From c503429e5e8538649bec02d74963ec0eb8f0cb98 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rub=C3=A9n=20D=C3=A1vila?= <ruben@gitlab.com>
Date: Mon, 4 Jun 2018 23:00:25 -0500
Subject: [PATCH] Add migration to disable the usage of DSA keys

Additionally the current application setting is also updated to disable
the usage of DSA keys.
---
 ...d-44364-deprecate-support-for-dsa-keys.yml |  5 +++
 ...e_default_value_for_dsa_key_restriction.rb | 16 +++++++++
 db/schema.rb                                  |  4 +--
 ...ault_value_for_dsa_key_restriction_spec.rb | 33 +++++++++++++++++++
 4 files changed, 56 insertions(+), 2 deletions(-)
 create mode 100644 changelogs/unreleased/rd-44364-deprecate-support-for-dsa-keys.yml
 create mode 100644 db/migrate/20180531220618_change_default_value_for_dsa_key_restriction.rb
 create mode 100644 spec/migrations/change_default_value_for_dsa_key_restriction_spec.rb

diff --git a/changelogs/unreleased/rd-44364-deprecate-support-for-dsa-keys.yml b/changelogs/unreleased/rd-44364-deprecate-support-for-dsa-keys.yml
new file mode 100644
index 00000000000..1a52ffaaf79
--- /dev/null
+++ b/changelogs/unreleased/rd-44364-deprecate-support-for-dsa-keys.yml
@@ -0,0 +1,5 @@
+---
+title: Add migration to disable the usage of DSA keys
+merge_request: 19299
+author:
+type: other
diff --git a/db/migrate/20180531220618_change_default_value_for_dsa_key_restriction.rb b/db/migrate/20180531220618_change_default_value_for_dsa_key_restriction.rb
new file mode 100644
index 00000000000..d0dcacc5b66
--- /dev/null
+++ b/db/migrate/20180531220618_change_default_value_for_dsa_key_restriction.rb
@@ -0,0 +1,16 @@
+class ChangeDefaultValueForDsaKeyRestriction < ActiveRecord::Migration
+  # Set this constant to true if this migration requires downtime.
+  DOWNTIME = false
+
+  def up
+    change_column :application_settings, :dsa_key_restriction, :integer, null: false,
+                  default: -1
+
+    execute("UPDATE application_settings SET dsa_key_restriction = -1")
+  end
+
+  def down
+    change_column :application_settings, :dsa_key_restriction, :integer, null: false,
+                  default: 0
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
index 97247387bc7..b14ea5640d4 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20180529093006) do
+ActiveRecord::Schema.define(version: 20180531220618) do
 
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
@@ -110,7 +110,7 @@ ActiveRecord::Schema.define(version: 20180529093006) do
     t.text "shared_runners_text_html"
     t.text "after_sign_up_text_html"
     t.integer "rsa_key_restriction", default: 0, null: false
-    t.integer "dsa_key_restriction", default: 0, null: false
+    t.integer "dsa_key_restriction", default: -1, null: false
     t.integer "ecdsa_key_restriction", default: 0, null: false
     t.integer "ed25519_key_restriction", default: 0, null: false
     t.boolean "housekeeping_enabled", default: true, null: false
diff --git a/spec/migrations/change_default_value_for_dsa_key_restriction_spec.rb b/spec/migrations/change_default_value_for_dsa_key_restriction_spec.rb
new file mode 100644
index 00000000000..7e61ab9b52e
--- /dev/null
+++ b/spec/migrations/change_default_value_for_dsa_key_restriction_spec.rb
@@ -0,0 +1,33 @@
+require 'spec_helper'
+require Rails.root.join('db', 'migrate', '20180531220618_change_default_value_for_dsa_key_restriction.rb')
+
+describe ChangeDefaultValueForDsaKeyRestriction, :migration do
+  let(:application_settings) { table(:application_settings) }
+
+  before do
+    application_settings.create!
+  end
+
+  it 'changes the default value for dsa_key_restriction' do
+    expect(application_settings.first.dsa_key_restriction).to eq(0)
+
+    migrate!
+
+    application_settings.reset_column_information
+    new_setting = application_settings.create!
+
+    expect(application_settings.count).to eq(2)
+    expect(new_setting.dsa_key_restriction).to eq(-1)
+  end
+
+  it 'changes the existing setting' do
+    setting = application_settings.last
+
+    expect(setting.dsa_key_restriction).to eq(0)
+
+    migrate!
+
+    expect(application_settings.count).to eq(1)
+    expect(setting.reload.dsa_key_restriction).to eq(-1)
+  end
+end
-- 
2.30.9