3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-29 17:07:24 +02:00
Code Issues Projects Releases Packages Wiki Activity

propagate changes back from encrypted backend (#2079)

Browse source
This commit is contained in:
wasaga 2021-04-12 09:42:45 -04:00 committed by GitHub
parent 8924b1a5fc
commit 6aa716bc95
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 24 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

9
pkg/storage/encrypted.go
View file

@ -102,7 +102,14 @@ func (e *encryptedBackend) Put(ctx context.Context, record *databroker.Record) e
newRecord := proto.Clone(record).(*databroker.Record) newRecord := proto.Clone(record).(*databroker.Record)
newRecord.Data = encrypted newRecord.Data = encrypted
return e.underlying.Put(ctx, newRecord) if err = e.underlying.Put(ctx, newRecord); err != nil {
return err
}
record.ModifiedAt = newRecord.ModifiedAt
record.Version = newRecord.Version
return nil
} }
func (e *encryptedBackend) Sync(ctx context.Context, version uint64) (RecordStream, error) { func (e *encryptedBackend) Sync(ctx context.Context, version uint64) (RecordStream, error) {

22
pkg/storage/encrypted_test.go
View file

@ -7,6 +7,7 @@ import (
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
"google.golang.org/protobuf/types/known/anypb" "google.golang.org/protobuf/types/known/anypb"
"google.golang.org/protobuf/types/known/timestamppb"
"google.golang.org/protobuf/types/known/wrapperspb" "google.golang.org/protobuf/types/known/wrapperspb"
"github.com/pomerium/pomerium/pkg/cryptutil" "github.com/pomerium/pomerium/pkg/cryptutil"
@ -19,6 +20,8 @@ func TestEncryptedBackend(t *testing.T) {
m := map[string]*anypb.Any{} m := map[string]*anypb.Any{}
backend := &mockBackend{ backend := &mockBackend{
put: func(ctx context.Context, record *databroker.Record) error { put: func(ctx context.Context, record *databroker.Record) error {
record.ModifiedAt = timestamppb.Now()
record.Version++
m[record.GetId()] = record.GetData() m[record.GetId()] = record.GetData()
return nil return nil
}, },
@ -28,16 +31,20 @@ func TestEncryptedBackend(t *testing.T) {
return nil, errors.New("not found") return nil, errors.New("not found")
} }
return &databroker.Record{ return &databroker.Record{
Id: id, Id: id,
Data: data, Data: data,
Version: 1,
ModifiedAt: timestamppb.Now(),
}, nil }, nil
}, },
getAll: func(ctx context.Context) ([]*databroker.Record, uint64, error) { getAll: func(ctx context.Context) ([]*databroker.Record, uint64, error) {
var records []*databroker.Record var records []*databroker.Record
for id, data := range m { for id, data := range m {
records = append(records, &databroker.Record{ records = append(records, &databroker.Record{
Id: id, Id: id,
Data: data, Data: data,
Version: 1,
ModifiedAt: timestamppb.Now(),
}) })
} }
return records, 0, nil return records, 0, nil
@ -51,17 +58,20 @@ func TestEncryptedBackend(t *testing.T) {
any, _ := anypb.New(wrapperspb.String("HELLO WORLD")) any, _ := anypb.New(wrapperspb.String("HELLO WORLD"))
err = e.Put(ctx, &databroker.Record{ rec := &databroker.Record{
Type: "", Type: "",
Id: "TEST-1", Id: "TEST-1",
Data: any, Data: any,
}) }
err = e.Put(ctx, rec)
if !assert.NoError(t, err) { if !assert.NoError(t, err) {
return return
} }
if assert.NotNil(t, m["TEST-1"], "key should be set") { if assert.NotNil(t, m["TEST-1"], "key should be set") {
assert.NotEqual(t, any.TypeUrl, m["TEST-1"].TypeUrl, "encrypted data should be a bytes type") assert.NotEqual(t, any.TypeUrl, m["TEST-1"].TypeUrl, "encrypted data should be a bytes type")
assert.NotEqual(t, any.Value, m["TEST-1"].Value, "value should be encrypted") assert.NotEqual(t, any.Value, m["TEST-1"].Value, "value should be encrypted")
assert.NotNil(t, rec.ModifiedAt)
assert.NotZero(t, rec.Version)
} }
record, err := e.Get(ctx, "", "TEST-1") record, err := e.Get(ctx, "", "TEST-1")