Skip to content
This repository has been archived by the owner on Aug 24, 2022. It is now read-only.

PMM-9947: Encryption PoC #385

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

PMM-9947: Encryption PoC #385

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
4c8c493
Encryption PoC
ritbl May 17, 2022
897ff5b
update pmm ref
ritbl May 23, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions commands/run.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ package commands

import (
"context"
"github.com/percona/pmm-agent/utils/encryption"
"os"
"os/signal"

Expand All @@ -35,6 +36,10 @@ import (
func Run() {
l := logrus.WithField("component", "main")
ctx, cancel := context.WithCancel(context.Background())
ctx, err := encryption.InjectEncryptorIfNotPresent(ctx)
if err != nil {
l.Fatalf("Failed to inject encryptor: %s.", err)
}
defer l.Info("Done.")

// handle termination signals
Expand Down
9 changes: 9 additions & 0 deletions connectionchecker/connection_checker.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ import (
"context"
"database/sql"
"fmt"
"github.com/percona/pmm-agent/utils/encryption"
"io"
"math"
"net/http"
Expand Down Expand Up @@ -65,6 +66,14 @@ func (cc *ConnectionChecker) Check(ctx context.Context, msg *agentpb.CheckConnec
defer cancel()
}

encryptor := encryption.GetEncryptor(ctx)
dsn, err := encryptor.DecryptDsn(msg.Dsn)
if err != nil {
cc.l.Debugf("Failed to decrypt DSN: %s", err)
} else {
msg.Dsn = dsn
}

switch msg.Type {
case inventorypb.ServiceType_MYSQL_SERVICE:
return cc.checkMySQLConnection(ctx, msg.Dsn, msg.TextFiles, msg.TlsSkipVerify, id)
Expand Down
2 changes: 1 addition & 1 deletion go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ require (
github.com/percona/exporter_shared v0.7.3
github.com/percona/go-mysql v0.0.0-20200630114833-b77f37c0bfa2
github.com/percona/percona-toolkit v3.2.1+incompatible
github.com/percona/pmm v0.0.0-20220516171205-6f9c9d3e0c6b
github.com/percona/pmm v0.0.0-20220523024928-d94947734674
github.com/pganalyze/pg_query_go v1.0.3
github.com/pkg/errors v0.9.1
github.com/prometheus/client_golang v1.12.2
Expand Down
11 changes: 2 additions & 9 deletions go.sum
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -122,7 +122,6 @@ github.com/go-openapi/loads v0.21.1 h1:Wb3nVZpdEzDTcly8S4HMkey6fjARRzb7iEaySimlD
github.com/go-openapi/loads v0.21.1/go.mod h1:/DtAMXXneXFjbQMGEtbamCZb+4x7eGwkvZCvBmwUG+g=
github.com/go-openapi/runtime v0.24.0 h1:vTgDijpGLCgJOJTdAp5kG+O+nRsVCbH417YQ3O0iZo0=
github.com/go-openapi/runtime v0.24.0/go.mod h1:AKurw9fNre+h3ELZfk6ILsfvPN+bvvlaU/M9q/r9hpk=
github.com/go-openapi/spec v0.20.4 h1:O8hJrt0UMnhHcluhIdUgCLRWyM2x7QkBXRvOs7m+O1M=
github.com/go-openapi/spec v0.20.4/go.mod h1:faYFR1CvsJZ0mNsmsphTMSoRrNV3TEDoAM7FOEWeq8I=
github.com/go-openapi/spec v0.20.5 h1:skHa8av4VnAtJU5zyAUXrrdK/NDiVX8lchbG+BfcdrE=
github.com/go-openapi/spec v0.20.5/go.mod h1:QbfOSIVt3/sac+a1wzmKbbcLXm5NdZnyBZYtCijp43o=
Expand Down Expand Up @@ -294,7 +293,6 @@ github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0j
github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
github.com/mitchellh/mapstructure v1.3.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
github.com/mitchellh/mapstructure v1.4.3 h1:OVowDSCllw/YjdLkam3/sm7wEtOy59d8ndGgCcyj8cs=
github.com/mitchellh/mapstructure v1.4.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
Expand Down Expand Up @@ -323,10 +321,8 @@ github.com/percona/go-mysql v0.0.0-20200630114833-b77f37c0bfa2 h1:0tQBti5FIrKfH3
github.com/percona/go-mysql v0.0.0-20200630114833-b77f37c0bfa2/go.mod h1:/SGLf9OMxlnK6jq4mkFiImBcJXXk5jwD+lDrwDaGXcw=
github.com/percona/percona-toolkit v3.2.1+incompatible h1:5jLvtZKcu9fDmaLRB8qA4bLR727t5iYyguHJJQTk9w0=
github.com/percona/percona-toolkit v3.2.1+incompatible/go.mod h1:netQWdWMaF1cnmwiIS+i5uyaqNXz46yNeM6HKkR6yeI=
github.com/percona/pmm v0.0.0-20220505164356-d8b4097358e1 h1:Iil3UzE49DPn4keMZ4apU396bzRJRQZvNGJc8jWRp08=
github.com/percona/pmm v0.0.0-20220505164356-d8b4097358e1/go.mod h1:k7HS59HPX33tmrSZGiNzUTYuLr0+a49F3BEZ48MAbuo=
github.com/percona/pmm v0.0.0-20220516171205-6f9c9d3e0c6b h1:i7MbHYxAT7AkX5PWBrC5W+0YA9rr/lgEq5OX3u0rJ2k=
github.com/percona/pmm v0.0.0-20220516171205-6f9c9d3e0c6b/go.mod h1:gr+WLd8clEAe2xMFgsGhpw9ziZc2UCWcfy6d3M6Aq00=
