Encrypt runners communication token in the database
This commit is contained in:
parent
478c15fa89
commit
e491df5fc6
|
@ -8,6 +8,9 @@ module Ci
|
|||
include RedisCacheable
|
||||
include ChronicDurationAttribute
|
||||
include FromUnion
|
||||
include TokenAuthenticatable
|
||||
|
||||
add_authentication_token_field :token, encrypted: true, fallback: true
|
||||
|
||||
enum access_level: {
|
||||
not_protected: 0,
|
||||
|
@ -39,7 +42,7 @@ module Ci
|
|||
|
||||
has_one :last_build, ->() { order('id DESC') }, class_name: 'Ci::Build'
|
||||
|
||||
before_validation :set_default_values
|
||||
before_save :ensure_token
|
||||
|
||||
scope :active, -> { where(active: true) }
|
||||
scope :paused, -> { where(active: false) }
|
||||
|
@ -145,10 +148,6 @@ module Ci
|
|||
end
|
||||
end
|
||||
|
||||
def set_default_values
|
||||
self.token = SecureRandom.hex(15) if self.token.blank?
|
||||
end
|
||||
|
||||
def assign_to(project, current_user = nil)
|
||||
if instance_type?
|
||||
self.runner_type = :project_type
|
||||
|
|
|
@ -0,0 +1,12 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
class AddTokenEncryptedToCiRunners < ActiveRecord::Migration
|
||||
include Gitlab::Database::MigrationHelpers
|
||||
|
||||
DOWNTIME = false
|
||||
|
||||
def change
|
||||
add_column :ci_runners, :token_encrypted, :string
|
||||
# TODO index
|
||||
end
|
||||
end
|
|
@ -11,7 +11,7 @@
|
|||
#
|
||||
# It's strongly recommended that you check this file into your version control system.
|
||||
|
||||
ActiveRecord::Schema.define(version: 20181116141504) do
|
||||
ActiveRecord::Schema.define(version: 20181120151656) do
|
||||
|
||||
# These are extensions that must be enabled in order to support this database
|
||||
enable_extension "plpgsql"
|
||||
|
@ -543,6 +543,7 @@ ActiveRecord::Schema.define(version: 20181116141504) do
|
|||
t.string "ip_address"
|
||||
t.integer "maximum_timeout"
|
||||
t.integer "runner_type", limit: 2, null: false
|
||||
t.string "token_encrypted"
|
||||
end
|
||||
|
||||
add_index "ci_runners", ["contacted_at"], name: "index_ci_runners_on_contacted_at", using: :btree
|
||||
|
|
|
@ -158,6 +158,9 @@ excluded_attributes:
|
|||
- :encrypted_token_iv
|
||||
- :encrypted_url
|
||||
- :encrypted_url_iv
|
||||
runners:
|
||||
- :token
|
||||
- :token_encrypted
|
||||
|
||||
methods:
|
||||
labels:
|
||||
|
|
|
@ -8,6 +8,7 @@ module Gitlab
|
|||
triggers: 'Ci::Trigger',
|
||||
pipeline_schedules: 'Ci::PipelineSchedule',
|
||||
builds: 'Ci::Build',
|
||||
runners: 'Ci::Runner',
|
||||
hooks: 'ProjectHook',
|
||||
merge_access_levels: 'ProtectedBranch::MergeAccessLevel',
|
||||
push_access_levels: 'ProtectedBranch::PushAccessLevel',
|
||||
|
@ -31,7 +32,7 @@ module Gitlab
|
|||
|
||||
EXISTING_OBJECT_CHECK = %i[milestone milestones label labels project_label project_labels group_label group_labels project_feature].freeze
|
||||
|
||||
TOKEN_RESET_MODELS = %w[Project Namespace Group Ci::Trigger Ci::Build ProjectHook].freeze
|
||||
TOKEN_RESET_MODELS = %w[Project Namespace Ci::Trigger Ci::Build Ci::Runner ProjectHook].freeze
|
||||
|
||||
def self.create(*args)
|
||||
new(*args).create
|
||||
|
|
Loading…
Reference in New Issue