Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix migration failure due to config name change #921

Merged
merged 1 commit into from
Jan 5, 2017
Merged

Fix migration failure due to config name change #921

merged 1 commit into from
Jan 5, 2017

Conversation

pkarman
Copy link
Contributor

@pkarman pkarman commented Jan 4, 2017

Why: Two Figaro environment variables changed names,
and a related class name also changed.

How: Add fallback config names and a class definition
for the old class name.

@pkarman pkarman self-assigned this Jan 4, 2017
@pkarman pkarman mentioned this pull request Jan 4, 2017
Closed
@monfresh
Copy link
Contributor

monfresh commented Jan 4, 2017

This alone will not replace what I was attempting to do with the ConfigValidator checks. If the attribute_encryption_key does not match the email_encryption_key on the server, existing users will not be able to sign in. We need to make sure that when application.yml gets updated on the server, whether manually, or by Chef, the following conditions hold true:

  1. email_encryption_key must not be modified from its previous value
  2. attribute_encryption_key must match email_encryption_key

Also, I think that if the ReencryptEmailWithSalt fails, the migration should fail and prevent subsequent migrations from running, to indicate that there was a problem, i.e. we should not be rescuing Pii::EncryptionError. Thoughts?

@zachmargolis
Copy link
Contributor

After this is merged + deployed to demo, should we squash all the DB migrations? The longer we leave files that reference old things around, the more painful it will get IMO

@pkarman
Copy link
Contributor Author

pkarman commented Jan 5, 2017

@monfresh wrote:

We need to make sure that when application.yml gets updated on the server, whether manually, or by Chef, the following conditions hold true:

  • email_encryption_key must not be modified from its previous value
  • attribute_encryption_key must match email_encryption_key

I disagree with the first point. email_encryption_key is no longer supported or used, except by this migration, and now it is not needed by this migration at all.

As to the second point, if whomever does the migration forgets to remove email_encryption_key from the relevant application.yml file, then yes, it must be the same as the new attribute_encryption_key.

I can remove the raise/rescue. The reason it is there will not apply here (it's for problems with decryption, which typically happen because of point two above).

@pkarman
Copy link
Contributor Author

pkarman commented Jan 5, 2017

@zachmargolis by "squash all the DB migrations" do you mean remove the files from the repo? I'm fine with that, after we've deployed to all existing environments.

@pkarman
Copy link
Contributor Author

pkarman commented Jan 5, 2017

I have removed references to email_encryption_key completely since it does not exist in master. This is a case where incremental db changes in separate migrations was probably more trouble than it was worth.

@zachmargolis
Copy link
Contributor

@pkarman yeah basically that -- by squash I mean we take the content of schema.rb and replace the most recent migration with it, and remove all the other migrations, that way we can easily get to our current structure and not have to worry about all the intermediate steps

monfresh
monfresh reviewed Jan 5, 2017
View reviewed changes
db/migrate/20161214221229_reencrypt_email_with_salt.rb
class EncryptedEmail < EncryptedAttribute
def self.new_from_email(plain_email, old_uak)
new_from_decrypted(plain_email, old_uak)
end
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should old_uak be new_uak? When this method is called below, new_uak is being passed as an argument.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also, do we even need to define this here? Can we not call EncryptedAttribute#new_from_decrypted directly?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

By stubbing out EncryptedEmail I was trying to follow the same pattern with ActiveRecord with stubbing models in case table names ever change.

But you're right; we don't need it. I have changed in 75445b0

@monfresh
Copy link
Contributor

monfresh commented Jan 5, 2017

Agreed that we shouldn't rely on the presence of email_encryption_key. However, we must ensure that attribute_encryption_key must be set to the value of email_encryption_key before email_encryption_key is removed. I suppose I could ssh into the servers now and add attribute_encryption_key now and make it match email_encryption_key.

Can you think of another way to ensure that this step is done before deployment?

@monfresh
Copy link
Contributor

monfresh commented Jan 5, 2017

In other words, if we were live in production, and we had to make sure we didn't screw this up and prevent all users from ever signing back in again, what would we do?

@pkarman
Copy link
Contributor Author

pkarman commented Jan 5, 2017

In other words, if we were live in production, and we had to make sure we didn't screw this up and prevent all users from ever signing back in again, what would we do?

If the encryption key is not set correctly, the email can't be decrypted during the migration, so the migration will fail. Previously it was skipped. Now the migration won't proceed.

@pkarman
Copy link
Contributor Author

pkarman commented Jan 5, 2017

Can you think of another way to ensure that this step is done before deployment?

As long as we are manually managing application.yml files, I assume there will need to be manual steps taken before deployments. So I consider this a step to take before deploying to a particular env. Perhaps we need some kind of release wiki page with TODO steps?

@pkarman pkarman force-pushed the pek-attribute-encryption-spec branch from 75445b0 to 4ec8b87 Compare January 5, 2017 20:02
Fix migration failure due to config name change
12d6662 
**Why**: Two Figaro environment variables changed names,
and a related class name also changed.

**How**: Add fallback config names and a class definition
for the old class name.
@pkarman pkarman force-pushed the pek-attribute-encryption-spec branch from 4ec8b87 to 12d6662 Compare January 5, 2017 22:19
monfresh
monfresh approved these changes Jan 5, 2017
View reviewed changes
Copy link
Contributor

@monfresh monfresh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@monfresh monfresh merged commit 7f6f8d6 into master Jan 5, 2017
@monfresh monfresh deleted the pek-attribute-encryption-spec branch January 5, 2017 23:28
amoose pushed a commit that referenced this pull request Feb 7, 2017
@pkarman @amoose
Fix migration failure due to config name change (#921)
5b7847f 
**Why**: Two Figaro environment variables changed names,
and a related class name also changed.

**How**: Add fallback config names and a class definition
for the old class name.
amoose pushed a commit that referenced this pull request Feb 24, 2017
@pkarman @amoose
Fix migration failure due to config name change (#921)
3a636f9 
**Why**: Two Figaro environment variables changed names,
and a related class name also changed.

**How**: Add fallback config names and a class definition
for the old class name.
amoose pushed a commit that referenced this pull request Feb 28, 2017
@pkarman @amoose
Fix migration failure due to config name change (#921)
cfde880 
**Why**: Two Figaro environment variables changed names,
and a related class name also changed.

**How**: Add fallback config names and a class definition
for the old class name.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@monfresh monfresh monfresh approved these changes

Assignees

@pkarman pkarman

Labels
status - ready for review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@pkarman @monfresh @zachmargolis