Skip to content

Commit

Permalink
task: drop support for kmip and local file encryption (#2780)
Browse files Browse the repository at this point in the history
  • Loading branch information
gssbzn authored Mar 19, 2024
1 parent 861bd1b commit 3331701
Show file tree
Hide file tree
Showing 12 changed files with 23 additions and 596 deletions.
4 changes: 1 addition & 3 deletions internal/cli/atlas/logs/logs.go
Original file line number Diff line number Diff line change
Expand Up @@ -29,11 +29,9 @@ func Builder() *cobra.Command {
Short: "Download host logs for your project.",
}

keyProvidersCmd := decryption.KeyProvidersBuilder()
keyProvidersCmd.Hidden = true
cmd.AddCommand(
DownloadBuilder(),
keyProvidersCmd,
decryption.KeyProvidersBuilder(),
DecryptBuilder(),
)

Expand Down
1 change: 1 addition & 0 deletions internal/cli/decryption/key_providers.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ func KeyProvidersBuilder() *cobra.Command {
Use: "keyProviders",
Aliases: cli.GenerateAliases("keyProviders", "keys"),
Short: "Manage your key collections.",
Hidden: true,
}

cmd.AddCommand(KeyProvidersListBuilder())
Expand Down
28 changes: 0 additions & 28 deletions internal/cli/decryption/list_key_provider_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,12 +17,10 @@
package decryption

import (
"bytes"
"testing"

"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/flag"
"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/test"
"github.com/spf13/afero"
)

func TestListKeyProviderBuilder(t *testing.T) {
Expand All @@ -36,29 +34,3 @@ func TestListKeyProviderBuilder(t *testing.T) {
},
)
}

func TestKeyProviderListOpts_Run(t *testing.T) {
fileJSON := []byte(`{"ts":{"$date":{"$numberLong":"1644232049921"}},"version":"0.0","compressionMode":"zstd","keyStoreIdentifier":{"provider":"local","filename":"localKey"},"encryptedKey":{"$binary":{"base64":"+yjPCaKKE1M8fZmPGzGHkyfHYxaw34okpavsHzpd8iPVx2+JjOhXwXw5E2FdI5Rcb5JgmcPUFRPISh/7Si1R/g==","subType":"0"}},"MAC":"qE9fUsGK0EuRrrCRAQAAAAAAAAAAAAAA","auditRecordType":"header"}
{"ts":{"$date":{"$numberLong":"1644232049922"}},"log":"1Lu4o8XVMM/Rg7GKAQAAAAEAAAAAAAAA/8tXQ36mEd90OaAOzCOSti7N5a2jr0B9ek48/uvyteG/zUJHyM16Hs3wMEhDqTQGBwGhWSHEqXh0/5Jbz6tXsYHhDTMr1BOsn1zaavZScx/CkO5+Hd8Vx+zeFPREtQTe1y+JngXSIroezeyV0/zF4YC4vpug+OZtrEQLNEgwT2bjaqUyaKDbmzCNetd2Ff/eFfMFzinbzKVgXAC7T4YmDuowqXommEXLIBiYh2u4VagwJKZRw5OGZjnvqwyVpSPgGqLxGKUoFigh3NgC6EuGi17VIs5BLRZOIw7+OfbPgQQiKzjCxCk="}
{"ts":{"$date":{"$numberLong":"1644232049921"}},"version":"0.0","compressionMode":"zstd","keyStoreIdentifier":{"provider":"kmip","uid":"uniqueKeyID","kmipServerName":["kmipServerName"],"kmipPort":{"$numberInt":"8081"},"keyWrapMethod":"get"},"encryptedKey":{"$binary":{"base64":"+yjPCaKKE1M8fZmPGzGHkyfHYxaw34okpavsHzpd8iPVx2+JjOhXwXw5E2FdI5Rcb5JgmcPUFRPISh/7Si1R/g==","subType":"0"}},"MAC":"qE9fUsGK0EuRrrCRAQAAAAAAAAAAAAAA","auditRecordType":"header"}
{"ts":{"$date":{"$numberLong":"1644232049922"}},"log":"1Lu4o8XVMM/Rg7GKAQAAAAEAAAAAAAAA/8tXQ36mEd90OaAOzCOSti7N5a2jr0B9ek48/uvyteG/zUJHyM16Hs3wMEhDqTQGBwGhWSHEqXh0/5Jbz6tXsYHhDTMr1BOsn1zaavZScx/CkO5+Hd8Vx+zeFPREtQTe1y+JngXSIroezeyV0/zF4YC4vpug+OZtrEQLNEgwT2bjaqUyaKDbmzCNetd2Ff/eFfMFzinbzKVgXAC7T4YmDuowqXommEXLIBiYh2u4VagwJKZRw5OGZjnvqwyVpSPgGqLxGKUoFigh3NgC6EuGi17VIs5BLRZOIw7+OfbPgQQiKzjCxCk="}`)

listOpts := &KeyProviderListOpts{
file: "test",
fs: afero.NewMemMapFs(),
}
bufOut := new(bytes.Buffer)
_ = listOpts.InitOutput(bufOut, listTmpl)()
_ = afero.WriteFile(listOpts.fs, "test", fileJSON, 0600)

if err := listOpts.Run(); err != nil {
t.Fatalf("Run() unexpected error: %v", err)
}

expected := `local: Filename = localKey
kmip: Unique Key ID = "uniqueKeyID" KMIP Server Name = "[kmipServerName]" KMIP Port = "8081" Key Wrap Method = "get"
`
if bufOut.String() != expected {
t.Fatalf("Run() expected: %s got: %v", expected, bufOut.String())
}
}
6 changes: 3 additions & 3 deletions internal/decryption/audit_log_line_scanner.go
Original file line number Diff line number Diff line change
Expand Up @@ -56,12 +56,12 @@ func peekFirstByte(reader io.ReadSeeker) (byte, error) {
return b[0], nil
}

func readAuditLogFile(reader io.ReadSeeker) (AuditLogFormat, auditLogScanner, error) {
func readAuditLogFile(reader io.ReadSeeker) (auditLogScanner, error) {
auditLogFormat := BSON

b, err := peekFirstByte(reader)
if err != nil {
return auditLogFormat, nil, err
return nil, err
}

if b == '{' {
Expand All @@ -75,7 +75,7 @@ func readAuditLogFile(reader io.ReadSeeker) (AuditLogFormat, auditLogScanner, er
case JSON:
scanner = newJSONScanner(reader)
}
return auditLogFormat, scanner, err
return scanner, err
}

type auditLogScanner interface {
Expand Down
184 changes: 0 additions & 184 deletions internal/decryption/audit_log_line_scanner_test.go

This file was deleted.

2 changes: 1 addition & 1 deletion internal/decryption/decryption.go
Original file line number Diff line number Diff line change
Expand Up @@ -79,7 +79,7 @@ func WithAzureOpts(tenantID, clientID, secret string) func(d *Decryption) {
// the credentials provided by the user and the AES-GCM algorithm.
// The decrypted audit log records are saved in the out stream.
func (d *Decryption) Decrypt(logReader io.ReadSeeker, out io.Writer) error {
_, logLineScanner, err := readAuditLogFile(logReader)
logLineScanner, err := readAuditLogFile(logReader)
if err != nil {
return err
}
Expand Down
30 changes: 0 additions & 30 deletions internal/decryption/encrypted_audit_log.go
Original file line number Diff line number Diff line change
Expand Up @@ -32,13 +32,6 @@ type AuditRecordType string