github.com/percona/pmm v0.0.0-20220523024928-d94947734674 h1:KWXwcENaXzZ7ep9zboSk6YnRrLM/O85+ptGQdlBQEJQ=
github.com/percona/pmm v0.0.0-20220523024928-d94947734674/go.mod h1:gr+WLd8clEAe2xMFgsGhpw9ziZc2UCWcfy6d3M6Aq00=
github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
Expand All @@ -338,7 +334,6 @@ github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5Fsn
github.com/prometheus/client_golang v1.1.0/go.mod h1:I1FGZT9+L76gKKOs5djB6ezCbFQP1xR9D75/vuwEF3g=
github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M=
github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqroYurpAkEiz0P2BEV0=
github.com/prometheus/client_golang v1.12.1 h1:ZiaPsmm9uiBeaSMRznKsCDNtPCS0T3JVDGF+06gjBzk=
github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY=
github.com/prometheus/client_golang v1.12.2 h1:51L9cDoUHVrXx4zWYlcLQIZ+d+VXHgqnYKkIuq4g/34=
github.com/prometheus/client_golang v1.12.2/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY=
Expand Down Expand Up @@ -489,8 +484,6 @@ golang.org/x/net v0.0.0-20210421230115-4e50805a0758/go.mod h1:72T/g9IO56b78aLF+1
golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
golang.org/x/net v0.0.0-20220412020605-290c469a71a5 h1:bRb386wvrE+oBNdF1d/Xh9mQrfQ4ecYhW5qJ5GvTGT4=
golang.org/x/net v0.0.0-20220412020605-290c469a71a5/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4 h1:HVyaeDAYux4pnY+D/SiwmLOR36ewZ4iGQIIrtnuCjFA=
golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
Expand Down
52 changes: 52 additions & 0 deletions utils/encryption/default-key
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
-----BEGIN PRIVATE KEY-----
MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCawg8C/6YNMFfi
QBUV6ifAsdxc6PO7+GBxrV/hsKCzJO+hR1yDsQAiWl+/XicJD7XNRcjeHSJYf9km
wc1vtbI1hlmmQIitaT1dS49vOKNrOMu8FozPJUtvzNAURK+4q6ZI5n5aLO+4cvYw
ZomotgjZ5UsMpfdNV4kJ7wcrwoDpdRq7by00MTKZ/8fKTsFAAg2RBOfAhYhf6XN4
Yj54zNO6m0Mh/c4K+h79rWqnRE/uNDxtTZ+PpJQHROzcUSWpOwZlzM/rNqDbQJHS
FLOWo0jvzkxy/e1HGzPC76sRP0JXKNEb1jpf1Oo84Nu4zWfpoqVrVf1aS3fzouLR
OBe0X9K0kD8Ersms+tJHP68pqSGqpya508Dk16p2ML3aN3Ga0s5tWbgv84XQXBFg
AR5hFWIJk1OjwPASN5xgfL4U260bG84/+nXmKndgbogcanWQ+gZ3HDMAlAr3ntlW
pBQkIAIzaVw08RD6a5hFMwcti40zJVVb4451MWsXFQr/GKxiFvu0mg39plSvDDsp
UNUPoAMciavVMvuET2v+Sjd7/RNA3wP5+As+kovJqC64sjYfJFqXMVa5BIRZQ7P/
YhDvqRGCUvbJBUA6HygbyxfrFdjV8Wl+m9l3hUJZ1Y5B9ba0Go4qlwyCaSDEpy0x
R4eGGDEYUjtvrlJcr248HdGzoRdt3wIDAQABAoICAClfF4RFs65y7gud9gUVw+rP
oYl0/TOTArVhE/DRtyQtC6Kh4SmTd+W3I0GVefoCKSfnL/uw7i2agALMbI8gk7Ob
Zvv65I73Q2BdgsrI6WcQl+aAYMQ/xBrvNfE1K4TC3oE+nSieOrekhAwMXWCsyVD2
60lGVQZoEEqHi/M23B+NHshcwEjjnhNtPYvn4eGqqtXJ6eqdyAdb8XKNUQYaO7/3
IctEfoCQvRgz8/8jU/rqG/1ccvuDk88drfR3/QlwrhUo26yVvgrfCByRTDFJFYaG
MAnNuFD6BKxoReMmdiW207ANZS2ZTcVYl2SgBNeAk5hONJye8EJBmUE1LaEavMj9
429Ecc+9B88xuEkE/bxdWxTP446A+7xyhIoOUKgElr6yoUQFdZEOFCb99wIfqp/u
jDSIbT8LTC5VAH7tyB/YvP480LCKSblYD+jKzCx74H6ZJ0rxcNg+76Ip7ZEyA3uY
