Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

PMM-13129 Encryption. #3002

Merged
merged 187 commits into from
Oct 10, 2024
Merged
Show file tree
Hide file tree
Changes from 171 commits
Commits
Show all changes
187 commits
Select commit Hold shift + click to select a range
3d47d3e
PMM-13129 Encrypt/decrypt basics.
JiriCtvrtka May 23, 2024
8bc2399
PMM-13129 DB connection, part of migration.
JiriCtvrtka May 23, 2024
dd1d739
Merge branch 'v3' into PMM-13129-encryption
JiriCtvrtka May 23, 2024
1872323
PMM-13129 Tidy.
JiriCtvrtka May 23, 2024
60966fd
PMM-13129 Migration basics.
JiriCtvrtka May 27, 2024
46b24db
PMM-13129 Format.
JiriCtvrtka May 27, 2024
f6dcd35
PMM-13129 Encrypt, EncryptDB, Decrypt, DecryptDB, refactor.
JiriCtvrtka May 28, 2024
01a1004
PMM-13129 Encryption test workflow.
JiriCtvrtka May 28, 2024
ed5fdbb
PMM-13129 Remove install.
JiriCtvrtka May 28, 2024
b02b7fd
Merge branch 'v3' into PMM-13129-encryption
JiriCtvrtka Jun 3, 2024
767b555
PMM-13129 Encrypt/Decrypt agents.
JiriCtvrtka Jun 5, 2024
81a074b
PMM-13129 Changes.
JiriCtvrtka Jun 10, 2024
40cb73c
Merge branch 'v3' into PMM-13129-encryption
JiriCtvrtka Jun 10, 2024
6de482d
PMM-13145 Fix for tests.
JiriCtvrtka Jun 10, 2024
a27df51
Merge branch 'PMM-13129-encryption' of github.com:percona/pmm into PM…
JiriCtvrtka Jun 10, 2024
142c5e5
PMM-13129 Fix Mongo test.
JiriCtvrtka Jun 10, 2024
a1ba20e
PMM-13129 Fix.
JiriCtvrtka Jun 10, 2024
b9f8cd8
PMM-13129 Encrypt fixture.
JiriCtvrtka Jun 10, 2024
ab2a641
PMM-13129 Encryption test.
JiriCtvrtka Jun 10, 2024
c518942
PMM-13129 File mode test.
JiriCtvrtka Jun 10, 2024
66996a2
PMM-13129 Fix credentials for test env.
JiriCtvrtka Jun 10, 2024
81e22b7
PMM-13129 Clean.
JiriCtvrtka Jun 10, 2024
c386d1d
PMM-13129 Correct DB for encryption test.
JiriCtvrtka Jun 10, 2024
cb200b1
PMM-13129 Moved to utils folder.
JiriCtvrtka Jun 12, 2024
f953b92
PMM-13129 Empty password fix.
JiriCtvrtka Jun 12, 2024
70e9634
PMM-13129 Debug logs to warning level.
JiriCtvrtka Jun 12, 2024
bccf86e
PMM-13129 Format.
JiriCtvrtka Jun 12, 2024
3e64fba
PMM-13129 Small change in generated query.
JiriCtvrtka Jun 14, 2024
917de87
PMM-13129 Password set check.
JiriCtvrtka Jun 17, 2024
6146958
PMM-13129 Fix wrong field.
JiriCtvrtka Jun 17, 2024
7a12c8f
Merge branch 'v3' into PMM-13129-encryption
JiriCtvrtka Jun 19, 2024
cf2c40f
PMM-13129 Init in migration.
JiriCtvrtka Jun 19, 2024
38beab9
PMM-13129 Precheck if already encrypted, moved into managed utils.
JiriCtvrtka Jun 20, 2024
2846918
PMM-13129 Migration.
JiriCtvrtka Jun 20, 2024
25408b1
Merge branch 'v3' into PMM-13129-encryption
JiriCtvrtka Jun 21, 2024
f745581
PMM-13129 Fix for EncryptDB. Encrypt/Decrypt username.
JiriCtvrtka Jun 23, 2024
dce40dd
Merge branch 'PMM-13129-encryption' of github.com:percona/pmm into PM…
JiriCtvrtka Jun 23, 2024
a4f9262
PMM-13129 Formatting of encryption error, createAgent username fix.
JiriCtvrtka Jun 24, 2024
f9518d5
PMM-13129 Remove unused method for now.
JiriCtvrtka Jun 24, 2024
00dae9c
PMM-13129 Correct mode for cert file.
JiriCtvrtka Jun 24, 2024
e8ee71e
PMM-13129 Remove DB test, small refactor.
JiriCtvrtka Jun 24, 2024
285275a
PMM-13129 Encryption for external exporter.
JiriCtvrtka Jun 24, 2024
3627429
PMM-13129 Fix tests after external exporter encryption.
JiriCtvrtka Jun 24, 2024
abebb36
PMM-13129 Fix mongo tests.
JiriCtvrtka Jun 24, 2024
a03ed0d
PMM-13129 Fix another test to expect encrypted username.
JiriCtvrtka Jun 24, 2024
08f4f8f
PMM-13129 Another fix for tests to expect encrypted username.
JiriCtvrtka Jun 24, 2024
2bf51de
PMM-13129 Fix for DecryptDB.
JiriCtvrtka Jun 24, 2024
72968d1
Merge branch 'v3' into PMM-13129-encryption
JiriCtvrtka Jun 24, 2024
16b9b40
PMM-13129 Err if encryption is not initialized.
JiriCtvrtka Jun 24, 2024
ec3f391
PMM-13129 Delimiter fix.
JiriCtvrtka Jun 24, 2024
e799003
PMM-13129 Fix DecryptDB.
JiriCtvrtka Jun 24, 2024
9e255f2
PMM-13129 Small change in agent test.
JiriCtvrtka Jun 24, 2024
fbd3ee6
PMM-13129 Fix non related test to make it green for now.
JiriCtvrtka Jun 24, 2024
06314c2
PMM-13129 Add license headers.
JiriCtvrtka Jun 25, 2024
f94745b
PMM-13129 License.
JiriCtvrtka Jun 25, 2024
be8bc4c
Merge branch 'v3' into PMM-13129-encryption
JiriCtvrtka Jun 25, 2024
3f3391b
PMM-13129 Lint.
JiriCtvrtka Jun 25, 2024
edd87e9
Merge branch 'PMM-13129-encryption' of github.com:percona/pmm into PM…
JiriCtvrtka Jun 25, 2024
bc8146d
PMM-13129 Another lint.
JiriCtvrtka Jun 25, 2024
40196bf
PMM-13129 Lint.
JiriCtvrtka Jun 25, 2024
d991077
PMM-13129 Default encryption changes.
JiriCtvrtka Jun 25, 2024
f8f7368
PMM-13129 Encrypt, decrypt all other secret, credentials in agents.
JiriCtvrtka Jun 25, 2024
ea60e41
Merge branch 'v3' into PMM-13129-encryption
JiriCtvrtka Jun 26, 2024
bba01fd
PMM-13129 Changes, some refactors.
JiriCtvrtka Jun 26, 2024
d7449be
Merge branch 'PMM-13129-encryption' of github.com:percona/pmm into PM…
JiriCtvrtka Jun 26, 2024
c423e1d
PMM-13129 Another changes.
JiriCtvrtka Jun 26, 2024
9790f7c
Merge branch 'v3' into PMM-13129-encryption
JiriCtvrtka Jun 26, 2024
5ab0a81
PMM-13129 Refactor.
JiriCtvrtka Jun 26, 2024
bc249ff
PMM-13129 Fix.
JiriCtvrtka Jun 26, 2024
8c9d21a
PMM-13129 Changes.
JiriCtvrtka Jun 26, 2024
f35ad67
PMM-13129 Changes.
JiriCtvrtka Jun 26, 2024
d1abf77
PMM-13129 Save.
JiriCtvrtka Jun 26, 2024
88271bb
PMM-13129 Changes.
JiriCtvrtka Jun 27, 2024
9bb9b8a
PMM-13129 Another changes.
JiriCtvrtka Jun 27, 2024
92a1b59
PMM-13129 Refactor, another changes.
JiriCtvrtka Jun 27, 2024
e3fe487
PMM-13129 Disable migration encryption until it is done.
JiriCtvrtka Jun 27, 2024
29d90df
PMM-13129 Basics for settings and migration.
JiriCtvrtka Jun 27, 2024
952ecef
PMM-13129 Original code for isPasswordSet.
JiriCtvrtka Jun 27, 2024
9d3d1ea
Merge branch 'v3' into PMM-13129-encryption
JiriCtvrtka Jun 27, 2024
8467292
PMM-13129 Fix current settings test.
JiriCtvrtka Jun 27, 2024
192cc1f
Merge branch 'PMM-13129-encryption' of github.com:percona/pmm into PM…
JiriCtvrtka Jun 27, 2024
a5d0d35
PMM-13129 Basic changes to be able pass custom handlers.
JiriCtvrtka Jul 1, 2024
3ea748a
PMM-13129 Handlers, PG handler.
JiriCtvrtka Jul 1, 2024
639a567
PMM-13129 Refactor.
JiriCtvrtka Jul 1, 2024
80e42d0
PMM-13129 Changes, refactor.
JiriCtvrtka Jul 1, 2024
21b74e4
PMM-13129 Migrate and encrypt all possible fields.
JiriCtvrtka Jul 1, 2024
1478695
PMM-13129 Fix for service info broker.
JiriCtvrtka Jul 1, 2024
96e2026
PMM-13129 Fix for settings helper test.
JiriCtvrtka Jul 1, 2024
6a2d4f2
PMM-13129 Refactor.
JiriCtvrtka Jul 1, 2024
32fa22f
PMM-13129 Lint.
JiriCtvrtka Jul 1, 2024
2ff1602
PMM-13129 Lint.
JiriCtvrtka Jul 1, 2024
206e7a0
PMM-13129 Format.
JiriCtvrtka Jul 1, 2024
e20d52a
PMM-13129 Fix settings helpers test.
JiriCtvrtka Jul 1, 2024
c7edac8
PMM-13129 License header.
JiriCtvrtka Jul 1, 2024
ec6e6fe
PMM-13129 Another lint.
JiriCtvrtka Jul 1, 2024
5d379a3
PMM-13129 Lint.
JiriCtvrtka Jul 1, 2024
252741b
PMM-13129 Changes to fix tests. Refactor.
JiriCtvrtka Jul 2, 2024
cfeb84e
PMM-13129 Format.
JiriCtvrtka Jul 2, 2024
af6b061
Merge branch 'v3' into PMM-13129-encryption
JiriCtvrtka Jul 2, 2024
7854d50
PMM-13129 Fix.
JiriCtvrtka Jul 2, 2024
5f0094d
PMM-13129 Encrypt items now receive opened DB connection, refactor.
JiriCtvrtka Jul 2, 2024
12c3bb1
PMM-13129 Lint (correct ctx).
JiriCtvrtka Jul 2, 2024
0d0bef4
PMM-13129 Refactor, lint.
JiriCtvrtka Jul 2, 2024
3a5bd60
PMM-13129 Check.
JiriCtvrtka Jul 2, 2024
7fbe257
PMM-13129 Lint.
JiriCtvrtka Jul 2, 2024
586b75a
PMM-13129 Fix settings test.
JiriCtvrtka Jul 2, 2024
15244cb
PMM-13129 Fix to prevent double encryption on setup fixtures.
JiriCtvrtka Jul 2, 2024
e2c720e
PMM-13129 Changes.
JiriCtvrtka Jul 2, 2024
d0a454c
PMM-13129 Encrypt only basic fields in tests (migration).
JiriCtvrtka Jul 2, 2024
64f8b13
PMM-13129 Test.
JiriCtvrtka Jul 2, 2024
b55d559
PMM-13129 Lint.
JiriCtvrtka Jul 2, 2024
8861cbe
PMM-13129 Different encrypted columns for different migration versions.
JiriCtvrtka Jul 2, 2024
98bf78f
PMM-13129 Fix.
JiriCtvrtka Jul 2, 2024
9544ea0
PMM-13129 TODO.
JiriCtvrtka Jul 2, 2024
a4cad29
PMM-13129 TODO.
JiriCtvrtka Jul 3, 2024
98dee60
PMM-13129 Check for nothing to encrypt.
JiriCtvrtka Jul 3, 2024
b4714bf
PMM-13129 Encrypted fields based on migration version.
JiriCtvrtka Jul 3, 2024
a0cea8b
PMM-13129 Better debug.
JiriCtvrtka Jul 3, 2024
a1df8c8
PMM-13129 Lint.
JiriCtvrtka Jul 3, 2024
a55f422
PMM-13129 Fix, better debug.
JiriCtvrtka Jul 3, 2024
3821c70
PMM-13129 Exit in case of encryption initialization error.
JiriCtvrtka Jul 3, 2024
b009d0f
PMM-13129 Handle nil migration version.
JiriCtvrtka Jul 3, 2024
f4bdf3d
PMM-13129 Typo.
JiriCtvrtka Jul 3, 2024
5f67dcc
PMM-13129 Fix for service broker and connection check.
JiriCtvrtka Jul 3, 2024
e3b1341
PMM-13129 Comments.
JiriCtvrtka Jul 3, 2024
1e147a2
PMM-13129 Remove debug logging.
JiriCtvrtka Jul 4, 2024
fb85645
PMM-13129 Remove pointer in EncryptAgent, DecryptAgent.
JiriCtvrtka Jul 4, 2024
db7cff7
PMM-13129 Fix.
JiriCtvrtka Jul 4, 2024
68be0a5
PMM-13129 Fix for service_info_broker.
JiriCtvrtka Jul 4, 2024
46c6cd6
PMM-13129 Fix service_info_broker options pointer propagation.
JiriCtvrtka Jul 4, 2024
b68421a
PMM-13129 Fix for custom labels after removed pointer.
JiriCtvrtka Jul 4, 2024
53ba9a9
PMM-13129 Hide cipherText in error message.
JiriCtvrtka Jul 5, 2024
fae5504
PMM-13129 Panic in case of unavailable encryption.
JiriCtvrtka Jul 5, 2024
db111b8
PMM-13129 Remove CA certificates from encryption/decryption.
JiriCtvrtka Jul 5, 2024
b9bf58b
PMM-13129 Required refactor.
JiriCtvrtka Jul 5, 2024
54c215e
Update api/serverpb/server.proto
JiriCtvrtka Jul 5, 2024
7dcabf4
Update managed/models/database.go
JiriCtvrtka Jul 5, 2024
607450e
Update managed/utils/encryption/encryption.go
JiriCtvrtka Jul 5, 2024
5e40835
Update managed/utils/encryption/models.go
JiriCtvrtka Jul 5, 2024
ae77773
Update managed/utils/encryption/models.go
JiriCtvrtka Jul 5, 2024
fde529b
Update managed/utils/encryption/helpers.go
JiriCtvrtka Jul 5, 2024
f2b6838
Merge branch 'PMM-13129-encryption' of github.com:percona/pmm into PM…
JiriCtvrtka Jul 5, 2024
f5def78
PMM-13129 Gen.
JiriCtvrtka Jul 5, 2024
fc78344
PMM-13129 Identifiers word.
JiriCtvrtka Jul 5, 2024
cab2773
Merge branch 'v3' into PMM-13129-encryption
JiriCtvrtka Jul 8, 2024
ff38d33
PMM-13129 Remove CAs from handlers.
JiriCtvrtka Jul 9, 2024
0a069f5
Update managed/models/settings.go
JiriCtvrtka Jul 9, 2024
dfcb8d1
Update managed/utils/encryption/encryption.go
JiriCtvrtka Jul 9, 2024
82d881f
Update managed/utils/encryption/encryption.go
JiriCtvrtka Jul 9, 2024
d2b64da
Merge branch 'PMM-13129-encryption' of github.com:percona/pmm into PM…
JiriCtvrtka Jul 9, 2024
fe3be31
PMM-13129 Dereference all DB options on encrypt/decrypt.
JiriCtvrtka Jul 9, 2024
903b4ef
PMM-13129 Custom labels.
JiriCtvrtka Jul 9, 2024
9fd8982
Revert "PMM-13129 Custom labels."
JiriCtvrtka Jul 9, 2024
f955040
Revert "PMM-13129 Dereference all DB options on encrypt/decrypt."
JiriCtvrtka Jul 9, 2024
687a2e2
Reapply "PMM-13129 Custom labels."
JiriCtvrtka Jul 9, 2024
f09bef1
Reapply "PMM-13129 Dereference all DB options on encrypt/decrypt."
JiriCtvrtka Jul 9, 2024
0229c65
PMM-13129 Remove old migrations tests, required refactor.
JiriCtvrtka Jul 9, 2024
c7dd080
Revert "Reapply "PMM-13129 Custom labels.""
JiriCtvrtka Jul 9, 2024
771ca54
Revert "Reapply "PMM-13129 Dereference all DB options on encrypt/decr…
JiriCtvrtka Jul 9, 2024
98e51be
PMM-13129 Logic change.
JiriCtvrtka Jul 9, 2024
41d98db
PMM-13129 Remove username, aws_access_key, aws_secret_key from enc.
JiriCtvrtka Jul 9, 2024
e4fab91
PMM-13129 Env variable for custom encryption key.
JiriCtvrtka Jul 9, 2024
70bda62
PMM-13129 Custom key for main check.
JiriCtvrtka Jul 9, 2024
21e94f1
PMM-13129 Remove decrypt agent from create agent methods.
JiriCtvrtka Jul 9, 2024
3690411
PMM-13129 Change to skip empty values from encryption.
JiriCtvrtka Jul 10, 2024
028312d
PMM-13129 Remove unused struct.
JiriCtvrtka Jul 10, 2024
f0eb328
Merge branch 'v3' into PMM-13129-encryption
JiriCtvrtka Jul 10, 2024
1b6ef0f
Update managed/models/database.go
JiriCtvrtka Jul 11, 2024
caad234
PMM-13129 Renaming of variable.
JiriCtvrtka Jul 11, 2024
2ffdc3a
PMM-13129 Remove EncryptedItems field from settings proto.
JiriCtvrtka Jul 11, 2024
5d0583b
PMM-13129 Workaround to create FB for now. Will be reverted.
JiriCtvrtka Jul 11, 2024
e524c23
Merge branch 'v3' into PMM-13129-encryption
JiriCtvrtka Jul 22, 2024
2af5bca
PMM-13129 Fix connection checker dsn bug.
JiriCtvrtka Jul 23, 2024
0788e74
PMM-13129 Another dsn bug.
JiriCtvrtka Jul 23, 2024
fb76317
PMM-13129 Add back decrypt after insert to fix connection checker.
JiriCtvrtka Jul 23, 2024
d70d472
PMM-13129 Update reduct words.
JiriCtvrtka Jul 23, 2024
2bcb756
Merge branch 'v3' into PMM-13129-encryption
JiriCtvrtka Jul 23, 2024
5929939
PMM-13129 Fix for test after new redact word.
JiriCtvrtka Jul 23, 2024
182b3d7
Merge branch 'v3' into PMM-13129-encryption
JiriCtvrtka Sep 9, 2024
8a805fe
Merge branch 'v3' into PMM-13129-encryption
JiriCtvrtka Sep 12, 2024
dd8a75b
Merge branch 'v3' into PMM-13129-encryption
JiriCtvrtka Sep 18, 2024
a1de53c
Merge branch 'v3' into PMM-13129-encryption
JiriCtvrtka Sep 18, 2024
23d5d33
Merge branch 'v3' into PMM-13129-encryption
JiriCtvrtka Sep 19, 2024
751c084
Merge branch 'v3' into PMM-13129-encryption
JiriCtvrtka Sep 23, 2024
c1d804d
Merge branch 'v3' into PMM-13129-encryption
JiriCtvrtka Oct 4, 2024
ae1fc4f
Merge branch 'v3' into PMM-13129-encryption
JiriCtvrtka Oct 8, 2024
1dc759e
Merge branch 'v3' into PMM-13129-encryption
JiriCtvrtka Oct 10, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions .github/workflows/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,9 @@ jobs:
name: Checks
runs-on: ubuntu-22.04

env:
PMM_ENCRYPTION_KEY_PATH: pmm-encryption.key

steps:
- name: Check out code
uses: actions/checkout@v4
Expand Down
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@ require (
github.com/go-sql-driver/mysql v1.7.1
github.com/gogo/status v1.1.1
github.com/golang-migrate/migrate/v4 v4.17.0
github.com/google/tink/go v1.7.0
github.com/google/uuid v1.6.0
github.com/grafana/grafana-api-golang-client v0.27.0
github.com/grpc-ecosystem/go-grpc-middleware v1.4.0
Expand Down Expand Up @@ -98,7 +99,6 @@ require (
github.com/google/btree v1.0.0 // indirect
github.com/hashicorp/go-hclog v1.5.0 // indirect
github.com/hashicorp/go-msgpack/v2 v2.1.1 // indirect
github.com/hashicorp/go-uuid v1.0.2 // indirect
github.com/kr/fs v0.1.0 // indirect
github.com/mattn/go-colorable v0.1.12 // indirect
github.com/miekg/dns v1.1.41 // indirect
Expand Down
2 changes: 2 additions & 0 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -232,6 +232,8 @@ github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
github.com/google/tink/go v1.7.0 h1:6Eox8zONGebBFcCBqkVmt60LaWZa6xg1cl/DwAh/J1w=
github.com/google/tink/go v1.7.0/go.mod h1:GAUOd+QE3pgj9q8VKIGTCP33c/B7eb4NhxLcgTJZStM=
github.com/google/uuid v1.4.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
Expand Down
1 change: 0 additions & 1 deletion managed/Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,6 @@ clean: ## Remove generated files

release: ## Build pmm-managed release binaries
env CGO_ENABLED=0 go build -v $(PMM_LD_FLAGS) -o $(PMM_RELEASE_PATH)/ ./cmd/...
$(PMM_RELEASE_PATH)/pmm-managed --version

release-starlark:
env CGO_ENABLED=0 go build -v $(PMM_LD_FLAGS) -o $(PMM_RELEASE_PATH)/ ./cmd/pmm-managed-starlark/...
Expand Down
42 changes: 26 additions & 16 deletions managed/models/agent_helpers.go
Original file line number Diff line number Diff line change
Expand Up @@ -229,7 +229,8 @@

agents := make([]*Agent, len(structs))
for i, s := range structs {
agents[i] = s.(*Agent) //nolint:forcetypeassert
decryptedAgent := DecryptAgent(*s.(*Agent)) //nolint:forcetypeassert
agents[i] = &decryptedAgent
}

return agents, nil
Expand All @@ -249,8 +250,9 @@
}
return nil, errors.WithStack(err)
}
decryptedAgent := DecryptAgent(*agent)

return agent, nil
return &decryptedAgent, nil
}

// FindAgentsByIDs finds Agents by IDs.
Expand All @@ -272,7 +274,8 @@

res := make([]*Agent, len(structs))
for i, s := range structs {
res[i] = s.(*Agent) //nolint:forcetypeassert
decryptedAgent := DecryptAgent(*s.(*Agent)) //nolint:forcetypeassert
res[i] = &decryptedAgent
}
return res, nil
}
Expand Down Expand Up @@ -323,7 +326,8 @@

res := make([]*Agent, len(structs))
for i, s := range structs {
res[i] = s.(*Agent) //nolint:forcetypeassert
decryptedAgent := DecryptAgent(*s.(*Agent)) //nolint:forcetypeassert
res[i] = &decryptedAgent
}

if len(res) == 0 {
Expand All @@ -350,8 +354,8 @@

res := make([]*Agent, 0, len(structs))
for _, str := range structs {
row := str.(*Agent) //nolint:forcetypeassert
res = append(res, row)
decryptedAgent := DecryptAgent(*str.(*Agent)) //nolint:forcetypeassert
res = append(res, &decryptedAgent)
}

return res, nil
Expand Down Expand Up @@ -395,8 +399,8 @@
}
res := make([]*Agent, 0, len(pmmAgentRecords))
for _, str := range pmmAgentRecords {
row := str.(*Agent) //nolint:forcetypeassert
res = append(res, row)
decryptedAgent := DecryptAgent(*str.(*Agent)) //nolint:forcetypeassert
res = append(res, &decryptedAgent)
}

return res, nil
Expand Down Expand Up @@ -477,7 +481,8 @@

res := make([]*Agent, len(allAgents))
for i, s := range allAgents {
res[i] = s.(*Agent) //nolint:forcetypeassert
decryptedAgent := DecryptAgent(*s.(*Agent)) //nolint:forcetypeassert
res[i] = &decryptedAgent
}
return res, nil
}
Expand Down Expand Up @@ -598,7 +603,7 @@

// CreatePMMAgent creates PMMAgent.
func CreatePMMAgent(q *reform.Querier, runsOnNodeID string, customLabels map[string]string) (*Agent, error) {
id := "/agent_id/" + uuid.New().String()

Check failure on line 606 in managed/models/agent_helpers.go

View workflow job for this annotation

GitHub Actions / Checks

string `/agent_id/` has 4 occurrences, make it a constant (goconst)
return createPMMAgentWithID(q, id, runsOnNodeID, customLabels)
}

Expand All @@ -624,8 +629,8 @@
return nil, err
}
if !IsPushMetricsSupported(pmmAgent.Version) {
return nil, status.Errorf(codes.FailedPrecondition, "cannot use push_metrics_enabled with pmm_agent version=%q,"+

Check failure on line 632 in managed/models/agent_helpers.go

View workflow job for this annotation

GitHub Actions / Checks

string `cannot use push_metrics_enabled with pmm_agent version=%q,` has 3 occurrences, make it a constant (goconst)
" it doesn't support it, minimum supported version=%q", pointer.GetString(pmmAgent.Version), PMMAgentWithPushMetricsSupport.String())

Check failure on line 633 in managed/models/agent_helpers.go

View workflow job for this annotation

GitHub Actions / Checks

string ` it doesn't support it, minimum supported version=%q` has 3 occurrences, make it a constant (goconst)
}
row := &Agent{
AgentID: id,
Expand All @@ -641,11 +646,13 @@
if err := row.SetCustomLabels(customLabels); err != nil {
return nil, err
}
if err := q.Insert(row); err != nil {

encryptedAgent := EncryptAgent(*row)
if err := q.Insert(&encryptedAgent); err != nil {
return nil, errors.WithStack(err)
}

return row, nil
return &encryptedAgent, nil
}

// CreateExternalExporterParams params for add external exporter.
Expand Down Expand Up @@ -725,11 +732,13 @@
if err := row.SetCustomLabels(params.CustomLabels); err != nil {
return nil, err
}
if err := q.Insert(row); err != nil {

encryptedAgent := EncryptAgent(*row)
if err := q.Insert(&encryptedAgent); err != nil {
return nil, errors.WithStack(err)
}

return row, nil
return &encryptedAgent, nil
}

// CreateAgentParams params for add common exporter.
Expand Down Expand Up @@ -912,15 +921,16 @@
DisabledCollectors: params.DisableCollectors,
LogLevel: pointer.ToStringOrNil(params.LogLevel),
}

if err := row.SetCustomLabels(params.CustomLabels); err != nil {
return nil, err
}
if err := q.Insert(row); err != nil {

encryptedAgent := EncryptAgent(*row)
if err := q.Insert(&encryptedAgent); err != nil {
return nil, errors.WithStack(err)
}

return row, nil
return &encryptedAgent, nil
}

// ChangeCommonAgentParams contains parameters that can be changed for all Agents.
Expand Down
100 changes: 87 additions & 13 deletions managed/models/database.go
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ import (
"net"
"net/url"
"os"
"slices"
"strconv"
"strings"

Expand All @@ -36,6 +37,8 @@ import (
"google.golang.org/grpc/status"
"gopkg.in/reform.v1"
"gopkg.in/reform.v1/dialects/postgresql"

"github.com/percona/pmm/managed/utils/encryption"
)

const (
Expand Down Expand Up @@ -1059,12 +1062,85 @@ func SetupDB(ctx context.Context, sqlDB *sql.DB, params SetupDBParams) (*reform.
return nil, errCV
}

if err := migrateDB(db, params); err != nil {
agentColumnsToEncrypt := []encryption.Column{
{Name: "password"},
{Name: "aws_secret_key"},
{Name: "mongo_db_tls_options", CustomHandler: EncryptMongoDBOptionsHandler},
{Name: "azure_options", CustomHandler: EncryptAzureOptionsHandler},
{Name: "mysql_options", CustomHandler: EncryptMySQLOptionsHandler},
{Name: "postgresql_options", CustomHandler: EncryptPostgreSQLOptionsHandler},
{Name: "agent_password"},
}

itemsToEncrypt := []encryption.Table{
{
Name: "agents",
Identifiers: []string{"agent_id"},
Columns: agentColumnsToEncrypt,
},
}

if err := migrateDB(db, params, itemsToEncrypt); err != nil {
return nil, err
}

return db, nil
}

// EncryptDB encrypts a set of columns in a specific database and table.
func EncryptDB(tx *reform.TX, params SetupDBParams, itemsToEncrypt []encryption.Table) error {
if len(itemsToEncrypt) == 0 {
return nil
}

settings, err := GetSettings(tx)
if err != nil {
return err
}
alreadyEncrypted := make(map[string]bool)
for _, v := range settings.EncryptedItems {
alreadyEncrypted[v] = true
BupycHuk marked this conversation as resolved.
Show resolved Hide resolved
}

notEncrypted := []encryption.Table{}
newlyEncrypted := []string{}
for _, table := range itemsToEncrypt {
columns := []encryption.Column{}
for _, column := range table.Columns {
dbTableColumn := fmt.Sprintf("%s.%s.%s", params.Name, table.Name, column.Name)
if alreadyEncrypted[dbTableColumn] {
continue
}

columns = append(columns, column)
newlyEncrypted = append(newlyEncrypted, dbTableColumn)
}
if len(columns) == 0 {
continue
}

table.Columns = columns
notEncrypted = append(notEncrypted, table)
}

if len(notEncrypted) == 0 {
return nil
}

err = encryption.EncryptItems(tx, notEncrypted)
if err != nil {
return err
}
_, err = UpdateSettings(tx, &ChangeSettingsParams{
EncryptedItems: slices.Concat(settings.EncryptedItems, newlyEncrypted),
})
if err != nil {
return err
}

return nil
}

// checkVersion checks minimal required PostgreSQL server version.
func checkVersion(ctx context.Context, db reform.DBTXContext) error {
PGVersion, err := GetPostgreSQLVersion(ctx, db)
Expand Down Expand Up @@ -1124,7 +1200,7 @@ func initWithRoot(params SetupDBParams) error {
}

// migrateDB runs PostgreSQL database migrations.
func migrateDB(db *reform.DB, params SetupDBParams) error {
func migrateDB(db *reform.DB, params SetupDBParams, itemsToEncrypt []encryption.Table) error {
var currentVersion int
errDB := db.QueryRow("SELECT id FROM schema_migrations ORDER BY id DESC LIMIT 1").Scan(&currentVersion)
// undefined_table (see https://www.postgresql.org/docs/current/errcodes-appendix.html)
Expand Down Expand Up @@ -1160,6 +1236,11 @@ func migrateDB(db *reform.DB, params SetupDBParams) error {
}
}

err := EncryptDB(tx, params, itemsToEncrypt)
if err != nil {
return err
}

if params.SetupFixtures == SkipFixtures {
return nil
}
Expand All @@ -1173,17 +1254,16 @@ func migrateDB(db *reform.DB, params SetupDBParams) error {
return err
}

if err = setupFixture1(tx.Querier, params); err != nil {
return err
}
if err = setupFixture2(tx.Querier, params.Username, params.Password); err != nil {
err = setupPMMServerAgents(tx.Querier, params)
if err != nil {
return err
}
BupycHuk marked this conversation as resolved.
Show resolved Hide resolved

return nil
})
}

func setupFixture1(q *reform.Querier, params SetupDBParams) error {
func setupPMMServerAgents(q *reform.Querier, params SetupDBParams) error {
// create PMM Server Node and associated Agents
node, err := createNodeWithID(q, PMMServerNodeID, GenericNodeType, &CreateNodeParams{
NodeName: "pmm-server",
Expand Down Expand Up @@ -1266,12 +1346,6 @@ func setupFixture1(q *reform.Querier, params SetupDBParams) error {
return nil
}

func setupFixture2(q *reform.Querier, username, password string) error { //nolint:revive
// TODO add clickhouse_exporter

return nil
}

// parsePGAddress parses PostgreSQL address into address:port; if no port specified returns default port number.
func parsePGAddress(address string) (string, uint16, error) {
if !strings.Contains(address, ":") {
Expand Down
55 changes: 0 additions & 55 deletions managed/models/database_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,6 @@
"database/sql"
"fmt"
"testing"
"time"

"github.com/AlekSi/pointer"
"github.com/lib/pq"
Expand Down Expand Up @@ -74,7 +73,7 @@

// node_id
_, err = db.Exec(
"INSERT INTO nodes (node_id, node_type, node_name, distro, node_model, az, address, created_at, updated_at) "+

Check failure on line 76 in managed/models/database_test.go

View workflow job for this annotation

GitHub Actions / Checks

string `INSERT INTO nodes (node_id, node_type, node_name, distro, node_model, az, address, created_at, updated_at) ` has 5 occurrences, make it a constant (goconst)
"VALUES ('1', 'generic', 'name', '', '', '', '', $1, $2)", now, now)
require.NoError(t, err)
_, err = db.Exec(
Expand All @@ -90,7 +89,7 @@

// machine_id for generic Node: https://jira.percona.com/browse/PMM-4196
_, err = db.Exec(
"INSERT INTO nodes (node_id, node_type, node_name, machine_id, distro, node_model, az, address, created_at, updated_at) "+

Check failure on line 92 in managed/models/database_test.go

View workflow job for this annotation

GitHub Actions / Checks

string `INSERT INTO nodes (node_id, node_type, node_name, machine_id, distro, node_model, az, address, created_at, updated_at) ` has 4 occurrences, make it a constant (goconst)
"VALUES ('31', 'generic', 'name31', 'machine-id', '', '', '', '', $1, $2)", now, now)
require.NoError(t, err)
_, err = db.Exec(
Expand Down Expand Up @@ -153,7 +152,7 @@

