Extend database with encrypted field for static objects tokens
requested to merge 199716_extend_database_with_static_objects_external_storage_auth_token into master
What does this MR do and why?
Contributes to #199716 (closed)
Roadmap
- Add database fields for encrypted tokens <- This MR
- Migrate old tokens to encrypted version and start using them
- Drop plaintext token fields (TODO)
Problem
We store "static_objects_external_storage_auth_token" in plaintext. This is the first step, where we define a new database field where encrypted value will be stored.
Solution
Add a database field to store an encoded version of the token
Database
Migration
== 20211124132319 AddEncryptedStaticObjectsExternalStorageAuthToken: migrating
-- add_column(:application_settings, :static_objects_external_storage_auth_token_encrypted, :text)
-> 0.0035s
== 20211124132319 AddEncryptedStaticObjectsExternalStorageAuthToken: migrated (0.0035s)
== 20211126113029 AddTextLimitForStaticObjectsExternalStorageAuthToken: migrating
-- transaction_open?()
-> 0.0000s
-- current_schema()
-> 0.0002s
-- transaction_open?()
-> 0.0000s
-- execute("ALTER TABLE application_settings\nADD CONSTRAINT check_32710817e9\nCHECK ( char_length(static_objects_external_storage_auth_token_encrypted) <= 255 )\nNOT VALID;\n")
-> 0.0035s
-- current_schema()
-> 0.0002s
-- execute("SET statement_timeout TO 0")
-> 0.0006s
-- execute("ALTER TABLE application_settings VALIDATE CONSTRAINT check_32710817e9;")
-> 0.0014s
-- execute("RESET statement_timeout")
-> 0.0007s
== 20211126113029 AddTextLimitForStaticObjectsExternalStorageAuthToken: migrated (0.0210s)
Rollback
== 20211126113029 AddTextLimitForStaticObjectsExternalStorageAuthToken: reverting
-- transaction_open?()
-> 0.0000s
-- transaction_open?()
-> 0.0000s
-- execute("ALTER TABLE application_settings\nDROP CONSTRAINT IF EXISTS check_32710817e9\n")
-> 0.0018s
== 20211126113029 AddTextLimitForStaticObjectsExternalStorageAuthToken: reverted (0.0129s)
== 20211124132319 AddEncryptedStaticObjectsExternalStorageAuthToken: reverting
-- remove_column(:application_settings, :static_objects_external_storage_auth_token_encrypted)
-> 0.0054s
== 20211124132319 AddEncryptedStaticObjectsExternalStorageAuthToken: reverted (0.0055s)
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Vasilii Iakliushin