Store user and key fingerprint in ssh commit signatures
What does this MR do and why?
Related issue (note): #382984 (comment 1229191963)
Currently, the SSH commit signatures are removed along with a deleted SSH key. However, we want the commits to stay verified (by default) even if the associated SSH key is removed.
We need columns to store the data about a signing user and the key fingerprint in case the key is deleted. When a key is deleted, the commits should still stay verified. When a user is deleted the user is nullified in the signature.
Migration
main: == 20230106125945 AddUserToSshSignatures: migrating ===========================
main: -- add_column(:ssh_signatures, :user_id, :bigint, {:if_not_exists=>true, :null=>true})
main: -> 0.1892s
main: == 20230106125945 AddUserToSshSignatures: migrated (0.3112s) ==================
main: == 20230106131659 AddFingerprintToSshSignatures: migrating ====================
main: -- add_column(:ssh_signatures, :key_fingerprint_sha256, :bytea, {:if_not_exists=>true})
main: -> 0.0022s
main: == 20230106131659 AddFingerprintToSshSignatures: migrated (0.0025s) ===========
main: == 20230112014822 AddUserIndexAndFkToSshSignatures: migrating =================
main: -- transaction_open?()
main: -> 0.0000s
main: -- view_exists?(:postgres_partitions)
main: -> 0.0007s
main: -- index_exists?(:ssh_signatures, :user_id, {:name=>"index_ssh_signatures_on_user_id", :algorithm=>:concurrently})
main: -> 0.0037s
main: -- execute("SET statement_timeout TO 0")
main: -> 0.0003s
main: -- add_index(:ssh_signatures, :user_id, {:name=>"index_ssh_signatures_on_user_id", :algorithm=>:concurrently})
main: -> 0.0032s
main: -- execute("RESET statement_timeout")
main: -> 0.0006s
main: -- transaction_open?()
main: -> 0.0000s
main: -- foreign_keys(:ssh_signatures)
main: -> 0.0024s
main: -- transaction_open?()
main: -> 0.0000s
main: -- execute("ALTER TABLE ssh_signatures\nADD CONSTRAINT fk_0c83baaa5f\nFOREIGN KEY (user_id)\nREFERENCES users (id)\nON DELETE SET NULL\nNOT VALID;\n")
main: -> 0.0036s
main: -- execute("ALTER TABLE ssh_signatures VALIDATE CONSTRAINT fk_0c83baaa5f;")
main: -> 0.0043s
main: == 20230112014822 AddUserIndexAndFkToSshSignatures: migrated (0.0355s) ========
ci: == 20230106125945 AddUserToSshSignatures: migrating ===========================
ci: -- add_column(:ssh_signatures, :user_id, :bigint, {:if_not_exists=>true, :null=>true})
ci: -> 0.0047s
ci: == 20230106125945 AddUserToSshSignatures: migrated (0.0109s) ==================
ci: == 20230106131659 AddFingerprintToSshSignatures: migrating ====================
ci: -- add_column(:ssh_signatures, :key_fingerprint_sha256, :bytea, {:if_not_exists=>true})
ci: -> 0.0017s
ci: == 20230106131659 AddFingerprintToSshSignatures: migrated (0.0084s) ===========
ci: == 20230112014822 AddUserIndexAndFkToSshSignatures: migrating =================
ci: -- transaction_open?()
ci: -> 0.0000s
ci: -- view_exists?(:postgres_partitions)
ci: -> 0.0008s
ci: -- index_exists?(:ssh_signatures, :user_id, {:name=>"index_ssh_signatures_on_user_id", :algorithm=>:concurrently})
ci: -> 0.0028s
ci: -- execute("SET statement_timeout TO 0")
ci: -> 0.0004s
ci: -- add_index(:ssh_signatures, :user_id, {:name=>"index_ssh_signatures_on_user_id", :algorithm=>:concurrently})
ci: -> 0.0035s
ci: -- execute("RESET statement_timeout")
ci: -> 0.0003s
ci: -- transaction_open?()
ci: -> 0.0000s
ci: -- foreign_keys(:ssh_signatures)
ci: -> 0.0022s
ci: -- transaction_open?()
ci: -> 0.0000s
ci: -- execute("ALTER TABLE ssh_signatures\nADD CONSTRAINT fk_0c83baaa5f\nFOREIGN KEY (user_id)\nREFERENCES users (id)\nON DELETE SET NULL\nNOT VALID;\n")
ci: -> 0.0034s
ci: -- execute("ALTER TABLE ssh_signatures VALIDATE CONSTRAINT fk_0c83baaa5f;")
ci: -> 0.0124s
ci: == 20230112014822 AddUserIndexAndFkToSshSignatures: migrated (0.0384s) ========
Edited by Igor Drozdov