Merge pull request #1717 from ansible-semaphore/rekey_for_sql

Rekey for SQL database
semaphoreui · Jan 28, 2024 · 312d2af · 312d2af
2 parents 88a50de + 84fdfa4
commit 312d2af
Show file tree

Hide file tree

Showing 6 changed files with 62 additions and 12 deletions.
diff --git a/db/sql/SqlDb.go b/db/sql/SqlDb.go
@@ -209,14 +209,16 @@ func (d *SqlDb) getObject(projectID int, props db.ObjectProps, objectID int, obj
 	return
 }
 
-func (d *SqlDb) getObjects(projectID int, props db.ObjectProps, params db.RetrieveQueryParams, objects interface{}) (err error) {
+func (d *SqlDb) getObjects(projectID int, props db.ObjectProps, params db.RetrieveQueryParams, objects interface{}, ignoreProjectId bool) (err error) {
 	q := squirrel.Select("*").
 		From(props.TableName + " pe")
 
-	if props.IsGlobal {
-		q = q.Where("pe.project_id is null")
-	} else {
-		q = q.Where("pe.project_id=?", projectID)
+	if !ignoreProjectId {
+		if props.IsGlobal {
+			q = q.Where("pe.project_id is null")
+		} else {
+			q = q.Where("pe.project_id=?", projectID)
+		}
 	}
 
 	orderDirection := "ASC"
@@ -233,6 +235,14 @@ func (d *SqlDb) getObjects(projectID int, props db.ObjectProps, params db.Retrie
 		q = q.OrderBy("pe." + orderColumn + " " + orderDirection)
 	}
 
+	if params.Count > 0 {
+		q = q.Limit(uint64(params.Count))
+	}
+
+	if params.Offset > 0 {
+		q = q.Offset(uint64(params.Offset))
+	}
+
 	query, args, err := q.ToSql()
 
 	if err != nil {
@@ -244,6 +254,10 @@ func (d *SqlDb) getObjects(projectID int, props db.ObjectProps, params db.Retrie
 	return
 }
 
+func (d *SqlDb) getProjectObjects(projectID int, props db.ObjectProps, params db.RetrieveQueryParams, objects interface{}) (err error) {
+	return d.getObjects(projectID, props, params, objects, false)
+}
+
 func (d *SqlDb) deleteObject(projectID int, props db.ObjectProps, objectID int) error {
 	if props.IsGlobal {
 		return validateMutationResult(

diff --git a/db/sql/access_key.go b/db/sql/access_key.go
@@ -2,6 +2,7 @@ package sql
 
 import (
 	"database/sql"
+	"errors"
 	"github.com/ansible-semaphore/semaphore/db"
 )
 
@@ -17,7 +18,7 @@ func (d *SqlDb) GetAccessKeyRefs(projectID int, keyID int) (db.ObjectReferrers,
 
 func (d *SqlDb) GetAccessKeys(projectID int, params db.RetrieveQueryParams) ([]db.AccessKey, error) {
 	var keys []db.AccessKey
-	err := d.getObjects(projectID, db.AccessKeyProps, params, &keys)
+	err := d.getProjectObjects(projectID, db.AccessKeyProps, params, &keys)
 	return keys, err
 }
 
@@ -84,7 +85,42 @@ func (d *SqlDb) DeleteAccessKey(projectID int, accessKeyID int) error {
 	return d.deleteObject(projectID, db.AccessKeyProps, accessKeyID)
 }
 
-func (d *SqlDb) RekeyAccessKeys(oldKey string) error {
+const RekeyBatchSize = 100
 
-	return nil
+func (d *SqlDb) RekeyAccessKeys(oldKey string) (err error) {
+
+	var globalProps = db.AccessKeyProps
+	globalProps.IsGlobal = true
+
+	for i := 0; ; i++ {
+
+		var keys []db.AccessKey
+		err = d.getObjects(-1, globalProps, db.RetrieveQueryParams{Count: RekeyBatchSize, Offset: i * RekeyBatchSize}, &keys, true)
+
+		if err != nil {
+			return
+		}
+
+		if len(keys) == 0 {
+			break
+		}
+
+		for _, key := range keys {
+
+			err = key.DeserializeSecret2(oldKey)
+
+			if err != nil {
+				return err
+			}
+
+			key.OverrideSecret = true
+			err = d.UpdateAccessKey(key)
+
+			if err != nil && !errors.Is(err, db.ErrNotFound) {
+				return err
+			}
+		}
+	}
+
+	return
 }
diff --git a/db/sql/environment.go b/db/sql/environment.go
@@ -16,7 +16,7 @@ func (d *SqlDb) GetEnvironmentRefs(projectID int, environmentID int) (db.ObjectR
 
 func (d *SqlDb) GetEnvironments(projectID int, params db.RetrieveQueryParams) ([]db.Environment, error) {
 	var environment []db.Environment
-	err := d.getObjects(projectID, db.EnvironmentProps, params, &environment)
+	err := d.getProjectObjects(projectID, db.EnvironmentProps, params, &environment)
 	return environment, err
 }
 

diff --git a/db/sql/inventory.go b/db/sql/inventory.go
@@ -14,7 +14,7 @@ func (d *SqlDb) GetInventory(projectID int, inventoryID int) (inventory db.Inven
 
 func (d *SqlDb) GetInventories(projectID int, params db.RetrieveQueryParams) ([]db.Inventory, error) {
 	var inventories []db.Inventory
-	err := d.getObjects(projectID, db.InventoryProps, params, &inventories)
+	err := d.getProjectObjects(projectID, db.InventoryProps, params, &inventories)
 	return inventories, err
 }
 

diff --git a/db/sql/runner.go b/db/sql/runner.go
@@ -24,7 +24,7 @@ func (d *SqlDb) GetGlobalRunner(runnerID int) (runner db.Runner, err error) {
 }
 
 func (d *SqlDb) GetGlobalRunners() (runners []db.Runner, err error) {
-	err = d.getObjects(0, db.GlobalRunnerProps, db.RetrieveQueryParams{}, &runners)
+	err = d.getProjectObjects(0, db.GlobalRunnerProps, db.RetrieveQueryParams{}, &runners)
 	return
 }
 

diff --git a/db/sql/view.go b/db/sql/view.go
@@ -8,7 +8,7 @@ func (d *SqlDb) GetView(projectID int, viewID int) (view db.View, err error) {
 }
 
 func (d *SqlDb) GetViews(projectID int) (views []db.View, err error) {
-	err = d.getObjects(projectID, db.ViewProps, db.RetrieveQueryParams{}, &views)
+	err = d.getProjectObjects(projectID, db.ViewProps, db.RetrieveQueryParams{}, &views)
 	return
 }