Commit 2e40385f authored by Vijay Hawoldar's avatar Vijay Hawoldar

Add cloud_license_auth_token to ApplicationSettings

In order to support CloudLicense syncing, an authentication
token will be stored in ApplicationSettings. This commit adds
the column to support that, `cloud_license_auth_token`
parent 4806a5e4
......@@ -416,6 +416,7 @@ class ApplicationSetting < ApplicationRecord
attr_encrypted :slack_app_verification_token, encryption_options_base_truncated_aes_256_gcm
attr_encrypted :ci_jwt_signing_key, encryption_options_base_truncated_aes_256_gcm
attr_encrypted :secret_detection_token_revocation_token, encryption_options_base_truncated_aes_256_gcm
attr_encrypted :cloud_license_auth_token, encryption_options_base_truncated_aes_256_gcm
before_validation :ensure_uuid!
......
---
title: Add cloud_license_auth_token column to application_settings
merge_request: 47396
author:
type: added
# frozen_string_literal: true
class AddCloudLicenseAuthTokenToSettings < ActiveRecord::Migration[6.0]
DOWNTIME = false
# rubocop:disable Migration/AddLimitToTextColumns
# limit is added in 20201111110918_add_cloud_license_auth_token_application_settings_text_limit
def change
add_column :application_settings, :encrypted_cloud_license_auth_token, :text
add_column :application_settings, :encrypted_cloud_license_auth_token_iv, :text
end
# rubocop:enable Migration/AddLimitToTextColumns
end
# frozen_string_literal: true
class AddCloudLicenseAuthTokenApplicationSettingsTextLimit < ActiveRecord::Migration[6.0]
include Gitlab::Database::MigrationHelpers
DOWNTIME = false
disable_ddl_transaction!
def up
add_text_limit :application_settings, :encrypted_cloud_license_auth_token_iv, 255
end
def down
remove_text_limit :application_settings, :encrypted_cloud_license_auth_token_iv
end
end
4168c39fe93b1c11d8080e07167f79c8234c74a7b274332174d9e861f2084ada
\ No newline at end of file
f5705da7bce46d98ca798c85f08d8a6a0577839aabacd0ba9b50e0b7351a4e96
\ No newline at end of file
......@@ -9342,6 +9342,8 @@ CREATE TABLE application_settings (
domain_denylist text,
domain_allowlist text,
new_user_signups_cap integer,
encrypted_cloud_license_auth_token text,
encrypted_cloud_license_auth_token_iv text,
CONSTRAINT app_settings_registry_exp_policies_worker_capacity_positive CHECK ((container_registry_expiration_policies_worker_capacity >= 0)),
CONSTRAINT check_2dba05b802 CHECK ((char_length(gitpod_url) <= 255)),
CONSTRAINT check_51700b31b5 CHECK ((char_length(default_branch_name) <= 255)),
......@@ -9351,7 +9353,8 @@ CREATE TABLE application_settings (
CONSTRAINT check_9c6c447a13 CHECK ((char_length(maintenance_mode_message) <= 255)),
CONSTRAINT check_d03919528d CHECK ((char_length(container_registry_vendor) <= 255)),
CONSTRAINT check_d820146492 CHECK ((char_length(spam_check_endpoint_url) <= 255)),
CONSTRAINT check_e5aba18f02 CHECK ((char_length(container_registry_version) <= 255))
CONSTRAINT check_e5aba18f02 CHECK ((char_length(container_registry_version) <= 255)),
CONSTRAINT check_ef6176834f CHECK ((char_length(encrypted_cloud_license_auth_token_iv) <= 255))
);
CREATE SEQUENCE application_settings_id_seq
......
......@@ -665,6 +665,20 @@ RSpec.describe ApplicationSetting do
end
end
end
describe '#cloud_license_auth_token' do
it { is_expected.to allow_value(nil).for(:cloud_license_auth_token) }
it 'is encrypted' do
subject.cloud_license_auth_token = 'token-from-customers-dot'
aggregate_failures do
expect(subject.encrypted_cloud_license_auth_token).to be_present
expect(subject.encrypted_cloud_license_auth_token_iv).to be_present
expect(subject.encrypted_cloud_license_auth_token).not_to eq(subject.cloud_license_auth_token)
end
end
end
end
context 'static objects external storage' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment