#81 remove encrypted config from ecosystemState

cloudogu · Oct 7, 2024 · d259635 · d259635
1 parent 70407e5
commit d259635
Show file tree

Hide file tree

Showing 11 changed files with 28 additions and 332 deletions.
diff --git a/pkg/adapter/config/etcd/sensitiveDoguConfigRepository.go b/pkg/adapter/config/etcd/sensitiveDoguConfigRepository.go
@@ -27,7 +27,7 @@ func (e SensitiveDoguConfigRepository) Get(_ context.Context, key common.Sensiti
 
 	return &ecosystem.SensitiveDoguConfigEntry{
 		Key:   key,
-		Value: common.EncryptedDoguConfigValue(entry),
+		Value: common.SensitiveDoguConfigValue(entry),
 	}, nil
 }
 

diff --git a/pkg/application/ecosystemConfigUseCase.go b/pkg/application/ecosystemConfigUseCase.go
@@ -7,7 +7,6 @@ import (
 	"github.com/cloudogu/k8s-blueprint-operator/pkg/domain"
 	"github.com/cloudogu/k8s-blueprint-operator/pkg/domain/common"
 	"github.com/cloudogu/k8s-blueprint-operator/pkg/domain/ecosystem"
-	"github.com/cloudogu/k8s-blueprint-operator/pkg/domainservice"
 	"sigs.k8s.io/controller-runtime/pkg/log"
 )
 
@@ -150,24 +149,10 @@ func callIfNotEmpty[T ecosystem.RegistryConfigEntry | common.RegistryConfigKey](
 	return nil
 }
 
-func getSensitiveDoguConfigEntryWithEncryption(doguName common.SimpleDoguName, diff domain.SensitiveDoguConfigEntryDiff, encryptedEntryValues map[common.SensitiveDoguConfigKey]common.EncryptedDoguConfigValue) (*ecosystem.SensitiveDoguConfigEntry, error) {
-	entry := getSensitiveDoguConfigEntry(doguName, diff)
-	if encryptedEntryValues == nil {
-		return nil, domainservice.NewInternalError(errSensitiveDoguConfigEntry, "encrypted entry value map is nil")
-	}
-	value, ok := encryptedEntryValues[entry.Key]
-	if !ok {
-		return nil, domainservice.NewNotFoundError(errSensitiveDoguConfigEntry, "did not find encrypted value for key %s", entry.Key.Key)
-	}
-	entry.Value = value
-
-	return entry, nil
-}
-
 func getSensitiveDoguConfigEntry(doguName common.SimpleDoguName, diff domain.SensitiveDoguConfigEntryDiff) *ecosystem.SensitiveDoguConfigEntry {
 	return &ecosystem.SensitiveDoguConfigEntry{
 		Key:   common.SensitiveDoguConfigKey{DoguConfigKey: common.DoguConfigKey{DoguName: doguName, Key: diff.Key.Key}},
-		Value: common.EncryptedDoguConfigValue(diff.Expected.Value),
+		Value: common.SensitiveDoguConfigValue(diff.Expected.Value),
 	}
 }
 

diff --git a/pkg/application/ecosystemConfigUseCase_test.go b/pkg/application/ecosystemConfigUseCase_test.go
@@ -336,11 +336,11 @@ func TestEcosystemConfigUseCase_applySensitiveDoguConfigDiffs(t *testing.T) {
 
 		expectedEntry1 := &ecosystem.SensitiveDoguConfigEntry{
 			Key:   common.SensitiveDoguConfigKey{DoguConfigKey: common.DoguConfigKey{DoguName: testSimpleDoguNameRedmine, Key: diff1.Key.Key}},
-			Value: common.EncryptedDoguConfigValue("value1"),
+			Value: common.SensitiveDoguConfigValue("value1"),
 		}
 		expectedEntry2 := &ecosystem.SensitiveDoguConfigEntry{
 			Key:   common.SensitiveDoguConfigKey{DoguConfigKey: common.DoguConfigKey{DoguName: testSimpleDoguNameRedmine, Key: diff2.Key.Key}},
-			Value: common.EncryptedDoguConfigValue("value2"),
+			Value: common.SensitiveDoguConfigValue("value2"),
 		}
 
 		sensitiveDoguConfigMock.EXPECT().SaveAll(testCtx, []*ecosystem.SensitiveDoguConfigEntry{expectedEntry1, expectedEntry2}).Return(nil).Times(1)

diff --git a/pkg/application/stateDiffUseCase.go b/pkg/application/stateDiffUseCase.go
@@ -5,7 +5,6 @@ import (
 	"errors"
 	"fmt"
 	"github.com/cloudogu/k8s-blueprint-operator/pkg/domain"
-	"github.com/cloudogu/k8s-blueprint-operator/pkg/domain/common"
 	"github.com/cloudogu/k8s-blueprint-operator/pkg/domain/ecosystem"
 	"sigs.k8s.io/controller-runtime/pkg/log"
 
@@ -107,17 +106,11 @@ func (useCase *StateDiffUseCase) collectEcosystemState(ctx context.Context, effe
 		return ecosystem.EcosystemState{}, fmt.Errorf("could not collect ecosystem state: %w", joinedError)
 	}
 
-	sensitiveConfig := map[common.SensitiveDoguConfigKey]common.SensitiveDoguConfigValue{}
-	for key, entry := range sensitiveDoguConfig {
-		sensitiveConfig[key] = common.SensitiveDoguConfigValue(entry.Value)
-	}
-
 	return ecosystem.EcosystemState{
-		InstalledDogus:               installedDogus,
-		InstalledComponents:          installedComponents,
-		GlobalConfig:                 globalConfig,
-		DoguConfig:                   doguConfig,
-		EncryptedDoguConfig:          sensitiveDoguConfig,
-		DecryptedSensitiveDoguConfig: sensitiveConfig,
+		InstalledDogus:      installedDogus,
+		InstalledComponents: installedComponents,
+		GlobalConfig:        globalConfig,
+		DoguConfig:          doguConfig,
+		SensitiveDoguConfig: sensitiveDoguConfig,
 	}, nil
 }
diff --git a/pkg/application/stateDiffUseCase_test.go b/pkg/application/stateDiffUseCase_test.go
@@ -713,12 +713,9 @@ func TestStateDiffUseCase_collectEcosystemState(t *testing.T) {
 		assert.Equal(t, ecosystem.EcosystemState{
 			GlobalConfig: map[common.GlobalConfigKey]*ecosystem.GlobalConfigEntry{},
 			DoguConfig:   map[common.DoguConfigKey]*ecosystem.DoguConfigEntry{},
-			EncryptedDoguConfig: map[common.SensitiveDoguConfigKey]*ecosystem.SensitiveDoguConfigEntry{
+			SensitiveDoguConfig: map[common.SensitiveDoguConfigKey]*ecosystem.SensitiveDoguConfigEntry{
 				nginxStaticSensitiveConfigKeyNginxKey1: encryptedEntry,
 			},
-			DecryptedSensitiveDoguConfig: map[common.SensitiveDoguConfigKey]common.SensitiveDoguConfigValue{
-				nginxStaticSensitiveConfigKeyNginxKey1: "val1",
-			},
 		}, ecosystemState)
 	})
 	t.Run("fail with internalError and notFoundError", func(t *testing.T) {

diff --git a/pkg/domain/common/configNames.go b/pkg/domain/common/configNames.go
@@ -44,6 +44,3 @@ type DoguConfigValue string
 
 // SensitiveDoguConfigValue is a single unencrypted sensitive dogu config value
 type SensitiveDoguConfigValue string
-
-// EncryptedDoguConfigValue is a single encrypted sensitive dogu config value
-type EncryptedDoguConfigValue string
diff --git a/pkg/domain/ecosystem/EcosystemState.go b/pkg/domain/ecosystem/EcosystemState.go
@@ -6,12 +6,11 @@ import (
 )
 
 type EcosystemState struct {
-	InstalledDogus               map[common.SimpleDoguName]*DoguInstallation
-	InstalledComponents          map[common.SimpleComponentName]*ComponentInstallation
-	GlobalConfig                 map[common.GlobalConfigKey]*GlobalConfigEntry
-	DoguConfig                   map[common.DoguConfigKey]*DoguConfigEntry
-	EncryptedDoguConfig          map[common.SensitiveDoguConfigKey]*SensitiveDoguConfigEntry
-	DecryptedSensitiveDoguConfig map[common.SensitiveDoguConfigKey]common.SensitiveDoguConfigValue
+	InstalledDogus      map[common.SimpleDoguName]*DoguInstallation
+	InstalledComponents map[common.SimpleComponentName]*ComponentInstallation
+	GlobalConfig        map[common.GlobalConfigKey]*GlobalConfigEntry
+	DoguConfig          map[common.DoguConfigKey]*DoguConfigEntry
+	SensitiveDoguConfig map[common.SensitiveDoguConfigKey]*SensitiveDoguConfigEntry
 }
 
 func (state EcosystemState) GetInstalledDoguNames() []common.SimpleDoguName {

diff --git a/pkg/domain/ecosystem/ecosystemConfig.go b/pkg/domain/ecosystem/ecosystemConfig.go
@@ -26,7 +26,7 @@ type DoguConfigEntry struct {
 
 type SensitiveDoguConfigEntry struct {
 	Key   common.SensitiveDoguConfigKey
-	Value common.EncryptedDoguConfigValue
+	Value common.SensitiveDoguConfigValue
 	// PersistenceContext can hold generic values needed for persistence with repositories, e.g. version counters or transaction contexts.
 	// This field has a generic map type as the values within it highly depend on the used type of repository.
 	// This field should be ignored in the whole domain.

