PMM-13129 Dereference all DB options on encrypt/decrypt.

percona · Jul 9, 2024 · fe3be31 · fe3be31
1 parent d2b64da
commit fe3be31
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 19 deletions.
diff --git a/managed/models/agent_helpers.go b/managed/models/agent_helpers.go
@@ -652,9 +652,7 @@ func CreateNodeExporter(q *reform.Querier,
 		return nil, errors.WithStack(err)
 	}
 
-	decryptedAgent := DecryptAgent(encryptedAgent)
-
-	return &decryptedAgent, nil
+	return row, nil
 }
 
 // CreateExternalExporterParams params for add external exporter.
@@ -740,9 +738,7 @@ func CreateExternalExporter(q *reform.Querier, params *CreateExternalExporterPar
 		return nil, errors.WithStack(err)
 	}
 
-	decryptedAgent := DecryptAgent(encryptedAgent)
-
-	return &decryptedAgent, nil
+	return row, nil
 }
 
 // CreateAgentParams params for add common exporter.
@@ -934,9 +930,7 @@ func CreateAgent(q *reform.Querier, agentType AgentType, params *CreateAgentPara
 		return nil, errors.WithStack(err)
 	}
 
-	decryptedAgent := DecryptAgent(encryptedAgent)
-
-	return &decryptedAgent, nil
+	return row, nil
 }
 
 // ChangeCommonAgentParams contains parameters that can be changed for all Agents.

diff --git a/managed/models/encryption_helpers.go b/managed/models/encryption_helpers.go
@@ -77,55 +77,67 @@ func agentEncryption(agent Agent, handler func(string) (string, error)) Agent {
 
 	var err error
 	if agent.MySQLOptions != nil {
-		agent.MySQLOptions.TLSCert, err = handler(agent.MySQLOptions.TLSCert)
+		options := &MySQLOptions{}
+		*options = *agent.MySQLOptions
+		options.TLSCert, err = handler(agent.MySQLOptions.TLSCert)
 		if err != nil {
 			logrus.Warning(err)
 		}
-		agent.MySQLOptions.TLSKey, err = handler(agent.MySQLOptions.TLSKey)
+		options.TLSKey, err = handler(agent.MySQLOptions.TLSKey)
 		if err != nil {
 			logrus.Warning(err)
 		}
+		agent.MySQLOptions = options
 	}
 
 	if agent.PostgreSQLOptions != nil {
-		agent.PostgreSQLOptions.SSLCert, err = handler(agent.PostgreSQLOptions.SSLCert)
+		options := &PostgreSQLOptions{}
+		*options = *agent.PostgreSQLOptions
+		options.SSLCert, err = handler(agent.PostgreSQLOptions.SSLCert)
 		if err != nil {
 			logrus.Warning(err)
 		}
-		agent.PostgreSQLOptions.SSLKey, err = handler(agent.PostgreSQLOptions.SSLKey)
+		options.SSLKey, err = handler(agent.PostgreSQLOptions.SSLKey)
 		if err != nil {
 			logrus.Warning(err)
 		}
+		agent.PostgreSQLOptions = options
 	}
 
 	if agent.MongoDBOptions != nil {
-		agent.MongoDBOptions.TLSCertificateKey, err = handler(agent.MongoDBOptions.TLSCertificateKey)
+		options := &MongoDBOptions{}
+		*options = *agent.MongoDBOptions
+		options.TLSCertificateKey, err = handler(agent.MongoDBOptions.TLSCertificateKey)
 		if err != nil {
 			logrus.Warning(err)
 		}
-		agent.MongoDBOptions.TLSCertificateKeyFilePassword, err = handler(agent.MongoDBOptions.TLSCertificateKeyFilePassword)
+		options.TLSCertificateKeyFilePassword, err = handler(agent.MongoDBOptions.TLSCertificateKeyFilePassword)
 		if err != nil {
 			logrus.Warning(err)
 		}
+		agent.MongoDBOptions = options
 	}
 
 	if agent.AzureOptions != nil {
-		agent.AzureOptions.ClientID, err = handler(agent.AzureOptions.ClientID)
+		options := &AzureOptions{}
+		*options = *agent.AzureOptions
+		options.ClientID, err = handler(agent.AzureOptions.ClientID)
 		if err != nil {
 			logrus.Warning(err)
 		}
-		agent.AzureOptions.ClientSecret, err = handler(agent.AzureOptions.ClientSecret)
+		options.ClientSecret, err = handler(agent.AzureOptions.ClientSecret)
 		if err != nil {
 			logrus.Warning(err)
 		}
-		agent.AzureOptions.SubscriptionID, err = handler(agent.AzureOptions.SubscriptionID)
+		options.SubscriptionID, err = handler(agent.AzureOptions.SubscriptionID)
 		if err != nil {
 			logrus.Warning(err)
 		}
-		agent.AzureOptions.TenantID, err = handler(agent.AzureOptions.TenantID)
+		options.TenantID, err = handler(agent.AzureOptions.TenantID)
 		if err != nil {
 			logrus.Warning(err)
 		}
+		agent.AzureOptions = options
 	}
 
 	return agent