Updates specs to use new rails5 format.
The old format:
`get :show, { some: params }, { some: headers }`
The new format:
`get :show, params: { some: params }, headers: { some: headers }`
The Correlation ID is taken or generated from received X-Request-ID.
Then it is being passed to all executed services (sidekiq workers
or gitaly calls).
The Correlation ID is logged in all structured logs as `correlation_id`.
If the EncryptColumns background migration runs in a sidekiq with a
stale view of the database schema, or when the purported destination
columns don't actually exist, data loss can result. Attempt to work
around these issues by reloading schema information before running
the migration, and raising errors if the model reports that any of its
source or destination columns are missing.
Fixes that make this work:
* A change in Ruby (ce635262f5)
requires passing in the exact required length for OpenSSL keys and IVs.
* Ensure the secrets.yml is generated before any prepended modules are
loaded. This is done by renaming the `secret_token.rb` initializer to
`01_secret_token.rb`, which is a bit ugly but involves the least impact on
other files.
Besides improving the error message to specify what exactly you
need to do to solve the error, we now don't skip all storage
validations on the test environment, so that you also get a nice error
message if you're running tests. Now if conditions are met to skip
valitaions (test env or env variable) we still make sure the settings
_look_ sane, we just skip verifying the paths exists and meet the given
conditions.
This will be necessary when adding gitaly settings. This version
doesn't make any functional changes, but allows us to include this
breaking change in 9.0 and add the needed extra settings in the future
with backwards compatibility
An empty file in one of the instrumented directories will cause the app
to fail to start when metrics are enabled. Metrics aren't enabled by
default in development or test.
We could handle the empty file case explicitly, but a file could still
not define the constant it is expected to, so instead run the
initializer manually in a spec and check that it succeeds.
If an environment variable exists for secret_key_base, use that -
always. But don't save it to secrets.yml.
Also ensure that we never write to secrets.yml if there's a non-blank
value there.
.secret stores the secret token used for both encrypting login cookies
and for encrypting stored OTP secrets. We can't rotate this, because
that would invalidate all existing OTP secrets.
If the secret token is present in the .secret file or an environment
variable, save it as otp_key_base in secrets.yml. Now .secret can be
rotated without invalidating OTP secrets.
If the secret token isn't present (initial setup), then just generate a
separate otp_key_base and save in secrets.yml.
Update the docs to reflect that secrets.yml needs to be retained past
upgrades, but .secret doesn't.
Douwe Maan
Lin Jen-Shin
blackst0ne
Kamil Trzciński
Nick Thomas
Takuya Noguchi
Jacob Vosmaer (GitLab)
Stan Hu
Zeger-Jan van de Weg
Francisco Javier López
Sean McGivern
Mario de la Ossa
Achilleas Pipinellis
Pawel Chojnacki
Bob Van Landuyt
Markus Koller
Robin Bobbitt
Michael Kozono
Bob Van Landuyt
Rémy Coutable
Sean McGivern
mhasbini
Alejandro Rodríguez
Adam Niedzielski