diff --git a/pkg/adapter/config/encryptionAdapter.go b/pkg/adapter/config/encryptionAdapter.go deleted file mode 100644 index 407d3402..00000000 --- a/pkg/adapter/config/encryptionAdapter.go +++ /dev/null @@ -1,66 +0,0 @@ -package config - -import ( - "context" - "errors" - "github.com/cloudogu/k8s-blueprint-operator/pkg/domain/common" -) - -const ( - privateKey = "private.pem" - fmtDoguPrivateKeySecretName = "%s-private" -) - -type PublicKeyConfigEncryptionAdapter struct { - secrets secret - registry etcdRegistry - namespace string -} - -func NewPublicKeyConfigEncryptionAdapter(secretClient secret, registry etcdRegistry, namespace string) *PublicKeyConfigEncryptionAdapter { - return &PublicKeyConfigEncryptionAdapter{secrets: secretClient, registry: registry, namespace: namespace} -} - -func (p PublicKeyConfigEncryptionAdapter) Encrypt( - _ context.Context, - name common.SimpleDoguName, - value common.SensitiveDoguConfigValue, -) (common.EncryptedDoguConfigValue, error) { - //TODO: The encryption got removed to update the dogu operator, which does not contain the encryption functions anymore. - // This code is obsolet anyways as we will not encrypt config anymore but removing this adapter completely is a later step in the refactoring. - return common.EncryptedDoguConfigValue(value), nil -} - -func (p PublicKeyConfigEncryptionAdapter) EncryptAll( - _ context.Context, - entries map[common.SensitiveDoguConfigKey]common.SensitiveDoguConfigValue, -) (map[common.SensitiveDoguConfigKey]common.EncryptedDoguConfigValue, error) { - //TODO: The encryption got removed to update the dogu operator, which does not contain the encryption functions anymore. - // This code is obsolet anyways as we will not encrypt config anymore but removing this adapter completely is a later step in the refactoring. - encryptedEntries := map[common.SensitiveDoguConfigKey]common.EncryptedDoguConfigValue{} - var encryptionErrors []error - for configKey, configValue := range entries { - encryptedEntries[configKey] = common.EncryptedDoguConfigValue(configValue) - } - return encryptedEntries, errors.Join(encryptionErrors...) -} - -func (p PublicKeyConfigEncryptionAdapter) Decrypt( - ctx context.Context, - name common.SimpleDoguName, - encryptedValue common.EncryptedDoguConfigValue, -) (common.SensitiveDoguConfigValue, error) { - //TODO: The encryption got removed to update the dogu operator, which does not contain the encryption functions anymore. - // This code is obsolet anyways as we will not encrypt config anymore but removing this adapter completely is a later step in the refactoring. - return common.SensitiveDoguConfigValue(encryptedValue), nil -} - -func (p PublicKeyConfigEncryptionAdapter) DecryptAll(ctx context.Context, entries map[common.SensitiveDoguConfigKey]common.EncryptedDoguConfigValue) (map[common.SensitiveDoguConfigKey]common.SensitiveDoguConfigValue, error) { - //TODO: The encryption got removed to update the dogu operator, which does not contain the encryption functions anymore. - // This code is obsolet anyways as we will not encrypt config anymore but removing this adapter completely is a later step in the refactoring. - decryptedEntries := map[common.SensitiveDoguConfigKey]common.SensitiveDoguConfigValue{} - for configKey, configValue := range entries { - decryptedEntries[configKey] = common.SensitiveDoguConfigValue(configValue) - } - return decryptedEntries, nil -} diff --git a/pkg/adapter/config/interfaces.go b/pkg/adapter/config/interfaces.go index 715166c2..a90cc28d 100644 --- a/pkg/adapter/config/interfaces.go +++ b/pkg/adapter/config/interfaces.go @@ -2,17 +2,8 @@ package config import ( "github.com/cloudogu/cesapp-lib/registry" - v1 "k8s.io/client-go/kubernetes/typed/core/v1" ) -type secret interface { - v1.SecretInterface -} - -type etcdRegistry interface { - registry.Registry -} - //nolint:unused //goland:noinspection GoUnusedType type globalConfigStore interface { diff --git a/pkg/adapter/config/mock_etcdRegistry_test.go b/pkg/adapter/config/mock_etcdRegistry_test.go deleted file mode 100644 index a5a2f160..00000000 --- a/pkg/adapter/config/mock_etcdRegistry_test.go +++ /dev/null @@ -1,422 +0,0 @@ -// Code generated by mockery v2.42.1. DO NOT EDIT. - -package config - -import ( - registry "github.com/cloudogu/cesapp-lib/registry" - mock "github.com/stretchr/testify/mock" -) - -// mockEtcdRegistry is an autogenerated mock type for the etcdRegistry type -type mockEtcdRegistry struct { - mock.Mock -} - -type mockEtcdRegistry_Expecter struct { - mock *mock.Mock -} - -func (_m *mockEtcdRegistry) EXPECT() *mockEtcdRegistry_Expecter { - return &mockEtcdRegistry_Expecter{mock: &_m.Mock} -} - -// BlueprintRegistry provides a mock function with given fields: -func (_m *mockEtcdRegistry) BlueprintRegistry() registry.ConfigurationContext { - ret := _m.Called() - - if len(ret) == 0 { - panic("no return value specified for BlueprintRegistry") - } - - var r0 registry.ConfigurationContext - if rf, ok := ret.Get(0).(func() registry.ConfigurationContext); ok { - r0 = rf() - } else { - if ret.Get(0) != nil { - r0 = ret.Get(0).(registry.ConfigurationContext) - } - } - - return r0 -} - -// mockEtcdRegistry_BlueprintRegistry_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'BlueprintRegistry' -type mockEtcdRegistry_BlueprintRegistry_Call struct { - *mock.Call -} - -// BlueprintRegistry is a helper method to define mock.On call -func (_e *mockEtcdRegistry_Expecter) BlueprintRegistry() *mockEtcdRegistry_BlueprintRegistry_Call { - return &mockEtcdRegistry_BlueprintRegistry_Call{Call: _e.mock.On("BlueprintRegistry")} -} - -func (_c *mockEtcdRegistry_BlueprintRegistry_Call) Run(run func()) *mockEtcdRegistry_BlueprintRegistry_Call { - _c.Call.Run(func(args mock.Arguments) { - run() - }) - return _c -} - -func (_c *mockEtcdRegistry_BlueprintRegistry_Call) Return(_a0 registry.ConfigurationContext) *mockEtcdRegistry_BlueprintRegistry_Call { - _c.Call.Return(_a0) - return _c -} - -func (_c *mockEtcdRegistry_BlueprintRegistry_Call) RunAndReturn(run func() registry.ConfigurationContext) *mockEtcdRegistry_BlueprintRegistry_Call { - _c.Call.Return(run) - return _c -} - -// DoguConfig provides a mock function with given fields: dogu -func (_m *mockEtcdRegistry) DoguConfig(dogu string) registry.ConfigurationContext { - ret := _m.Called(dogu) - - if len(ret) == 0 { - panic("no return value specified for DoguConfig") - } - - var r0 registry.ConfigurationContext - if rf, ok := ret.Get(0).(func(string) registry.ConfigurationContext); ok { - r0 = rf(dogu) - } else { - if ret.Get(0) != nil { - r0 = ret.Get(0).(registry.ConfigurationContext) - } - } - - return r0 -} - -// mockEtcdRegistry_DoguConfig_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'DoguConfig' -type mockEtcdRegistry_DoguConfig_Call struct { - *mock.Call -} - -// DoguConfig is a helper method to define mock.On call -// - dogu string -func (_e *mockEtcdRegistry_Expecter) DoguConfig(dogu interface{}) *mockEtcdRegistry_DoguConfig_Call { - return &mockEtcdRegistry_DoguConfig_Call{Call: _e.mock.On("DoguConfig", dogu)} -} - -func (_c *mockEtcdRegistry_DoguConfig_Call) Run(run func(dogu string)) *mockEtcdRegistry_DoguConfig_Call { - _c.Call.Run(func(args mock.Arguments) { - run(args[0].(string)) - }) - return _c -} - -func (_c *mockEtcdRegistry_DoguConfig_Call) Return(_a0 registry.ConfigurationContext) *mockEtcdRegistry_DoguConfig_Call { - _c.Call.Return(_a0) - return _c -} - -func (_c *mockEtcdRegistry_DoguConfig_Call) RunAndReturn(run func(string) registry.ConfigurationContext) *mockEtcdRegistry_DoguConfig_Call { - _c.Call.Return(run) - return _c -} - -// DoguRegistry provides a mock function with given fields: -func (_m *mockEtcdRegistry) DoguRegistry() registry.DoguRegistry { - ret := _m.Called() - - if len(ret) == 0 { - panic("no return value specified for DoguRegistry") - } - - var r0 registry.DoguRegistry - if rf, ok := ret.Get(0).(func() registry.DoguRegistry); ok { - r0 = rf() - } else { - if ret.Get(0) != nil { - r0 = ret.Get(0).(registry.DoguRegistry) - } - } - - return r0 -} - -// mockEtcdRegistry_DoguRegistry_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'DoguRegistry' -type mockEtcdRegistry_DoguRegistry_Call struct { - *mock.Call -} - -// DoguRegistry is a helper method to define mock.On call -func (_e *mockEtcdRegistry_Expecter) DoguRegistry() *mockEtcdRegistry_DoguRegistry_Call { - return &mockEtcdRegistry_DoguRegistry_Call{Call: _e.mock.On("DoguRegistry")} -} - -func (_c *mockEtcdRegistry_DoguRegistry_Call) Run(run func()) *mockEtcdRegistry_DoguRegistry_Call { - _c.Call.Run(func(args mock.Arguments) { - run() - }) - return _c -} - -func (_c *mockEtcdRegistry_DoguRegistry_Call) Return(_a0 registry.DoguRegistry) *mockEtcdRegistry_DoguRegistry_Call { - _c.Call.Return(_a0) - return _c -} - -func (_c *mockEtcdRegistry_DoguRegistry_Call) RunAndReturn(run func() registry.DoguRegistry) *mockEtcdRegistry_DoguRegistry_Call { - _c.Call.Return(run) - return _c -} - -// GetNode provides a mock function with given fields: -func (_m *mockEtcdRegistry) GetNode() (registry.Node, error) { - ret := _m.Called() - - if len(ret) == 0 { - panic("no return value specified for GetNode") - } - - var r0 registry.Node - var r1 error - if rf, ok := ret.Get(0).(func() (registry.Node, error)); ok { - return rf() - } - if rf, ok := ret.Get(0).(func() registry.Node); ok { - r0 = rf() - } else { - r0 = ret.Get(0).(registry.Node) - } - - if rf, ok := ret.Get(1).(func() error); ok { - r1 = rf() - } else { - r1 = ret.Error(1) - } - - return r0, r1 -} - -// mockEtcdRegistry_GetNode_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'GetNode' -type mockEtcdRegistry_GetNode_Call struct { - *mock.Call -} - -// GetNode is a helper method to define mock.On call -func (_e *mockEtcdRegistry_Expecter) GetNode() *mockEtcdRegistry_GetNode_Call { - return &mockEtcdRegistry_GetNode_Call{Call: _e.mock.On("GetNode")} -} - -func (_c *mockEtcdRegistry_GetNode_Call) Run(run func()) *mockEtcdRegistry_GetNode_Call { - _c.Call.Run(func(args mock.Arguments) { - run() - }) - return _c -} - -func (_c *mockEtcdRegistry_GetNode_Call) Return(_a0 registry.Node, _a1 error) *mockEtcdRegistry_GetNode_Call { - _c.Call.Return(_a0, _a1) - return _c -} - -func (_c *mockEtcdRegistry_GetNode_Call) RunAndReturn(run func() (registry.Node, error)) *mockEtcdRegistry_GetNode_Call { - _c.Call.Return(run) - return _c -} - -// GlobalConfig provides a mock function with given fields: -func (_m *mockEtcdRegistry) GlobalConfig() registry.ConfigurationContext { - ret := _m.Called() - - if len(ret) == 0 { - panic("no return value specified for GlobalConfig") - } - - var r0 registry.ConfigurationContext - if rf, ok := ret.Get(0).(func() registry.ConfigurationContext); ok { - r0 = rf() - } else { - if ret.Get(0) != nil { - r0 = ret.Get(0).(registry.ConfigurationContext) - } - } - - return r0 -} - -// mockEtcdRegistry_GlobalConfig_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'GlobalConfig' -type mockEtcdRegistry_GlobalConfig_Call struct { - *mock.Call -} - -// GlobalConfig is a helper method to define mock.On call -func (_e *mockEtcdRegistry_Expecter) GlobalConfig() *mockEtcdRegistry_GlobalConfig_Call { - return &mockEtcdRegistry_GlobalConfig_Call{Call: _e.mock.On("GlobalConfig")} -} - -func (_c *mockEtcdRegistry_GlobalConfig_Call) Run(run func()) *mockEtcdRegistry_GlobalConfig_Call { - _c.Call.Run(func(args mock.Arguments) { - run() - }) - return _c -} - -func (_c *mockEtcdRegistry_GlobalConfig_Call) Return(_a0 registry.ConfigurationContext) *mockEtcdRegistry_GlobalConfig_Call { - _c.Call.Return(_a0) - return _c -} - -func (_c *mockEtcdRegistry_GlobalConfig_Call) RunAndReturn(run func() registry.ConfigurationContext) *mockEtcdRegistry_GlobalConfig_Call { - _c.Call.Return(run) - return _c -} - -// HostConfig provides a mock function with given fields: hostService -func (_m *mockEtcdRegistry) HostConfig(hostService string) registry.ConfigurationContext { - ret := _m.Called(hostService) - - if len(ret) == 0 { - panic("no return value specified for HostConfig") - } - - var r0 registry.ConfigurationContext - if rf, ok := ret.Get(0).(func(string) registry.ConfigurationContext); ok { - r0 = rf(hostService) - } else { - if ret.Get(0) != nil { - r0 = ret.Get(0).(registry.ConfigurationContext) - } - } - - return r0 -} - -// mockEtcdRegistry_HostConfig_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'HostConfig' -type mockEtcdRegistry_HostConfig_Call struct { - *mock.Call -} - -// HostConfig is a helper method to define mock.On call -// - hostService string -func (_e *mockEtcdRegistry_Expecter) HostConfig(hostService interface{}) *mockEtcdRegistry_HostConfig_Call { - return &mockEtcdRegistry_HostConfig_Call{Call: _e.mock.On("HostConfig", hostService)} -} - -func (_c *mockEtcdRegistry_HostConfig_Call) Run(run func(hostService string)) *mockEtcdRegistry_HostConfig_Call { - _c.Call.Run(func(args mock.Arguments) { - run(args[0].(string)) - }) - return _c -} - -func (_c *mockEtcdRegistry_HostConfig_Call) Return(_a0 registry.ConfigurationContext) *mockEtcdRegistry_HostConfig_Call { - _c.Call.Return(_a0) - return _c -} - -func (_c *mockEtcdRegistry_HostConfig_Call) RunAndReturn(run func(string) registry.ConfigurationContext) *mockEtcdRegistry_HostConfig_Call { - _c.Call.Return(run) - return _c -} - -// RootConfig provides a mock function with given fields: -func (_m *mockEtcdRegistry) RootConfig() registry.WatchConfigurationContext { - ret := _m.Called() - - if len(ret) == 0 { - panic("no return value specified for RootConfig") - } - - var r0 registry.WatchConfigurationContext - if rf, ok := ret.Get(0).(func() registry.WatchConfigurationContext); ok { - r0 = rf() - } else { - if ret.Get(0) != nil { - r0 = ret.Get(0).(registry.WatchConfigurationContext) - } - } - - return r0 -} - -// mockEtcdRegistry_RootConfig_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'RootConfig' -type mockEtcdRegistry_RootConfig_Call struct { - *mock.Call -} - -// RootConfig is a helper method to define mock.On call -func (_e *mockEtcdRegistry_Expecter) RootConfig() *mockEtcdRegistry_RootConfig_Call { - return &mockEtcdRegistry_RootConfig_Call{Call: _e.mock.On("RootConfig")} -} - -func (_c *mockEtcdRegistry_RootConfig_Call) Run(run func()) *mockEtcdRegistry_RootConfig_Call { - _c.Call.Run(func(args mock.Arguments) { - run() - }) - return _c -} - -func (_c *mockEtcdRegistry_RootConfig_Call) Return(_a0 registry.WatchConfigurationContext) *mockEtcdRegistry_RootConfig_Call { - _c.Call.Return(_a0) - return _c -} - -func (_c *mockEtcdRegistry_RootConfig_Call) RunAndReturn(run func() registry.WatchConfigurationContext) *mockEtcdRegistry_RootConfig_Call { - _c.Call.Return(run) - return _c -} - -// State provides a mock function with given fields: dogu -func (_m *mockEtcdRegistry) State(dogu string) registry.State { - ret := _m.Called(dogu) - - if len(ret) == 0 { - panic("no return value specified for State") - } - - var r0 registry.State - if rf, ok := ret.Get(0).(func(string) registry.State); ok { - r0 = rf(dogu) - } else { - if ret.Get(0) != nil { - r0 = ret.Get(0).(registry.State) - } - } - - return r0 -} - -// mockEtcdRegistry_State_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'State' -type mockEtcdRegistry_State_Call struct { - *mock.Call -} - -// State is a helper method to define mock.On call -// - dogu string -func (_e *mockEtcdRegistry_Expecter) State(dogu interface{}) *mockEtcdRegistry_State_Call { - return &mockEtcdRegistry_State_Call{Call: _e.mock.On("State", dogu)} -} - -func (_c *mockEtcdRegistry_State_Call) Run(run func(dogu string)) *mockEtcdRegistry_State_Call { - _c.Call.Run(func(args mock.Arguments) { - run(args[0].(string)) - }) - return _c -} - -func (_c *mockEtcdRegistry_State_Call) Return(_a0 registry.State) *mockEtcdRegistry_State_Call { - _c.Call.Return(_a0) - return _c -} - -func (_c *mockEtcdRegistry_State_Call) RunAndReturn(run func(string) registry.State) *mockEtcdRegistry_State_Call { - _c.Call.Return(run) - return _c -} - -// newMockEtcdRegistry creates a new instance of mockEtcdRegistry. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. -// The first argument is typically a *testing.T value. -func newMockEtcdRegistry(t interface { - mock.TestingT - Cleanup(func()) -}) *mockEtcdRegistry { - mock := &mockEtcdRegistry{} - mock.Mock.Test(t) - - t.Cleanup(func() { mock.AssertExpectations(t) }) - - return mock -} diff --git a/pkg/application/ecosystemConfigUseCase.go b/pkg/application/ecosystemConfigUseCase.go index d759c7e4..51183991 100644 --- a/pkg/application/ecosystemConfigUseCase.go +++ b/pkg/application/ecosystemConfigUseCase.go @@ -16,22 +16,20 @@ type EcosystemConfigUseCase struct { doguConfigRepository doguConfigEntryRepository doguSensitiveConfigRepository sensitiveDoguConfigEntryRepository globalConfigRepository globalConfigEntryRepository - encryptionAdapter configEncryptionAdapter } var errSensitiveDoguConfigEntry = fmt.Errorf("sensitive dogu config error") -func NewEcosystemConfigUseCase(blueprintRepository blueprintSpecRepository, doguConfigRepository doguConfigEntryRepository, doguSensitiveConfigRepository sensitiveDoguConfigEntryRepository, globalConfigRepository globalConfigEntryRepository, encryptionAdapter configEncryptionAdapter) *EcosystemConfigUseCase { +func NewEcosystemConfigUseCase(blueprintRepository blueprintSpecRepository, doguConfigRepository doguConfigEntryRepository, doguSensitiveConfigRepository sensitiveDoguConfigEntryRepository, globalConfigRepository globalConfigEntryRepository) *EcosystemConfigUseCase { return &EcosystemConfigUseCase{ blueprintRepository: blueprintRepository, doguConfigRepository: doguConfigRepository, doguSensitiveConfigRepository: doguSensitiveConfigRepository, globalConfigRepository: globalConfigRepository, - encryptionAdapter: encryptionAdapter, } } -// ApplyConfig fetches the dogu and global config statediff of the blueprint and applies these keys to the repositories. +// ApplyConfig fetches the dogu and global config stateDiff of the blueprint and applies these keys to the repositories. func (useCase *EcosystemConfigUseCase) ApplyConfig(ctx context.Context, blueprintId string) error { logger := log.FromContext(ctx).WithName("EcosystemConfigUseCase.ApplyConfig"). WithValues("blueprintId", blueprintId) @@ -126,56 +124,24 @@ func (useCase *EcosystemConfigUseCase) applyDoguConfigDiffs(ctx context.Context, func (useCase *EcosystemConfigUseCase) applySensitiveDoguConfigDiffs(ctx context.Context, sensitiveDoguConfigDiffsByAction map[domain.ConfigAction]domain.SensitiveDoguConfigDiffs) error { var errs []error - var encryptedEntriesToSet []*ecosystem.SensitiveDoguConfigEntry - var entriesToEncrypt []*ecosystem.SensitiveDoguConfigEntry + var keysToSet []*ecosystem.SensitiveDoguConfigEntry var keysToDelete []common.SensitiveDoguConfigKey - encryptedEntryValues, err := useCase.encryptSensitiveDoguDiffs(ctx, sensitiveDoguConfigDiffsByAction) - if err != nil { - errs = append(errs, err) - } - - for _, diff := range sensitiveDoguConfigDiffsByAction[domain.ConfigActionSetEncrypted] { - entry, createEncryptedEntryErr := getSensitiveDoguConfigEntryWithEncryption(diff.Key.DoguName, diff, encryptedEntryValues) - if createEncryptedEntryErr != nil { - errs = append(errs, createEncryptedEntryErr) - continue - } - entriesToEncrypt = append(entriesToEncrypt, entry) - } - - for _, diff := range sensitiveDoguConfigDiffsByAction[domain.ConfigActionSetToEncrypt] { + for _, diff := range sensitiveDoguConfigDiffsByAction[domain.ConfigActionSet] { entry := getSensitiveDoguConfigEntry(diff.Key.DoguName, diff) - encryptedEntriesToSet = append(encryptedEntriesToSet, entry) + keysToSet = append(keysToSet, entry) } for _, diff := range sensitiveDoguConfigDiffsByAction[domain.ConfigActionRemove] { keysToDelete = append(keysToDelete, common.SensitiveDoguConfigKey{DoguConfigKey: common.DoguConfigKey{DoguName: diff.Key.DoguName, Key: diff.Key.Key}}) } - errs = append(errs, callIfNotEmpty(ctx, entriesToEncrypt, useCase.doguSensitiveConfigRepository.SaveAll)) - errs = append(errs, callIfNotEmpty(ctx, encryptedEntriesToSet, useCase.doguSensitiveConfigRepository.SaveAllForNotInstalledDogus)) + errs = append(errs, callIfNotEmpty(ctx, keysToSet, useCase.doguSensitiveConfigRepository.SaveAll)) errs = append(errs, callIfNotEmpty(ctx, keysToDelete, useCase.doguSensitiveConfigRepository.DeleteAllByKeys)) return errors.Join(errs...) } -// Only encrypt diffs with action domain.ConfigActionSetEncrypted. Diffs with action domain.ConfigActionSetToEncrypt will -// be encrypted by other components in further procedure. -func (useCase *EcosystemConfigUseCase) encryptSensitiveDoguDiffs(ctx context.Context, sensitiveDoguConfigDiffsByAction map[domain.ConfigAction]domain.SensitiveDoguConfigDiffs) (map[common.SensitiveDoguConfigKey]common.EncryptedDoguConfigValue, error) { - valuesToEncrypt := map[common.SensitiveDoguConfigKey]common.SensitiveDoguConfigValue{} - - for _, diff := range sensitiveDoguConfigDiffsByAction[domain.ConfigActionSetEncrypted] { - valuesToEncrypt[diff.Key] = common.SensitiveDoguConfigValue(diff.Expected.Value) - } - - if len(valuesToEncrypt) > 0 { - return useCase.encryptionAdapter.EncryptAll(ctx, valuesToEncrypt) - } - - return map[common.SensitiveDoguConfigKey]common.EncryptedDoguConfigValue{}, nil -} - func callIfNotEmpty[T ecosystem.RegistryConfigEntry | common.RegistryConfigKey](ctx context.Context, collection []T, fn func(context.Context, []T) error) error { if len(collection) > 0 { return fn(ctx, collection) diff --git a/pkg/application/ecosystemConfigUseCase_test.go b/pkg/application/ecosystemConfigUseCase_test.go index bd04428d..92222e1e 100644 --- a/pkg/application/ecosystemConfigUseCase_test.go +++ b/pkg/application/ecosystemConfigUseCase_test.go @@ -23,10 +23,9 @@ func TestEcosystemConfigUseCase_ApplyConfig(t *testing.T) { doguConfigMock := newMockDoguConfigEntryRepository(t) sensitiveDoguConfigMock := newMockSensitiveDoguConfigEntryRepository(t) globalConfigMock := newMockGlobalConfigEntryRepository(t) - encryptionMock := newMockConfigEncryptionAdapter(t) - redmineDiffToEncrypt := getSensitiveDoguConfigEntryDiffForAction("key", "value", testSimpleDoguNameRedmine, domain.ConfigActionSetEncrypted) - casDiffToEncrypt := getSensitiveDoguConfigEntryDiffForAction("key", "value", testSimpleDoguNameCas, domain.ConfigActionSetEncrypted) + redmineDiffToEncrypt := getSensitiveDoguConfigEntryDiffForAction("key", "value", testSimpleDoguNameRedmine, domain.ConfigActionSet) + casDiffToEncrypt := getSensitiveDoguConfigEntryDiffForAction("key", "value", testSimpleDoguNameCas, domain.ConfigActionSet) spec := &domain.BlueprintSpec{ StateDiff: domain.StateDiff{ DoguConfigDiffs: map[common.SimpleDoguName]domain.CombinedDoguConfigDiffs{ @@ -69,11 +68,7 @@ func TestEcosystemConfigUseCase_ApplyConfig(t *testing.T) { blueprintRepoMock.EXPECT().GetById(testCtx, testBlueprintID).Return(spec, nil) blueprintRepoMock.EXPECT().Update(testCtx, mock.Anything).Return(nil).Times(2) - expectedSensitiveValueMapToEncrypt := map[common.SensitiveDoguConfigKey]common.SensitiveDoguConfigValue{redmineDiffToEncrypt.Key: common.SensitiveDoguConfigValue(redmineDiffToEncrypt.Expected.Value), casDiffToEncrypt.Key: common.SensitiveDoguConfigValue(casDiffToEncrypt.Expected.Value)} - encryptedDoguConfigValueEntries := map[common.SensitiveDoguConfigKey]common.EncryptedDoguConfigValue{redmineDiffToEncrypt.Key: common.EncryptedDoguConfigValue(""), casDiffToEncrypt.Key: common.EncryptedDoguConfigValue("")} - encryptionMock.EXPECT().EncryptAll(testCtx, expectedSensitiveValueMapToEncrypt).Return(encryptedDoguConfigValueEntries, nil).Times(1) - - sut := EcosystemConfigUseCase{blueprintRepository: blueprintRepoMock, doguConfigRepository: doguConfigMock, doguSensitiveConfigRepository: sensitiveDoguConfigMock, globalConfigRepository: globalConfigMock, encryptionAdapter: encryptionMock} + sut := EcosystemConfigUseCase{blueprintRepository: blueprintRepoMock, doguConfigRepository: doguConfigMock, doguSensitiveConfigRepository: sensitiveDoguConfigMock, globalConfigRepository: globalConfigMock} // when err := sut.ApplyConfig(testCtx, testBlueprintID) @@ -156,9 +151,8 @@ func TestEcosystemConfigUseCase_ApplyConfig(t *testing.T) { doguConfigMock := newMockDoguConfigEntryRepository(t) sensitiveDoguConfigMock := newMockSensitiveDoguConfigEntryRepository(t) globalConfigMock := newMockGlobalConfigEntryRepository(t) - encryptionMock := newMockConfigEncryptionAdapter(t) - casDiffToEncrypt := getSensitiveDoguConfigEntryDiffForAction("key", "value", testSimpleDoguNameCas, domain.ConfigActionSetEncrypted) + casDiffToEncrypt := getSensitiveDoguConfigEntryDiffForAction("key", "value", testSimpleDoguNameCas, domain.ConfigActionSet) spec := &domain.BlueprintSpec{ StateDiff: domain.StateDiff{ DoguConfigDiffs: map[common.SimpleDoguName]domain.CombinedDoguConfigDiffs{ @@ -167,7 +161,7 @@ func TestEcosystemConfigUseCase_ApplyConfig(t *testing.T) { getSetDoguConfigEntryDiff("key", "value", testSimpleDoguNameRedmine), }, SensitiveDoguConfigDiff: []domain.SensitiveDoguConfigEntryDiff{ - getSensitiveDoguConfigEntryDiffForAction("key", "value", testSimpleDoguNameRedmine, domain.ConfigActionSetToEncrypt), + getSensitiveDoguConfigEntryDiffForAction("key", "value", testSimpleDoguNameRedmine, domain.ConfigActionSet), }, }, testSimpleDoguNameCas: { @@ -187,18 +181,14 @@ func TestEcosystemConfigUseCase_ApplyConfig(t *testing.T) { // Just check if the routine hits the repos. Check values in concrete test of methods. doguConfigMock.EXPECT().SaveAll(testCtx, mock.Anything).Return(assert.AnError).Times(1) - expectedCasMapToEncrypt := map[common.SensitiveDoguConfigKey]common.SensitiveDoguConfigValue{casDiffToEncrypt.Key: common.SensitiveDoguConfigValue(casDiffToEncrypt.Expected.Value)} - encryptedCasEntries := map[common.SensitiveDoguConfigKey]common.EncryptedDoguConfigValue{casDiffToEncrypt.Key: common.EncryptedDoguConfigValue("")} - encryptionMock.EXPECT().EncryptAll(testCtx, expectedCasMapToEncrypt).Return(encryptedCasEntries, nil).Times(1) sensitiveDoguConfigMock.EXPECT().SaveAll(testCtx, mock.Anything).Return(assert.AnError).Times(1) - sensitiveDoguConfigMock.EXPECT().SaveAllForNotInstalledDogus(testCtx, mock.Anything).Return(assert.AnError).Times(1) globalConfigMock.EXPECT().SaveAll(testCtx, mock.Anything).Return(assert.AnError).Times(1) blueprintRepoMock.EXPECT().GetById(testCtx, testBlueprintID).Return(spec, nil) blueprintRepoMock.EXPECT().Update(testCtx, mock.Anything).Return(nil).Times(2) - sut := EcosystemConfigUseCase{blueprintRepository: blueprintRepoMock, doguConfigRepository: doguConfigMock, doguSensitiveConfigRepository: sensitiveDoguConfigMock, globalConfigRepository: globalConfigMock, encryptionAdapter: encryptionMock} + sut := EcosystemConfigUseCase{blueprintRepository: blueprintRepoMock, doguConfigRepository: doguConfigMock, doguSensitiveConfigRepository: sensitiveDoguConfigMock, globalConfigRepository: globalConfigMock} // when err := sut.ApplyConfig(testCtx, testBlueprintID) @@ -207,7 +197,7 @@ func TestEcosystemConfigUseCase_ApplyConfig(t *testing.T) { require.NoError(t, err) assert.Equal(t, spec.Status, domain.StatusPhaseApplyRegistryConfigFailed) assert.Len(t, spec.Events, 2) - assert.Equal(t, spec.Events[1].Message(), "assert.AnError general error for testing\nassert.AnError general error for testing\nassert.AnError general error for testing\nassert.AnError general error for testing") + assert.Equal(t, spec.Events[1].Message(), "assert.AnError general error for testing\nassert.AnError general error for testing\nassert.AnError general error for testing") }) } @@ -215,7 +205,7 @@ func TestEcosystemConfigUseCase_applyDoguConfigDiffs(t *testing.T) { t.Run("should save diffs with action set", func(t *testing.T) { // given doguConfigMock := newMockDoguConfigEntryRepository(t) - sut := NewEcosystemConfigUseCase(nil, doguConfigMock, nil, nil, nil) + sut := NewEcosystemConfigUseCase(nil, doguConfigMock, nil, nil) diff1 := getSetDoguConfigEntryDiff("/key", "value", testSimpleDoguNameRedmine) diff2 := getSetDoguConfigEntryDiff("/key1", "value1", testSimpleDoguNameRedmine) byAction := map[domain.ConfigAction]domain.DoguConfigDiffs{domain.ConfigActionSet: {diff1, diff2}} @@ -241,7 +231,7 @@ func TestEcosystemConfigUseCase_applyDoguConfigDiffs(t *testing.T) { t.Run("should delete diffs with action remove", func(t *testing.T) { // given doguConfigMock := newMockDoguConfigEntryRepository(t) - sut := NewEcosystemConfigUseCase(nil, doguConfigMock, nil, nil, nil) + sut := NewEcosystemConfigUseCase(nil, doguConfigMock, nil, nil) diff1 := getRemoveDoguConfigEntryDiff("/key", testSimpleDoguNameRedmine) diff2 := getRemoveDoguConfigEntryDiff("/key1", testSimpleDoguNameRedmine) byAction := map[domain.ConfigAction]domain.DoguConfigDiffs{domain.ConfigActionRemove: {diff1, diff2}} @@ -261,7 +251,7 @@ func TestEcosystemConfigUseCase_applyDoguConfigDiffs(t *testing.T) { t.Run("should return nil on action none", func(t *testing.T) { // given doguConfigMock := newMockDoguConfigEntryRepository(t) - sut := NewEcosystemConfigUseCase(nil, doguConfigMock, nil, nil, nil) + sut := NewEcosystemConfigUseCase(nil, doguConfigMock, nil, nil) diff1 := domain.DoguConfigEntryDiff{ NeededAction: domain.ConfigActionNone, } @@ -279,7 +269,7 @@ func TestEcosystemConfigUseCase_applyGlobalConfigDiffs(t *testing.T) { t.Run("should save diffs with action set", func(t *testing.T) { // given globalConfigMock := newMockGlobalConfigEntryRepository(t) - sut := NewEcosystemConfigUseCase(nil, nil, nil, globalConfigMock, nil) + sut := NewEcosystemConfigUseCase(nil, nil, nil, globalConfigMock) diff1 := getSetGlobalConfigEntryDiff("/key", "value") diff2 := getSetGlobalConfigEntryDiff("/key1", "value1") byAction := map[domain.ConfigAction][]domain.GlobalConfigEntryDiff{domain.ConfigActionSet: {diff1, diff2}} @@ -305,7 +295,7 @@ func TestEcosystemConfigUseCase_applyGlobalConfigDiffs(t *testing.T) { t.Run("should delete diffs with action remove", func(t *testing.T) { // given globalConfigMock := newMockGlobalConfigEntryRepository(t) - sut := NewEcosystemConfigUseCase(nil, nil, nil, globalConfigMock, nil) + sut := NewEcosystemConfigUseCase(nil, nil, nil, globalConfigMock) diff1 := getRemoveGlobalConfigEntryDiff("/key") diff2 := getRemoveGlobalConfigEntryDiff("/key1") byAction := map[domain.ConfigAction][]domain.GlobalConfigEntryDiff{domain.ConfigActionRemove: {diff1, diff2}} @@ -321,7 +311,7 @@ func TestEcosystemConfigUseCase_applyGlobalConfigDiffs(t *testing.T) { t.Run("should return nil on action none", func(t *testing.T) { // given - sut := NewEcosystemConfigUseCase(nil, nil, nil, newMockGlobalConfigEntryRepository(t), nil) + sut := NewEcosystemConfigUseCase(nil, nil, nil, newMockGlobalConfigEntryRepository(t)) diff1 := domain.GlobalConfigEntryDiff{ NeededAction: domain.ConfigActionNone, } @@ -336,26 +326,21 @@ func TestEcosystemConfigUseCase_applyGlobalConfigDiffs(t *testing.T) { } func TestEcosystemConfigUseCase_applySensitiveDoguConfigDiffs(t *testing.T) { - t.Run("should save diffs with action setEncrypted", func(t *testing.T) { + t.Run("should save diffs with action set", func(t *testing.T) { // given sensitiveDoguConfigMock := newMockSensitiveDoguConfigEntryRepository(t) - encryptionMock := newMockConfigEncryptionAdapter(t) - sut := NewEcosystemConfigUseCase(nil, nil, sensitiveDoguConfigMock, nil, encryptionMock) - diff1 := getSensitiveDoguConfigEntryDiffForAction("key", "value", testSimpleDoguNameRedmine, domain.ConfigActionSetEncrypted) - diff2 := getSensitiveDoguConfigEntryDiffForAction("key1", "value1", testSimpleDoguNameRedmine, domain.ConfigActionSetEncrypted) - byAction := map[domain.ConfigAction]domain.SensitiveDoguConfigDiffs{domain.ConfigActionSetEncrypted: {diff1, diff2}} - - expectedRedmineMapToEncrypt := map[common.SensitiveDoguConfigKey]common.SensitiveDoguConfigValue{diff1.Key: common.SensitiveDoguConfigValue(diff1.Expected.Value), diff2.Key: common.SensitiveDoguConfigValue(diff2.Expected.Value)} - encryptedRedmineEntries := map[common.SensitiveDoguConfigKey]common.EncryptedDoguConfigValue{diff1.Key: common.EncryptedDoguConfigValue("encrypted_value"), diff2.Key: common.EncryptedDoguConfigValue("encrypted_value1")} - encryptionMock.EXPECT().EncryptAll(testCtx, expectedRedmineMapToEncrypt).Return(encryptedRedmineEntries, nil) + sut := NewEcosystemConfigUseCase(nil, nil, sensitiveDoguConfigMock, nil) + diff1 := getSensitiveDoguConfigEntryDiffForAction("key1", "value1", testSimpleDoguNameRedmine, domain.ConfigActionSet) + diff2 := getSensitiveDoguConfigEntryDiffForAction("key2", "value2", testSimpleDoguNameRedmine, domain.ConfigActionSet) + byAction := map[domain.ConfigAction]domain.SensitiveDoguConfigDiffs{domain.ConfigActionSet: {diff1, diff2}} expectedEntry1 := &ecosystem.SensitiveDoguConfigEntry{ Key: common.SensitiveDoguConfigKey{DoguConfigKey: common.DoguConfigKey{DoguName: testSimpleDoguNameRedmine, Key: diff1.Key.Key}}, - Value: common.EncryptedDoguConfigValue("encrypted_value"), + Value: common.EncryptedDoguConfigValue("value1"), } expectedEntry2 := &ecosystem.SensitiveDoguConfigEntry{ Key: common.SensitiveDoguConfigKey{DoguConfigKey: common.DoguConfigKey{DoguName: testSimpleDoguNameRedmine, Key: diff2.Key.Key}}, - Value: common.EncryptedDoguConfigValue("encrypted_value1"), + Value: common.EncryptedDoguConfigValue("value2"), } sensitiveDoguConfigMock.EXPECT().SaveAll(testCtx, []*ecosystem.SensitiveDoguConfigEntry{expectedEntry1, expectedEntry2}).Return(nil).Times(1) @@ -367,36 +352,10 @@ func TestEcosystemConfigUseCase_applySensitiveDoguConfigDiffs(t *testing.T) { require.NoError(t, err) }) - t.Run("should save diffs with action setToEncrypt", func(t *testing.T) { - // given - sensitiveDoguConfigMock := newMockSensitiveDoguConfigEntryRepository(t) - sut := NewEcosystemConfigUseCase(nil, nil, sensitiveDoguConfigMock, nil, nil) - diff1 := getSensitiveDoguConfigEntryDiffForAction("key", "value", testSimpleDoguNameRedmine, domain.ConfigActionSetToEncrypt) - diff2 := getSensitiveDoguConfigEntryDiffForAction("key1", "value1", testSimpleDoguNameRedmine, domain.ConfigActionSetToEncrypt) - byAction := map[domain.ConfigAction]domain.SensitiveDoguConfigDiffs{domain.ConfigActionSetToEncrypt: {diff1, diff2}} - - expectedEntry1 := &ecosystem.SensitiveDoguConfigEntry{ - Key: common.SensitiveDoguConfigKey{DoguConfigKey: common.DoguConfigKey{DoguName: testSimpleDoguNameRedmine, Key: diff1.Key.Key}}, - Value: common.EncryptedDoguConfigValue(diff1.Expected.Value), - } - expectedEntry2 := &ecosystem.SensitiveDoguConfigEntry{ - Key: common.SensitiveDoguConfigKey{DoguConfigKey: common.DoguConfigKey{DoguName: testSimpleDoguNameRedmine, Key: diff2.Key.Key}}, - Value: common.EncryptedDoguConfigValue(diff2.Expected.Value), - } - - sensitiveDoguConfigMock.EXPECT().SaveAllForNotInstalledDogus(testCtx, []*ecosystem.SensitiveDoguConfigEntry{expectedEntry1, expectedEntry2}).Return(nil).Times(1) - - // when - err := sut.applySensitiveDoguConfigDiffs(testCtx, byAction) - - // then - require.NoError(t, err) - }) - t.Run("should delete diffs with action remove", func(t *testing.T) { // given sensitiveDoguConfigMock := newMockSensitiveDoguConfigEntryRepository(t) - sut := NewEcosystemConfigUseCase(nil, nil, sensitiveDoguConfigMock, nil, nil) + sut := NewEcosystemConfigUseCase(nil, nil, sensitiveDoguConfigMock, nil) diff1 := getRemoveSensitiveDoguConfigEntryDiff("key", testSimpleDoguNameRedmine) diff2 := getRemoveSensitiveDoguConfigEntryDiff("key", testSimpleDoguNameRedmine) byAction := map[domain.ConfigAction]domain.SensitiveDoguConfigDiffs{domain.ConfigActionRemove: {diff1, diff2}} @@ -413,73 +372,9 @@ func TestEcosystemConfigUseCase_applySensitiveDoguConfigDiffs(t *testing.T) { require.NoError(t, err) }) - t.Run("should return error on encryption error", func(t *testing.T) { - // given - sensitiveDoguConfigMock := newMockSensitiveDoguConfigEntryRepository(t) - encryptionMock := newMockConfigEncryptionAdapter(t) - encryptionMock.EXPECT().EncryptAll(testCtx, mock.Anything).Return(nil, assert.AnError) - - diff := getSensitiveDoguConfigEntryDiffForAction("key", "value", testSimpleDoguNameRedmine, domain.ConfigActionSetEncrypted) - byAction := map[domain.ConfigAction]domain.SensitiveDoguConfigDiffs{domain.ConfigActionSetEncrypted: {diff}} - - sut := EcosystemConfigUseCase{encryptionAdapter: encryptionMock, doguSensitiveConfigRepository: sensitiveDoguConfigMock} - - // when - err := sut.applySensitiveDoguConfigDiffs(testCtx, byAction) - - // then - require.Error(t, err) - assert.ErrorIs(t, err, assert.AnError) - }) - - t.Run("should return error if map with encrypted values is nil", func(t *testing.T) { - // given - doguConfigMock := newMockDoguConfigEntryRepository(t) - sensitiveDoguConfigMock := newMockSensitiveDoguConfigEntryRepository(t) - globalConfigMock := newMockGlobalConfigEntryRepository(t) - encryptionMock := newMockConfigEncryptionAdapter(t) - encryptionMock.EXPECT().EncryptAll(testCtx, mock.Anything).Return(nil, nil) - - diff := getSensitiveDoguConfigEntryDiffForAction("key", "value", testSimpleDoguNameRedmine, domain.ConfigActionSetEncrypted) - byAction := map[domain.ConfigAction]domain.SensitiveDoguConfigDiffs{domain.ConfigActionSetEncrypted: {diff}} - - sut := EcosystemConfigUseCase{doguConfigRepository: doguConfigMock, doguSensitiveConfigRepository: sensitiveDoguConfigMock, globalConfigRepository: globalConfigMock, encryptionAdapter: encryptionMock} - - // when - err := sut.applySensitiveDoguConfigDiffs(testCtx, byAction) - - // then - require.Error(t, err) - assert.ErrorContains(t, err, "encrypted entry value map is nil: sensitive dogu config error") - }) - - t.Run("should return error if map contains not required sensitive dogu config key", func(t *testing.T) { - // given - doguConfigMock := newMockDoguConfigEntryRepository(t) - sensitiveDoguConfigMock := newMockSensitiveDoguConfigEntryRepository(t) - globalConfigMock := newMockGlobalConfigEntryRepository(t) - encryptionMock := newMockConfigEncryptionAdapter(t) - - diff := getSensitiveDoguConfigEntryDiffForAction("key", "value", testSimpleDoguNameRedmine, domain.ConfigActionSetEncrypted) - byAction := map[domain.ConfigAction]domain.SensitiveDoguConfigDiffs{domain.ConfigActionSetEncrypted: {diff}} - expectedRedmineMapToEncrypt := map[common.SensitiveDoguConfigKey]common.SensitiveDoguConfigValue{diff.Key: common.SensitiveDoguConfigValue(diff.Expected.Value)} - otherKey := common.SensitiveDoguConfigKey{} - encryptedRedmineEntries := map[common.SensitiveDoguConfigKey]common.EncryptedDoguConfigValue{otherKey: common.EncryptedDoguConfigValue("encrypted_value")} - encryptionMock.EXPECT().EncryptAll(testCtx, expectedRedmineMapToEncrypt).Return(encryptedRedmineEntries, nil) - - sut := EcosystemConfigUseCase{doguConfigRepository: doguConfigMock, doguSensitiveConfigRepository: sensitiveDoguConfigMock, globalConfigRepository: globalConfigMock, encryptionAdapter: encryptionMock} - - // when - err := sut.applySensitiveDoguConfigDiffs(testCtx, byAction) - - // then - require.Error(t, err) - assert.ErrorContains(t, err, "did not find encrypted value for key key: sensitive dogu config error") - }) - t.Run("should return nil on action none", func(t *testing.T) { // given - sut := NewEcosystemConfigUseCase(nil, nil, newMockSensitiveDoguConfigEntryRepository(t), nil, nil) + sut := NewEcosystemConfigUseCase(nil, nil, newMockSensitiveDoguConfigEntryRepository(t), nil) diff1 := domain.SensitiveDoguConfigEntryDiff{ NeededAction: domain.ConfigActionNone, } @@ -624,7 +519,7 @@ func TestNewEcosystemConfigUseCase(t *testing.T) { globalConfigMock := newMockGlobalConfigEntryRepository(t) // when - useCase := NewEcosystemConfigUseCase(blueprintRepoMock, doguConfigMock, sensitiveDoguConfigMock, globalConfigMock, nil) + useCase := NewEcosystemConfigUseCase(blueprintRepoMock, doguConfigMock, sensitiveDoguConfigMock, globalConfigMock) // then assert.Equal(t, blueprintRepoMock, useCase.blueprintRepository) diff --git a/pkg/application/interfaces.go b/pkg/application/interfaces.go index e91649fc..f69e51d4 100644 --- a/pkg/application/interfaces.go +++ b/pkg/application/interfaces.go @@ -120,11 +120,6 @@ type sensitiveDoguConfigRepository interface { domainservice.SensitiveDoguConfigRepository } -// TODO: remove this when refactoring is done -type configEncryptionAdapter interface { - domainservice.ConfigEncryptionAdapter -} - type doguRestartRepository interface { domainservice.DoguRestartRepository } diff --git a/pkg/application/mock_configEncryptionAdapter_test.go b/pkg/application/mock_configEncryptionAdapter_test.go deleted file mode 100644 index 44c14d6c..00000000 --- a/pkg/application/mock_configEncryptionAdapter_test.go +++ /dev/null @@ -1,272 +0,0 @@ -// Code generated by mockery v2.42.1. DO NOT EDIT. - -package application - -import ( - context "context" - - common "github.com/cloudogu/k8s-blueprint-operator/pkg/domain/common" - - mock "github.com/stretchr/testify/mock" -) - -// mockConfigEncryptionAdapter is an autogenerated mock type for the configEncryptionAdapter type -type mockConfigEncryptionAdapter struct { - mock.Mock -} - -type mockConfigEncryptionAdapter_Expecter struct { - mock *mock.Mock -} - -func (_m *mockConfigEncryptionAdapter) EXPECT() *mockConfigEncryptionAdapter_Expecter { - return &mockConfigEncryptionAdapter_Expecter{mock: &_m.Mock} -} - -// Decrypt provides a mock function with given fields: _a0, _a1, _a2 -func (_m *mockConfigEncryptionAdapter) Decrypt(_a0 context.Context, _a1 common.SimpleDoguName, _a2 common.EncryptedDoguConfigValue) (common.SensitiveDoguConfigValue, error) { - ret := _m.Called(_a0, _a1, _a2) - - if len(ret) == 0 { - panic("no return value specified for Decrypt") - } - - var r0 common.SensitiveDoguConfigValue - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, common.SimpleDoguName, common.EncryptedDoguConfigValue) (common.SensitiveDoguConfigValue, error)); ok { - return rf(_a0, _a1, _a2) - } - if rf, ok := ret.Get(0).