From ff9881d99193bd64d112bb03311aecd75f4270ae Mon Sep 17 00:00:00 2001
From: Nick Thomas <nick@gitlab.com>
Date: Mon, 8 Oct 2018 16:03:07 +0100
Subject: [PATCH] Remove unencrypted webhook token and URL columns

---
 app/models/hooks/web_hook.rb                  | 34 -------------------
 .../52367-cleanup-web-hooks-columns.yml       |  5 +++
 .../20181008145341_steal_encrypt_columns.rb   | 15 ++++++++
 ...08145359_remove_web_hooks_token_and_url.rb | 10 ++++++
 db/schema.rb                                  |  4 +--
 5 files changed, 31 insertions(+), 37 deletions(-)
 create mode 100644 changelogs/unreleased/52367-cleanup-web-hooks-columns.yml
 create mode 100644 db/post_migrate/20181008145341_steal_encrypt_columns.rb
 create mode 100644 db/post_migrate/20181008145359_remove_web_hooks_token_and_url.rb

diff --git a/app/models/hooks/web_hook.rb b/app/models/hooks/web_hook.rb
index 68ba4b213b2..b2fb79bc7ed 100644
--- a/app/models/hooks/web_hook.rb
+++ b/app/models/hooks/web_hook.rb
@@ -37,38 +37,4 @@ class WebHook < ActiveRecord::Base
   def allow_local_requests?
     false
   end
-
-  # In 11.4, the web_hooks table has both `token` and `encrypted_token` fields.
-  # Ensure that the encrypted version always takes precedence if present.
-  alias_method :attr_encrypted_token, :token
-  def token
-    attr_encrypted_token.presence || read_attribute(:token)
-  end
-
-  # In 11.4, the web_hooks table has both `token` and `encrypted_token` fields.
-  # Pending a background migration to encrypt all fields, we should just clear
-  # the unencrypted value whenever the new value is set.
-  alias_method :'attr_encrypted_token=', :'token='
-  def token=(value)
-    self.attr_encrypted_token = value
-
-    write_attribute(:token, nil)
-  end
-
-  # In 11.4, the web_hooks table has both `url` and `encrypted_url` fields.
-  # Ensure that the encrypted version always takes precedence if present.
-  alias_method :attr_encrypted_url, :url
-  def url
-    attr_encrypted_url.presence || read_attribute(:url)
-  end
-
-  # In 11.4, the web_hooks table has both `url` and `encrypted_url` fields.
-  # Pending a background migration to encrypt all fields, we should just clear
-  # the unencrypted value whenever the new value is set.
-  alias_method :'attr_encrypted_url=', :'url='
-  def url=(value)
-    self.attr_encrypted_url = value
-
-    write_attribute(:url, nil)
-  end
 end
diff --git a/changelogs/unreleased/52367-cleanup-web-hooks-columns.yml b/changelogs/unreleased/52367-cleanup-web-hooks-columns.yml
new file mode 100644
index 00000000000..d1f3ca83613
--- /dev/null
+++ b/changelogs/unreleased/52367-cleanup-web-hooks-columns.yml
@@ -0,0 +1,5 @@
+---
+title: Remove legacy unencrypted webhook columns from the database
+merge_request: 22199
+author:
+type: changed
diff --git a/db/post_migrate/20181008145341_steal_encrypt_columns.rb b/db/post_migrate/20181008145341_steal_encrypt_columns.rb
new file mode 100644
index 00000000000..c107ac72913
--- /dev/null
+++ b/db/post_migrate/20181008145341_steal_encrypt_columns.rb
@@ -0,0 +1,15 @@
+class StealEncryptColumns < ActiveRecord::Migration
+  include Gitlab::Database::MigrationHelpers
+
+  DOWNTIME = false
+
+  disable_ddl_transaction!
+
+  def up
+    Gitlab::BackgroundMigration.steal('EncryptColumns')
+  end
+
+  def down
+    # no-op
+  end
+end
diff --git a/db/post_migrate/20181008145359_remove_web_hooks_token_and_url.rb b/db/post_migrate/20181008145359_remove_web_hooks_token_and_url.rb
new file mode 100644
index 00000000000..0c44bca5f1a
--- /dev/null
+++ b/db/post_migrate/20181008145359_remove_web_hooks_token_and_url.rb
@@ -0,0 +1,10 @@
+class RemoveWebHooksTokenAndUrl < ActiveRecord::Migration
+  include Gitlab::Database::MigrationHelpers
+
+  DOWNTIME = false
+
+  def change
+    remove_column :web_hooks, :token, :string
+    remove_column :web_hooks, :url, :string, limit: 2000
+  end
+end
diff --git a/db/schema.rb b/db/schema.rb
index 4ff0272428a..d47156c6da4 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.
 
-ActiveRecord::Schema.define(version: 20181002172433) do
+ActiveRecord::Schema.define(version: 20181008145359) do
 
   # These are extensions that must be enabled in order to support this database
   enable_extension "plpgsql"
@@ -2256,7 +2256,6 @@ ActiveRecord::Schema.define(version: 20181002172433) do
   add_index "web_hook_logs", ["web_hook_id"], name: "index_web_hook_logs_on_web_hook_id", using: :btree
 
   create_table "web_hooks", force: :cascade do |t|
-    t.string "url", limit: 2000
     t.integer "project_id"
     t.datetime "created_at"
     t.datetime "updated_at"
@@ -2269,7 +2268,6 @@ ActiveRecord::Schema.define(version: 20181002172433) do
     t.boolean "note_events", default: false, null: false
     t.boolean "enable_ssl_verification", default: true
     t.boolean "wiki_page_events", default: false, null: false
-    t.string "token"
     t.boolean "pipeline_events", default: false, null: false
     t.boolean "confidential_issues_events", default: false, null: false
     t.boolean "repository_update_events", default: false, null: false
-- 
GitLab