Skip to content

Commit

Permalink
Command for encrypting using GCP KMS
Browse files Browse the repository at this point in the history
  • Loading branch information
David Fernandez authored and dfernandezm committed Jul 5, 2020
1 parent bcbabe6 commit 368eecf
Show file tree
Hide file tree
Showing 10 changed files with 494 additions and 17 deletions.
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
*.json
charts
bin
.idea
63 changes: 62 additions & 1 deletion app/cli/cli.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ import (
"github.com/dfernandezm/myiac/app/cluster"
"github.com/dfernandezm/myiac/app/deploy"
"github.com/dfernandezm/myiac/app/docker"
"github.com/dfernandezm/myiac/app/encryption"
"github.com/dfernandezm/myiac/app/gcp"
props "github.com/dfernandezm/myiac/app/properties"
"github.com/dfernandezm/myiac/app/util"
Expand Down Expand Up @@ -42,6 +43,8 @@ func BuildCli() {
deployApp := deployAppSetup(projectFlag, environmentFlag, propertiesFlag)
resizeClusterCmd := resizeClusterCmd(projectFlag, environmentFlag)
createSecretCmd := createSecretCmd(projectFlag, environmentFlag)
cryptCmd := cryptCmd(projectFlag)

app.Commands = []cli.Command{
setupEnvironment,
dockerSetup,
Expand All @@ -52,6 +55,7 @@ func BuildCli() {
installHelmCmd,
resizeClusterCmd,
createSecretCmd,
cryptCmd,
}

err := app.Run(os.Args)
Expand All @@ -60,6 +64,63 @@ func BuildCli() {
}
}

func cryptCmd(projectFlag *cli.StringFlag) cli.Command {
modeFlag := &cli.StringFlag{
Name: "mode, m",
Usage: "encrypt or decrypt",
}

filenameWithTextFlag := &cli.StringFlag{
Name: "filename, f",
Usage: "Location of file with plainText to encrypt or cipherText to decrypt. " +
"The CipherText will be written in a file with the " +
"same name ended with .enc, the plainText file will be written with same filename ending .dec",
}

return cli.Command{
Name: "crypt",
Usage: "Encrypt or decrypt file contents",
Flags: []cli.Flag{
projectFlag,
modeFlag,
filenameWithTextFlag,
},
Action: func(c *cli.Context) error {
fmt.Printf("Validating flags for crypt \n")

_ = validateStringFlagPresence("project", c)
_ = validateStringFlagPresence("mode", c)
_ = validateStringFlagPresence("filename", c)

project := c.String("project")
mode := c.String("mode")
filename := c.String("filename")

gcp.SetupEnvironment(project)

keyRingName := fmt.Sprintf("%s-keyring", project)
keyName := fmt.Sprintf("%s-infra-key", project)
locationId := "global"
kmsEncrypter := gcp.NewKmsEncrypter(project, locationId, keyRingName, keyName)
encrypter := encryption.NewEncrypter(kmsEncrypter)

if mode != "encrypt" && mode != "decrypt" {
return cli.NewExitError("mode can only be 'encrypt' or 'decrypt'",-1)
}

if mode == "encrypt" {
encrypter.EncryptFileContents(filename)
}

if mode == "decrypt" {
encrypter.DecryptFileContents(filename)
}

return nil
},
}
}

func resizeClusterCmd(projectFlag *cli.StringFlag, environmentFlag *cli.StringFlag) cli.Command {
nodePoolsSizeFlag := &cli.StringFlag{Name: "nodePoolsSize, bp",
Usage: "Target size of all node pools"}
Expand Down Expand Up @@ -222,7 +283,7 @@ func dockerBuildCmd(projectFlag *cli.StringFlag) cli.Command {
appNameFlag := &cli.StringFlag{
Name: "app, a",
Usage: "The container to build. Should match a repo name in registry " +
"and a Helm chart folder naming convention (moneycol-server, moneycol-frontend...)"
"and a Helm chart folder naming convention (moneycol-server, moneycol-frontend...)",
}
buildPathFlag := &cli.StringFlag{Name: "buildPath, bp",
Usage: "The location of the Dockerfile"}
Expand Down
4 changes: 4 additions & 0 deletions app/deploy/helm_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,10 @@ func (mcr mockCommandRunner) Setup(executable string, args []string) {
mcr.arguments = args
}

func (mcr mockCommandRunner) IgnoreError(ignoreError bool) {

}

// https://quii.gitbook.io/learn-go-with-tests/
// To run: go test -v
func TestReleaseDeployed(t *testing.T) {
Expand Down
38 changes: 38 additions & 0 deletions app/encryption/encrypter.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
package encryption

import "github.com/dfernandezm/myiac/app/util"

type Encrypter interface {
Encrypt(plainText string) (string, error)
Decrypt(cipherText string) (string, error)
}

type encryptionService struct {
encrypter Encrypter
}
// NewEncryptionService create a new encrypter
func NewEncrypter(encrypter Encrypter) *encryptionService {
enc := new(encryptionService)
enc.encrypter = encrypter
return enc
}

// EncryptFileContents encrypts the text contained in 'filename' and returns cipherText
// into a file with the same name ended with '.enc'
func (enc encryptionService) EncryptFileContents(filename string) string {
plainText, _ := util.ReadFileToString(filename)
cipherText, _ := enc.encrypter.Encrypt(plainText)
cipherTextFilename := filename + ".enc"
_ = util.WriteStringToFile(cipherText, cipherTextFilename)
return cipherTextFilename
}

// DecryptFileContents decrypts the ciphertext contained in 'filename' and returns the
// plaintext result into another file with same name ended with '.dec'
func (enc encryptionService) DecryptFileContents(filename string) string {
cipherText, _ := util.ReadFileToString(filename)
plainText, _ := enc.encrypter.Decrypt(cipherText)
plainTextFilename := filename + ".dec"
_ = util.WriteStringToFile(plainText, plainTextFilename)
return plainTextFilename
}
3 changes: 1 addition & 2 deletions app/gcp/dns_test.go
Original file line number Diff line number Diff line change
@@ -1,9 +1,8 @@
package gcp

import (
//"fmt"
"testing"
"github.com/stretchr/testify/assert"
"testing"
)

func TestCreateGCPDNSService(t *testing.T) {
Expand Down
Loading

0 comments on commit 368eecf

Please sign in to comment.