(func(context.Context, common.SimpleDoguName, common.EncryptedDoguConfigValue) common.SensitiveDoguConfigValue); ok { - r0 = rf(_a0, _a1, _a2) - } else { - r0 = ret.Get(0).(common.SensitiveDoguConfigValue) - } - - if rf, ok := ret.Get(1).(func(context.Context, common.SimpleDoguName, common.EncryptedDoguConfigValue) error); ok { - r1 = rf(_a0, _a1, _a2) - } else { - r1 = ret.Error(1) - } - - return r0, r1 -} - -// mockConfigEncryptionAdapter_Decrypt_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'Decrypt' -type mockConfigEncryptionAdapter_Decrypt_Call struct { - *mock.Call -} - -// Decrypt is a helper method to define mock.On call -// - _a0 context.Context -// - _a1 common.SimpleDoguName -// - _a2 common.EncryptedDoguConfigValue -func (_e *mockConfigEncryptionAdapter_Expecter) Decrypt(_a0 interface{}, _a1 interface{}, _a2 interface{}) *mockConfigEncryptionAdapter_Decrypt_Call { - return &mockConfigEncryptionAdapter_Decrypt_Call{Call: _e.mock.On("Decrypt", _a0, _a1, _a2)} -} - -func (_c *mockConfigEncryptionAdapter_Decrypt_Call) Run(run func(_a0 context.Context, _a1 common.SimpleDoguName, _a2 common.EncryptedDoguConfigValue)) *mockConfigEncryptionAdapter_Decrypt_Call { - _c.Call.Run(func(args mock.Arguments) { - run(args[0].(context.Context), args[1].(common.SimpleDoguName), args[2].(common.EncryptedDoguConfigValue)) - }) - return _c -} - -func (_c *mockConfigEncryptionAdapter_Decrypt_Call) Return(_a0 common.SensitiveDoguConfigValue, _a1 error) *mockConfigEncryptionAdapter_Decrypt_Call { - _c.Call.Return(_a0, _a1) - return _c -} - -func (_c *mockConfigEncryptionAdapter_Decrypt_Call) RunAndReturn(run func(context.Context, common.SimpleDoguName, common.EncryptedDoguConfigValue) (common.SensitiveDoguConfigValue, error)) *mockConfigEncryptionAdapter_Decrypt_Call { - _c.Call.Return(run) - return _c -} - -// DecryptAll provides a mock function with given fields: _a0, _a1 -func (_m *mockConfigEncryptionAdapter) DecryptAll(_a0 context.Context, _a1 map[common.SensitiveDoguConfigKey]common.EncryptedDoguConfigValue) (map[common.SensitiveDoguConfigKey]common.SensitiveDoguConfigValue, error) { - ret := _m.Called(_a0, _a1) - - if len(ret) == 0 { - panic("no return value specified for DecryptAll") - } - - var r0 map[common.SensitiveDoguConfigKey]common.SensitiveDoguConfigValue - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, map[common.SensitiveDoguConfigKey]common.EncryptedDoguConfigValue) (map[common.SensitiveDoguConfigKey]common.SensitiveDoguConfigValue, error)); ok { - return rf(_a0, _a1) - } - if rf, ok := ret.Get(0).(func(context.Context, map[common.SensitiveDoguConfigKey]common.EncryptedDoguConfigValue) map[common.SensitiveDoguConfigKey]common.SensitiveDoguConfigValue); ok { - r0 = rf(_a0, _a1) - } else { - if ret.Get(0) != nil { - r0 = ret.Get(0).(map[common.SensitiveDoguConfigKey]common.SensitiveDoguConfigValue) - } - } - - if rf, ok := ret.Get(1).(func(context.Context, map[common.SensitiveDoguConfigKey]common.EncryptedDoguConfigValue) error); ok { - r1 = rf(_a0, _a1) - } else { - r1 = ret.Error(1) - } - - return r0, r1 -} - -// mockConfigEncryptionAdapter_DecryptAll_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'DecryptAll' -type mockConfigEncryptionAdapter_DecryptAll_Call struct { - *mock.Call -} - -// DecryptAll is a helper method to define mock.On call -// - _a0 context.Context -// - _a1 map[common.SensitiveDoguConfigKey]common.EncryptedDoguConfigValue -func (_e *mockConfigEncryptionAdapter_Expecter) DecryptAll(_a0 interface{}, _a1 interface{}) *mockConfigEncryptionAdapter_DecryptAll_Call { - return &mockConfigEncryptionAdapter_DecryptAll_Call{Call: _e.mock.On("DecryptAll", _a0, _a1)} -} - -func (_c *mockConfigEncryptionAdapter_DecryptAll_Call) Run(run func(_a0 context.Context, _a1 map[common.SensitiveDoguConfigKey]common.EncryptedDoguConfigValue)) *mockConfigEncryptionAdapter_DecryptAll_Call { - _c.Call.Run(func(args mock.Arguments) { - run(args[0].(context.Context), args[1].(map[common.SensitiveDoguConfigKey]common.EncryptedDoguConfigValue)) - }) - return _c -} - -func (_c *mockConfigEncryptionAdapter_DecryptAll_Call) Return(_a0 map[common.SensitiveDoguConfigKey]common.SensitiveDoguConfigValue, _a1 error) *mockConfigEncryptionAdapter_DecryptAll_Call { - _c.Call.Return(_a0, _a1) - return _c -} - -func (_c *mockConfigEncryptionAdapter_DecryptAll_Call) RunAndReturn(run func(context.Context, map[common.SensitiveDoguConfigKey]common.EncryptedDoguConfigValue) (map[common.SensitiveDoguConfigKey]common.SensitiveDoguConfigValue, error)) *mockConfigEncryptionAdapter_DecryptAll_Call { - _c.Call.Return(run) - return _c -} - -// Encrypt provides a mock function with given fields: _a0, _a1, _a2 -func (_m *mockConfigEncryptionAdapter) Encrypt(_a0 context.Context, _a1 common.SimpleDoguName, _a2 common.SensitiveDoguConfigValue) (common.EncryptedDoguConfigValue, error) { - ret := _m.Called(_a0, _a1, _a2) - - if len(ret) == 0 { - panic("no return value specified for Encrypt") - } - - var r0 common.EncryptedDoguConfigValue - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, common.SimpleDoguName, common.SensitiveDoguConfigValue) (common.EncryptedDoguConfigValue, error)); ok { - return rf(_a0, _a1, _a2) - } - if rf, ok := ret.Get(0).(func(context.Context, common.SimpleDoguName, common.SensitiveDoguConfigValue) common.EncryptedDoguConfigValue); ok { - r0 = rf(_a0, _a1, _a2) - } else { - r0 = ret.Get(0).(common.EncryptedDoguConfigValue) - } - - if rf, ok := ret.Get(1).(func(context.Context, common.SimpleDoguName, common.SensitiveDoguConfigValue) error); ok { - r1 = rf(_a0, _a1, _a2) - } else { - r1 = ret.Error(1) - } - - return r0, r1 -} - -// mockConfigEncryptionAdapter_Encrypt_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'Encrypt' -type mockConfigEncryptionAdapter_Encrypt_Call struct { - *mock.Call -} - -// Encrypt is a helper method to define mock.On call -// - _a0 context.Context -// - _a1 common.SimpleDoguName -// - _a2 common.SensitiveDoguConfigValue -func (_e *mockConfigEncryptionAdapter_Expecter) Encrypt(_a0 interface{}, _a1 interface{}, _a2 interface{}) *mockConfigEncryptionAdapter_Encrypt_Call { - return &mockConfigEncryptionAdapter_Encrypt_Call{Call: _e.mock.On("Encrypt", _a0, _a1, _a2)} -} - -func (_c *mockConfigEncryptionAdapter_Encrypt_Call) Run(run func(_a0 context.Context, _a1 common.SimpleDoguName, _a2 common.SensitiveDoguConfigValue)) *mockConfigEncryptionAdapter_Encrypt_Call { - _c.Call.Run(func(args mock.Arguments) { - run(args[0].(context.Context), args[1].(common.SimpleDoguName), args[2].(common.SensitiveDoguConfigValue)) - }) - return _c -} - -func (_c *mockConfigEncryptionAdapter_Encrypt_Call) Return(_a0 common.EncryptedDoguConfigValue, _a1 error) *mockConfigEncryptionAdapter_Encrypt_Call { - _c.Call.Return(_a0, _a1) - return _c -} - -func (_c *mockConfigEncryptionAdapter_Encrypt_Call) RunAndReturn(run func(context.Context, common.SimpleDoguName, common.SensitiveDoguConfigValue) (common.EncryptedDoguConfigValue, error)) *mockConfigEncryptionAdapter_Encrypt_Call { - _c.Call.Return(run) - return _c -} - -// EncryptAll provides a mock function with given fields: _a0, _a1 -func (_m *mockConfigEncryptionAdapter) EncryptAll(_a0 context.Context, _a1 map[common.SensitiveDoguConfigKey]common.SensitiveDoguConfigValue) (map[common.SensitiveDoguConfigKey]common.EncryptedDoguConfigValue, error) { - ret := _m.Called(_a0, _a1) - - if len(ret) == 0 { - panic("no return value specified for EncryptAll") - } - - var r0 map[common.SensitiveDoguConfigKey]common.EncryptedDoguConfigValue - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, map[common.SensitiveDoguConfigKey]common.SensitiveDoguConfigValue) (map[common.SensitiveDoguConfigKey]common.EncryptedDoguConfigValue, error)); ok { - return rf(_a0, _a1) - } - if rf, ok := ret.Get(0).(func(context.Context, map[common.SensitiveDoguConfigKey]common.SensitiveDoguConfigValue) map[common.SensitiveDoguConfigKey]common.EncryptedDoguConfigValue); ok { - r0 = rf(_a0, _a1) - } else { - if ret.Get(0) != nil { - r0 = ret.Get(0).(map[common.SensitiveDoguConfigKey]common.EncryptedDoguConfigValue) - } - } - - if rf, ok := ret.Get(1).(func(context.Context, map[common.SensitiveDoguConfigKey]common.SensitiveDoguConfigValue) error); ok { - r1 = rf(_a0, _a1) - } else { - r1 = ret.Error(1) - } - - return r0, r1 -} - -// mockConfigEncryptionAdapter_EncryptAll_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'EncryptAll' -type mockConfigEncryptionAdapter_EncryptAll_Call struct { - *mock.Call -} - -// EncryptAll is a helper method to define mock.On call -// - _a0 context.Context -// - _a1 map[common.SensitiveDoguConfigKey]common.SensitiveDoguConfigValue -func (_e *mockConfigEncryptionAdapter_Expecter) EncryptAll(_a0 interface{}, _a1 interface{}) *mockConfigEncryptionAdapter_EncryptAll_Call { - return &mockConfigEncryptionAdapter_EncryptAll_Call{Call: _e.mock.On("EncryptAll", _a0, _a1)} -} - -func (_c *mockConfigEncryptionAdapter_EncryptAll_Call) Run(run func(_a0 context.Context, _a1 map[common.SensitiveDoguConfigKey]common.SensitiveDoguConfigValue)) *mockConfigEncryptionAdapter_EncryptAll_Call { - _c.Call.Run(func(args mock.Arguments) { - run(args[0].