Merge branch 'vij-add-cloud-license-token' into 'master'

Add cloud_license_auth_token to ApplicationSettings See merge request gitlab-org/gitlab!47396

Merge branch 'vij-add-cloud-license-token' into 'master'
Add cloud_license_auth_token to ApplicationSettings See merge request gitlab-org/gitlab!47396
b14b98b8 · Heinrich Lee Yu · 7031c5e6 · 2e40385f · b14b98b8 · b14b98b8
Commit b14b98b8 authored Nov 13, 2020 by Heinrich Lee Yu
8 changed files
--- a/app/models/application_setting.rb
+++ b/app/models/application_setting.rb
@@ -416,6 +416,7 @@ class ApplicationSetting < ApplicationRecord
  attr_encrypted :slack_app_verification_token, encryption_options_base_truncated_aes_256_gcm
  attr_encrypted :ci_jwt_signing_key, encryption_options_base_truncated_aes_256_gcm
  attr_encrypted :secret_detection_token_revocation_token, encryption_options_base_truncated_aes_256_gcm
+  attr_encrypted :cloud_license_auth_token, encryption_options_base_truncated_aes_256_gcm

  before_validation :ensure_uuid!


--- a/changelogs/unreleased/vij-add-cloud-license-token.yml
+++ b/changelogs/unreleased/vij-add-cloud-license-token.yml
+---
+title: Add cloud_license_auth_token column to application_settings
+merge_request: 47396
+author:
+type: added
--- a/db/migrate/20201111110318_add_cloud_license_auth_token_to_settings.rb
+++ b/db/migrate/20201111110318_add_cloud_license_auth_token_to_settings.rb
+# frozen_string_literal: true
+
+class AddCloudLicenseAuthTokenToSettings < ActiveRecord::Migration[6.0]
+  DOWNTIME = false
+
+  # rubocop:disable Migration/AddLimitToTextColumns
+  # limit is added in 20201111110918_add_cloud_license_auth_token_application_settings_text_limit
+  def change
+    add_column :application_settings, :encrypted_cloud_license_auth_token, :text
+    add_column :application_settings, :encrypted_cloud_license_auth_token_iv, :text
+  end
+  # rubocop:enable Migration/AddLimitToTextColumns
+end
--- a/db/migrate/20201111110918_add_cloud_license_auth_token_application_settings_text_limit.rb
+++ b/db/migrate/20201111110918_add_cloud_license_auth_token_application_settings_text_limit.rb
+# frozen_string_literal: true
+
+class AddCloudLicenseAuthTokenApplicationSettingsTextLimit < ActiveRecord::Migration[6.0]
+  include Gitlab::Database::MigrationHelpers
+
+  DOWNTIME = false
+
+  disable_ddl_transaction!
+
+  def up
+    add_text_limit :application_settings, :encrypted_cloud_license_auth_token_iv, 255
+  end
+
+  def down
+    remove_text_limit :application_settings, :encrypted_cloud_license_auth_token_iv
+  end
+end
--- a/db/schema_migrations/20201111110318
+++ b/db/schema_migrations/20201111110318
+4168c39fe93b1c11d8080e07167f79c8234c74a7b274332174d9e861f2084ada
\ No newline at end of file
--- a/db/schema_migrations/20201111110918
+++ b/db/schema_migrations/20201111110918
+f5705da7bce46d98ca798c85f08d8a6a0577839aabacd0ba9b50e0b7351a4e96
\ No newline at end of file
--- a/db/structure.sql
+++ b/db/structure.sql
@@ -9342,6 +9342,8 @@ CREATE TABLE application_settings (
    domain_denylist text,
    domain_allowlist text,
    new_user_signups_cap integer,
+    encrypted_cloud_license_auth_token text,
+    encrypted_cloud_license_auth_token_iv text,
    CONSTRAINT app_settings_registry_exp_policies_worker_capacity_positive CHECK ((container_registry_expiration_policies_worker_capacity >= 0)),
    CONSTRAINT check_2dba05b802 CHECK ((char_length(gitpod_url) <= 255)),
    CONSTRAINT check_51700b31b5 CHECK ((char_length(default_branch_name) <= 255)),
@@ -9351,7 +9353,8 @@ CREATE TABLE application_settings (
    CONSTRAINT check_9c6c447a13 CHECK ((char_length(maintenance_mode_message) <= 255)),
    CONSTRAINT check_d03919528d CHECK ((char_length(container_registry_vendor) <= 255)),
    CONSTRAINT check_d820146492 CHECK ((char_length(spam_check_endpoint_url) <= 255)),
-    CONSTRAINT check_e5aba18f02 CHECK ((char_length(container_registry_version) <= 255))
+    CONSTRAINT check_e5aba18f02 CHECK ((char_length(container_registry_version) <= 255)),
+    CONSTRAINT check_ef6176834f CHECK ((char_length(encrypted_cloud_license_auth_token_iv) <= 255))
 );

 CREATE SEQUENCE application_settings_id_seq

--- a/spec/models/application_setting_spec.rb
+++ b/spec/models/application_setting_spec.rb
@@ -665,6 +665,20 @@ RSpec.describe ApplicationSetting do
          end
        end
      end
+
+      describe '#cloud_license_auth_token' do
+        it { is_expected.to allow_value(nil).for(:cloud_license_auth_token) }
+
+        it 'is encrypted' do
+          subject.cloud_license_auth_token = 'token-from-customers-dot'
+
+          aggregate_failures do
+            expect(subject.encrypted_cloud_license_auth_token).to be_present
+            expect(subject.encrypted_cloud_license_auth_token_iv).to be_present
+            expect(subject.encrypted_cloud_license_auth_token).not_to eq(subject.cloud_license_auth_token)
+          end
+        end
+      end
    end

    context 'static objects external storage' do