// Try to insert both address and socket
_, err = db.Exec(
"INSERT INTO services (service_id, service_type, service_name, node_id, environment, cluster, replication_set, address, port, socket, external_group, created_at, updated_at) "+

Check failure on line 155 in managed/models/database_test.go

View workflow job for this annotation

GitHub Actions / Checks

string `INSERT INTO services (service_id, service_type, service_name, node_id, environment, cluster, replication_set, address, port, socket, external_group, created_at, updated_at) ` has 5 occurrences, make it a constant (goconst)
"VALUES ('/service_id/1', 'mysql', 'name', '/node_id/1', '', '', '', '10.10.10.10', 3306, '/var/run/mysqld/mysqld.sock', '', $1, $2)",
now, now)
require.Error(t, err, `pq: new row for relation "services" violates check constraint "address_socket_check"`)
Expand Down Expand Up @@ -281,7 +280,7 @@
defer rollback()

_, err = tx.Exec(
"INSERT INTO agents (agent_id, agent_type, runs_on_node_id, pmm_agent_id, node_id, service_id, disabled, status, created_at, updated_at, tls, tls_skip_verify, max_query_length, query_examples_disabled, comments_parsing_disabled, max_query_log_size, table_count_tablestats_group_limit, rds_basic_metrics_disabled, rds_enhanced_metrics_disabled, push_metrics, expose_exporter) "+

Check failure on line 283 in managed/models/database_test.go

View workflow job for this annotation

GitHub Actions / Checks

string `INSERT INTO agents (agent_id, agent_type, runs_on_node_id, pmm_agent_id, node_id, service_id, disabled, status, created_at, updated_at, tls, tls_skip_verify, max_query_length, query_examples_disabled, comments_parsing_disabled, max_query_log_size, table_count_tablestats_group_limit, rds_basic_metrics_disabled, rds_enhanced_metrics_disabled, push_metrics, expose_exporter) ` has 4 occurrences, make it a constant (goconst)
"VALUES ('/agent_id/8', 'node_exporter', NULL, '/agent_id/1', '/node_id/1', NULL, false, '', $1, $2, false, false, 0, false, true, 0, 0, false, false, false, false)",
now, now)

Expand Down Expand Up @@ -327,60 +326,6 @@
}

func TestDatabaseMigrations(t *testing.T) {
t.Run("Update metrics resolutions", func(t *testing.T) {
sqlDB := testdb.Open(t, models.SkipFixtures, pointer.ToInt(9))
defer sqlDB.Close() //nolint:errcheck
settings, err := models.GetSettings(sqlDB)
require.NoError(t, err)
metricsResolutions := models.MetricsResolutions{
HR: 5 * time.Second,
MR: 5 * time.Second,
LR: 60 * time.Second,
}
settings.MetricsResolutions = metricsResolutions
err = models.SaveSettings(sqlDB, settings)
require.NoError(t, err)

settings, err = models.GetSettings(sqlDB)
require.NoError(t, err)
require.Equal(t, metricsResolutions, settings.MetricsResolutions)

testdb.SetupDB(t, sqlDB, models.SkipFixtures, pointer.ToInt(10))
settings, err = models.GetSettings(sqlDB)
require.NoError(t, err)
require.Equal(t, models.MetricsResolutions{
HR: 5 * time.Second,
MR: 10 * time.Second,
LR: 60 * time.Second,
}, settings.MetricsResolutions)
})
t.Run("Shouldn' update metrics resolutions if it's already changed", func(t *testing.T) {
sqlDB := testdb.Open(t, models.SkipFixtures, pointer.ToInt(9))
defer sqlDB.Close() //nolint:errcheck
settings, err := models.GetSettings(sqlDB)
require.NoError(t, err)
metricsResolutions := models.MetricsResolutions{
HR: 1 * time.Second,
MR: 5 * time.Second,
LR: 60 * time.Second,
}
settings.MetricsResolutions = metricsResolutions
err = models.SaveSettings(sqlDB, settings)
require.NoError(t, err)

settings, err = models.GetSettings(sqlDB)
require.NoError(t, err)
require.Equal(t, metricsResolutions, settings.MetricsResolutions)

testdb.SetupDB(t, sqlDB, models.SkipFixtures, pointer.ToInt(10))
settings, err = models.GetSettings(sqlDB)
require.NoError(t, err)
require.Equal(t, models.MetricsResolutions{
HR: 1 * time.Second,
MR: 5 * time.Second,
LR: 60 * time.Second,
}, settings.MetricsResolutions)
})
t.Run("stats_collections field migration: string to string array", func(t *testing.T) {
sqlDB := testdb.Open(t, models.SkipFixtures, pointer.ToInt(57))
defer sqlDB.Close() //nolint:errcheck
Expand Down
Loading
Loading