Skip initializers in the doctor:secrets task for encrypted data
What does this MR do and why?
If encrypted data is being used in initializers, simply initializing the objects to verify the encrypted attributes will fail without a "good" way to figure out which rows are affected.
This adds a way to skip initializers when needed, and does it for the Integration models.
Related to gitlab-org/charts/gitlab#3259 (closed)
How to set up and validate locally
# Create an integration
Integrations::Slack.create(project: Project.last, properties: {})
# Invalidate the secret
Integration.last.update(encrypted_properties: 'Z' * 12)
Run the rake task (bin/rake gitlab:doctor:secrets
) and see it doesn't error out & finds the error:
I, [2022-05-03T21:05:25.151824 #994968] INFO -- : - Integrations::Slack failures: 1
Notice that running it in the console fails, i.e.
[9] pry(main)> Gitlab::Doctor::Secrets.new(Logger.new(STDOUT)).send(:check_model_attributes, {a: 2})
StandardError: can only be used in a Rake environment
from /home/catalin/work/gitlab/gdk/gitlab-development-kit/gitlab/lib/gitlab/doctor/secrets.rb:55:in `check_model_attributes'
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Catalin Irimie