PMM-13132 Move encryption rotation to services.

percona · Sep 23, 2024 · 32a760d · 32a760d
1 parent 3f00936
commit 32a760d
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 6 deletions.
diff --git a/managed/cmd/pmm-encryption-rotation/main.go b/managed/cmd/pmm-encryption-rotation/main.go
@@ -25,6 +25,7 @@ import (
 	"github.com/sirupsen/logrus"
 
 	"github.com/percona/pmm/managed/models"
+	encryptionService "github.com/percona/pmm/managed/services/encryption"
 	"github.com/percona/pmm/utils/logger"
 	"github.com/percona/pmm/version"
 )
@@ -44,7 +45,7 @@ func main() {
 		os.Exit(codeDBConnectionFailed)
 	}
 
-	statusCode := models.RotateEncryptionKey(sqlDB, "pmm-managed")
+	statusCode := encryptionService.RotateEncryptionKey(sqlDB, "pmm-managed")
 	sqlDB.Close() //nolint:errcheck
 
 	os.Exit(statusCode)

diff --git a/managed/models/encryption_rotation.go → ...ervices/encryption/encryption_rotation.go b/managed/models/encryption_rotation.go → ...ervices/encryption/encryption_rotation.go
@@ -13,7 +13,7 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program. If not, see <https://www.gnu.org/licenses/>.
 
-package models
+package encryption
 
 import (
 	"database/sql"
@@ -26,6 +26,7 @@ import (
 	"gopkg.in/reform.v1"
 	"gopkg.in/reform.v1/dialects/postgresql"
 
+	"github.com/percona/pmm/managed/models"
 	"github.com/percona/pmm/managed/utils/encryption"
 )
 
@@ -109,7 +110,7 @@ func isPMMServerStatus(status string) bool {
 func rotateEncryptionKey(db *reform.DB, dbName string) error {
 	return db.InTransaction(func(tx *reform.TX) error {
 		logrus.Infof("DB %s is being decrypted", dbName)
-		err := DecryptDB(tx, dbName, DefaultAgentEncryptionColumns)
+		err := models.DecryptDB(tx, dbName, models.DefaultAgentEncryptionColumns)
 		if err != nil {
 			return err
 		}
@@ -123,7 +124,7 @@ func rotateEncryptionKey(db *reform.DB, dbName string) error {
 		logrus.Infof("New encryption key generated")
 
 		logrus.Infof("DB %s is being encrypted", dbName)
-		err = EncryptDB(tx, dbName, DefaultAgentEncryptionColumns)
+		err = models.EncryptDB(tx, dbName, models.DefaultAgentEncryptionColumns)
 		if err != nil {
 			if e := encryption.RestoreOldEncryptionKey(); e != nil {
 				return errors.Wrap(err, e.Error())

diff --git a/managed/models/encryption_rotation_test.go → ...es/encryption/encryption_rotation_test.go b/managed/models/encryption_rotation_test.go → ...es/encryption/encryption_rotation_test.go
@@ -13,7 +13,7 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program. If not, see <https://www.gnu.org/licenses/>.
 
-package models_test
+package encryption
 
 import (
 	"database/sql"
@@ -49,7 +49,7 @@ func TestEncryptionRotation(t *testing.T) {
 	err = insertTestData(db)
 	require.NoError(t, err)
 
-	statusCode := models.RotateEncryptionKey(db, "pmm-managed-dev")
+	statusCode := RotateEncryptionKey(db, "pmm-managed-dev")
 	require.Equal(t, 0, statusCode)
 
 	newEncryptionKey, err := os.ReadFile(encryptionKeyTestPath)