Skip to content

Store user and key fingerprint in ssh commit signatures

What does this MR do and why?

Related issue (note): #382984 (comment 1229191963)

Currently, the SSH commit signatures are removed along with a deleted SSH key. However, we want the commits to stay verified (by default) even if the associated SSH key is removed.

We need columns to store the data about a signing user and the key fingerprint in case the key is deleted. When a key is deleted, the commits should still stay verified. When a user is deleted the user is nullified in the signature.

Migration

main: == 20230106125945 AddUserToSshSignatures: migrating ===========================
main: -- add_column(:ssh_signatures, :user_id, :bigint, {:if_not_exists=>true, :null=>true})
main:    -> 0.1892s
main: == 20230106125945 AddUserToSshSignatures: migrated (0.3112s) ==================

main: == 20230106131659 AddFingerprintToSshSignatures: migrating ====================
main: -- add_column(:ssh_signatures, :key_fingerprint_sha256, :bytea, {:if_not_exists=>true})
main:    -> 0.0022s
main: == 20230106131659 AddFingerprintToSshSignatures: migrated (0.0025s) ===========

main: == 20230112014822 AddUserIndexAndFkToSshSignatures: migrating =================
main: -- transaction_open?()
main:    -> 0.0000s
main: -- view_exists?(:postgres_partitions)
main:    -> 0.0007s
main: -- index_exists?(:ssh_signatures, :user_id, {:name=>"index_ssh_signatures_on_user_id", :algorithm=>:concurrently})
main:    -> 0.0037s
main: -- execute("SET statement_timeout TO 0")
main:    -> 0.0003s
main: -- add_index(:ssh_signatures, :user_id, {:name=>"index_ssh_signatures_on_user_id", :algorithm=>:concurrently})
main:    -> 0.0032s
main: -- execute("RESET statement_timeout")
main:    -> 0.0006s
main: -- transaction_open?()
main:    -> 0.0000s
main: -- foreign_keys(:ssh_signatures)
main:    -> 0.0024s
main: -- transaction_open?()
main:    -> 0.0000s
main: -- execute("ALTER TABLE ssh_signatures\nADD CONSTRAINT fk_0c83baaa5f\nFOREIGN KEY (user_id)\nREFERENCES users (id)\nON DELETE SET NULL\nNOT VALID;\n")
main:    -> 0.0036s
main: -- execute("ALTER TABLE ssh_signatures VALIDATE CONSTRAINT fk_0c83baaa5f;")
main:    -> 0.0043s
main: == 20230112014822 AddUserIndexAndFkToSshSignatures: migrated (0.0355s) ========

ci: == 20230106125945 AddUserToSshSignatures: migrating ===========================
ci: -- add_column(:ssh_signatures, :user_id, :bigint, {:if_not_exists=>true, :null=>true})
ci:    -> 0.0047s
ci: == 20230106125945 AddUserToSshSignatures: migrated (0.0109s) ==================

ci: == 20230106131659 AddFingerprintToSshSignatures: migrating ====================
ci: -- add_column(:ssh_signatures, :key_fingerprint_sha256, :bytea, {:if_not_exists=>true})
ci:    -> 0.0017s
ci: == 20230106131659 AddFingerprintToSshSignatures: migrated (0.0084s) ===========

ci: == 20230112014822 AddUserIndexAndFkToSshSignatures: migrating =================
ci: -- transaction_open?()
ci:    -> 0.0000s
ci: -- view_exists?(:postgres_partitions)
ci:    -> 0.0008s
ci: -- index_exists?(:ssh_signatures, :user_id, {:name=>"index_ssh_signatures_on_user_id", :algorithm=>:concurrently})
ci:    -> 0.0028s
ci: -- execute("SET statement_timeout TO 0")
ci:    -> 0.0004s
ci: -- add_index(:ssh_signatures, :user_id, {:name=>"index_ssh_signatures_on_user_id", :algorithm=>:concurrently})
ci:    -> 0.0035s
ci: -- execute("RESET statement_timeout")
ci:    -> 0.0003s
ci: -- transaction_open?()
ci:    -> 0.0000s
ci: -- foreign_keys(:ssh_signatures)
ci:    -> 0.0022s
ci: -- transaction_open?()
ci:    -> 0.0000s
ci: -- execute("ALTER TABLE ssh_signatures\nADD CONSTRAINT fk_0c83baaa5f\nFOREIGN KEY (user_id)\nREFERENCES users (id)\nON DELETE SET NULL\nNOT VALID;\n")
ci:    -> 0.0034s
ci: -- execute("ALTER TABLE ssh_signatures VALIDATE CONSTRAINT fk_0c83baaa5f;")
ci:    -> 0.0124s
ci: == 20230112014822 AddUserIndexAndFkToSshSignatures: migrated (0.0384s) ========
Edited by Igor Drozdov

Merge request reports

Loading