Commit 733e5ddd authored by Vasilii Iakliushin's avatar Vasilii Iakliushin

Deprecate plaintext field static_objects_external_storage_auth_token

Contributes to https://gitlab.com/gitlab-org/gitlab/-/issues/348307

After token encryption executed in
https://gitlab.com/gitlab-org/gitlab/-/merge_requests/75417. We can
start deprecation process for
"static_objects_external_storage_auth_token".

* Ignore static_objects_external_storage_auth_token field
* Change encryption mode to 'required'

Changelog: changed
parent 0f226e87
...@@ -9,6 +9,7 @@ class ApplicationSetting < ApplicationRecord ...@@ -9,6 +9,7 @@ class ApplicationSetting < ApplicationRecord
include Sanitizable include Sanitizable
ignore_columns %i[elasticsearch_shards elasticsearch_replicas], remove_with: '14.4', remove_after: '2021-09-22' ignore_columns %i[elasticsearch_shards elasticsearch_replicas], remove_with: '14.4', remove_after: '2021-09-22'
ignore_columns %i[static_objects_external_storage_auth_token], remove_with: '14.9', remove_after: '2022-03-22'
INSTANCE_REVIEW_MIN_USERS = 50 INSTANCE_REVIEW_MIN_USERS = 50
GRAFANA_URL_ERROR_MESSAGE = 'Please check your Grafana URL setting in ' \ GRAFANA_URL_ERROR_MESSAGE = 'Please check your Grafana URL setting in ' \
...@@ -21,7 +22,7 @@ class ApplicationSetting < ApplicationRecord ...@@ -21,7 +22,7 @@ class ApplicationSetting < ApplicationRecord
add_authentication_token_field :runners_registration_token, encrypted: -> { Feature.enabled?(:application_settings_tokens_optional_encryption) ? :optional : :required } add_authentication_token_field :runners_registration_token, encrypted: -> { Feature.enabled?(:application_settings_tokens_optional_encryption) ? :optional : :required }
add_authentication_token_field :health_check_access_token add_authentication_token_field :health_check_access_token
add_authentication_token_field :static_objects_external_storage_auth_token, encrypted: :optional add_authentication_token_field :static_objects_external_storage_auth_token, encrypted: :required
belongs_to :self_monitoring_project, class_name: "Project", foreign_key: 'instance_administration_project_id' belongs_to :self_monitoring_project, class_name: "Project", foreign_key: 'instance_administration_project_id'
belongs_to :push_rule belongs_to :push_rule
......
...@@ -1244,7 +1244,7 @@ RSpec.describe ApplicationSetting do ...@@ -1244,7 +1244,7 @@ RSpec.describe ApplicationSetting do
end end
end end
describe '#static_objects_external_storage_auth_token=' do describe '#static_objects_external_storage_auth_token=', :aggregate_failures do
subject { setting.static_objects_external_storage_auth_token = token } subject { setting.static_objects_external_storage_auth_token = token }
let(:token) { 'Test' } let(:token) { 'Test' }
...@@ -1268,5 +1268,20 @@ RSpec.describe ApplicationSetting do ...@@ -1268,5 +1268,20 @@ RSpec.describe ApplicationSetting do
expect(setting.static_objects_external_storage_auth_token).to be_nil expect(setting.static_objects_external_storage_auth_token).to be_nil
end end
end end
context 'with plaintext token only' do
let(:token) { '' }
it 'ignores the plaintext token' do
subject
ApplicationSetting.update_all(static_objects_external_storage_auth_token: 'Test')
setting.reload
expect(setting[:static_objects_external_storage_auth_token]).to be_nil
expect(setting[:static_objects_external_storage_auth_token_encrypted]).to be_nil
expect(setting.static_objects_external_storage_auth_token).to be_nil
end
end
end end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment