Skip initializers in the doctor:secrets task for encrypted data (!86491) · Merge requests · GitLab.org / GitLab

Catalin Irimie requested to merge cat-skip-initializers-doctor-secrets into master May 03, 2022

What does this MR do and why?

If encrypted data is being used in initializers, simply initializing the objects to verify the encrypted attributes will fail without a "good" way to figure out which rows are affected.

This adds a way to skip initializers when needed, and does it for the Integration models.

How to set up and validate locally

# Create an integration

Integrations::Slack.create(project: Project.last, properties: {})

# Invalidate the secret

Integration.last.update(encrypted_properties: 'Z' * 12)

Run the rake task (bin/rake gitlab:doctor:secrets) and see it doesn't error out & finds the error:

I, [2022-05-03T21:05:25.151824 #994968]  INFO -- : - Integrations::Slack failures: 1

Notice that running it in the console fails, i.e.

[9] pry(main)> Gitlab::Doctor::Secrets.new(Logger.new(STDOUT)).send(:check_model_attributes, {a: 2})
StandardError: can only be used in a Rake environment
from /home/catalin/work/gitlab/gdk/gitlab-development-kit/gitlab/lib/gitlab/doctor/secrets.rb:55:in `check_model_attributes'

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited May 04, 2022 by Catalin Irimie

Skip initializers in the doctor:secrets task for encrypted data

What does this MR do and why?

How to set up and validate locally

MR acceptance checklist

Merge request reports