11vA9LTeKN4KQPxJ1odJdgGuV9Zvxs5IISNCPzMufCOxm16XJM7Ap8KQ39qX5l9i
gKAD39SApCThTty5D8OXBlb1xEXNMblXQXfUiSUnXTrg4sddTCwqbq15man6PR0D
qYppNd5NrCba0Zk3xrnUu09P1sRcHTSbOuMkkdFzWVOqAY4f6cA9ZSNJsKjyndPC
M4Ylb9ltLhg38CJucQgBAoIBAQDUJrJYfHTlEOXCx0Klz7f/vHa3nqqgIXOT8RMN
9dZ5+91KJTI855/NDRlgehKgC+0poqU9UfYYn6u2F+DaGX8ZtIKfUqEUHwHIS3JZ
Fn8dZT9prJsyzhP/EcOkpstKL4GwiLiIWmyqJA0byBRglbKKWK86NkS3y4q097h7
6HqtnpyX1MdUvfbBRuWtEpOhjgDtrqIsl/6bAXrzLNqmpMNG4pEJ3IzB8+HYN84s
BRBdeo8BWAwoUY1VTtZIDjGkWDMmvYuKoc655s2VeUuvKljB5akUTlxBgOG+a32N
YYD9rmPpZRtOhoq4jdwvi8SwlyJ9lgBuIBwXXF37BbfnE5ZBAoIBAQC6vpZ9GFJJ
UAw/xwPPFhPsghO5WiBvBw9/GBvAlstItYZWpZjaA48wuSe8ffawiGG25gT+GPll
MaLBwbuhJu6GARb876QUUyxbwa2m7KPc6F7VRgs+OxxwNIEXCzn7KTs+gsLkYZpW
pSMBDPi/JgKXwOUs1EMRKM+47Ii5uCKYIa3mpmOjIb0fX8Kx/Ev0KBWiiPgLTPS/
gvr19slvB+felwkiJ0cvZvKrVdki0Q/wOJsI/HNYwbzfRi9LAJX7vHnx6gN1eKtm
+P+N3mNp9Jo971GCT6mZxH9yyfNoQqRs6BcNqlK+I+0lBFHWduybozf+J4iaWgNi
bAghRaLoQTwfAoIBABrfD+XvVasR+dgy/vkbl1W4HF1jpn8D3azWczBofBMVWNEk
ZvmZ6P7C8vzqWWOWPyLv6/gZYo954fj9i0h0xEmQOJ9PiwGOb95b2A76r30cruyG
pV3JBnVfXaWETumFnOqsVptGwM7IJDTpodMeAvBNDVzVNN0G1fnYCrD/IFLPbUw5
8kmEijWu8jZ6zOJAp1NztCzrz574kAcvHj7PTcCzv+U830NNzcRiRSYEOi9s76Ie
8eNFeR5eDvwveBA177yvc3ZKynF3j4CoTXLRbU6Z9VGSH1NYrL8+xDddK0Z2iUct
vEi09+sqZMJM9MvdSMwZbNKGFKjM1UaPUdzd+UECggEBAJRWM//mQ+bMWQ6ILXRf
2y+xG63N85l+CEcyhUjz/0IgPzewjrwOu70+Nlw5yqzriILaL/kPKXvCc8Bo/XvD
CxES6Im+aZ1jfAbez+uaaYdeZYYP/3pNRgezDR+a4VGqrM6428rB5PESd72r6iMc
NE8LAIAdk7CbtHT2Hp03sPMbPaHLZbX9ZNb5IBR1jnfBJ35WQoHnfTpq9qJOiC9U
HlDntG+Wt6rlobmLldFcM8bjj/MRZSaJrlfEzmhLbNfsHQmWk2zKj4xaGdU9Y8aU
b7jm0t4qHVRxi7NIy7pzxVxk93r5YoR60TLoPYGYMdZnTmDqUk4ZVjrmCYc0Y3UN
7I0CggEADTR7I5Pcgn1T5LkcZlESFfwGGkq5F3I1DckHz55jkdPS1bsFSAnJLnhS
Rw9iij+YxkpbFgmUlm2U4JGJFMg2IyZmBFuEAyKn3F3LuRR93Tw3LVJ0Rp2FuvUe
BAU5ZdcV9ZqBDCbYbiGmT6tTTuUaoJVqHWI/rWReRQH/mBSWE5WSdxs9RCk5ItkI
y0lN4ciGLSEtCJ0nPS5gsZSAjfR91rA8LzxfWGSvfGLBnQ9yZk+dWMEoJ1YfHdID
qPo3RhWm1PofU1GI1ZEmMSMSqpk+Ii+eeusWTbPhutodeQTi4fwvxsKscLEXND04
281eBVUKTQll92Pc9h3YBktcWHXwfQ==
-----END PRIVATE KEY-----
33 changes: 33 additions & 0 deletions utils/encryption/encryption.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
package encryption

import (
"context"
_ "embed"
"github.com/percona/pmm/utils/rsa_encryptor"
)

//go:embed default-key
var privateKey []byte

const EncryptorKey = "encryptor"

func NewFromDefaultKey() (*rsa_encryptor.Service, error) {
return rsa_encryptor.NewFromPrivateKey("d1", privateKey)
}

func InjectEncryptorIfNotPresent(ctx context.Context) (context.Context, error) {
encryptor := ctx.Value(EncryptorKey)
if encryptor == nil {
encryptor, err := NewFromDefaultKey()
if err != nil {
return nil, err
}
return context.WithValue(ctx, EncryptorKey, encryptor), nil
}

return ctx, nil
}

func GetEncryptor(ctx context.Context) *rsa_encryptor.Service {
return ctx.Value(EncryptorKey).(*rsa_encryptor.Service)
}