refactor: Simplify metadata

keboola · Nov 18, 2024 · 3beaab4 · 3beaab4
1 parent 807da0e
commit 3beaab4
Show file tree

Hide file tree

Showing 16 changed files with 57 additions and 83 deletions.
diff --git a/pkg/cloudencrypt/aws.go b/pkg/cloudencrypt/aws.go
@@ -28,11 +28,11 @@ func NewAWSEncryptor(ctx context.Context, region, keyID string) (*AWSEncryptor,
 	}, nil
 }
 
-func (encryptor *AWSEncryptor) Encrypt(ctx context.Context, plaintext []byte, metadata ...MetadataKV) ([]byte, error) {
+func (encryptor *AWSEncryptor) Encrypt(ctx context.Context, plaintext []byte, metadata Metadata) ([]byte, error) {
 	encryptInput := &kms.EncryptInput{
 		KeyId:             &encryptor.keyID,
 		Plaintext:         plaintext,
-		EncryptionContext: buildMetadataMap(metadata...),
+		EncryptionContext: metadata,
 	}
 
 	encryptOutput, err := encryptor.client.Encrypt(ctx, encryptInput)
@@ -43,11 +43,11 @@ func (encryptor *AWSEncryptor) Encrypt(ctx context.Context, plaintext []byte, me
 	return encryptOutput.CiphertextBlob, nil
 }
 
-func (encryptor *AWSEncryptor) Decrypt(ctx context.Context, ciphertext []byte, metadata ...MetadataKV) ([]byte, error) {
+func (encryptor *AWSEncryptor) Decrypt(ctx context.Context, ciphertext []byte, metadata Metadata) ([]byte, error) {
 	decryptInput := &kms.DecryptInput{
 		KeyId:             &encryptor.keyID,
 		CiphertextBlob:    ciphertext,
-		EncryptionContext: buildMetadataMap(metadata...),
+		EncryptionContext: metadata,
 	}
 
 	decryptOutput, err := encryptor.client.Decrypt(ctx, decryptInput)

diff --git a/pkg/cloudencrypt/aws_test.go b/pkg/cloudencrypt/aws_test.go
@@ -27,15 +27,13 @@ func TestAWSEncryptor(t *testing.T) {
 	encryptor, err := NewAWSEncryptor(ctx, region, keyID)
 	require.NoError(t, err)
 
-	meta := MetadataKV{
-		Key:   "metakey",
-		Value: "metavalue",
-	}
+	meta := Metadata{}
+	meta["metakey"] = "metavalue"
 
 	ciphertext, err := encryptor.Encrypt(ctx, []byte("Lorem ipsum"), meta)
 	require.NoError(t, err)
 
-	_, err = encryptor.Decrypt(ctx, ciphertext)
+	_, err = encryptor.Decrypt(ctx, ciphertext, Metadata{})
 	assert.ErrorContains(t, err, "aws decryption failed: operation error KMS: Decrypt")
 
 	plaintext, err := encryptor.Decrypt(ctx, ciphertext, meta)

diff --git a/pkg/cloudencrypt/azure.go b/pkg/cloudencrypt/azure.go
@@ -30,7 +30,7 @@ func NewAzureEncryptor(ctx context.Context, vaultBaseURL, keyName string) (*Azur
 	}, nil
 }
 
-func (encryptor *AzureEncryptor) Encrypt(ctx context.Context, plaintext []byte, metadata ...MetadataKV) ([]byte, error) {
+func (encryptor *AzureEncryptor) Encrypt(ctx context.Context, plaintext []byte, metadata Metadata) ([]byte, error) {
 	algorithm := azkeys.EncryptionAlgorithmRSAOAEP256
 
 	result, err := encryptor.client.Encrypt(
@@ -50,7 +50,7 @@ func (encryptor *AzureEncryptor) Encrypt(ctx context.Context, plaintext []byte,
 	return result.Result, nil
 }
 
-func (encryptor *AzureEncryptor) Decrypt(ctx context.Context, ciphertext []byte, metadata ...MetadataKV) ([]byte, error) {
+func (encryptor *AzureEncryptor) Decrypt(ctx context.Context, ciphertext []byte, metadata Metadata) ([]byte, error) {
 	algorithm := azkeys.EncryptionAlgorithmRSAOAEP256
 
 	result, err := encryptor.client.Decrypt(

diff --git a/pkg/cloudencrypt/azure_test.go b/pkg/cloudencrypt/azure_test.go
@@ -30,15 +30,13 @@ func TestAzureEncryptor(t *testing.T) {
 	encryptor, err := NewDualEncryptor(ctx, azureEncryptor)
 	require.NoError(t, err)
 
