Encrypt group / project runners registration tokens

fa33a2ee · Grzegorz Bizon · 0df989ba · fa33a2ee · fa33a2ee · fa33a2ee
Commit fa33a2ee authored Nov 16, 2018 by Grzegorz Bizon
5 changed files
--- a/app/models/group.rb
+++ b/app/models/group.rb
@@ -55,7 +55,7 @@ class Group < Namespace
  validates :two_factor_grace_period, presence: true, numericality: { greater_than_or_equal_to: 0 }
-  add_authentication_token_field :runners_token
+  add_authentication_token_field :runners_token, encrypted: true, fallback: true
  after_create :post_create_hook
  after_destroy :post_destroy_hook

--- a/app/models/project.rb
+++ b/app/models/project.rb
@@ -76,7 +76,7 @@ class Project < ActiveRecord::Base
  default_value_for :snippets_enabled, gitlab_config_features.snippets
  default_value_for :only_allow_merge_if_all_discussions_are_resolved, false
-  add_authentication_token_field :runners_token
+  add_authentication_token_field :runners_token, encrypted: true, fallback: true
  before_validation :mark_remote_mirrors_for_removal, if: -> { RemoteMirror.table_exists? }

--- a/db/migrate/20181116141415_add_encrypted_runners_token_to_namespaces.rb
+++ b/db/migrate/20181116141415_add_encrypted_runners_token_to_namespaces.rb
+# frozen_string_literal: true
+class AddEncryptedRunnersTokenToNamespaces < ActiveRecord::Migration
+  include Gitlab::Database::MigrationHelpers
+  DOWNTIME = false
+  def change
+    add_column :namespaces, :runners_token_encrypted, :string
+    # TODO index
+  end
+end
--- a/db/migrate/20181116141504_add_encrypted_runners_token_to_projects.rb
+++ b/db/migrate/20181116141504_add_encrypted_runners_token_to_projects.rb
+# frozen_string_literal: true
+class AddEncryptedRunnersTokenToProjects < ActiveRecord::Migration
+  include Gitlab::Database::MigrationHelpers
+  DOWNTIME = false
+  def change
+    add_column :projects, :runners_token_encrypted, :string
+    # TODO index
+  end
+end
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
-ActiveRecord::Schema.define(version: 20181115140140) do
+ActiveRecord::Schema.define(version: 20181116141504) do
  # These are extensions that must be enabled in order to support this database
  enable_extension "plpgsql"
@@ -1409,6 +1409,7 @@ ActiveRecord::Schema.define(version: 20181115140140) do
    t.integer "two_factor_grace_period", default: 48, null: false
    t.integer "cached_markdown_version"
    t.string "runners_token"
+    t.string "runners_token_encrypted"
  end
  add_index "namespaces", ["created_at"], name: "index_namespaces_on_created_at", using: :btree
@@ -1753,6 +1754,7 @@ ActiveRecord::Schema.define(version: 20181115140140) do
    t.boolean "pages_https_only", default: true
    t.boolean "remote_mirror_available_overridden"
    t.integer "pool_repository_id", limit: 8
+    t.string "runners_token_encrypted"
  end
  add_index "projects", ["ci_id"], name: "index_projects_on_ci_id", using: :btree