Merge branch 'ethan-eurie-473441-add-sds-communication-f1e8c339' into 'master'

Add Application settings for the secret detection service url and auth token See merge request !172721 Merged-by: Michał Zając <mzajac@gitlab.com> Approved-by: Michał Zając <mzajac@gitlab.com> Co-authored-by: Ethan Urie <eurie@gitlab.com>

Merge branch 'ethan-eurie-473441-add-sds-communication-f1e8c339' into 'master'
a3fd684f · Michał Zając · GitLab · 45689a16 · 525f0912 · a3fd684f
Verified Commit a3fd684f authored 3 months ago by Michał Zając Committed by GitLab 3 months ago
--- a/config/application_setting_columns/secret_detection_service_auth_token.yml
+++ b/config/application_setting_columns/secret_detection_service_auth_token.yml
+---
+api_type:
+attr: secret_detection_service_auth_token
+clusterwide: false
+column: encrypted_secret_detection_service_auth_token
+db_type: bytea
+default:
+description: The authentication token to connect to the Secret Detection Service
+encrypted: true
+gitlab_com_different_than_default: false
+jihu: false
+not_null: true
--- a/config/application_setting_columns/secret_detection_service_url.yml
+++ b/config/application_setting_columns/secret_detection_service_url.yml
+---
+api_type:
+attr: secret_detection_service_url
+clusterwide: false
+column: secret_detection_service_url
+db_type: text
+default: "''::text"
+description: Stores the URL to connect to the Secret Detection Service
+encrypted: false
+gitlab_com_different_than_default: false
+jihu: false
+not_null: true
--- a/db/migrate/20241009173023_add_secret_detection_service_url_to_application_settings.rb
+++ b/db/migrate/20241009173023_add_secret_detection_service_url_to_application_settings.rb
+# frozen_string_literal: true
+
+class AddSecretDetectionServiceUrlToApplicationSettings < Gitlab::Database::Migration[2.2]
+  disable_ddl_transaction!
+  milestone "17.6"
+
+  def up
+    add_column :application_settings,
+      :secret_detection_service_url,
+      :text, default: "",
+      null: false,
+      if_not_exists: true
+
+    add_text_limit :application_settings, :secret_detection_service_url, 255
+  end
+
+  def down
+    remove_column :application_settings, :secret_detection_service_url, if_exists: true
+  end
+end
--- a/db/migrate/20241010191331_add_secret_detection_service_auth_token_to_application_settings.rb
+++ b/db/migrate/20241010191331_add_secret_detection_service_auth_token_to_application_settings.rb
+# frozen_string_literal: true
+
+class AddSecretDetectionServiceAuthTokenToApplicationSettings < Gitlab::Database::Migration[2.2]
+  milestone "17.6"
+
+  def up
+    add_column :application_settings, :encrypted_secret_detection_service_auth_token, :binary, if_not_exists: true
+    add_column :application_settings, :encrypted_secret_detection_service_auth_token_iv, :binary, if_not_exists: true
+  end
+
+  def down
+    remove_column :application_settings, :encrypted_secret_detection_service_auth_token, if_exists: true
+    remove_column :application_settings, :encrypted_secret_detection_service_auth_token_iv, if_exists: true
+  end
+end
--- a/db/schema_migrations/20241009173023
+++ b/db/schema_migrations/20241009173023
+806d8994b97023db8ba242161745d2d67ab3aa2f187c02374ae236cddfe10fed
\ No newline at end of file
--- a/db/schema_migrations/20241010191331
+++ b/db/schema_migrations/20241010191331
+a1d05c4d9424b1511cecb92dfe560c7f1ddb5c5a116ec9b7c664bdf667ed28fe
\ No newline at end of file
--- a/db/structure.sql
+++ b/db/structure.sql
@@ -6899,6 +6899,9 @@ CREATE TABLE application_settings (
    elasticsearch_retry_on_failure integer DEFAULT 0 NOT NULL,
    integrations jsonb DEFAULT '{}'::jsonb NOT NULL,
    user_seat_management jsonb DEFAULT '{}'::jsonb NOT NULL,
+    secret_detection_service_url text DEFAULT ''::text NOT NULL,
+    encrypted_secret_detection_service_auth_token bytea,
+    encrypted_secret_detection_service_auth_token_iv bytea,
    resource_usage_limits jsonb DEFAULT '{}'::jsonb NOT NULL,
    show_migrate_from_jenkins_banner boolean DEFAULT true NOT NULL,
    CONSTRAINT app_settings_container_reg_cleanup_tags_max_list_size_positive CHECK ((container_registry_cleanup_tags_service_max_list_size >= 0)),
@@ -6963,6 +6966,7 @@ CREATE TABLE application_settings (
    CONSTRAINT check_application_settings_sign_in_restrictions_is_hash CHECK ((jsonb_typeof(sign_in_restrictions) = 'object'::text)),
    CONSTRAINT check_application_settings_transactional_emails_is_hash CHECK ((jsonb_typeof(transactional_emails) = 'object'::text)),
    CONSTRAINT check_b8c74ea5b3 CHECK ((char_length(deactivation_email_additional_text) <= 1000)),
+    CONSTRAINT check_babd774f3c CHECK ((char_length(secret_detection_service_url) <= 255)),
    CONSTRAINT check_bf5157a366 CHECK ((char_length(required_instance_ci_template) <= 1024)),
    CONSTRAINT check_cdfbd99405 CHECK ((char_length(security_txt_content) <= 2048)),
    CONSTRAINT check_d03919528d CHECK ((char_length(container_registry_vendor) <= 255)),