PMM-13132 Another changes in structure.

percona · Sep 19, 2024 · e3d146a · e3d146a
1 parent ae7094f
commit e3d146a
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 199 deletions.
diff --git a/encryption-rotation/main.go b/encryption-rotation/main.go
@@ -16,135 +16,34 @@
 package main
 
 import (
-	"database/sql"
-	"fmt"
 	"os"
-	"os/exec"
 	"os/signal"
-	"strings"
 	"syscall"
 
 	"github.com/Percona-Lab/kingpin"
-	"github.com/pkg/errors"
-	"github.com/sirupsen/logrus"
-	"gopkg.in/reform.v1"
-	"gopkg.in/reform.v1/dialects/postgresql"
-
 	"github.com/percona/pmm/managed/models"
-	"github.com/percona/pmm/managed/utils/encryption"
 	"github.com/percona/pmm/utils/logger"
+	"github.com/sirupsen/logrus"
 )
 
 func main() {
 	signal.Ignore(syscall.SIGINT, syscall.SIGTERM) // to prevent any interuptions during process
 
 	logger.SetupGlobalLogger()
 
-	sqlDB, dbName := openDB()
-	statusCode := Rotate(sqlDB, dbName)
-	sqlDB.Close() //nolint:errcheck
-
-	os.Exit(statusCode)
-}
-
-func Rotate(sqlDB *sql.DB, dbName string) int {
-	db := reform.NewDB(sqlDB, postgresql.Dialect, nil)
-
-	err := stopPMMServer()
-	if err != nil {
-		logrus.Errorf("Failed to stop PMM Server: %+v", err)
-		return 2
-	}
-
-	err = rotateEncryptionKey(db, dbName)
-	if err != nil {
-		logrus.Errorf("Failed to rotate encryption key: %+v", err)
-		return 3
-	}
-
-	err = startPMMServer()
-	if err != nil {
-		logrus.Errorf("Failed to start PMM Server: %+v", err)
-		return 4
-	}
-
-	return 0
-}
-
-func startPMMServer() error {
-	if isPMMServerStatus("RUNNING") {
-		return nil
-	}
-
-	cmd := exec.Command("supervisorctl", "start pmm-managed")
-	output, err := cmd.CombinedOutput()
-	if err != nil {
-		return fmt.Errorf("%w: %s", err, output)
-	}
-
-	if !isPMMServerStatus("RUNNING") {
-		return errors.New("cannot start pmm-managed")
-	}
-
-	return nil
-}
-
-func stopPMMServer() error {
-	if isPMMServerStatus("STOPPED") {
-		return nil
-	}
-
-	cmd := exec.Command("supervisorctl", "stop pmm-managed")
-	output, err := cmd.CombinedOutput()
+	sqlDB, err := models.OpenDB(setupParams())
 	if err != nil {
-		return fmt.Errorf("%w: %s", err, output)
-	}
-
-	if !isPMMServerStatus("STOPPED") {
-		return errors.New("cannot stop pmm-managed")
+		logrus.Error(err)
+		os.Exit(1)
 	}
 
-	return nil
-}
-
-func isPMMServerStatus(status string) bool {
-	cmd := exec.Command("supervisorctl", "status pmm-managed")
-	output, _ := cmd.CombinedOutput()
-
-	return strings.Contains(string(output), strings.ToUpper(status))
-}
-
-func rotateEncryptionKey(db *reform.DB, dbName string) error {
-	return db.InTransaction(func(tx *reform.TX) error {
-		logrus.Infof("DB %s is being decrypted", dbName)
-		err := models.DecryptDB(tx, dbName, models.DefaultAgentEncryptionColumns)
-		if err != nil {
-			return err
-		}
-		logrus.Infof("DB %s is successfully decrypted", dbName)
-
-		logrus.Infoln("Rotating encryption key")
-		err = encryption.RotateEncryptionKey()
-		if err != nil {
-			return err
-		}
-		logrus.Infof("New encryption key generated")
-
-		logrus.Infof("DB %s is being encrypted", dbName)
-		err = models.EncryptDB(tx, dbName, models.DefaultAgentEncryptionColumns)
-		if err != nil {
-			if e := encryption.RestoreOldEncryptionKey(); e != nil {
-				return errors.Wrap(err, e.Error())
-			}
-			return err
-		}
-		logrus.Infof("DB %s is successfully encrypted", dbName)
+	statusCode := models.RotateEncryptionKey(sqlDB, "pmm-managed")
+	sqlDB.Close() //nolint:errcheck
 