type AuditLogLineKeyStoreIdentifier struct {
Provider *keyproviders.KeyStoreProvider `json:"provider,omitempty"`
// localKey
Filename string `json:"filename,omitempty"`
// kmip
UID string `json:"uniqueKeyID,omitempty"`
KMIPServerName []string `json:"kmipServerName,omitempty"`
KMIPPort int `json:"kmipPort,omitempty"`
KeyWrapMethod keyproviders.KMIPKeyWrapMethod `json:"keyWrapMethod,omitempty"`
// aws
Key string `json:"key,omitempty"`
Region string `json:"region,omitempty"`
Expand Down Expand Up @@ -76,29 +69,6 @@ func (logLine *AuditLogLine) KeyProvider(opts KeyProviderOpts) (keyproviders.Key
}

switch *logLine.KeyStoreIdentifier.Provider {
case keyproviders.LocalKey:
if opts.Local == nil {
return nil, fmt.Errorf("%w: %s", ErrKeyProviderNotSupported, *logLine.KeyStoreIdentifier.Provider)
}
return &keyproviders.LocalKeyIdentifier{
HeaderFilename: logLine.KeyStoreIdentifier.Filename,
Filename: opts.Local.KeyFileName,
}, nil
case keyproviders.KMIP:
if opts.KMIP == nil {
return nil, fmt.Errorf("%w: %s", ErrKeyProviderNotSupported, *logLine.KeyStoreIdentifier.Provider)
}
return &keyproviders.KMIPKeyIdentifier{
UniqueKeyID: logLine.KeyStoreIdentifier.UID,
ServerNames: logLine.KeyStoreIdentifier.KMIPServerName,
ServerPort: logLine.KeyStoreIdentifier.KMIPPort,
KeyWrapMethod: logLine.KeyStoreIdentifier.KeyWrapMethod,
ServerCAFileName: opts.KMIP.ServerCAFileName,
ClientCertificateFileName: opts.KMIP.ClientCertificateFileName,
ClientCertificatePassword: opts.KMIP.ClientCertificatePassword,
Username: opts.KMIP.Username,
Password: opts.KMIP.Password,
}, nil
case keyproviders.AWS:
if opts.AWS == nil {
return nil, fmt.Errorf("%w: %s", ErrKeyProviderNotSupported, *logLine.KeyStoreIdentifier.Provider)
Expand Down
21 changes: 13 additions & 8 deletions internal/decryption/header_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ package decryption

import (
"encoding/base64"
"fmt"
"testing"
"time"

Expand Down Expand Up @@ -96,7 +97,7 @@ func Test_validateMAC(t *testing.T) {
func Test_validateHeaderFields(t *testing.T) {
ts := time.Now()
invalidCompressionMode := "foo"
provider := keyproviders.LocalKey
provider := keyproviders.Azure
encryptedKey := []byte{0, 1, 2, 3}

testCases := []struct {
Expand Down Expand Up @@ -225,12 +226,16 @@ func Test_validateHeaderFields(t *testing.T) {
expectErr: true,
},
}
for _, testCase := range testCases {
err := validateHeaderFields(pointer.Get(testCase.input))
if testCase.expectErr && err == nil {
t.Errorf("expected: not nil got: %v", err)
} else if !testCase.expectErr && err != nil {
t.Errorf("expected: nil got: %v", err)
}
for i, tc := range testCases {
tt := tc
t.Run(fmt.Sprintf("test_%d", i), func(t *testing.T) {
t.Parallel()
err := validateHeaderFields(&tt.input)
if tt.expectErr && err == nil {
t.Errorf("expected: not nil got: %v", err)
} else if !tt.expectErr && err != nil {
t.Errorf("expected: nil got: %v", err)
}
})
}
}
8 changes: 3 additions & 5 deletions internal/decryption/keyproviders/key_provider.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,11 +24,9 @@ import (
type KeyStoreProvider string

const (
LocalKey KeyStoreProvider = "local"
KMIP KeyStoreProvider = "kmip"
AWS KeyStoreProvider = "aws"
GCP KeyStoreProvider = "gcp"
Azure KeyStoreProvider = "azure"
AWS KeyStoreProvider = "aws"
GCP KeyStoreProvider = "gcp"
Azure KeyStoreProvider = "azure"
)

type KeyProvider interface {
Expand Down
Loading

0 comments on commit 3331701

Please sign in to comment.