-	meta := MetadataKV{
-		Key:   "metakey",
-		Value: "metavalue",
-	}
+	meta := Metadata{}
+	meta["metakey"] = "metavalue"
 
 	ciphertext, err := encryptor.Encrypt(ctx, []byte("Lorem ipsum"), meta)
 	require.NoError(t, err)
 
-	_, err = encryptor.Decrypt(ctx, ciphertext)
+	_, err = encryptor.Decrypt(ctx, ciphertext, Metadata{})
 	assert.ErrorContains(t, err, "decryption failed")
 
 	plaintext, err := encryptor.Decrypt(ctx, ciphertext, meta)

diff --git a/pkg/cloudencrypt/cached.go b/pkg/cloudencrypt/cached.go
@@ -22,13 +22,13 @@ func NewCachedEncryptor(ctx context.Context, encryptor Encryptor, ttl time.Durat
 	}, nil
 }
 
-func (encryptor *CachedEncryptor) Encrypt(ctx context.Context, plaintext []byte, metadata ...MetadataKV) ([]byte, error) {
-	key, err := encode(buildMetadataMap(metadata...))
+func (encryptor *CachedEncryptor) Encrypt(ctx context.Context, plaintext []byte, metadata Metadata) ([]byte, error) {
+	key, err := encode(metadata)
 	if err != nil {
 		return nil, err
 	}
 
-	encryptedValue, err := encryptor.encryptor.Encrypt(ctx, plaintext, metadata...)
+	encryptedValue, err := encryptor.encryptor.Encrypt(ctx, plaintext, metadata)
 	if err != nil {
 		return nil, err
 	}
@@ -40,8 +40,8 @@ func (encryptor *CachedEncryptor) Encrypt(ctx context.Context, plaintext []byte,
 	return encryptedValue, nil
 }
 
-func (encryptor *CachedEncryptor) Decrypt(ctx context.Context, ciphertext []byte, metadata ...MetadataKV) ([]byte, error) {
-	key, err := encode(buildMetadataMap(metadata...))
+func (encryptor *CachedEncryptor) Decrypt(ctx context.Context, ciphertext []byte, metadata Metadata) ([]byte, error) {
+	key, err := encode(metadata)
 	if err != nil {
 		return nil, err
 	}
@@ -53,7 +53,7 @@ func (encryptor *CachedEncryptor) Decrypt(ctx context.Context, ciphertext []byte
 		return cached, nil
 	}
 
-	plaintext, err := encryptor.encryptor.Decrypt(ctx, ciphertext, metadata...)
+	plaintext, err := encryptor.encryptor.Decrypt(ctx, ciphertext, metadata)
 	if err != nil {
 		return nil, err
 	}

diff --git a/pkg/cloudencrypt/cached_test.go b/pkg/cloudencrypt/cached_test.go
@@ -46,18 +46,16 @@ func TestCachedEncryptor(t *testing.T) {
 	)
 	assert.NoError(t, err)
 
-	meta := MetadataKV{
-		Key:   "metakey",
-		Value: "metavalue",
-	}
+	meta := Metadata{}
+	meta["metakey"] = "metavalue"
 
 	ciphertext, err := encryptor.Encrypt(ctx, []byte("Lorem ipsum"), meta)
 	assert.NoError(t, err)
 
 	// Wait for cached item to be available for get operations
 	cache.Wait()
 
-	_, err = encryptor.Decrypt(ctx, ciphertext)
+	_, err = encryptor.Decrypt(ctx, ciphertext, Metadata{})
 	assert.ErrorContains(t, err, "cipher: message authentication failed")
 
 	plaintext, err := encryptor.Decrypt(ctx, ciphertext, meta)

diff --git a/pkg/cloudencrypt/dual.go b/pkg/cloudencrypt/dual.go
@@ -21,7 +21,7 @@ func NewDualEncryptor(ctx context.Context, encryptor Encryptor) (*DualEncryptor,
 	}, nil
 }
 
