Skip to content

Extend database with encrypted field for static objects tokens

Vasilii Iakliushin requested to merge 199716_extend_database_with_static_objects_external_storage_auth_token into master

What does this MR do and why?

Contributes to #199716 (closed)

Roadmap

  1. Add database fields for encrypted tokens <- This MR
  2. Migrate old tokens to encrypted version and start using them
  3. Drop plaintext token fields (TODO)

Problem

We store "static_objects_external_storage_auth_token" in plaintext. This is the first step, where we define a new database field where encrypted value will be stored.

Solution

Add a database field to store an encoded version of the token

Database

Migration 
== 20211124132319 AddEncryptedStaticObjectsExternalStorageAuthToken: migrating
-- add_column(:application_settings, :static_objects_external_storage_auth_token_encrypted, :text)
   -> 0.0035s
== 20211124132319 AddEncryptedStaticObjectsExternalStorageAuthToken: migrated (0.0035s)

== 20211126113029 AddTextLimitForStaticObjectsExternalStorageAuthToken: migrating
-- transaction_open?()
   -> 0.0000s
-- current_schema()
   -> 0.0002s
-- transaction_open?()
   -> 0.0000s
-- execute("ALTER TABLE application_settings\nADD CONSTRAINT check_32710817e9\nCHECK ( char_length(static_objects_external_storage_auth_token_encrypted) <= 255 )\nNOT VALID;\n")
   -> 0.0035s
-- current_schema()
   -> 0.0002s
-- execute("SET statement_timeout TO 0")
   -> 0.0006s
-- execute("ALTER TABLE application_settings VALIDATE CONSTRAINT check_32710817e9;")
   -> 0.0014s
-- execute("RESET statement_timeout")
   -> 0.0007s
== 20211126113029 AddTextLimitForStaticObjectsExternalStorageAuthToken: migrated (0.0210s)
Rollback 
== 20211126113029 AddTextLimitForStaticObjectsExternalStorageAuthToken: reverting
-- transaction_open?()
   -> 0.0000s
-- transaction_open?()
   -> 0.0000s
-- execute("ALTER TABLE application_settings\nDROP CONSTRAINT IF EXISTS check_32710817e9\n")
   -> 0.0018s
== 20211126113029 AddTextLimitForStaticObjectsExternalStorageAuthToken: reverted (0.0129s)

== 20211124132319 AddEncryptedStaticObjectsExternalStorageAuthToken: reverting
-- remove_column(:application_settings, :static_objects_external_storage_auth_token_encrypted)
   -> 0.0054s
== 20211124132319 AddEncryptedStaticObjectsExternalStorageAuthToken: reverted (0.0055s)

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Vasilii Iakliushin

Merge request reports