diff --git a/pkg/domain/stateDiffConfig.go b/pkg/domain/stateDiffConfig.go
@@ -52,7 +52,13 @@ func determineConfigDiffs(
 	blueprintConfig Config,
 	clusterState ecosystem.EcosystemState,
 ) (map[common.SimpleDoguName]CombinedDoguConfigDiffs, GlobalConfigDiffs) {
-	return determineDogusConfigDiffs(blueprintConfig.Dogus, clusterState.DoguConfig, clusterState.DecryptedSensitiveDoguConfig, clusterState.GetInstalledDoguNames()),
+
+	sensitiveConfig := map[common.SensitiveDoguConfigKey]common.SensitiveDoguConfigValue{}
+	for key, entry := range clusterState.SensitiveDoguConfig {
+		sensitiveConfig[key] = entry.Value
+	}
+
+	return determineDogusConfigDiffs(blueprintConfig.Dogus, clusterState.DoguConfig, sensitiveConfig, clusterState.GetInstalledDoguNames()),
 		determineGlobalConfigDiffs(blueprintConfig.Global, clusterState.GlobalConfig)
 }
 

diff --git a/pkg/domain/stateDiffConfig_test.go b/pkg/domain/stateDiffConfig_test.go
@@ -40,9 +40,8 @@ func Test_determineConfigDiff(t *testing.T) {
 				"key3": {Key: "key3", Value: "value3"}, // for action delete
 				// key4 is absent -> action none
 			},
-			DoguConfig:                   map[common.DoguConfigKey]*ecosystem.DoguConfigEntry{},
-			EncryptedDoguConfig:          map[common.SensitiveDoguConfigKey]*ecosystem.SensitiveDoguConfigEntry{},
-			DecryptedSensitiveDoguConfig: nil,
+			DoguConfig:          map[common.DoguConfigKey]*ecosystem.DoguConfigEntry{},
+			SensitiveDoguConfig: map[common.SensitiveDoguConfigKey]*ecosystem.SensitiveDoguConfigEntry{},
 		}
 		//given blueprint config
 		config := Config{
@@ -122,9 +121,8 @@ func Test_determineConfigDiff(t *testing.T) {
 				dogu1Key3: {Key: dogu1Key3, Value: "value"}, //action delete
 				//dogu1Key4 -> absent, so action none
 			},
-			EncryptedDoguConfig:          map[common.SensitiveDoguConfigKey]*ecosystem.SensitiveDoguConfigEntry{},
-			DecryptedSensitiveDoguConfig: nil,
-			InstalledDogus:               map[common.SimpleDoguName]*ecosystem.DoguInstallation{"dogu1": {}},
+			SensitiveDoguConfig: map[common.SensitiveDoguConfigKey]*ecosystem.SensitiveDoguConfigEntry{},
+			InstalledDogus:      map[common.SimpleDoguName]*ecosystem.DoguInstallation{"dogu1": {}},
 		}
 
 		//given blueprint config
@@ -208,20 +206,13 @@ func Test_determineConfigDiff(t *testing.T) {
 	t.Run("all actions for sensitive dogu config for present dogu", func(t *testing.T) {
 		//given ecosystem config
 		clusterState := ecosystem.EcosystemState{
-			EncryptedDoguConfig: map[common.SensitiveDoguConfigKey]*ecosystem.SensitiveDoguConfigEntry{
+			SensitiveDoguConfig: map[common.SensitiveDoguConfigKey]*ecosystem.SensitiveDoguConfigEntry{
 				sensitiveDogu1Key1: {Key: sensitiveDogu1Key1, Value: "value"}, //action none
 				sensitiveDogu1Key2: {Key: sensitiveDogu1Key2, Value: "value"}, //action set
 				sensitiveDogu1Key3: {Key: sensitiveDogu1Key3, Value: "value"}, //action setEncrypted
 				//sensitiveDogu1Key4 absent, action none
 				//sensitiveDogu2Key1 absent, action setToEncrypt
 			},
-			DecryptedSensitiveDoguConfig: map[common.SensitiveDoguConfigKey]common.SensitiveDoguConfigValue{
-				sensitiveDogu1Key1: "value",
-				sensitiveDogu1Key2: "value",
-				sensitiveDogu1Key3: "value",
-				//sensitiveDogu1Key4 absent
-				//sensitiveDogu2Key1 absent, action setToEncrypt
-			},
 			InstalledDogus: map[common.SimpleDoguName]*ecosystem.DoguInstallation{"dogu1": {}},
 		}