keyManager, err := encryption.NewKeyManager(key, nil)
Expect(err).NotTo(HaveOccurred())
prng = &zeroReader{}
cryptor = encryption.NewCryptor(keyManager, prng)
})
JustBeforeEach(func() {
encoder = format.NewEncoder(cryptor)
})
Describe("Encode", func() {
Describe("LEGACY_UNENCODED", func() {
It("returns the payload back", func() {
payload := []byte("some-payload")
encoded, err := encoder.Encode(format.LEGACY_UNENCODED, payload)
Expect(err).NotTo(HaveOccurred())
Expect(encoded).To(Equal(payload))
})
})
Describe("UNENCODED", func() {
It("returns the payload back with an encoding type prefix", func() {
payload := []byte("some-payload")
encoded, err := encoder.Encode(format.UNENCODED, payload)
Expect(err).NotTo(HaveOccurred())
Expect(encoded).To(Equal(append([]byte("00"), payload...)))
})
})
Expect(err).NotTo(HaveOccurred())
return encryption.NewCryptor(keyManager, rand.Reader)
}
Describe("PerformEncryption", func() {
It("recursively re-encrypts all existing records", func() {
var cryptor encryption.Cryptor
var encoder format.Encoder
value1 := []byte("some text")
value2 := []byte("more text")
cryptor = makeCryptor("old")
encoder = format.NewEncoder(cryptor)
encoded1, err := encoder.Encode(format.BASE64_ENCRYPTED, value1)
Expect(err).NotTo(HaveOccurred())
encoded2, err := encoder.Encode(format.LEGACY_UNENCODED, value2)
Expect(err).NotTo(HaveOccurred())
_, err = storeClient.Set(fmt.Sprintf("%s/my/key-1", etcd.V1SchemaRoot), encoded1, etcd.NO_TTL)
Expect(err).NotTo(HaveOccurred())
_, err = storeClient.Set(fmt.Sprintf("%s/my/nested/key-2", etcd.V1SchemaRoot), encoded2, etcd.NO_TTL)
Expect(err).NotTo(HaveOccurred())
cryptor = makeCryptor("new", "old")
etcdDB = etcd.NewETCD(format.ENCRYPTED_PROTO, 100, 100, DesiredLRPCreationTimeout, cryptor, storeClient, clock)
err = etcdDB.PerformEncryption(logger)
Expect(err).NotTo(HaveOccurred())
Describe("PerformEncryption", func() {
It("recursively re-encrypts all existing records", func() {
var cryptor encryption.Cryptor
var encoder format.Encoder
value1 := []byte("some text")
value2 := []byte("another value")
value3 := []byte("more value")
value4 := []byte("actual value")
taskGuid := "uniquetaskguid"
processGuid := "uniqueprocessguid"
cryptor = makeCryptor("old")
encoder = format.NewEncoder(cryptor)
encoded1, err := encoder.Encode(format.BASE64_ENCRYPTED, value1)
Expect(err).NotTo(HaveOccurred())
encoded2, err := encoder.Encode(format.BASE64_ENCRYPTED, value2)
Expect(err).NotTo(HaveOccurred())
encoded3, err := encoder.Encode(format.BASE64_ENCRYPTED, value3)
Expect(err).NotTo(HaveOccurred())
encoded4, err := encoder.Encode(format.BASE64_ENCRYPTED, value4)
Expect(err).NotTo(HaveOccurred())
queryStr := "INSERT INTO tasks (guid, domain, task_definition) VALUES (?, ?, ?)"
if test_helpers.UsePostgres() {
queryStr = test_helpers.ReplaceQuestionMarks(queryStr)
}