-func (encryptor *DualEncryptor) Encrypt(ctx context.Context, plaintext []byte, metadata ...MetadataKV) ([]byte, error) {
+func (encryptor *DualEncryptor) Encrypt(ctx context.Context, plaintext []byte, metadata Metadata) ([]byte, error) {
 	// Generate a random secret key
 	secretKey, err := generateSecretKey()
 	if err != nil {
@@ -34,7 +34,7 @@ func (encryptor *DualEncryptor) Encrypt(ctx context.Context, plaintext []byte, m
 	}
 
 	// Encrypt the secret key
-	encryptedSecretKey, err := encryptor.encryptor.Encrypt(ctx, secretKey, metadata...)
+	encryptedSecretKey, err := encryptor.encryptor.Encrypt(ctx, secretKey, metadata)
 	if err != nil {
 		return nil, err
 	}
@@ -51,14 +51,14 @@ func (encryptor *DualEncryptor) Encrypt(ctx context.Context, plaintext []byte, m
 	return encoded, nil
 }
 
-func (encryptor *DualEncryptor) Decrypt(ctx context.Context, ciphertext []byte, metadata ...MetadataKV) ([]byte, error) {
+func (encryptor *DualEncryptor) Decrypt(ctx context.Context, ciphertext []byte, metadata Metadata) ([]byte, error) {
 	decoded, err := decode[map[string][]byte](ciphertext)
 	if err != nil {
 		return nil, err
 	}
 
 	// Decrypt the secret key
-	secretKey, err := encryptor.encryptor.Decrypt(ctx, decoded[mapKeySecretKey], metadata...)
+	secretKey, err := encryptor.encryptor.Decrypt(ctx, decoded[mapKeySecretKey], metadata)
 	if err != nil {
 		return nil, err
 	}
@@ -75,7 +75,7 @@ func (encryptor *DualEncryptor) Close() error {
 	return encryptor.encryptor.Close()
 }
 
-func nativeEncrypt(ctx context.Context, secretKey []byte, plaintext []byte, metadata []MetadataKV) ([]byte, error) {
+func nativeEncrypt(ctx context.Context, secretKey []byte, plaintext []byte, metadata Metadata) ([]byte, error) {
 	nativeEncryptor, err := NewNativeEncryptor(secretKey)
 	if err != nil {
 		return nil, err
@@ -84,15 +84,15 @@ func nativeEncrypt(ctx context.Context, secretKey []byte, plaintext []byte, meta
 	defer nativeEncryptor.Close()
 
 	// Encrypt given plaintext using the random secret key
-	ciphertext, err := nativeEncryptor.Encrypt(ctx, plaintext, metadata...)
+	ciphertext, err := nativeEncryptor.Encrypt(ctx, plaintext, metadata)
 	if err != nil {
 		return nil, err
 	}
 
 	return ciphertext, nil
 }
 
-func nativeDecrypt(ctx context.Context, secretKey []byte, ciphertext []byte, metadata []MetadataKV) ([]byte, error) {
+func nativeDecrypt(ctx context.Context, secretKey []byte, ciphertext []byte, metadata Metadata) ([]byte, error) {
 	// Decrypt the value using the decrypted secret key
 	nativeEncryptor, err := NewNativeEncryptor(secretKey)
 	if err != nil {
@@ -101,7 +101,7 @@ func nativeDecrypt(ctx context.Context, secretKey []byte, ciphertext []byte, met
 
 	defer nativeEncryptor.Close()
 
-	plaintext, err := nativeEncryptor.Decrypt(ctx, ciphertext, metadata...)
+	plaintext, err := nativeEncryptor.Decrypt(ctx, ciphertext, metadata)
 	if err != nil {
 		return nil, err
 	}

diff --git a/pkg/cloudencrypt/dual_test.go b/pkg/cloudencrypt/dual_test.go
@@ -21,15 +21,13 @@ func TestDualEncryptor(t *testing.T) {
 	encryptor, err := NewDualEncryptor(ctx, nativeEncryptor)
 	assert.NoError(t, err)
 
-	meta := MetadataKV{
-		Key:   "metakey",
-		Value: "metavalue",
-	}
+	meta := Metadata{}
+	meta["metakey"] = "metavalue"
 
 	ciphertext, err := encryptor.Encrypt(ctx, []byte("Lorem ipsum"), meta)
 	assert.NoError(t, err)
 
