diff --git a/commands/run.go b/commands/run.go index 005abd799..51e390fee 100644 --- a/commands/run.go +++ b/commands/run.go @@ -17,6 +17,7 @@ package commands import ( "context" + "github.com/percona/pmm-agent/utils/encryption" "os" "os/signal" @@ -35,6 +36,10 @@ import ( func Run() { l := logrus.WithField("component", "main") ctx, cancel := context.WithCancel(context.Background()) + ctx, err := encryption.InjectEncryptorIfNotPresent(ctx) + if err != nil { + l.Fatalf("Failed to inject encryptor: %s.", err) + } defer l.Info("Done.") // handle termination signals diff --git a/connectionchecker/connection_checker.go b/connectionchecker/connection_checker.go index ebee94447..b668c5770 100644 --- a/connectionchecker/connection_checker.go +++ b/connectionchecker/connection_checker.go @@ -20,6 +20,7 @@ import ( "context" "database/sql" "fmt" + "github.com/percona/pmm-agent/utils/encryption" "io" "math" "net/http" @@ -65,6 +66,14 @@ func (cc *ConnectionChecker) Check(ctx context.Context, msg *agentpb.CheckConnec defer cancel() } + encryptor := encryption.GetEncryptor(ctx) + dsn, err := encryptor.DecryptDsn(msg.Dsn) + if err != nil { + cc.l.Debugf("Failed to decrypt DSN: %s", err) + } else { + msg.Dsn = dsn + } + switch msg.Type { case inventorypb.ServiceType_MYSQL_SERVICE: return cc.checkMySQLConnection(ctx, msg.Dsn, msg.TextFiles, msg.TlsSkipVerify, id) diff --git a/go.mod b/go.mod index f0da987dc..40f293d6c 100644 --- a/go.mod +++ b/go.mod @@ -25,7 +25,7 @@ require ( github.com/percona/exporter_shared v0.7.3 github.com/percona/go-mysql v0.0.0-20200630114833-b77f37c0bfa2 github.com/percona/percona-toolkit v3.2.1+incompatible - github.com/percona/pmm v0.0.0-20220516171205-6f9c9d3e0c6b + github.com/percona/pmm v0.0.0-20220523024928-d94947734674 github.com/pganalyze/pg_query_go v1.0.3 github.com/pkg/errors v0.9.1 github.com/prometheus/client_golang v1.12.2 diff --git a/go.sum b/go.sum index 5b4904b45..6ce9db692 100644 --- a/go.sum +++ b/go.sum @@ -122,7 +122,6 @@ github.com/go-openapi/loads v0.21.1 h1:Wb3nVZpdEzDTcly8S4HMkey6fjARRzb7iEaySimlD github.com/go-openapi/loads v0.21.1/go.mod h1:/DtAMXXneXFjbQMGEtbamCZb+4x7eGwkvZCvBmwUG+g= github.com/go-openapi/runtime v0.24.0 h1:vTgDijpGLCgJOJTdAp5kG+O+nRsVCbH417YQ3O0iZo0= github.com/go-openapi/runtime v0.24.0/go.mod h1:AKurw9fNre+h3ELZfk6ILsfvPN+bvvlaU/M9q/r9hpk= -github.com/go-openapi/spec v0.20.4 h1:O8hJrt0UMnhHcluhIdUgCLRWyM2x7QkBXRvOs7m+O1M= github.com/go-openapi/spec v0.20.4/go.mod h1:faYFR1CvsJZ0mNsmsphTMSoRrNV3TEDoAM7FOEWeq8I= github.com/go-openapi/spec v0.20.5 h1:skHa8av4VnAtJU5zyAUXrrdK/NDiVX8lchbG+BfcdrE= github.com/go-openapi/spec v0.20.5/go.mod h1:QbfOSIVt3/sac+a1wzmKbbcLXm5NdZnyBZYtCijp43o= @@ -294,7 +293,6 @@ github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0j github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/mitchellh/mapstructure v1.3.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= -github.com/mitchellh/mapstructure v1.4.3 h1:OVowDSCllw/YjdLkam3/sm7wEtOy59d8ndGgCcyj8cs= github.com/mitchellh/mapstructure v1.4.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= @@ -323,10 +321,8 @@ github.com/percona/go-mysql v0.0.0-20200630114833-b77f37c0bfa2 h1:0tQBti5FIrKfH3 github.com/percona/go-mysql v0.0.0-20200630114833-b77f37c0bfa2/go.mod h1:/SGLf9OMxlnK6jq4mkFiImBcJXXk5jwD+lDrwDaGXcw= github.com/percona/percona-toolkit v3.2.1+incompatible h1:5jLvtZKcu9fDmaLRB8qA4bLR727t5iYyguHJJQTk9w0= github.com/percona/percona-toolkit v3.2.1+incompatible/go.mod h1:netQWdWMaF1cnmwiIS+i5uyaqNXz46yNeM6HKkR6yeI= -github.com/percona/pmm v0.0.0-20220505164356-d8b4097358e1 h1:Iil3UzE49DPn4keMZ4apU396bzRJRQZvNGJc8jWRp08= -github.com/percona/pmm v0.0.0-20220505164356-d8b4097358e1/go.mod h1:k7HS59HPX33tmrSZGiNzUTYuLr0+a49F3BEZ48MAbuo= -github.com/percona/pmm v0.0.0-20220516171205-6f9c9d3e0c6b h1:i7MbHYxAT7AkX5PWBrC5W+0YA9rr/lgEq5OX3u0rJ2k= -github.com/percona/pmm v0.0.0-20220516171205-6f9c9d3e0c6b/go.mod h1:gr+WLd8clEAe2xMFgsGhpw9ziZc2UCWcfy6d3M6Aq00= +github.com/percona/pmm v0.0.0-20220523024928-d94947734674 h1:KWXwcENaXzZ7ep9zboSk6YnRrLM/O85+ptGQdlBQEJQ= +github.com/percona/pmm v0.0.0-20220523024928-d94947734674/go.mod h1:gr+WLd8clEAe2xMFgsGhpw9ziZc2UCWcfy6d3M6Aq00= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= @@ -338,7 +334,6 @@ github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5Fsn github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g= github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0= -github.com/prometheus/client_golang v1.12.1 h1:ZiaPsmm9uiBeaSMRznKsCDNtPCS0T3JVDGF+06gjBzk= github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY= github.com/prometheus/client_golang v1.12.2 h1:51L9cDoUHVrXx4zWYlcLQIZ+d+VXHgqnYKkIuq4g/34= github.com/prometheus/client_golang v1.12.2/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY= @@ -489,8 +484,6 @@ golang.org/x/net