adding Manager for RecordingEncryption resources that handles shared ops more complex than CRUD

Author: eriktate

api/types/sessionrecording.go

@@ -17,6 +17,7 @@ limitations under the License.
 package types
 
 import (
+	"iter"
 	"slices"
 	"strings"
 	"time"
@@ -43,6 +44,16 @@ type SessionRecordingConfig interface {
 	// SetProxyChecksHostKeys sets if the proxy will check host keys.
 	SetProxyChecksHostKeys(bool)
 
+	// GetEncrypted gets if session recordings should be encrypted or not.
+	GetEncrypted() bool
+
+	// GetEncryptionKeys gets the encryption keys for the session recording config.
+	GetEncryptionKeys() []*AgeEncryptionKey
+
+	// SetEncryptionKeys sets the encryption keys for the session recording config.
+	// It returns true if there was a change applied and false otherwise.
+	SetEncryptionKeys(iter.Seq[*AgeEncryptionKey]) bool
+
 	// Clone returns a copy of the resource.
 	Clone() SessionRecordingConfig
 }
@@ -163,6 +174,56 @@ func (c *SessionRecordingConfigV2) SetProxyChecksHostKeys(t bool) {
 	c.Spec.ProxyChecksHostKeys = NewBoolOption(t)
 }
 
+// GetEncrypted gets if session recordings should be encrypted or not.
+func (c *SessionRecordingConfigV2) GetEncrypted() bool {
+	encryption := c.Spec.Encryption
+	if encryption == nil {
+		return false
+	}
+
+	return encryption.Enabled
+}
+
+// GetEncryptionKeys gets the encryption keys for the session recording config.
+func (c *SessionRecordingConfigV2) GetEncryptionKeys() []*AgeEncryptionKey {
+	if c.Status != nil {
+		return c.Status.EncryptionKeys
+	}
+
+	return nil
+}
+
+// SetEncryptionKeys sets the encryption keys for the session recording config.
+// It returns true if there was a change applied and false otherwise.
+func (c *SessionRecordingConfigV2) SetEncryptionKeys(keys iter.Seq[*AgeEncryptionKey]) bool {
+	existingKeys := make(map[string]struct{})
+	for _, key := range c.GetEncryptionKeys() {
+		existingKeys[string(key.PublicKey)] = struct{}{}
+	}
+
+	var keysChanged bool
+	var newKeys []*AgeEncryptionKey
+	addedKeys := make(map[string]struct{})
+	for key := range keys {
+		if _, exists := existingKeys[string(key.PublicKey)]; !exists {
+			keysChanged = true
+		}
+
+		if _, added := addedKeys[string(key.PublicKey)]; !added {
+			addedKeys[string(key.PublicKey)] = struct{}{}
+			newKeys = append(newKeys, key)
+		}
+
+	}
+
+	if c.Status == nil {
+		c.Status = &SessionRecordingConfigStatus{}
+	}
+	c.Status.EncryptionKeys = newKeys
+
+	return keysChanged || len(existingKeys) != len(addedKeys)
+}
+
 // Clone returns a copy of the resource.
 func (c *SessionRecordingConfigV2) Clone() SessionRecordingConfig {
 	return utils.CloneProtoMsg(c)

go.mod

@@ -269,6 +269,7 @@ require (
 	cloud.google.com/go/monitoring v1.24.1 // indirect
 	cloud.google.com/go/pubsub v1.47.0 // indirect
 	dario.cat/mergo v1.0.1 // indirect
+	filippo.io/age v1.2.1
 	github.com/99designs/go-keychain v0.0.0-20191008050251-8e49817e8af4 // indirect
 	github.com/99designs/keyring v1.2.2 // indirect
 	github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect

go.sum

@@ -1,3 +1,5 @@
+c2sp.org/CCTV/age v0.0.0-20240306222714-3ec4d716e805 h1:u2qwJeEvnypw+OCPUHmoZE3IqwfuN5kgDfo5MLzpNM0=
+c2sp.org/CCTV/age v0.0.0-20240306222714-3ec4d716e805/go.mod h1:FomMrUJ2Lxt5jCLmZkG3FHa72zUprnhd3v/Z18Snm4w=
 cel.dev/expr v0.20.0 h1:OunBvVCfvpWlt4dN7zg3FM6TDkzOePe1+foGJ9AXeeI=
 cel.dev/expr v0.20.0/go.mod h1:MrpN08Q+lEBs+bGYdLxxHkZoUSsCp0nSKTs0nTymJgw=
 cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
@@ -641,6 +643,8 @@ cuelang.org/go v0.12.1/go.mod h1:B4+kjvGGQnbkz+GuAv1dq/R308gTkp0sO28FdMrJ2Kw=
 dario.cat/mergo v1.0.1 h1:Ra4+bf83h2ztPIQYNP99R6m+Y7KfnARDfID+a+vLl4s=
 dario.cat/mergo v1.0.1/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
+filippo.io/age v1.2.1 h1:X0TZjehAZylOIj4DubWYU1vWQxv9bJpo+Uu2/LGhi1o=
+filippo.io/age v1.2.1/go.mod h1:JL9ew2lTN+Pyft4RiNGguFfOpewKwSHm5ayKD/A4004=
 filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA=
 filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4=
 gioui.org v0.0.0-20210308172011-57750fc8a0a6/go.mod h1:RSH6KIUZ0p2xy5zHDxgAM4zumjgTw83q2ge/PI+yyw8=