PMM-13132 Another suggested refactor.

percona · Sep 20, 2024 · 7fab00f · 7fab00f
1 parent f603530
commit 7fab00f
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 74 deletions.
diff --git a/managed/models/database.go b/managed/models/database.go
@@ -27,7 +27,6 @@ import (
 	"net"
 	"net/url"
 	"os"
-	"slices"
 	"strconv"
 	"strings"
 
@@ -1177,50 +1176,17 @@ func SetupDB(ctx context.Context, sqlDB *sql.DB, params SetupDBParams) (*reform.
 
 // EncryptDB encrypts a set of columns in a specific database and table.
 func EncryptDB(tx *reform.TX, database string, itemsToEncrypt []encryption.Table) error {
-	return dbEncryption(tx, database, itemsToEncrypt, encryption.EncryptItems, true, addToEncryptedItems)
-}
-
-func encryptionExists(m map[string]bool, key string) bool {
-	return m[key]
-}
-
-func addToEncryptedItems(encryptedItems []string, items []string) []string {
-	return slices.Concat(encryptedItems, items)
+	return dbEncryption(tx, database, itemsToEncrypt, encryption.EncryptItems, true)
 }
 
 // DecryptDB decrypts a set of columns in a specific database and table.
 func DecryptDB(tx *reform.TX, database string, itemsToEncrypt []encryption.Table) error {
-	return dbEncryption(tx, database, itemsToEncrypt, encryption.DecryptItems, false, removeFromEncryptedItems)
-}
-
-func encryptionNotExists(m map[string]bool, key string) bool {
-	return !encryptionExists(m, key)
-}
-
-func removeFromEncryptedItems(encryptedItems []string, items []string) []string {
-	res := []string{}
-	for _, encryptedItem := range encryptedItems {
-		exists := false
-		for _, item := range items {
-			if encryptedItem == item {
-				exists = true
-			}
-		}
-
-		if exists {
-			continue
-		}
-
-		res = append(res, encryptedItem)
-	}
-
-	return res
+	return dbEncryption(tx, database, itemsToEncrypt, encryption.DecryptItems, false)
 }
 
 func dbEncryption(tx *reform.TX, database string, items []encryption.Table,
 	encryptionHandler func(tx *reform.TX, tables []encryption.Table) error,
 	expectedState bool,
-	settingsHandler func(encryptedItems []string, items []string) []string,
 ) error {
 	if len(items) == 0 {
 		return nil
@@ -1263,8 +1229,14 @@ func dbEncryption(tx *reform.TX, database string, items []encryption.Table,
 	if err != nil {
 		return err
 	}
+
+	encryptedItems := []string{}
+	if expectedState {
+		encryptedItems = prepared
+	}
+
 	_, err = UpdateSettings(tx, &ChangeSettingsParams{
-		EncryptedItems: settingsHandler(settings.EncryptedItems, prepared),
+		EncryptedItems: encryptedItems,
 	})
 	if err != nil {
 		return err

diff --git a/managed/models/settings_helpers.go b/managed/models/settings_helpers.go
@@ -226,7 +226,9 @@ func UpdateSettings(q reform.DBTX, params *ChangeSettingsParams) (*Settings, err
 		settings.DefaultRoleID = *params.DefaultRoleID
 	}
 
-	settings.EncryptedItems = params.EncryptedItems
+	if settings.EncryptedItems != nil {
+		settings.EncryptedItems = params.EncryptedItems
+	}
 
 	err = SaveSettings(q, settings)
 	if err != nil {

diff --git a/managed/utils/encryption/encryption.go b/managed/utils/encryption/encryption.go
@@ -80,21 +80,6 @@ func RotateEncryptionKey() error {
 	return nil
 }
 
-// RotateEncryptionKey is will backup old encryption key and generate new one.
-func (e *Encryption) RotateEncryptionKey() error {
-	err := e.backupOldEncryptionKey()
-	if err != nil {
-		return err
-	}
-
-	enc := New()
-	e.Key = enc.Key
-	e.Path = enc.Path
-	e.Primitive = enc.Primitive
-
-	return nil
-}
-
 // RestoreOldEncryptionKey is a wrapper around DefaultEncryption.RestoreOldEncryptionKey.
 func RestoreOldEncryptionKey() error {
 	err := os.Rename(fmt.Sprintf("%s_old.key", strings.TrimSuffix(encryptionKeyPath(), ".key")), encryptionKeyPath())
@@ -105,9 +90,8 @@ func RestoreOldEncryptionKey() error {
 	return nil
 }
 
-// RestoreOldEncryptionKey will restore previous backup during rotation.
-func (e *Encryption) RestoreOldEncryptionKey() error {
-	err := os.Rename(fmt.Sprintf("%s_old.key", strings.TrimSuffix(e.Path, ".key")), e.Path)
+func backupOldEncryptionKey() error {
+	err := os.Rename(encryptionKeyPath(), fmt.Sprintf("%s_old.key", strings.TrimSuffix(encryptionKeyPath(), ".key")))
 	if err != nil {
 		return err
 	}

diff --git a/managed/utils/encryption/helpers.go b/managed/utils/encryption/helpers.go
@@ -40,24 +40,6 @@ func encryptionKeyPath() string {
 	return DefaultEncryptionKeyPath
 }
 
-func backupOldEncryptionKey() error {
-	err := os.Rename(encryptionKeyPath(), fmt.Sprintf("%s_old.key", strings.TrimSuffix(encryptionKeyPath(), ".key")))
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
-func (e *Encryption) backupOldEncryptionKey() error {
-	err := os.Rename(e.Path, fmt.Sprintf("%s_old.key", strings.TrimSuffix(e.Path, ".key")))
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
 func prepareRowPointers(rows *sql.Rows) ([]any, error) {
 	columnTypes, err := rows.ColumnTypes()
 	if err != nil {