From ecfe6292d3a5d40d7179cf763fb60cf73adb30e3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rub=C3=A9n=20D=C3=A1vila?= <ruben@gitlab.com>
Date: Mon, 2 Oct 2017 20:46:19 -0500
Subject: Add migration to generate GpgKeySubkeys records and update signatures

---
 ...create_gpg_key_subkeys_for_existing_gpg_keys.rb | 59 ++++++++++++++++++++++
 1 file changed, 59 insertions(+)
 create mode 100644 db/migrate/20171002161539_create_gpg_key_subkeys_for_existing_gpg_keys.rb

(limited to 'db')

diff --git a/db/migrate/20171002161539_create_gpg_key_subkeys_for_existing_gpg_keys.rb b/db/migrate/20171002161539_create_gpg_key_subkeys_for_existing_gpg_keys.rb
new file mode 100644
index 00000000000..355fbfbbede
--- /dev/null
+++ b/db/migrate/20171002161539_create_gpg_key_subkeys_for_existing_gpg_keys.rb
@@ -0,0 +1,59 @@
+# See http://doc.gitlab.com/ce/development/migration_style_guide.html
+# for more information on how to write migrations for GitLab.
+
+class CreateGpgKeySubkeysForExistingGpgKeys < ActiveRecord::Migration
+  disable_ddl_transaction!
+
+  DOWNTIME = false
+
+  class GpgKey < ActiveRecord::Base
+    self.table_name = 'gpg_keys'
+
+    include EachBatch
+    include ShaAttribute
+
+    sha_attribute :primary_keyid
+    sha_attribute :fingerprint
+
+    has_many :subkeys, class_name: 'GpgKeySubkey'
+  end
+
+  class GpgKeySubkey < ActiveRecord::Base
+    self.table_name = 'gpg_key_subkeys'
+
+    include ShaAttribute
+
+    sha_attribute :keyid
+    sha_attribute :fingerprint
+  end
+
+  def up
+    GpgKey.each_batch do |batch|
+      batch.each do |gpg_key|
+        create_subkeys(gpg_key) && update_signatures(gpg_key)
+      end
+    end
+  end
+
+  def down
+  end
+
+  private
+
+  def create_subkeys(gpg_key)
+    gpg_subkeys = Gitlab::Gpg.subkeys_from_key(gpg_key.key)
+
+    gpg_subkeys[gpg_key.primary_keyid.upcase]&.each do |subkey_data|
+      gpg_key.subkeys.build(keyid: subkey_data[:keyid], fingerprint: subkey_data[:fingerprint])
+    end
+
+    # Improve latency by doing all INSERTs in a single call
+    GpgKey.transaction do
+      gpg_key.save!
+    end
+  end
+
+  def update_signatures(gpg_key)
+    InvalidGpgSignatureUpdateWorker.perform_async(gpg_key.id)
+  end
+end
-- 
cgit v1.2.3