(context.Context), args[1].(map[common.SensitiveDoguConfigKey]common.SensitiveDoguConfigValue)) - }) - return _c -} - -func (_c *mockConfigEncryptionAdapter_EncryptAll_Call) Return(_a0 map[common.SensitiveDoguConfigKey]common.EncryptedDoguConfigValue, _a1 error) *mockConfigEncryptionAdapter_EncryptAll_Call { - _c.Call.Return(_a0, _a1) - return _c -} - -func (_c *mockConfigEncryptionAdapter_EncryptAll_Call) RunAndReturn(run func(context.Context, map[common.SensitiveDoguConfigKey]common.SensitiveDoguConfigValue) (map[common.SensitiveDoguConfigKey]common.EncryptedDoguConfigValue, error)) *mockConfigEncryptionAdapter_EncryptAll_Call { - _c.Call.Return(run) - return _c -} - -// newMockConfigEncryptionAdapter creates a new instance of mockConfigEncryptionAdapter. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. -// The first argument is typically a *testing.T value. -func newMockConfigEncryptionAdapter(t interface { - mock.TestingT - Cleanup(func()) -}) *mockConfigEncryptionAdapter { - mock := &mockConfigEncryptionAdapter{} - mock.Mock.Test(t) - - t.Cleanup(func() { mock.AssertExpectations(t) }) - - return mock -} diff --git a/pkg/application/stateDiffUseCase.go b/pkg/application/stateDiffUseCase.go index 2e2a0731..28a92037 100644 --- a/pkg/application/stateDiffUseCase.go +++ b/pkg/application/stateDiffUseCase.go @@ -19,7 +19,6 @@ type StateDiffUseCase struct { globalConfigRepo globalConfigEntryRepository doguConfigRepo doguConfigEntryRepository sensitiveDoguConfigRepo sensitiveDoguConfigEntryRepository - encryptionAdapter configEncryptionAdapter } func NewStateDiffUseCase( @@ -29,7 +28,6 @@ func NewStateDiffUseCase( globalConfigRepo domainservice.GlobalConfigEntryRepository, doguConfigRepo domainservice.DoguConfigEntryRepository, sensitiveDoguConfigRepo domainservice.SensitiveDoguConfigEntryRepository, - encryptionAdapter configEncryptionAdapter, ) *StateDiffUseCase { return &StateDiffUseCase{ blueprintSpecRepo: blueprintSpecRepo, @@ -38,7 +36,6 @@ func NewStateDiffUseCase( globalConfigRepo: globalConfigRepo, doguConfigRepo: doguConfigRepo, sensitiveDoguConfigRepo: sensitiveDoguConfigRepo, - encryptionAdapter: encryptionAdapter, } } @@ -110,19 +107,9 @@ func (useCase *StateDiffUseCase) collectEcosystemState(ctx context.Context, effe return ecosystem.EcosystemState{}, fmt.Errorf("could not collect ecosystem state: %w", joinedError) } - encryptedConfig := map[common.SensitiveDoguConfigKey]common.EncryptedDoguConfigValue{} + sensitiveConfig := map[common.SensitiveDoguConfigKey]common.SensitiveDoguConfigValue{} for key, entry := range sensitiveDoguConfig { - encryptedConfig[key] = entry.Value - } - - logger.Info("decrypt sensitive dogu config") - decryptedConfig, err := useCase.encryptionAdapter.DecryptAll(ctx, encryptedConfig) - if err != nil { - // we cannot ignore any error type here: - // - InternalError -> there could be a network error -> retry by reconciliation - // - NotFoundError -> we only have encrypted values to decrypt, therefore the encryption key pair should be present - // if the key pair is not present, we could have a serious problem or there is config for a not installed dogu - return ecosystem.EcosystemState{}, fmt.Errorf("could not decrypt sensitive dogu config: %w", err) + sensitiveConfig[key] = common.SensitiveDoguConfigValue(entry.Value) } return ecosystem.EcosystemState{ @@ -131,6 +118,6 @@ func (useCase *StateDiffUseCase) collectEcosystemState(ctx context.Context, effe GlobalConfig: globalConfig, DoguConfig: doguConfig, EncryptedDoguConfig: sensitiveDoguConfig, - DecryptedSensitiveDoguConfig: decryptedConfig, + DecryptedSensitiveDoguConfig: sensitiveConfig, }, nil } diff --git a/pkg/application/stateDiffUseCase_test.go b/pkg/application/stateDiffUseCase_test.go index b7910c44..703706a1 100644 --- a/pkg/application/stateDiffUseCase_test.go +++ b/pkg/application/stateDiffUseCase_test.go @@ -48,7 +48,7 @@ func TestStateDiffUseCase_DetermineStateDiff(t *testing.T) { doguInstallRepoMock := newMockDoguInstallationRepository(t) componentInstallRepoMock := newMockComponentInstallationRepository(t) - sut := NewStateDiffUseCase(blueprintRepoMock, doguInstallRepoMock, componentInstallRepoMock, nil, nil, nil, nil) + sut := NewStateDiffUseCase(blueprintRepoMock, doguInstallRepoMock, componentInstallRepoMock, nil, nil, nil) // when err := sut.DetermineStateDiff(testCtx, "testBlueprint1") @@ -75,9 +75,8 @@ func TestStateDiffUseCase_DetermineStateDiff(t *testing.T) { doguConfigRepoMock.EXPECT().GetAllByKey(testCtx, []common.DoguConfigKey(nil)).Return(map[common.DoguConfigKey]*ecosystem.DoguConfigEntry{}, nil) sensitiveDoguConfigRepoMock := newMockSensitiveDoguConfigEntryRepository(t) sensitiveDoguConfigRepoMock.EXPECT().GetAllByKey(testCtx, []common.SensitiveDoguConfigKey(nil)).Return(map[common.SensitiveDoguConfigKey]*ecosystem.SensitiveDoguConfigEntry{}, nil) - encryptionAdapterMock := newMockConfigEncryptionAdapter(t) - sut := NewStateDiffUseCase(blueprintRepoMock, doguInstallRepoMock, componentInstallRepoMock, globalConfigRepoMock, doguConfigRepoMock, sensitiveDoguConfigRepoMock, encryptionAdapterMock) + sut := NewStateDiffUseCase(blueprintRepoMock, doguInstallRepoMock, componentInstallRepoMock, globalConfigRepoMock, doguConfigRepoMock, sensitiveDoguConfigRepoMock) // when err := sut.DetermineStateDiff(testCtx, "testBlueprint1") @@ -105,9 +104,8 @@ func TestStateDiffUseCase_DetermineStateDiff(t *testing.T) { doguConfigRepoMock.EXPECT().GetAllByKey(testCtx, []common.DoguConfigKey(nil)).Return(map[common.DoguConfigKey]*ecosystem.DoguConfigEntry{}, nil) sensitiveDoguConfigRepoMock := newMockSensitiveDoguConfigEntryRepository(t) sensitiveDoguConfigRepoMock.EXPECT().GetAllByKey(testCtx, []common.SensitiveDoguConfigKey(nil)).Return(map[common.SensitiveDoguConfigKey]*ecosystem.SensitiveDoguConfigEntry{}, nil) - encryptionAdapterMock := newMockConfigEncryptionAdapter(t) - sut := NewStateDiffUseCase(blueprintRepoMock, doguInstallRepoMock, componentInstallRepoMock, globalConfigRepoMock, doguConfigRepoMock, sensitiveDoguConfigRepoMock, encryptionAdapterMock) + sut := NewStateDiffUseCase(blueprintRepoMock, doguInstallRepoMock, componentInstallRepoMock, globalConfigRepoMock, doguConfigRepoMock, sensitiveDoguConfigRepoMock) // when err := sut.DetermineStateDiff(testCtx, "testBlueprint1") @@ -137,9 +135,8 @@ func TestStateDiffUseCase_DetermineStateDiff(t *testing.T) { doguConfigRepoMock.EXPECT().GetAllByKey(testCtx, []common.DoguConfigKey(nil)).Return(map[common.DoguConfigKey]*ecosystem.DoguConfigEntry{}, nil) sensitiveDoguConfigRepoMock := newMockSensitiveDoguConfigEntryRepository(t) sensitiveDoguConfigRepoMock.EXPECT().GetAllByKey(testCtx, []common.SensitiveDoguConfigKey(nil)).Return(map[common.SensitiveDoguConfigKey]*ecosystem.SensitiveDoguConfigEntry{}, nil) - encryptionAdapterMock := newMockConfigEncryptionAdapter(t) - sut := NewStateDiffUseCase(blueprintRepoMock, doguInstallRepoMock, componentInstallRepoMock, globalConfigRepoMock, doguConfigRepoMock, sensitiveDoguConfigRepoMock, encryptionAdapterMock) + sut := NewStateDiffUseCase(blueprintRepoMock, doguInstallRepoMock, componentInstallRepoMock, globalConfigRepoMock, doguConfigRepoMock, sensitiveDoguConfigRepoMock) // when err := sut.DetermineStateDiff(testCtx, "testBlueprint1") @@ -171,9 +168,8 @@ func TestStateDiffUseCase_DetermineStateDiff(t *testing.T) { Return(map[common.DoguConfigKey]*ecosystem.DoguConfigEntry{}, domainservice.NewInternalError(assert.AnError, "internal error")) sensitiveDoguConfigRepoMock := newMockSensitiveDoguConfigEntryRepository(t) sensitiveDoguConfigRepoMock.EXPECT().GetAllByKey(testCtx, []common.SensitiveDoguConfigKey(nil)).Return(map[common.SensitiveDoguConfigKey]*ecosystem.SensitiveDoguConfigEntry{}, nil) - encryptionAdapterMock := newMockConfigEncryptionAdapter(t) - sut := NewStateDiffUseCase(blueprintRepoMock, doguInstallRepoMock, componentInstallRepoMock, globalConfigRepoMock, doguConfigRepoMock, sensitiveDoguConfigRepoMock, encryptionAdapterMock) + sut := NewStateDiffUseCase(blueprintRepoMock, doguInstallRepoMock, componentInstallRepoMock, globalConfigRepoMock, doguConfigRepoMock, sensitiveDoguConfigRepoMock) // when err := sut.DetermineStateDiff(testCtx, "testBlueprint1") @@ -205,9 +201,8 @@ func TestStateDiffUseCase_DetermineStateDiff(t *testing.T) { sensitiveDoguConfigRepoMock.EXPECT(). GetAllByKey(testCtx, []common.SensitiveDoguConfigKey(nil)). Return(map[common.SensitiveDoguConfigKey]*ecosystem.SensitiveDoguConfigEntry{}, domainservice.NewInternalError(assert.AnError, "internal error")) - encryptionAdapterMock := newMockConfigEncryptionAdapter(t) - sut := NewStateDiffUseCase(blueprintRepoMock, doguInstallRepoMock, componentInstallRepoMock, globalConfigRepoMock, doguConfigRepoMock, sensitiveDoguConfigRepoMock, encryptionAdapterMock) + sut := NewStateDiffUseCase(blueprintRepoMock, doguInstallRepoMock, componentInstallRepoMock, globalConfigRepoMock, doguConfigRepoMock, sensitiveDoguConfigRepoMock) // when err := sut.DetermineStateDiff(testCtx, "testBlueprint1") @@ -237,10 +232,8 @@ func TestStateDiffUseCase_DetermineStateDiff(t *testing.T) { doguConfigRepoMock.EXPECT().GetAllByKey(testCtx, []common.DoguConfigKey(nil)).Return(map[common.DoguConfigKey]*ecosystem.DoguConfigEntry{}, nil) sensitiveDoguConfigRepoMock := newMockSensitiveDoguConfigEntryRepository(t) sensitiveDoguConfigRepoMock.EXPECT().GetAllByKey(testCtx, []common.SensitiveDoguConfigKey(nil)).Return(map[common.SensitiveDoguConfigKey]*ecosystem.SensitiveDoguConfigEntry{}, nil) - encryptionAdapterMock := newMockConfigEncryptionAdapter(t) - encryptionAdapterMock.EXPECT().DecryptAll(testCtx, map[common.SensitiveDoguConfigKey]common.EncryptedDoguConfigValue{}).Return(nil, nil) - sut := NewStateDiffUseCase(blueprintRepoMock, doguInstallRepoMock, componentInstallRepoMock, globalConfigRepoMock, doguConfigRepoMock, sensitiveDoguConfigRepoMock, encryptionAdapterMock) + sut := NewStateDiffUseCase(blueprintRepoMock, doguInstallRepoMock, componentInstallRepoMock, globalConfigRepoMock, doguConfigRepoMock, sensitiveDoguConfigRepoMock) // when