * 2.minutes
+
+      relation.each_batch(of: RANGE_SIZE) do |relation|
+        range = relation.pluck('MIN(id)', 'MAX(id)').first
+        args = [WebHook, COLUMNS, *range]
+
+        BackgroundMigrationWorker.perform_in(delay, MIGRATION, args)
+      end
+    end
+  end
+
+  def down
+    # noop
+  end
+end
-- 
cgit v1.2.3