Add username & password fields for Advanced Search
What does this MR do?
This MR introduces 2 fields: elasticsearch_username
and elasticsearch_password
to our Advanced Search admin UI. Currently our only option was to inline username and password in the URL field. These new fields are opt in and users can easily migrate.
New fields take precedence over inlined credentials.
Database migrations
up & down
❯ VERSION=20210430100947 bin/rake db:migrate:up
== 20210430100947 AddElasticsearchUsernamePasswordToApplicationSettings: migrating
-- add_column(:application_settings, :elasticsearch_username, :text)
-> 0.0031s
-- add_column(:application_settings, :encrypted_elasticsearch_password, :binary)
-> 0.0013s
-- add_column(:application_settings, :encrypted_elasticsearch_password_iv, :binary)
-> 0.0015s
== 20210430100947 AddElasticsearchUsernamePasswordToApplicationSettings: migrated (0.0060s)
❯ VERSION=20210505124816 bin/rake db:migrate:up
== 20210505124816 AddTextLimitToElasticsearchUsername: migrating ==============
-- transaction_open?()
-> 0.0000s
-- current_schema()
-> 0.0001s
-- execute("ALTER TABLE application_settings\nADD CONSTRAINT check_e5024c8801\nCHECK ( char_length(elasticsearch_username) <= 255 )\nNOT VALID;\n")
-> 0.0017s
-- current_schema()
-> 0.0001s
-- execute("SET statement_timeout TO 0")
-> 0.0005s
-- execute("ALTER TABLE application_settings VALIDATE CONSTRAINT check_e5024c8801;")
-> 0.0016s
-- execute("RESET ALL")
-> 0.0005s
== 20210505124816 AddTextLimitToElasticsearchUsername: migrated (0.0153s) =====
❯ VERSION=20210505124816 bin/rake db:migrate:down
== 20210505124816 AddTextLimitToElasticsearchUsername: reverting ==============
-- execute("ALTER TABLE application_settings\nDROP CONSTRAINT IF EXISTS check_e5024c8801\n")
-> 0.0016s
== 20210505124816 AddTextLimitToElasticsearchUsername: reverted (0.0114s) =====
❯ VERSION=20210430100947 bin/rake db:migrate:down
== 20210430100947 AddElasticsearchUsernamePasswordToApplicationSettings: reverting
-- remove_column(:application_settings, :encrypted_elasticsearch_password_iv, :binary)
-> 0.0029s
-- remove_column(:application_settings, :encrypted_elasticsearch_password, :binary)
-> 0.0014s
-- remove_column(:application_settings, :elasticsearch_username, :text)
-> 0.0014s
== 20210430100947 AddElasticsearchUsernamePasswordToApplicationSettings: reverted (0.0071s)
Screenshots (strongly suggested)
Does this MR meet the acceptance criteria?
Conformity
-
📋 Does this MR need a changelog?-
I have included a changelog entry. - [-] I have not included a changelog entry because _____.
-
-
Documentation (if required) -
Code review guidelines -
Merge request performance guidelines -
Style guides -
Database guides -
Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. - [-] Tested in all supported browsers
- [-] Informed Infrastructure department of a default or new setting change, if applicable per definition of done
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
-
Label as security and @ mention @gitlab-com/gl-security/appsec
-
The MR includes necessary changes to maintain consistency between UI, API, email, or other methods -
Security reports checked/validated by a reviewer from the AppSec team
Related to #328466 (closed)
Edited by Andrew Kelly