err := sut.DetermineStateDiff(testCtx, "testBlueprint1") @@ -267,10 +260,8 @@ func TestStateDiffUseCase_DetermineStateDiff(t *testing.T) { doguConfigRepoMock.EXPECT().GetAllByKey(testCtx, []common.DoguConfigKey(nil)).Return(map[common.DoguConfigKey]*ecosystem.DoguConfigEntry{}, nil) sensitiveDoguConfigRepoMock := newMockSensitiveDoguConfigEntryRepository(t) sensitiveDoguConfigRepoMock.EXPECT().GetAllByKey(testCtx, []common.SensitiveDoguConfigKey(nil)).Return(map[common.SensitiveDoguConfigKey]*ecosystem.SensitiveDoguConfigEntry{}, nil) - encryptionAdapterMock := newMockConfigEncryptionAdapter(t) - encryptionAdapterMock.EXPECT().DecryptAll(testCtx, map[common.SensitiveDoguConfigKey]common.EncryptedDoguConfigValue{}).Return(nil, nil) - sut := NewStateDiffUseCase(blueprintRepoMock, doguInstallRepoMock, componentInstallRepoMock, globalConfigRepoMock, doguConfigRepoMock, sensitiveDoguConfigRepoMock, encryptionAdapterMock) + sut := NewStateDiffUseCase(blueprintRepoMock, doguInstallRepoMock, componentInstallRepoMock, globalConfigRepoMock, doguConfigRepoMock, sensitiveDoguConfigRepoMock) // when err := sut.DetermineStateDiff(testCtx, "testBlueprint1") @@ -280,36 +271,6 @@ func TestStateDiffUseCase_DetermineStateDiff(t *testing.T) { assert.ErrorIs(t, err, assert.AnError) assert.ErrorContains(t, err, "cannot save blueprint spec \"testBlueprint1\" after determining the state diff to the ecosystem") }) - t.Run("should fail to decrypt config", func(t *testing.T) { - // given - blueprint := &domain.BlueprintSpec{Id: "testBlueprint1", Status: domain.StatusPhaseValidated} - - blueprintRepoMock := newMockBlueprintSpecRepository(t) - blueprintRepoMock.EXPECT().GetById(testCtx, "testBlueprint1").Return(blueprint, nil) - - doguInstallRepoMock := newMockDoguInstallationRepository(t) - doguInstallRepoMock.EXPECT().GetAll(testCtx).Return(map[common.SimpleDoguName]*ecosystem.DoguInstallation{}, nil) - componentInstallRepoMock := newMockComponentInstallationRepository(t) - componentInstallRepoMock.EXPECT().GetAll(testCtx).Return(nil, nil) - globalConfigRepoMock := newMockGlobalConfigEntryRepository(t) - globalConfigRepoMock.EXPECT().GetAllByKey(testCtx, blueprint.EffectiveBlueprint.Config.Global.GetGlobalConfigKeys()).Return(map[common.GlobalConfigKey]*ecosystem.GlobalConfigEntry{}, nil) - doguConfigRepoMock := newMockDoguConfigEntryRepository(t) - doguConfigRepoMock.EXPECT().GetAllByKey(testCtx, []common.DoguConfigKey(nil)).Return(map[common.DoguConfigKey]*ecosystem.DoguConfigEntry{}, nil) - sensitiveDoguConfigRepoMock := newMockSensitiveDoguConfigEntryRepository(t) - sensitiveDoguConfigRepoMock.EXPECT().GetAllByKey(testCtx, []common.SensitiveDoguConfigKey(nil)).Return(map[common.SensitiveDoguConfigKey]*ecosystem.SensitiveDoguConfigEntry{}, nil) - encryptionAdapterMock := newMockConfigEncryptionAdapter(t) - encryptionAdapterMock.EXPECT().DecryptAll(testCtx, map[common.SensitiveDoguConfigKey]common.EncryptedDoguConfigValue{}).Return(nil, internalTestError) - - sut := NewStateDiffUseCase(blueprintRepoMock, doguInstallRepoMock, componentInstallRepoMock, globalConfigRepoMock, doguConfigRepoMock, sensitiveDoguConfigRepoMock, encryptionAdapterMock) - - // when - err := sut.DetermineStateDiff(testCtx, "testBlueprint1") - - // then - require.Error(t, err) - assert.ErrorIs(t, err, internalTestError) - assert.ErrorContains(t, err, "could not decrypt sensitive dogu config") - }) t.Run("should succeed for dogu diff", func(t *testing.T) { // given blueprint := &domain.BlueprintSpec{ @@ -360,10 +321,8 @@ func TestStateDiffUseCase_DetermineStateDiff(t *testing.T) { doguConfigRepoMock.EXPECT().GetAllByKey(testCtx, []common.DoguConfigKey(nil)).Return(map[common.DoguConfigKey]*ecosystem.DoguConfigEntry{}, nil) sensitiveDoguConfigRepoMock := newMockSensitiveDoguConfigEntryRepository(t) sensitiveDoguConfigRepoMock.EXPECT().GetAllByKey(testCtx, []common.SensitiveDoguConfigKey(nil)).Return(map[common.SensitiveDoguConfigKey]*ecosystem.SensitiveDoguConfigEntry{}, nil) - encryptionAdapterMock := newMockConfigEncryptionAdapter(t) - encryptionAdapterMock.EXPECT().DecryptAll(testCtx, map[common.SensitiveDoguConfigKey]common.EncryptedDoguConfigValue{}).Return(nil, nil) - sut := NewStateDiffUseCase(blueprintRepoMock, doguInstallRepoMock, componentInstallRepoMock, globalConfigRepoMock, doguConfigRepoMock, sensitiveDoguConfigRepoMock, encryptionAdapterMock) + sut := NewStateDiffUseCase(blueprintRepoMock, doguInstallRepoMock, componentInstallRepoMock, globalConfigRepoMock, doguConfigRepoMock, sensitiveDoguConfigRepoMock) // when err := sut.DetermineStateDiff(testCtx, "testBlueprint1") @@ -463,10 +422,8 @@ func TestStateDiffUseCase_DetermineStateDiff(t *testing.T) { doguConfigRepoMock.EXPECT().GetAllByKey(testCtx, []common.DoguConfigKey(nil)).Return(map[common.DoguConfigKey]*ecosystem.DoguConfigEntry{}, nil) sensitiveDoguConfigRepoMock := newMockSensitiveDoguConfigEntryRepository(t) sensitiveDoguConfigRepoMock.EXPECT().GetAllByKey(testCtx, []common.SensitiveDoguConfigKey(nil)).Return(map[common.SensitiveDoguConfigKey]*ecosystem.SensitiveDoguConfigEntry{}, nil) - encryptionAdapterMock := newMockConfigEncryptionAdapter(t) - encryptionAdapterMock.EXPECT().DecryptAll(testCtx, map[common.SensitiveDoguConfigKey]common.EncryptedDoguConfigValue{}).Return(nil, nil) - sut := NewStateDiffUseCase(blueprintRepoMock, doguInstallRepoMock, componentInstallRepoMock, globalConfigRepoMock, doguConfigRepoMock, sensitiveDoguConfigRepoMock, encryptionAdapterMock) + sut := NewStateDiffUseCase(blueprintRepoMock, doguInstallRepoMock, componentInstallRepoMock, globalConfigRepoMock, doguConfigRepoMock, sensitiveDoguConfigRepoMock) // when err := sut.DetermineStateDiff(testCtx, "testBlueprint1") @@ -548,10 +505,8 @@ func TestStateDiffUseCase_DetermineStateDiff(t *testing.T) { sensitiveDoguConfigRepoMock.EXPECT(). GetAllByKey(testCtx, []common.SensitiveDoguConfigKey(nil)). Return(map[common.SensitiveDoguConfigKey]*ecosystem.SensitiveDoguConfigEntry{}, nil) - encryptionAdapterMock := newMockConfigEncryptionAdapter(t) - encryptionAdapterMock.EXPECT().DecryptAll(testCtx, map[common.SensitiveDoguConfigKey]common.EncryptedDoguConfigValue{}).Return(nil, nil) - sut := NewStateDiffUseCase(blueprintRepoMock, doguInstallRepoMock, componentInstallRepoMock, globalConfigRepoMock, doguConfigRepoMock, sensitiveDoguConfigRepoMock, encryptionAdapterMock) + sut := NewStateDiffUseCase(blueprintRepoMock, doguInstallRepoMock, componentInstallRepoMock, globalConfigRepoMock, doguConfigRepoMock, sensitiveDoguConfigRepoMock) // when err := sut.DetermineStateDiff(testCtx, "testBlueprint1") @@ -628,25 +583,15 @@ func TestStateDiffUseCase_DetermineStateDiff(t *testing.T) { Return(map[common.SensitiveDoguConfigKey]*ecosystem.SensitiveDoguConfigEntry{ nginxStaticSensitiveConfigKeyNginxKey1: { Key: nginxStaticSensitiveConfigKeyNginxKey1, - Value: "encrypted", + Value: "val1", }, nginxStaticSensitiveConfigKeyNginxKey2: { Key: nginxStaticSensitiveConfigKeyNginxKey2, - Value: "encrypted", + Value: "val2", }, }, nil) - encryptionAdapterMock := newMockConfigEncryptionAdapter(t) - encryptionAdapterMock.EXPECT(). - DecryptAll(testCtx, map[common.SensitiveDoguConfigKey]common.EncryptedDoguConfigValue{ - nginxStaticSensitiveConfigKeyNginxKey1: "encrypted", - nginxStaticSensitiveConfigKeyNginxKey2: "encrypted", - }). - Return(map[common.SensitiveDoguConfigKey]common.SensitiveDoguConfigValue{ - nginxStaticSensitiveConfigKeyNginxKey1: "val1", - nginxStaticSensitiveConfigKeyNginxKey2: "val2", - }, nil) - sut := NewStateDiffUseCase(blueprintRepoMock, doguInstallRepoMock, componentInstallRepoMock, globalConfigRepoMock, doguConfigRepoMock, sensitiveDoguConfigRepoMock, encryptionAdapterMock) + sut := NewStateDiffUseCase(blueprintRepoMock, doguInstallRepoMock, componentInstallRepoMock, globalConfigRepoMock, doguConfigRepoMock, sensitiveDoguConfigRepoMock) // when err := sut.DetermineStateDiff(testCtx, "testBlueprint1") @@ -661,7 +606,7 @@ func TestStateDiffUseCase_DetermineStateDiff(t *testing.T) { Key: nginxStaticSensitiveConfigKeyNginxKey1, Actual: domain.DoguConfigValueState{Value: "val1", Exists: true}, Expected: domain.DoguConfigValueState{Value: "nginxVal1", Exists: true}, - NeededAction: domain.ConfigActionSetEncrypted, + NeededAction: domain.ConfigActionSet, DoguAlreadyInstalled: true, }, { @@ -727,7 +672,7 @@ func TestStateDiffUseCase_collectEcosystemState(t *testing.T) { encryptedEntry := &ecosystem.SensitiveDoguConfigEntry{ Key: nginxStaticSensitiveConfigKeyNginxKey1, - Value: "encrypted", + Value: "val1", } doguInstallRepoMock := newMockDoguInstallationRepository(t) @@ -757,16 +702,8 @@ func TestStateDiffUseCase_collectEcosystemState(t *testing.T) { }, sensitiveConfigNotFoundError, ) - encryptionAdapterMock := newMockConfigEncryptionAdapter(t) - encryptionAdapterMock.EXPECT(). - DecryptAll(testCtx, map[common.SensitiveDoguConfigKey]common.EncryptedDoguConfigValue{ - nginxStaticSensitiveConfigKeyNginxKey1: "encrypted", - }). - Return(map[common.SensitiveDoguConfigKey]common.SensitiveDoguConfigValue{ - nginxStaticSensitiveConfigKeyNginxKey1: "val1", - }, nil) - sut := NewStateDiffUseCase(nil, doguInstallRepoMock, componentInstallRepoMock, globalConfigRepoMock, doguConfigRepoMock, sensitiveDoguConfigRepoMock, encryptionAdapterMock) + sut := NewStateDiffUseCase(nil, doguInstallRepoMock, componentInstallRepoMock, globalConfigRepoMock, doguConfigRepoMock, sensitiveDoguConfigRepoMock) // when ecosystemState, err := sut.collectEcosystemState(testCtx, effectiveBlueprint) @@ -848,9 +785,8 @@ func TestStateDiffUseCase_collectEcosystemState(t *testing.T) { map[common.SensitiveDoguConfigKey]*ecosystem.SensitiveDoguConfigEntry{}, internalTestError, ) - encryptionAdapterMock := newMockConfigEncryptionAdapter(t) - sut := NewStateDiffUseCase(nil, doguInstallRepoMock, componentInstallRepoMock, globalConfigRepoMock, doguConfigRepoMock, sensitiveDoguConfigRepoMock, encryptionAdapterMock) + sut := NewStateDiffUseCase(nil, doguInstallRepoMock, componentInstallRepoMock, globalConfigRepoMock, doguConfigRepoMock, sensitiveDoguConfigRepoMock) // when ecosystemState, err := sut.collectEcosystemState(testCtx, effectiveBlueprint) diff --git a/pkg/bootstrap.go b/pkg/bootstrap.go index d768019c..ba9e43bb 100644 --- a/pkg/bootstrap.go +++ b/pkg/bootstrap.go @@ -81,7 +81,6 @@ func Bootstrap(restConfig *rest.Config, eventRecorder record.EventRecorder, name return nil, err } - configEncryptionAdapter := adapterconfig.NewPublicKeyConfigEncryptionAdapter(ecosystemClientSet.CoreV1().Secrets(namespace), configRegistry, namespace) doguConfigAdapter := adapterconfigetcd.NewDoguConfigRepository(configRegistry) sensitiveDoguConfigAdapter := adapterconfigetcd.NewSensitiveDoguConfigRepository(configRegistry) globalConfigAdapter := adapterconfigetcd.NewGlobalConfigRepository(configRegistry.GlobalConfig()) @@ -97,12 +96,12 @@ func Bootstrap(restConfig *rest.Config, eventRecorder record.EventRecorder, name blueprintSpecDomainUseCase := domainservice.NewValidateDependenciesDomainUseCase(remoteDoguRegistry) blueprintValidationUseCase := application.NewBlueprintSpecValidationUseCase(blueprintSpecRepository, blueprintSpecDomainUseCase) effectiveBlueprintUseCase := application.NewEffectiveBlueprintUseCase(blueprintSpecRepository) - stateDiffUseCase := application.NewStateDiffUseCase(blueprintSpecRepository, doguInstallationRepo, componentInstallationRepo, globalConfigAdapter, doguConfigAdapter, combinedSensitiveDoguConfigAdapter, configEncryptionAdapter) + stateDiffUseCase := application.NewStateDiffUseCase(blueprintSpecRepository, doguInstallationRepo, componentInstallationRepo, globalConfigAdapter, doguConfigAdapter, combinedSensitiveDoguConfigAdapter) doguInstallationUseCase := application.NewDoguInstallationUseCase(blueprintSpecRepository, doguInstallationRepo, healthConfigRepo) componentInstallationUseCase := application.NewComponentInstallationUseCase(blueprintSpecRepository, componentInstallationRepo, healthConfigRepo) ecosystemHealthUseCase := application.NewEcosystemHealthUseCase(doguInstallationUseCase, componentInstallationUseCase, healthConfigRepo) applyBlueprintSpecUseCase := application.NewApplyBlueprintSpecUseCase(blueprintSpecRepository, doguInstallationUseCase, ecosystemHealthUseCase, componentInstallationUseCase, maintenanceMode) - registryConfigUseCase := application.NewEcosystemConfigUseCase(blueprintSpecRepository, doguConfigAdapter, combinedSensitiveDoguConfigAdapter, globalConfigAdapter, configEncryptionAdapter) + registryConfigUseCase := application.NewEcosystemConfigUseCase(blueprintSpecRepository, doguConfigAdapter, combinedSensitiveDoguConfigAdapter, globalConfigAdapter) doguRestartUseCase := application.NewDoguRestartUseCase(doguInstallationRepo, blueprintSpecRepository, restartRepository) selfUpgradeUseCase := application.NewSelfUpgradeUseCase(blueprintSpecRepository, componentInstallationRepo, componentInstallationUseCase, blueprintOperatorName.SimpleName, healthConfigRepo) diff --git a/pkg/domain/events_test.go b/pkg/domain/events_test.go index 1738adad..1778faac 100644 --- a/pkg/domain/events_test.go +++ b/pkg/domain/events_test.go @@ -131,13 +131,13 @@ func TestEvents(t *testing.T) { }, SensitiveDoguConfigDiff: []SensitiveDoguConfigEntryDiff{ {NeededAction: ConfigActionNone}, - {NeededAction: ConfigActionSetToEncrypt}, + {NeededAction: ConfigActionSet}, {NeededAction: ConfigActionRemove}, }, }, }}, expectedName: "DoguConfigDiffDetermined", - expectedMessage: "dogu config diff determined: 6 actions (\"none\": 2, \"remove\": 2, \"set\": 1, \"setToEncrypt\": 1)", + expectedMessage: "dogu config diff determined: 6 actions (\"none\": 2, \"remove\": 2, \"set\": 2)", }, { name: "blueprint application pre-processed", diff --git a/pkg/domain/stateDiffConfig.go b/pkg/domain/stateDiffConfig.go index 25d77e19..c5b16442 100644 --- a/pkg/domain/stateDiffConfig.go +++ b/pkg/domain/stateDiffConfig.go @@ -18,11 +18,6 @@ const ( ConfigActionNone ConfigAction = "none" // ConfigActionSet means that the config key needs to be set as given ConfigActionSet ConfigAction = "set" - // ConfigActionSetEncrypted means that the config key needs to be encrypted - ConfigActionSetEncrypted ConfigAction = "setEncrypted" - // ConfigActionSetToEncrypt means that the config key needs to be encrypted but another service needs to do this. - // This can happen if a dogu is not yet installed and therefore no encryption key pair is available. - ConfigActionSetToEncrypt ConfigAction = "setToEncrypt" // ConfigActionRemove means that the config key needs to be deleted ConfigActionRemove ConfigAction = "remove" ) diff --git a/pkg/domain/stateDiffConfig_test.go b/pkg/domain/stateDiffConfig_test.go index 93250bfd..ca74e622 100644 --- a/pkg/domain/stateDiffConfig_test.go +++ b/pkg/domain/stateDiffConfig_test.go @@ -285,7 +285,7 @@ func Test_determineConfigDiff(t *testing.T) { Value: "updated value", Exists: true, }, - NeededAction: ConfigActionSetEncrypted, + NeededAction: ConfigActionSet, }, { Key: sensitiveDogu1Key3, @@ -326,7 +326,7 @@ func Test_determineConfigDiff(t *testing.T) { Value: "value", Exists: true, }, - NeededAction: ConfigActionSetToEncrypt, + NeededAction: ConfigActionSet, }, } assert.ElementsMatch(t, dogusConfigDiffs["dogu1"].SensitiveDoguConfigDiff, entriesDogu1) @@ -367,7 +367,7 @@ func Test_determineConfigDiff(t *testing.T) { Value: "value", Exists: true, }, - NeededAction: ConfigActionSetToEncrypt, + NeededAction: ConfigActionSet, }) }) diff --git a/pkg/domain/stateDiffSensitiveDoguConfig.go b/pkg/domain/stateDiffSensitiveDoguConfig.go index 4b2cba3c..d880bb64 100644 --- a/pkg/domain/stateDiffSensitiveDoguConfig.go +++ b/pkg/domain/stateDiffSensitiveDoguConfig.go @@ -49,7 +49,7 @@ func newSensitiveDoguConfigEntryDiff( Actual: actual, Expected: expected, DoguAlreadyInstalled: doguAlreadyInstalled, - NeededAction: getNeededSensitiveConfigAction(ConfigValueState(expected), ConfigValueState(actual), doguAlreadyInstalled), + NeededAction: getNeededConfigAction(ConfigValueState(expected), ConfigValueState(actual)), } } @@ -71,15 +71,3 @@ func determineSensitiveDoguConfigDiffs( } return doguConfigDiff } - -func getNeededSensitiveConfigAction(expected ConfigValueState, actual ConfigValueState, doguAlreadyInstalled bool) ConfigAction { - action := getNeededConfigAction(expected, actual) - if action == ConfigActionSet { - if !doguAlreadyInstalled { - return ConfigActionSetToEncrypt - } else { - return ConfigActionSetEncrypted - } - } - return action -} diff --git a/pkg/domain/stateDiffSensitiveDoguConfig_test.go b/pkg/domain/stateDiffSensitiveDoguConfig_test.go deleted file mode 100644 index e0942327..00000000 --- a/pkg/domain/stateDiffSensitiveDoguConfig_test.go +++ /dev/null @@ -1,52 +0,0 @@ -package domain - -import ( - "github.com/stretchr/testify/assert" - "testing" -) - -func Test_getNeededSensitiveConfigAction(t *testing.T) { - tests := []struct { - name string - expected ConfigValueState - actual ConfigValueState - doguAlreadyInstalled bool - want ConfigAction - }{ - { - name: "none, does not exist", - expected: ConfigValueState{Value: "", Exists: false}, - actual: ConfigValueState{Value: "", Exists: false}, - doguAlreadyInstalled: false, - want: ConfigActionNone, - }, - { - name: "none, exists", - expected: ConfigValueState{Value: "", Exists: true}, - actual: ConfigValueState{Value: "", Exists: true}, - doguAlreadyInstalled: false, - want: ConfigActionNone, - }, - { - name: "set to encrypt", - expected: ConfigValueState{Value: "", Exists: true}, - actual: ConfigValueState{Value: "", Exists: false}, - doguAlreadyInstalled: false, - want: ConfigActionSetToEncrypt, - }, - { - name: "set encrypted", - expected: ConfigValueState{Value: "", Exists: true}, - actual: ConfigValueState{Value: "", Exists: false}, - doguAlreadyInstalled: true, - want: ConfigActionSetEncrypted, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - assert.Equalf(t, - tt.want, getNeededSensitiveConfigAction(tt.expected, tt.actual, tt.doguAlreadyInstalled), - "getNeededSensitiveConfigAction(%v, %v, %v)", tt.expected, tt.actual, tt.doguAlreadyInstalled) - }) - } -} diff --git a/pkg/domainservice/adapterInterfaces.go b/pkg/domainservice/adapterInterfaces.go index 4b23450b..7656d662 100644 --- a/pkg/domainservice/adapterInterfaces.go +++ b/pkg/domainservice/adapterInterfaces.go @@ -110,31 +110,6 @@ type MaintenancePageModel struct { Text string } -type ConfigEncryptionAdapter interface { - // Encrypt encrypts the given value for a dogu. - // It can throw an InternalError if the encryption did not succeed, public key is missing or config store is not reachable. - // It can throw a NotFoundError if the encryption key is not found. - Encrypt(context.Context, common.SimpleDoguName, common.SensitiveDoguConfigValue) (common.EncryptedDoguConfigValue, error) - // EncryptAll encrypts the given values for a dogu. - // If the encryption fails on a part of the values, the resulting error is returned along with a map that only holds - // the values that could have been encrypted. - // It can throw an InternalError if the encryption did not succeed or config store is not reachable. - // It can throw a NotFoundError if the encryption key is not found. - EncryptAll(context.Context, map[common.SensitiveDoguConfigKey]common.SensitiveDoguConfigValue) (map[common.SensitiveDoguConfigKey]common.EncryptedDoguConfigValue, error) - // Decrypt decrypts sensitive dogu values. - // It can throw - // - NotFoundError if decryption key is not found - // - InternalError in any other error case - Decrypt(context.Context, common.SimpleDoguName, common.EncryptedDoguConfigValue) (common.SensitiveDoguConfigValue, error) - // DecryptAll decrypts a map of sensitive dogu values. - // If the decryption fails on a part of the values, the resulting error is returned along with a map that only holds - // the values that could have been decrypted. - // This method can throw - // - NotFoundError if decryption key is not found - // - InternalError in any other error case - DecryptAll(context.Context, map[common.SensitiveDoguConfigKey]common.EncryptedDoguConfigValue) (map[common.SensitiveDoguConfigKey]common.SensitiveDoguConfigValue, error) -} - type DoguRestartRepository interface { // RestartAll restarts all provided Dogus RestartAll(context.Context, []common.SimpleDoguName) error