feat: add support encrypted and unencrypted in config file

pingcap · Apr 28, 2020 · bc8bac5 · bc8bac5
1 parent 5e3aaba
commit bc8bac5
Show file tree

Hide file tree

Showing 6 changed files with 33 additions and 8 deletions.
diff --git a/cmd/dm-ctl/main.go b/cmd/dm-ctl/main.go
@@ -74,10 +74,12 @@ func helpUsage(cfg *common.Config) {
 	fmt.Println("Special Commands:")
 	f := cfg.FlagSet.Lookup(common.EncryptCmdName)
 	fmt.Println(fmt.Sprintf("  --%s %s", f.Name, f.Usage))
+	f = cfg.FlagSet.Lookup(common.DecryptCmdName)
+	fmt.Println(fmt.Sprintf("  --%s %s", f.Name, f.Usage))
 	fmt.Println()
 	fmt.Println("Global Options:")
 	cfg.FlagSet.VisitAll(func(flag2 *flag.Flag) {
-		if flag2.Name == common.EncryptCmdName {
+		if flag2.Name == common.EncryptCmdName || flag2.Name == common.DecryptCmdName {
 			return
 		}
 		fmt.Println(fmt.Sprintf("  --%s %s", flag2.Name, flag2.Usage))

diff --git a/dm/config/source_config.go b/dm/config/source_config.go
@@ -183,7 +183,7 @@ func (c *SourceConfig) DecryptPassword() (*SourceConfig, error) {
 		err      error
 	)
 	if len(clone.From.Password) > 0 {
-		pswdFrom, err = utils.Decrypt(clone.From.Password)
+		pswdFrom, err = utils.DecryptOrPlaintext(clone.From.Password)
 		if err != nil {
 			return nil, terror.WithClass(err, terror.ClassDMWorker)
 		}

diff --git a/dm/config/subtask.go b/dm/config/subtask.go
@@ -346,13 +346,13 @@ func (c *SubTaskConfig) DecryptPassword() (*SubTaskConfig, error) {
 		pswdFrom string
 	)
 	if len(clone.To.Password) > 0 {
-		pswdTo, err = utils.Decrypt(clone.To.Password)
+		pswdTo, err = utils.DecryptOrPlaintext(clone.To.Password)
 		if err != nil {
 			return nil, terror.WithScope(terror.ErrConfigDecryptDBPassword.Delegate(err, clone.To.Password), terror.ScopeDownstream)
 		}
 	}
 	if len(clone.From.Password) > 0 {
-		pswdFrom, err = utils.Decrypt(clone.From.Password)
+		pswdFrom, err = utils.DecryptOrPlaintext(clone.From.Password)
 		if err != nil {
 			return nil, terror.WithScope(terror.ErrConfigDecryptDBPassword.Delegate(err, clone.From.Password), terror.ScopeUpstream)
 		}

diff --git a/dm/ctl/common/config.go b/dm/ctl/common/config.go
@@ -31,6 +31,8 @@ const (
 
 	// EncryptCmdName is special command
 	EncryptCmdName = "encrypt"
+	// DecryptCmdName is special command
+	DecryptCmdName = "decrypt"
 )
 
 // NewConfig creates a new base config for dmctl.
@@ -47,6 +49,7 @@ func NewConfig() *Config {
 	fs.StringVar(&cfg.MasterAddr, "master-addr", "", "master API server addr")
 	fs.StringVar(&cfg.RPCTimeoutStr, "rpc-timeout", defaultRPCTimeout, fmt.Sprintf("rpc timeout, default is %s", defaultRPCTimeout))
 	fs.StringVar(&cfg.encrypt, EncryptCmdName, "", "encrypt plaintext to ciphertext")
+	fs.StringVar(&cfg.decrypt, DecryptCmdName, "", "decrypt ciphertext to plaintext")
 
 	return cfg
 }
@@ -64,6 +67,7 @@ type Config struct {
 
 	printVersion bool
 	encrypt      string // string need to be encrypted
+	decrypt      string // string need to be decrypted
 }
 
 func (c *Config) String() string {
@@ -87,14 +91,23 @@ func (c *Config) Parse(arguments []string) (finish bool, err error) {
 	}
 
 	if len(c.encrypt) > 0 {
-		ciphertext, err1 := utils.Encrypt(c.encrypt)
-		if err1 != nil {
-			return true, err1
+		ciphertext, err := utils.Encrypt(c.encrypt)
+		if err != nil {
+			return true, err
 		}
 		fmt.Println(ciphertext)
 		return true, nil
 	}
 
+	if len(c.decrypt) > 0 {
+		plaintext, err := utils.Decrypt(c.decrypt)
+		if err != nil {
+			return true, err
+		}
+		fmt.Println(plaintext)
+		return true, nil
+	}
+
 	// Load config file if specified.
 	if c.ConfigFile != "" {
 		err = c.configFromFile(c.ConfigFile)

diff --git a/dm/portal/api.go b/dm/portal/api.go
@@ -341,7 +341,7 @@ func (p *Handler) AnalyzeConfig(w http.ResponseWriter, req *http.Request) {
 	log.L().Info("analyze config", zap.String("config name", cfg.Name))
 
 	// decrypt password
-	dePwd, err := utils.Decrypt(cfg.TargetDB.Password)
+	dePwd, err := utils.DecryptOrPlaintext(cfg.TargetDB.Password)
 	log.L().Error("decrypt password failed", zap.Error(err))
 	if err != nil {
 		p.genJSONResp(w, http.StatusBadRequest, AnalyzeResult{

diff --git a/pkg/utils/encrypt.go b/pkg/utils/encrypt.go
@@ -43,3 +43,13 @@ func Decrypt(ciphertextB64 string) (string, error) {
 	}
 	return string(plaintext), nil
 }
+
+
+// DecryptOrPlaintext tries to decrypt base64 encoded ciphertext to plaintext or return plaintext
+func DecryptOrPlaintext(ciphertextB64 string) (string, error) {
+	plaintext, err := Decrypt(ciphertextB64)
+	if err != nil {
+		return ciphertextB64, nil
+	}
+	return plaintext, nil
+}