Schedule background migration for encrypting runners tokens
This commit is contained in:
parent
64c2377854
commit
c7a39ffa91
3 changed files with 59 additions and 1 deletions
|
@ -0,0 +1,38 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
class ScheduleRunnersTokenEncryption < ActiveRecord::Migration
|
||||
include Gitlab::Database::MigrationHelpers
|
||||
|
||||
DOWNTIME = false
|
||||
BATCH_SIZE = 10000
|
||||
RANGE_SIZE = 100
|
||||
MIGRATION = 'EncryptRunnersTokens'
|
||||
|
||||
MODELS = [
|
||||
::Gitlab::BackgroundMigration::Models::EncryptColumns::Settings,
|
||||
::Gitlab::BackgroundMigration::Models::EncryptColumns::Namespace,
|
||||
::Gitlab::BackgroundMigration::Models::EncryptColumns::Project,
|
||||
::Gitlab::BackgroundMigration::Models::EncryptColumns::Runner
|
||||
].freeze
|
||||
|
||||
disable_ddl_transaction!
|
||||
|
||||
def up
|
||||
MODELS.each do |model|
|
||||
model.each_batch(of: BATCH_SIZE) do |relation, index|
|
||||
delay = index * 2.minutes
|
||||
|
||||
relation.each_batch(of: RANGE_SIZE) do |relation|
|
||||
range = relation.pluck('MIN(id)', 'MAX(id)').first
|
||||
args = [model, model.encrypted_attributes.keys, *range]
|
||||
|
||||
BackgroundMigrationWorker.perform_in(delay, MIGRATION, args)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
def down
|
||||
# no-op
|
||||
end
|
||||
end
|
|
@ -10,7 +10,7 @@
|
|||
#
|
||||
# It's strongly recommended that you check this file into your version control system.
|
||||
|
||||
ActiveRecord::Schema.define(version: 20181121101802) do
|
||||
ActiveRecord::Schema.define(version: 20181121111200) do
|
||||
|
||||
# These are extensions that must be enabled in order to support this database
|
||||
enable_extension "plpgsql"
|
||||
|
|
20
lib/gitlab/background_migration/encrypt_runners_tokens.rb
Normal file
20
lib/gitlab/background_migration/encrypt_runners_tokens.rb
Normal file
|
@ -0,0 +1,20 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
module Gitlab
|
||||
module BackgroundMigration
|
||||
# EncryptColumn migrates data from an unencrypted column - `foo`, say - to
|
||||
# an encrypted column - `encrypted_foo`, say.
|
||||
#
|
||||
# We only create a subclass here because we want to isolate this migration
|
||||
# (migrating unencrypted runner registration tokens to encrypted columns)
|
||||
# from other `EncryptColumns` migration. This class name is going to be
|
||||
# serialized and stored in Redis and later picked by Sidekiq, so we need to
|
||||
# create a separate class name in order to isolate these migration tasks.
|
||||
#
|
||||
# We can solve this differently, see tech debt issue:
|
||||
#
|
||||
# https://gitlab.com/gitlab-org/gitlab-ce/issues/54328
|
||||
#
|
||||
class EncryptRunnersTokens < EncryptColumns; end
|
||||
end
|
||||
end
|
Loading…
Reference in a new issue