From bc8bac5191f6e6bd5a1762ed089a5c48d4b13263 Mon Sep 17 00:00:00 2001 From: Amatist_kurisu Date: Tue, 28 Apr 2020 20:35:37 +0800 Subject: [PATCH] feat: add support encrypted and unencrypted in config file --- cmd/dm-ctl/main.go | 4 +++- dm/config/source_config.go | 2 +- dm/config/subtask.go | 4 ++-- dm/ctl/common/config.go | 19 ++++++++++++++++--- dm/portal/api.go | 2 +- pkg/utils/encrypt.go | 10 ++++++++++ 6 files changed, 33 insertions(+), 8 deletions(-) diff --git a/cmd/dm-ctl/main.go b/cmd/dm-ctl/main.go index 4b266f3585..4290174ee9 100644 --- a/cmd/dm-ctl/main.go +++ b/cmd/dm-ctl/main.go @@ -74,10 +74,12 @@ func helpUsage(cfg *common.Config) { fmt.Println("Special Commands:") f := cfg.FlagSet.Lookup(common.EncryptCmdName) fmt.Println(fmt.Sprintf(" --%s %s", f.Name, f.Usage)) + f = cfg.FlagSet.Lookup(common.DecryptCmdName) + fmt.Println(fmt.Sprintf(" --%s %s", f.Name, f.Usage)) fmt.Println() fmt.Println("Global Options:") cfg.FlagSet.VisitAll(func(flag2 *flag.Flag) { - if flag2.Name == common.EncryptCmdName { + if flag2.Name == common.EncryptCmdName || flag2.Name == common.DecryptCmdName { return } fmt.Println(fmt.Sprintf(" --%s %s", flag2.Name, flag2.Usage)) diff --git a/dm/config/source_config.go b/dm/config/source_config.go index 84fde3bde9..f408775621 100644 --- a/dm/config/source_config.go +++ b/dm/config/source_config.go @@ -183,7 +183,7 @@ func (c *SourceConfig) DecryptPassword() (*SourceConfig, error) { err error ) if len(clone.From.Password) > 0 { - pswdFrom, err = utils.Decrypt(clone.From.Password) + pswdFrom, err = utils.DecryptOrPlaintext(clone.From.Password) if err != nil { return nil, terror.WithClass(err, terror.ClassDMWorker) } diff --git a/dm/config/subtask.go b/dm/config/subtask.go index 3dc0a8c24a..213e47379d 100644 --- a/dm/config/subtask.go +++ b/dm/config/subtask.go @@ -346,13 +346,13 @@ func (c *SubTaskConfig) DecryptPassword() (*SubTaskConfig, error) { pswdFrom string ) if len(clone.To.Password) > 0 { - pswdTo, err = utils.Decrypt(clone.To.Password) + pswdTo, err = utils.DecryptOrPlaintext(clone.To.Password) if err != nil { return nil, terror.WithScope(terror.ErrConfigDecryptDBPassword.Delegate(err, clone.To.Password), terror.ScopeDownstream) } } if len(clone.From.Password) > 0 { - pswdFrom, err = utils.Decrypt(clone.From.Password) + pswdFrom, err = utils.DecryptOrPlaintext(clone.From.Password) if err != nil { return nil, terror.WithScope(terror.ErrConfigDecryptDBPassword.Delegate(err, clone.From.Password), terror.ScopeUpstream) } diff --git a/dm/ctl/common/config.go b/dm/ctl/common/config.go index c48da639f9..dcde64b294 100644 --- a/dm/ctl/common/config.go +++ b/dm/ctl/common/config.go @@ -31,6 +31,8 @@ const ( // EncryptCmdName is special command EncryptCmdName = "encrypt" + // DecryptCmdName is special command + DecryptCmdName = "decrypt" ) // NewConfig creates a new base config for dmctl. @@ -47,6 +49,7 @@ func NewConfig() *Config { fs.StringVar(&cfg.MasterAddr, "master-addr", "", "master API server addr") fs.StringVar(&cfg.RPCTimeoutStr, "rpc-timeout", defaultRPCTimeout, fmt.Sprintf("rpc timeout, default is %s", defaultRPCTimeout)) fs.StringVar(&cfg.encrypt, EncryptCmdName, "", "encrypt plaintext to ciphertext") + fs.StringVar(&cfg.decrypt, DecryptCmdName, "", "decrypt ciphertext to plaintext") return cfg } @@ -64,6 +67,7 @@ type Config struct { printVersion bool encrypt string // string need to be encrypted + decrypt string // string need to be decrypted } func (c *Config) String() string { @@ -87,14 +91,23 @@ func (c *Config) Parse(arguments []string) (finish bool, err error) { } if len(c.encrypt) > 0 { - ciphertext, err1 := utils.Encrypt(c.encrypt) - if err1 != nil { - return true, err1 + ciphertext, err := utils.Encrypt(c.encrypt) + if err != nil { + return true, err } fmt.Println(ciphertext) return true, nil } + if len(c.decrypt) > 0 { + plaintext, err := utils.Decrypt(c.decrypt) + if err != nil { + return true, err + } + fmt.Println(plaintext) + return true, nil + } + // Load config file if specified. if c.ConfigFile != "" { err = c.configFromFile(c.ConfigFile) diff --git a/dm/portal/api.go b/dm/portal/api.go index 44c572a57e..1c7ffb8a15 100644 --- a/dm/portal/api.go +++ b/dm/portal/api.go @@ -341,7 +341,7 @@ func (p *Handler) AnalyzeConfig(w http.ResponseWriter, req *http.Request) { log.L().Info("analyze config", zap.String("config name", cfg.Name)) // decrypt password - dePwd, err := utils.Decrypt(cfg.TargetDB.Password) + dePwd, err := utils.DecryptOrPlaintext(cfg.TargetDB.Password) log.L().Error("decrypt password failed", zap.Error(err)) if err != nil { p.genJSONResp(w, http.StatusBadRequest, AnalyzeResult{ diff --git a/pkg/utils/encrypt.go b/pkg/utils/encrypt.go index d41ac67513..2e1e899771 100644 --- a/pkg/utils/encrypt.go +++ b/pkg/utils/encrypt.go @@ -43,3 +43,13 @@ func Decrypt(ciphertextB64 string) (string, error) { } return string(plaintext), nil } + + +// DecryptOrPlaintext tries to decrypt base64 encoded ciphertext to plaintext or return plaintext +func DecryptOrPlaintext(ciphertextB64 string) (string, error) { + plaintext, err := Decrypt(ciphertextB64) + if err != nil { + return ciphertextB64, nil + } + return plaintext, nil +} \ No newline at end of file