-	_, err = encryptor.Decrypt(ctx, ciphertext)
+	_, err = encryptor.Decrypt(ctx, ciphertext, Metadata{})
 	assert.ErrorContains(t, err, "cipher: message authentication failed")
 
 	plaintext, err := encryptor.Decrypt(ctx, ciphertext, meta)

diff --git a/pkg/cloudencrypt/encryptor.go b/pkg/cloudencrypt/encryptor.go
@@ -7,9 +7,11 @@ import (
 	"github.com/pkg/errors"
 )
 
+type Metadata map[string]string
+
 type Encryptor interface {
-	Encrypt(ctx context.Context, plaintext []byte, metadata ...MetadataKV) ([]byte, error)
-	Decrypt(ctx context.Context, ciphertext []byte, metadata ...MetadataKV) ([]byte, error)
+	Encrypt(ctx context.Context, plaintext []byte, metadata Metadata) ([]byte, error)
+	Decrypt(ctx context.Context, ciphertext []byte, metadata Metadata) ([]byte, error)
 	Close() error
 }
 

diff --git a/pkg/cloudencrypt/gcp.go b/pkg/cloudencrypt/gcp.go
@@ -26,8 +26,8 @@ func NewGCPEncryptor(ctx context.Context, keyID string) (*GCPEncryptor, error) {
 	}, nil
 }
 
-func (encryptor *GCPEncryptor) Encrypt(ctx context.Context, plaintext []byte, metadata ...MetadataKV) ([]byte, error) {
-	additionalData, err := encode(buildMetadataMap(metadata...))
+func (encryptor *GCPEncryptor) Encrypt(ctx context.Context, plaintext []byte, metadata Metadata) ([]byte, error) {
+	additionalData, err := encode(metadata)
 	if err != nil {
 		return nil, err
 	}
@@ -46,8 +46,8 @@ func (encryptor *GCPEncryptor) Encrypt(ctx context.Context, plaintext []byte, me
 	return response.GetCiphertext(), nil
 }
 
-func (encryptor *GCPEncryptor) Decrypt(ctx context.Context, ciphertext []byte, metadata ...MetadataKV) ([]byte, error) {
-	additionalData, err := encode(buildMetadataMap(metadata...))
+func (encryptor *GCPEncryptor) Decrypt(ctx context.Context, ciphertext []byte, metadata Metadata) ([]byte, error) {
+	additionalData, err := encode(metadata)
 	if err != nil {
 		return nil, err
 	}

diff --git a/pkg/cloudencrypt/gcp_test.go b/pkg/cloudencrypt/gcp_test.go
@@ -22,15 +22,13 @@ func TestGCPEncryptor(t *testing.T) {
 	encryptor, err := NewGCPEncryptor(ctx, keyID)
 	require.NoError(t, err)
 
-	meta := MetadataKV{
-		Key:   "metakey",
-		Value: "metavalue",
-	}
+	meta := Metadata{}
+	meta["metakey"] = "metavalue"
 
 	ciphertext, err := encryptor.Encrypt(ctx, []byte("Lorem ipsum"), meta)
 	require.NoError(t, err)
 
-	_, err = encryptor.Decrypt(ctx, ciphertext)
+	_, err = encryptor.Decrypt(ctx, ciphertext, Metadata{})
 	assert.ErrorContains(t, err, "gcp decryption failed: rpc error: code = InvalidArgument")
 
 	plaintext, err := encryptor.Decrypt(ctx, ciphertext, meta)

diff --git a/pkg/cloudencrypt/logged.go b/pkg/cloudencrypt/logged.go
@@ -18,8 +18,8 @@ func NewLoggedEncryptor(ctx context.Context, encryptor Encryptor, logger *log.Lo
 	}, nil
 }
 
-func (encryptor *LoggedEncryptor) Encrypt(ctx context.Context, plaintext []byte, metadata ...MetadataKV) ([]byte, error) {
-	encryptedValue, err := encryptor.encryptor.Encrypt(ctx, plaintext, metadata...)
+func (encryptor *LoggedEncryptor) Encrypt(ctx context.Context, plaintext []byte, metadata Metadata) ([]byte, error) {
+	encryptedValue, err := encryptor.encryptor.Encrypt(ctx, plaintext, metadata)
 	if err != nil {
 		encryptor.logger.Printf("encryption error: %s", err.Error())
 		return nil, err
@@ -30,8 +30,8 @@ func (encryptor *LoggedEncryptor) Encrypt(ctx context.Context, plaintext []byte,
 	return encryptedValue, nil
 }
 
