Schedule background migration for encrypting runners tokens
This commit is contained in:
parent
64c2377854
commit
c7a39ffa91
3 changed files with 59 additions and 1 deletions
|
@ -0,0 +1,38 @@
|
||||||
|
# frozen_string_literal: true
|
||||||
|
|
||||||
|
class ScheduleRunnersTokenEncryption < ActiveRecord::Migration
|
||||||
|
include Gitlab::Database::MigrationHelpers
|
||||||
|
|
||||||
|
DOWNTIME = false
|
||||||
|
BATCH_SIZE = 10000
|
||||||
|
RANGE_SIZE = 100
|
||||||
|
MIGRATION = 'EncryptRunnersTokens'
|
||||||
|
|
||||||
|
MODELS = [
|
||||||
|
::Gitlab::BackgroundMigration::Models::EncryptColumns::Settings,
|
||||||
|
::Gitlab::BackgroundMigration::Models::EncryptColumns::Namespace,
|
||||||
|
::Gitlab::BackgroundMigration::Models::EncryptColumns::Project,
|
||||||
|
::Gitlab::BackgroundMigration::Models::EncryptColumns::Runner
|
||||||
|
].freeze
|
||||||
|
|
||||||
|
disable_ddl_transaction!
|
||||||
|
|
||||||
|
def up
|
||||||
|
MODELS.each do |model|
|
||||||
|
model.each_batch(of: BATCH_SIZE) do |relation, index|
|
||||||
|
delay = index * 2.minutes
|
||||||
|
|
||||||
|
relation.each_batch(of: RANGE_SIZE) do |relation|
|
||||||
|
range = relation.pluck('MIN(id)', 'MAX(id)').first
|
||||||
|
args = [model, model.encrypted_attributes.keys, *range]
|
||||||
|
|
||||||
|
BackgroundMigrationWorker.perform_in(delay, MIGRATION, args)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
def down
|
||||||
|
# no-op
|
||||||
|
end
|
||||||
|
end
|
|
@ -10,7 +10,7 @@
|
||||||
#
|
#
|
||||||
# It's strongly recommended that you check this file into your version control system.
|
# It's strongly recommended that you check this file into your version control system.
|
||||||
|
|
||||||
ActiveRecord::Schema.define(version: 20181121101802) do
|
ActiveRecord::Schema.define(version: 20181121111200) do
|
||||||
|
|
||||||
# These are extensions that must be enabled in order to support this database
|
# These are extensions that must be enabled in order to support this database
|
||||||
enable_extension "plpgsql"
|
enable_extension "plpgsql"
|
||||||
|
|
20
lib/gitlab/background_migration/encrypt_runners_tokens.rb
Normal file
20
lib/gitlab/background_migration/encrypt_runners_tokens.rb
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
# frozen_string_literal: true
|
||||||
|
|
||||||
|
module Gitlab
|
||||||
|
module BackgroundMigration
|
||||||
|
# EncryptColumn migrates data from an unencrypted column - `foo`, say - to
|
||||||
|
# an encrypted column - `encrypted_foo`, say.
|
||||||
|
#
|
||||||
|
# We only create a subclass here because we want to isolate this migration
|
||||||
|
# (migrating unencrypted runner registration tokens to encrypted columns)
|
||||||
|
# from other `EncryptColumns` migration. This class name is going to be
|
||||||
|
# serialized and stored in Redis and later picked by Sidekiq, so we need to
|
||||||
|
# create a separate class name in order to isolate these migration tasks.
|
||||||
|
#
|
||||||
|
# We can solve this differently, see tech debt issue:
|
||||||
|
#
|
||||||
|
# https://gitlab.com/gitlab-org/gitlab-ce/issues/54328
|
||||||
|
#
|
||||||
|
class EncryptRunnersTokens < EncryptColumns; end
|
||||||
|
end
|
||||||
|
end
|
Loading…
Reference in a new issue