-		return nil
-	})
+	os.Exit(statusCode)
 }
 
-func openDB() (*sql.DB, string) {
+func setupParams() models.SetupDBParams {
 	postgresAddrF := kingpin.Flag("postgres-addr", "PostgreSQL address").
 		Default(models.DefaultPostgreSQLAddr).
 		Envar("PMM_POSTGRES_ADDR").
@@ -177,7 +76,7 @@ func openDB() (*sql.DB, string) {
 
 	kingpin.Parse()
 
-	setupParams := models.SetupDBParams{
+	return models.SetupDBParams{
 		Address:     *postgresAddrF,
 		Name:        *postgresDBNameF,
 		Username:    *postgresDBUsernameF,
@@ -187,12 +86,4 @@ func openDB() (*sql.DB, string) {
 		SSLKeyPath:  *postgresSSLKeyPathF,
 		SSLCertPath: *postgresSSLCertPathF,
 	}
-
-	sqlDB, err := models.OpenDB(setupParams)
-	if err != nil {
-		logrus.Errorf("Failed to connect to database: %+v", err)
-		os.Exit(1)
-	}
-
-	return sqlDB, *postgresDBNameF
 }
diff --git a/...yptionrotation/ecryption_rotation_test.go → managed/models/ecryption_rotation_test.go b/...yptionrotation/ecryption_rotation_test.go → managed/models/ecryption_rotation_test.go
@@ -1,22 +1,4 @@
-// Copyright (C) 2023 Percona LLC
-//
-// This program is free software: you can redistribute it and/or modify
-// it under the terms of the GNU Affero General Public License as published by
-// the Free Software Foundation, either version 3 of the License, or
-// (at your option) any later version.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-// GNU Affero General Public License for more details.
-//
-// You should have received a copy of the GNU Affero General Public License
-// along with this program. If not, see <https://www.gnu.org/licenses/>.
-
-// Package encryptionrotation is the package for encryption keys rotation testing.
-//
-//nolint:dupword
-package encryptionrotation
+package models_test
 
 import (
 	"database/sql"
@@ -28,7 +10,6 @@ import (
 	"github.com/pkg/errors"
 	"github.com/stretchr/testify/require"
 
-	encryptionRotation "github.com/percona/pmm/encryption-rotation/helpers"
 	"github.com/percona/pmm/managed/models"
 	"github.com/percona/pmm/managed/utils/encryption"
 	"github.com/percona/pmm/managed/utils/testdb"
@@ -53,7 +34,7 @@ func TestEncryptionRotation(t *testing.T) {
 	err = insertTestData(db)
 	require.NoError(t, err)
 
-	statusCode := encryptionRotation.Rotate(db, testdb.TestDatabase)
+	statusCode := models.RotateEncryptionKey(db, testdb.TestDatabase)
 	require.Equal(t, 0, statusCode)
 
 	newEncryptionKey, err := os.ReadFile(encryptionKeyTestPath)

diff --git a/encryption-rotation/helpers/helpers.go → managed/models/encryption_rotation.go b/encryption-rotation/helpers/helpers.go → managed/models/encryption_rotation.go
@@ -1,22 +1,19 @@
-package helpers
+package models
 
 import (
 	"database/sql"
 	"fmt"
-	"os"
 	"os/exec"
 	"strings"
 
-	"github.com/Percona-Lab/kingpin"
-	"github.com/percona/pmm/managed/models"
 	"github.com/percona/pmm/managed/utils/encryption"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 	"gopkg.in/reform.v1"
 	"gopkg.in/reform.v1/dialects/postgresql"
 )
 
