(ctx context.Context, tx database.Store, feature database.CryptoKeyFeature, startsAt time.Time)
| 170 | } |
| 171 | |
| 172 | func (k *rotator) insertNewKey(ctx context.Context, tx database.Store, feature database.CryptoKeyFeature, startsAt time.Time) (database.CryptoKey, error) { |
| 173 | secret, err := generateNewSecret(feature) |
| 174 | if err != nil { |
| 175 | return database.CryptoKey{}, xerrors.Errorf("generate new secret: %w", err) |
| 176 | } |
| 177 | |
| 178 | latestKey, err := tx.GetLatestCryptoKeyByFeature(ctx, feature) |
| 179 | if err != nil && !xerrors.Is(err, sql.ErrNoRows) { |
| 180 | return database.CryptoKey{}, xerrors.Errorf("get latest key: %w", err) |
| 181 | } |
| 182 | |
| 183 | newKey, err := tx.InsertCryptoKey(ctx, database.InsertCryptoKeyParams{ |
| 184 | Feature: feature, |
| 185 | Sequence: latestKey.Sequence + 1, |
| 186 | Secret: sql.NullString{ |
| 187 | String: secret, |
| 188 | Valid: true, |
| 189 | }, |
| 190 | // Set by dbcrypt if it's required. |
| 191 | SecretKeyID: sql.NullString{}, |
| 192 | StartsAt: startsAt.UTC(), |
| 193 | }) |
| 194 | if err != nil { |
| 195 | return database.CryptoKey{}, xerrors.Errorf("inserting new key: %w", err) |
| 196 | } |
| 197 | |
| 198 | k.logger.Debug(ctx, "inserted new key for feature", slog.F("feature", feature), slog.F("sequence", newKey.Sequence)) |
| 199 | return newKey, nil |
| 200 | } |
| 201 | |
| 202 | func (k *rotator) rotateKey(ctx context.Context, tx database.Store, key database.CryptoKey, now time.Time) ([]database.CryptoKey, error) { |
| 203 | startsAt := minStartsAt(key, now, k.keyDuration) |
no test coverage detected