Add helper functions for marshaling and sealing

Signed-off-by: Gabriel Adrian Samfira <gsamfira@cloudbasesolutions.com>
2023-08-19 16:31:02 +00:00 · 2023-08-19 16:31:02 +00:00 · de17fb04b4
commit de17fb04b4
parent 034cc47185
3 changed files with 37 additions and 19 deletions
--- a/database/sql/instances.go
+++ b/database/sql/instances.go
@ -17,7 +17,6 @@ package sql
 import (
 	"context"
 	"encoding/json"
-	"fmt"

 	runnerErrors "github.com/cloudbase/garm-provider-common/errors"
 	"github.com/cloudbase/garm-provider-common/util"
@ -30,6 +29,25 @@ import (
 	"gorm.io/gorm/clause"
 )

+func (s *sqlDatabase) marshalAndSeal(data interface{}) ([]byte, error) {
+	enc, err := json.Marshal(data)
+	if err != nil {
+		return nil, errors.Wrap(err, "marshalling data")
+	}
+	return util.Seal(enc, []byte(s.cfg.Passphrase))
+}
+
+func (s *sqlDatabase) unsealAndUnmarshal(data []byte, target interface{}) error {
+	decrypted, err := util.Unseal(data, []byte(s.cfg.Passphrase))
+	if err != nil {
+		return errors.Wrap(err, "decrypting data")
+	}
+	if err := json.Unmarshal(decrypted, target); err != nil {
+		return errors.Wrap(err, "unmarshalling data")
+	}
+	return nil
+}
+
 func (s *sqlDatabase) CreateInstance(ctx context.Context, poolID string, param params.CreateInstanceParams) (params.Instance, error) {
 	pool, err := s.getPoolByID(ctx, poolID)
 	if err != nil {
@ -46,15 +64,10 @@ func (s *sqlDatabase) CreateInstance(ctx context.Context, poolID string, param p

 	var secret []byte
 	if len(param.JitConfiguration) > 0 {
-		jitConfig, err := json.Marshal(param.JitConfiguration)
+		secret, err = s.marshalAndSeal(param.JitConfiguration)
 		if err != nil {
 			return params.Instance{}, errors.Wrap(err, "marshalling jit config")
 		}
-
-		secret, err = util.Seal(jitConfig, []byte(s.cfg.Passphrase))
-		if err != nil {
-			return params.Instance{}, fmt.Errorf("failed to encrypt jitconfig: %w", err)
-		}
 	}

 	newInstance := Instance{
@ -251,6 +264,14 @@ func (s *sqlDatabase) UpdateInstance(ctx context.Context, instanceID string, par
 		instance.TokenFetched = *param.TokenFetched
 	}

+	if param.JitConfiguration != nil {
+		secret, err := s.marshalAndSeal(param.JitConfiguration)
+		if err != nil {
+			return params.Instance{}, errors.Wrap(err, "marshalling jit config")
+		}
+		instance.JitConfiguration = secret
+	}
+
 	instance.ProviderFault = param.ProviderFault

 	q := s.conn.Save(&instance)