-func Rotate(sqlDB *sql.DB, dbName string) int {
+func RotateEncryptionKey(sqlDB *sql.DB, dbName string) int {
 	db := reform.NewDB(sqlDB, postgresql.Dialect, nil)
 
 	err := stopPMMServer()
@@ -86,7 +83,7 @@ func isPMMServerStatus(status string) bool {
 func rotateEncryptionKey(db *reform.DB, dbName string) error {
 	return db.InTransaction(func(tx *reform.TX) error {
 		logrus.Infof("DB %s is being decrypted", dbName)
-		err := models.DecryptDB(tx, dbName, models.DefaultAgentEncryptionColumns)
+		err := DecryptDB(tx, dbName, DefaultAgentEncryptionColumns)
 		if err != nil {
 			return err
 		}
@@ -100,7 +97,7 @@ func rotateEncryptionKey(db *reform.DB, dbName string) error {
 		logrus.Infof("New encryption key generated")
 
 		logrus.Infof("DB %s is being encrypted", dbName)
-		err = models.EncryptDB(tx, dbName, models.DefaultAgentEncryptionColumns)
+		err = EncryptDB(tx, dbName, DefaultAgentEncryptionColumns)
 		if err != nil {
 			if e := encryption.RestoreOldEncryptionKey(); e != nil {
 				return errors.Wrap(err, e.Error())
@@ -112,56 +109,3 @@ func rotateEncryptionKey(db *reform.DB, dbName string) error {
 		return nil
 	})
 }
-
-func openDB() (*sql.DB, string) {
-	postgresAddrF := kingpin.Flag("postgres-addr", "PostgreSQL address").
-		Default(models.DefaultPostgreSQLAddr).
-		Envar("PMM_POSTGRES_ADDR").
-		String()
-	postgresDBNameF := kingpin.Flag("postgres-name", "PostgreSQL database name").
-		Default("pmm-managed").
-		Envar("PMM_POSTGRES_DBNAME").
-		String()
-	postgresDBUsernameF := kingpin.Flag("postgres-username", "PostgreSQL database username").
-		Default("pmm-managed").
-		Envar("PMM_POSTGRES_USERNAME").
-		String()
-	postgresSSLModeF := kingpin.Flag("postgres-ssl-mode", "PostgreSQL SSL mode").
-		Default(models.DisableSSLMode).
-		Envar("PMM_POSTGRES_SSL_MODE").
-		Enum(models.DisableSSLMode, models.RequireSSLMode, models.VerifyCaSSLMode, models.VerifyFullSSLMode)
-	postgresSSLCAPathF := kingpin.Flag("postgres-ssl-ca-path", "PostgreSQL SSL CA root certificate path").
-		Envar("PMM_POSTGRES_SSL_CA_PATH").
-		String()
-	postgresDBPasswordF := kingpin.Flag("postgres-password", "PostgreSQL database password").
-		Default("pmm-managed").
-		Envar("PMM_POSTGRES_DBPASSWORD").
-		String()
-	postgresSSLKeyPathF := kingpin.Flag("postgres-ssl-key-path", "PostgreSQL SSL key path").
-		Envar("PMM_POSTGRES_SSL_KEY_PATH").
-		String()
-	postgresSSLCertPathF := kingpin.Flag("postgres-ssl-cert-path", "PostgreSQL SSL certificate path").
-		Envar("PMM_POSTGRES_SSL_CERT_PATH").
-		String()
-
-	kingpin.Parse()
-
-	setupParams := models.SetupDBParams{
-		Address:     *postgresAddrF,
-		Name:        *postgresDBNameF,
-		Username:    *postgresDBUsernameF,
-		Password:    *postgresDBPasswordF,
-		SSLMode:     *postgresSSLModeF,
-		SSLCAPath:   *postgresSSLCAPathF,
-		SSLKeyPath:  *postgresSSLKeyPathF,
-		SSLCertPath: *postgresSSLCertPathF,
-	}
-
-	sqlDB, err := models.OpenDB(setupParams)
-	if err != nil {
-		logrus.Errorf("Failed to connect to database: %+v", err)
-		os.Exit(1)
-	}
-
-	return sqlDB, *postgresDBNameF
-}