-func (encryptor *LoggedEncryptor) Decrypt(ctx context.Context, ciphertext []byte, metadata ...MetadataKV) ([]byte, error) {
-	plaintext, err := encryptor.encryptor.Decrypt(ctx, ciphertext, metadata...)
+func (encryptor *LoggedEncryptor) Decrypt(ctx context.Context, ciphertext []byte, metadata Metadata) ([]byte, error) {
+	plaintext, err := encryptor.encryptor.Decrypt(ctx, ciphertext, metadata)
 	if err != nil {
 		encryptor.logger.Printf("decryption error: %s", err.Error())
 		return nil, err

diff --git a/pkg/cloudencrypt/logged_test.go b/pkg/cloudencrypt/logged_test.go
@@ -27,15 +27,13 @@ func TestLoggedEncryptor(t *testing.T) {
 	encryptor, err := NewLoggedEncryptor(ctx, nativeEncryptor, logger)
 	assert.NoError(t, err)
 
-	meta := MetadataKV{
-		Key:   "metakey",
-		Value: "metavalue",
-	}
+	meta := Metadata{}
+	meta["metakey"] = "metavalue"
 
 	ciphertext, err := encryptor.Encrypt(ctx, []byte("Lorem ipsum"), meta)
 	assert.NoError(t, err)
 
-	_, err = encryptor.Decrypt(ctx, ciphertext)
+	_, err = encryptor.Decrypt(ctx, ciphertext, Metadata{})
 	assert.ErrorContains(t, err, "cipher: message authentication failed")
 
 	plaintext, err := encryptor.Decrypt(ctx, ciphertext, meta)

diff --git a/pkg/cloudencrypt/metadata.go b/pkg/cloudencrypt/metadata.go
diff --git a/pkg/cloudencrypt/native.go b/pkg/cloudencrypt/native.go
@@ -29,8 +29,8 @@ func NewNativeEncryptor(secretKey []byte) (*NativeEncryptor, error) {
 	}, nil
 }
 
-func (encryptor *NativeEncryptor) Encrypt(ctx context.Context, plaintext []byte, metadata ...MetadataKV) ([]byte, error) {
-	additionalData, err := encode(buildMetadataMap(metadata...))
+func (encryptor *NativeEncryptor) Encrypt(ctx context.Context, plaintext []byte, metadata Metadata) ([]byte, error) {
+	additionalData, err := encode(metadata)
 	if err != nil {
 		return nil, err
 	}
@@ -44,8 +44,8 @@ func (encryptor *NativeEncryptor) Encrypt(ctx context.Context, plaintext []byte,
 	return encryptor.gcm.Seal(nonce, nonce, plaintext, additionalData), nil
 }
 
-func (encryptor *NativeEncryptor) Decrypt(ctx context.Context, ciphertext []byte, metadata ...MetadataKV) ([]byte, error) {
-	additionalData, err := encode(buildMetadataMap(metadata...))
+func (encryptor *NativeEncryptor) Decrypt(ctx context.Context, ciphertext []byte, metadata Metadata) ([]byte, error) {
+	additionalData, err := encode(metadata)
 	if err != nil {
 		return nil, err
 	}

diff --git a/pkg/cloudencrypt/native_test.go b/pkg/cloudencrypt/native_test.go
@@ -18,15 +18,13 @@ func TestNativeEncryptor(t *testing.T) {
 	encryptor, err := NewNativeEncryptor(secretKey)
 	assert.NoError(t, err)
 
-	meta := MetadataKV{
-		Key:   "metakey",
-		Value: "metavalue",
-	}
+	meta := Metadata{}
+	meta["metakey"] = "metavalue"
 
 	ciphertext, err := encryptor.Encrypt(ctx, []byte("Lorem ipsum"), meta)
 	assert.NoError(t, err)
 
-	_, err = encryptor.Decrypt(ctx, ciphertext)
+	_, err = encryptor.Decrypt(ctx, ciphertext, Metadata{})
 	assert.ErrorContains(t, err, "cipher: message authentication failed")
 
 	plaintext, err := encryptor.Decrypt(ctx, ciphertext, meta)