Follow-up on: Switch to fallback strategy in runners token encryption: switch to `required` strategy
We merged the change for https://gitlab.com/gitlab-org/gitlab-ce/issues/54859.
We now store all new tokens as encrypted by default, and do not store unencrypted ones anymore.
However, we continue looking at unencrypted as some of the data were not migrated fully yet.
We need to prepare additional migration that would migrate all has_token=TRUE
and all has_token_encrypted=FALSE
.
After we do that we can finally switch to :required
and ignore old column with tokens.
gitlabhq_production=> select token IS NOT NULL as has_token, token_encrypted IS NOT NULL as has_token_encrypted, count(*), max(created_at) from ci_runners group by token IS NOT NULL, token_encrypted IS NOT NULL;
has_token | has_token_encrypted | count | max
-----------+---------------------+--------+----------------------------
f | t | 419 | 2019-03-15 09:56:16.020622
t | f | 7750 | 2018-09-27 04:10:09.884422
t | t | 255730 | 2019-03-14 21:40:30.923695
(3 rows)
gitlabhq_production=> select runners_token IS NOT NULL as has_token, runners_token_encrypted IS NOT NULL as has_token_encrypted, count(*), max(created_at) from namespaces group by runners_token IS NOT NULL, runners_token_encrypted IS NOT NULL;
has_token | has_token_encrypted | count | max
-----------+---------------------+---------+-------------------------------
f | f | 4245547 | 2019-03-15 09:59:51.293028+00
f | t | 200 | 2019-03-15 09:55:41.939296+00
t | f | 1008 | 2018-12-07 11:40:47.4425+00
t | t | 78988 | 2019-03-14 20:55:59.301721+00
gitlabhq_production=> select runners_token IS NOT NULL as has_token, runners_token_encrypted IS NOT NULL as has_token_encrypted, count(*), max(created_at) from projects group by runners_token IS NOT NULL, runners_token_encrypted IS NOT NULL;
has_token | has_token_encrypted | count | max
-----------+---------------------+---------+-------------------------------
f | f | 6 | 2016-08-01 21:30:10.356833+00
f | t | 6110 | 2019-03-15 10:04:41.940105+00
t | f | 328344 | 2018-12-10 18:31:12.064369+00
t | t | 7897871 | 2019-03-14 21:53:26.932899+00
It means that we need to create follow-up migration to migrate:
- 7750 ci_runners,
- 1008 namespaces,
- 328344 projects.