Migrate internalshared out (#9727)

* Migrate internalshared out * fix merge issue * fix merge issue * go mod vendor Co-authored-by: Brian Kassouf <bkassouf@hashicorp.com>
2025-11-01 19:17:58 +00:00 · 2020-10-12 14:56:24 -04:00
parent c4d336e5dd
commit ee6391b691
134 changed files with 4178 additions and 2346 deletions
--- a/internalshared/configutil/encrypt_decrypt.go
+++ b/internalshared/configutil/encrypt_decrypt.go
@@ -1,92 +0,0 @@
-package configutil
-
-import (
-	"bytes"
-	"context"
-	"encoding/base64"
-	"errors"
-	"fmt"
-	"regexp"
-
-	wrapping "github.com/hashicorp/go-kms-wrapping"
-	"google.golang.org/protobuf/proto"
-)
-
-var (
-	encryptRegex = regexp.MustCompile(`{{encrypt\(.*\)}}`)
-	decryptRegex = regexp.MustCompile(`{{decrypt\(.*\)}}`)
-)
-
-func EncryptDecrypt(rawStr string, decrypt, strip bool, wrapper wrapping.Wrapper) (string, error) {
-	var locs [][]int
-	raw := []byte(rawStr)
-	searchVal := "{{encrypt("
-	replaceVal := "{{decrypt("
-	suffixVal := ")}}"
-	if decrypt {
-		searchVal = "{{decrypt("
-		replaceVal = "{{encrypt("
-		locs = decryptRegex.FindAllIndex(raw, -1)
-	} else {
-		locs = encryptRegex.FindAllIndex(raw, -1)
-	}
-	if strip {
-		replaceVal = ""
-		suffixVal = ""
-	}
-
-	out := make([]byte, 0, len(rawStr)*2)
-	var prevMaxLoc int
-	for _, match := range locs {
-		if len(match) != 2 {
-			return "", fmt.Errorf("expected two values for match, got %d", len(match))
-		}
-
-		// Append everything from the end of the last match to the beginning of this one
-		out = append(out, raw[prevMaxLoc:match[0]]...)
-
-		// Transform. First pull off the suffix/prefix
-		matchBytes := raw[match[0]:match[1]]
-		matchBytes = bytes.TrimSuffix(bytes.TrimPrefix(matchBytes, []byte(searchVal)), []byte(")}}"))
-		var finalVal string
-
-		// Now encrypt or decrypt
-		switch decrypt {
-		case false:
-			outBlob, err := wrapper.Encrypt(context.Background(), matchBytes, nil)
-			if err != nil {
-				return "", fmt.Errorf("error encrypting parameter: %w", err)
-			}
-			if outBlob == nil {
-				return "", errors.New("nil value returned from encrypting parameter")
-			}
-			outMsg, err := proto.Marshal(outBlob)
-			if err != nil {
-				return "", fmt.Errorf("error marshaling encrypted parameter: %w", err)
-			}
-			finalVal = base64.RawURLEncoding.EncodeToString(outMsg)
-
-		default:
-			inMsg, err := base64.RawURLEncoding.DecodeString(string(matchBytes))
-			if err != nil {
-				return "", fmt.Errorf("error decoding encrypted parameter: %w", err)
-			}
-			inBlob := new(wrapping.EncryptedBlobInfo)
-			if err := proto.Unmarshal(inMsg, inBlob); err != nil {
-				return "", fmt.Errorf("error unmarshaling encrypted parameter: %w", err)
-			}
-			dec, err := wrapper.Decrypt(context.Background(), inBlob, nil)
-			if err != nil {
-				return "", fmt.Errorf("error decrypting encrypted parameter: %w", err)
-			}
-			finalVal = string(dec)
-		}
-
-		// Append new value
-		out = append(out, []byte(fmt.Sprintf("%s%s%s", replaceVal, finalVal, suffixVal))...)
-		prevMaxLoc = match[1]
-	}
-	// At the end, append the rest
-	out = append(out, raw[prevMaxLoc:len(raw)]...)
-	return string(out), nil
-}