Better document a bad SHA256 invocation

mcsaucy · mcsaucy · commit 507ed552c386 · 2025-04-19T16:59:04.000-04:00
This code uses sha256.New().Sum instead of sha256.Sum256. See https://go.dev/play/p/vSW0U3Hq4qk for a demonstration of the differences. SHA256 is used to generate identifiers that map server names to settings. I think these IDs have been persisted to external sources (setting.go mentions S3 buckets), so moving this to a good invocation is hard and probably not worth it. Instead, document the exact behavior of what's happening with the bad invocation, make it more obvious, and enshrine it within a helper function.
diff --git a/provider/aws/registries.go b/provider/aws/registries.go
@@ -75,9 +75,9 @@ func (p *Provider) RegistryAdd(server, username, password string) (*structs.Regi
 		return nil, log.Error(err)
 	}
 
-	id := fmt.Sprintf("%x", sha256.New().Sum([]byte(server)))
+	id := legacyServerIdentifier(server)
 
-	if err := p.SettingPut(fmt.Sprintf("system/registries/%s", id), string(data)); err != nil {
+	if err := p.SettingPut("system/registries/%s"+id, string(data)); err != nil {
 		return nil, log.Error(err)
 	}
 
@@ -93,7 +93,8 @@ func (p *Provider) RegistryAdd(server, username, password string) (*structs.Regi
 func (p *Provider) RegistryRemove(server string) error {
 	log := Logger.At("RegistryRemove").Namespace("server=%q", server).Start()
 
-	key := fmt.Sprintf("system/registries/%x", sha256.New().Sum([]byte(server)))
+	id := legacyServerIdentifier(server)
+	key := "system/registries/%s" + id
 
 	if _, err := p.SettingExists(key); err != nil {
 		return log.Error(errorNotFound(fmt.Sprintf("registry not found: %s", server)))
@@ -135,3 +136,13 @@ func (p *Provider) RegistryList() (structs.Registries, error) {
 
 	return registries, log.Success()
 }
+
+var hashOfNothing = sha256.New().Sum(nil)
+
+// legacyServerIdentifier generates a hex string from a server.
+// This format is suboptimal, but it must be preserved for compatibility reasons
+// as deviation from this format would orphan registry settings.
+// This function exist to make the behavior more apparent.
+func legacyServerIdentifier(server string) string {
+	return fmt.Sprintf("%x", append([]byte(server), hashOfNothing[:]...))
+}
