add database columns and config for feature flag (#1594)

* add database columns and config for feature flag * yay presubmits * no automigrate
google · Jan 14, 2021 · ac18c09 · ac18c09
1 parent c19be95
commit ac18c09
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 5 deletions.
diff --git a/pkg/config/certificate_signing_config.go b/pkg/config/certificate_signing_config.go
@@ -21,7 +21,7 @@ import (
 )
 
 // CertificateSigningConfig represents the settings for system-wide certificate
-// signing. These should be used if you are managing certifiate keys externally.
+// signing. These should be used if you are managing certificate keys externally.
 type CertificateSigningConfig struct {
 	// Keys determines the key manager configuration for this certificate signing
 	// configuration.
@@ -34,4 +34,7 @@ type CertificateSigningConfig struct {
 	CertificateIssuer       string        `env:"CERTIFICATE_ISSUER, default=diagnosis-verification-example"`
 	CertificateAudience     string        `env:"CERTIFICATE_AUDIENCE, default=exposure-notifications-server"`
 	CertificateDuration     time.Duration `env:"CERTIFICATE_DURATION, default=15m"`
+	// EnableAutoRotation indicates if auto rotation settings should be shown in the UI.
+	// This will become the default in v0.21.0 of the verification server.
+	EnableAutoRotation bool `env:"ENABLE_VERIFICATION_KEY_AUTO_ROTATION, default=false"`
 }
diff --git a/pkg/database/migrations.go b/pkg/database/migrations.go
@@ -1968,6 +1968,18 @@ func (db *Database) Migrations(ctx context.Context) []*gormigrate.Migration {
 					`DELETE FROM users WHERE deleted_at IS NOT NULL`)
 			},
 		},
+		{
+			ID: "00086-AddRealmAutoRotateSetting",
+			Migrate: func(tx *gorm.DB) error {
+				return multiExec(tx,
+					`ALTER TABLE realms ADD COLUMN IF NOT EXISTS auto_rotate_certificate_key BOOLEAN DEFAULT false`,
+					`ALTER TABLE realms ALTER COLUMN auto_rotate_certificate_key SET NOT NULL`)
+			},
+			Rollback: func(tx *gorm.DB) error {
+				return multiExec(tx,
+					`ALTER TABLE realms DROP COLUMN IF EXISTS auto_rotate_certificate_key`)
+			},
+		},
 	}
 }
 

diff --git a/pkg/database/realm.go b/pkg/database/realm.go
@@ -238,10 +238,11 @@ type Realm struct {
 	RequireDate bool `gorm:"type:boolean; not null; default:false;"`
 
 	// Signing Key Settings
-	UseRealmCertificateKey bool            `gorm:"type:boolean; default: false;"`
-	CertificateIssuer      string          `gorm:"type:varchar(150); default: '';"`
-	CertificateAudience    string          `gorm:"type:varchar(150); default: '';"`
-	CertificateDuration    DurationSeconds `gorm:"type:bigint; default: 900;"` // 15m
+	UseRealmCertificateKey   bool            `gorm:"type:boolean; default: false;"`
+	CertificateIssuer        string          `gorm:"type:varchar(150); default: '';"`
+	CertificateAudience      string          `gorm:"type:varchar(150); default: '';"`
+	CertificateDuration      DurationSeconds `gorm:"type:bigint; default: 900;"` // 15m
+	AutoRotateCertificateKey bool            `gorm:"type:boolean; default: false;"`
 
 	// EN Express
 	EnableENExpress bool `gorm:"type:boolean; default: false;"`