v0.0.0-20210421230115-4e50805a0758/go.mod h1:72T/g9IO56b78aLF+1 golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -golang.org/x/net v0.0.0-20220412020605-290c469a71a5 h1:bRb386wvrE+oBNdF1d/Xh9mQrfQ4ecYhW5qJ5GvTGT4= -golang.org/x/net v0.0.0-20220412020605-290c469a71a5/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4 h1:HVyaeDAYux4pnY+D/SiwmLOR36ewZ4iGQIIrtnuCjFA= golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= diff --git a/utils/encryption/default-key b/utils/encryption/default-key new file mode 100644 index 000000000..615705eff --- /dev/null +++ b/utils/encryption/default-key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCawg8C/6YNMFfi +QBUV6ifAsdxc6PO7+GBxrV/hsKCzJO+hR1yDsQAiWl+/XicJD7XNRcjeHSJYf9km +wc1vtbI1hlmmQIitaT1dS49vOKNrOMu8FozPJUtvzNAURK+4q6ZI5n5aLO+4cvYw +ZomotgjZ5UsMpfdNV4kJ7wcrwoDpdRq7by00MTKZ/8fKTsFAAg2RBOfAhYhf6XN4 +Yj54zNO6m0Mh/c4K+h79rWqnRE/uNDxtTZ+PpJQHROzcUSWpOwZlzM/rNqDbQJHS +FLOWo0jvzkxy/e1HGzPC76sRP0JXKNEb1jpf1Oo84Nu4zWfpoqVrVf1aS3fzouLR +OBe0X9K0kD8Ersms+tJHP68pqSGqpya508Dk16p2ML3aN3Ga0s5tWbgv84XQXBFg +AR5hFWIJk1OjwPASN5xgfL4U260bG84/+nXmKndgbogcanWQ+gZ3HDMAlAr3ntlW +pBQkIAIzaVw08RD6a5hFMwcti40zJVVb4451MWsXFQr/GKxiFvu0mg39plSvDDsp +UNUPoAMciavVMvuET2v+Sjd7/RNA3wP5+As+kovJqC64sjYfJFqXMVa5BIRZQ7P/ +YhDvqRGCUvbJBUA6HygbyxfrFdjV8Wl+m9l3hUJZ1Y5B9ba0Go4qlwyCaSDEpy0x +R4eGGDEYUjtvrlJcr248HdGzoRdt3wIDAQABAoICAClfF4RFs65y7gud9gUVw+rP +oYl0/TOTArVhE/DRtyQtC6Kh4SmTd+W3I0GVefoCKSfnL/uw7i2agALMbI8gk7Ob +Zvv65I73Q2BdgsrI6WcQl+aAYMQ/xBrvNfE1K4TC3oE+nSieOrekhAwMXWCsyVD2 +60lGVQZoEEqHi/M23B+NHshcwEjjnhNtPYvn4eGqqtXJ6eqdyAdb8XKNUQYaO7/3 +IctEfoCQvRgz8/8jU/rqG/1ccvuDk88drfR3/QlwrhUo26yVvgrfCByRTDFJFYaG +MAnNuFD6BKxoReMmdiW207ANZS2ZTcVYl2SgBNeAk5hONJye8EJBmUE1LaEavMj9 +429Ecc+9B88xuEkE/bxdWxTP446A+7xyhIoOUKgElr6yoUQFdZEOFCb99wIfqp/u +jDSIbT8LTC5VAH7tyB/YvP480LCKSblYD+jKzCx74H6ZJ0rxcNg+76Ip7ZEyA3uY +11vA9LTeKN4KQPxJ1odJdgGuV9Zvxs5IISNCPzMufCOxm16XJM7Ap8KQ39qX5l9i +gKAD39SApCThTty5D8OXBlb1xEXNMblXQXfUiSUnXTrg4sddTCwqbq15man6PR0D +qYppNd5NrCba0Zk3xrnUu09P1sRcHTSbOuMkkdFzWVOqAY4f6cA9ZSNJsKjyndPC +M4Ylb9ltLhg38CJucQgBAoIBAQDUJrJYfHTlEOXCx0Klz7f/vHa3nqqgIXOT8RMN +9dZ5+91KJTI855/NDRlgehKgC+0poqU9UfYYn6u2F+DaGX8ZtIKfUqEUHwHIS3JZ +Fn8dZT9prJsyzhP/EcOkpstKL4GwiLiIWmyqJA0byBRglbKKWK86NkS3y4q097h7 +6HqtnpyX1MdUvfbBRuWtEpOhjgDtrqIsl/6bAXrzLNqmpMNG4pEJ3IzB8+HYN84s +BRBdeo8BWAwoUY1VTtZIDjGkWDMmvYuKoc655s2VeUuvKljB5akUTlxBgOG+a32N +YYD9rmPpZRtOhoq4jdwvi8SwlyJ9lgBuIBwXXF37BbfnE5ZBAoIBAQC6vpZ9GFJJ +UAw/xwPPFhPsghO5WiBvBw9/GBvAlstItYZWpZjaA48wuSe8ffawiGG25gT+GPll +MaLBwbuhJu6GARb876QUUyxbwa2m7KPc6F7VRgs+OxxwNIEXCzn7KTs+gsLkYZpW +pSMBDPi/JgKXwOUs1EMRKM+47Ii5uCKYIa3mpmOjIb0fX8Kx/Ev0KBWiiPgLTPS/ +gvr19slvB+felwkiJ0cvZvKrVdki0Q/wOJsI/HNYwbzfRi9LAJX7vHnx6gN1eKtm ++P+N3mNp9Jo971GCT6mZxH9yyfNoQqRs6BcNqlK+I+0lBFHWduybozf+J4iaWgNi +bAghRaLoQTwfAoIBABrfD+XvVasR+dgy/vkbl1W4HF1jpn8D3azWczBofBMVWNEk +ZvmZ6P7C8vzqWWOWPyLv6/gZYo954fj9i0h0xEmQOJ9PiwGOb95b2A76r30cruyG +pV3JBnVfXaWETumFnOqsVptGwM7IJDTpodMeAvBNDVzVNN0G1fnYCrD/IFLPbUw5 +8kmEijWu8jZ6zOJAp1NztCzrz574kAcvHj7PTcCzv+U830NNzcRiRSYEOi9s76Ie +8eNFeR5eDvwveBA177yvc3ZKynF3j4CoTXLRbU6Z9VGSH1NYrL8+xDddK0Z2iUct +vEi09+sqZMJM9MvdSMwZbNKGFKjM1UaPUdzd+UECggEBAJRWM//mQ+bMWQ6ILXRf +2y+xG63N85l+CEcyhUjz/0IgPzewjrwOu70+Nlw5yqzriILaL/kPKXvCc8Bo/XvD +CxES6Im+aZ1jfAbez+uaaYdeZYYP/3pNRgezDR+a4VGqrM6428rB5PESd72r6iMc +NE8LAIAdk7CbtHT2Hp03sPMbPaHLZbX9ZNb5IBR1jnfBJ35WQoHnfTpq9qJOiC9U +HlDntG+Wt6rlobmLldFcM8bjj/MRZSaJrlfEzmhLbNfsHQmWk2zKj4xaGdU9Y8aU +b7jm0t4qHVRxi7NIy7pzxVxk93r5YoR60TLoPYGYMdZnTmDqUk4ZVjrmCYc0Y3UN +7I0CggEADTR7I5Pcgn1T5LkcZlESFfwGGkq5F3I1DckHz55jkdPS1bsFSAnJLnhS +Rw9iij+YxkpbFgmUlm2U4JGJFMg2IyZmBFuEAyKn3F3LuRR93Tw3LVJ0Rp2FuvUe +BAU5ZdcV9ZqBDCbYbiGmT6tTTuUaoJVqHWI/rWReRQH/mBSWE5WSdxs9RCk5ItkI +y0lN4ciGLSEtCJ0nPS5gsZSAjfR91rA8LzxfWGSvfGLBnQ9yZk+dWMEoJ1YfHdID +qPo3RhWm1PofU1GI1ZEmMSMSqpk+Ii+eeusWTbPhutodeQTi4fwvxsKscLEXND04 +281eBVUKTQll92Pc9h3YBktcWHXwfQ== +-----END PRIVATE KEY----- diff --git a/utils/encryption/encryption.go b/utils/encryption/encryption.go new file mode 100644 index 000000000..8bf2257d9 --- /dev/null +++ b/utils/encryption/encryption.go @@ -0,0 +1,33 @@ +package encryption + +import ( + "context" + _ "embed" + "github.com/percona/pmm/utils/rsa_encryptor" +) + +//go:embed default-key +var privateKey []byte + +const EncryptorKey = "encryptor" + +func NewFromDefaultKey() (*rsa_encryptor.Service, error) { + return rsa_encryptor.NewFromPrivateKey("d1", privateKey) +} + +func InjectEncryptorIfNotPresent(ctx context.Context) (context.Context, error) { + encryptor := ctx.Value(EncryptorKey) + if encryptor == nil { + encryptor, err := NewFromDefaultKey() + if err != nil { + return nil, err + } + return context.WithValue(ctx, EncryptorKey, encryptor), nil + } + + return ctx, nil +} + +func GetEncryptor(ctx context.Context) *rsa_encryptor.Service { + return ctx.Value(EncryptorKey).(*rsa_encryptor.Service) +}