diff --git a/app/models/ci/runner.rb b/app/models/ci/runner.rb index 31330d0682e7c480402b2f69db0193eed556b5c9..a4645658c72d1c6d9c10449247c87f58ae6f543f 100644 --- a/app/models/ci/runner.rb +++ b/app/models/ci/runner.rb @@ -8,6 +8,9 @@ module Ci include RedisCacheable include ChronicDurationAttribute include FromUnion + include TokenAuthenticatable + + add_authentication_token_field :token, encrypted: true, fallback: true enum access_level: { not_protected: 0, @@ -39,7 +42,7 @@ module Ci has_one :last_build, ->() { order('id DESC') }, class_name: 'Ci::Build' - before_validation :set_default_values + before_save :ensure_token scope :active, -> { where(active: true) } scope :paused, -> { where(active: false) } @@ -145,10 +148,6 @@ module Ci end end - def set_default_values - self.token = SecureRandom.hex(15) if self.token.blank? - end - def assign_to(project, current_user = nil) if instance_type? self.runner_type = :project_type diff --git a/db/migrate/20181120151656_add_token_encrypted_to_ci_runners.rb b/db/migrate/20181120151656_add_token_encrypted_to_ci_runners.rb new file mode 100644 index 0000000000000000000000000000000000000000..8a9df4b44f8f526735f0a80ff43157542adbbbb7 --- /dev/null +++ b/db/migrate/20181120151656_add_token_encrypted_to_ci_runners.rb @@ -0,0 +1,12 @@ +# frozen_string_literal: true + +class AddTokenEncryptedToCiRunners < ActiveRecord::Migration + include Gitlab::Database::MigrationHelpers + + DOWNTIME = false + + def change + add_column :ci_runners, :token_encrypted, :string + # TODO index + end +end diff --git a/db/schema.rb b/db/schema.rb index 9fd4e05361c91e3f73806039f04b57c382eadaad..0e26b8a2b263a2371a51962e36ea2553d7841f6f 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -11,7 +11,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 20181116141504) do +ActiveRecord::Schema.define(version: 20181120151656) do # These are extensions that must be enabled in order to support this database enable_extension "plpgsql" @@ -543,6 +543,7 @@ ActiveRecord::Schema.define(version: 20181116141504) do t.string "ip_address" t.integer "maximum_timeout" t.integer "runner_type", limit: 2, null: false + t.string "token_encrypted" end add_index "ci_runners", ["contacted_at"], name: "index_ci_runners_on_contacted_at", using: :btree diff --git a/lib/gitlab/import_export/import_export.yml b/lib/gitlab/import_export/import_export.yml index 8a03b0e87b770bead03319b852bc21e4280cebc8..a0a6ddcb0c49f20f142b9569373af2948ff624ac 100644 --- a/lib/gitlab/import_export/import_export.yml +++ b/lib/gitlab/import_export/import_export.yml @@ -158,6 +158,9 @@ excluded_attributes: - :encrypted_token_iv - :encrypted_url - :encrypted_url_iv + runners: + - :token + - :token_encrypted methods: labels: diff --git a/lib/gitlab/import_export/relation_factory.rb b/lib/gitlab/import_export/relation_factory.rb index ca574d51b634c615fa95add4400d1a3e80993020..441ca56800384fd0f83cdd02e7ab5edad3aa6e33 100644 --- a/lib/gitlab/import_export/relation_factory.rb +++ b/lib/gitlab/import_export/relation_factory.rb @@ -8,6 +8,7 @@ module Gitlab triggers: 'Ci::Trigger', pipeline_schedules: 'Ci::PipelineSchedule', builds: 'Ci::Build', + runners: 'Ci::Runner', hooks: 'ProjectHook', merge_access_levels: 'ProtectedBranch::MergeAccessLevel', push_access_levels: 'ProtectedBranch::PushAccessLevel', @@ -31,7 +32,7 @@ module Gitlab EXISTING_OBJECT_CHECK = %i[milestone milestones label labels project_label project_labels group_label group_labels project_feature].freeze - TOKEN_RESET_MODELS = %w[Project Namespace Group Ci::Trigger Ci::Build ProjectHook].freeze + TOKEN_RESET_MODELS = %w[Project Namespace Ci::Trigger Ci::Build Ci::Runner ProjectHook].freeze def self.create(*args) new(*args).create