Traffic Vault: Reencrypt utility wipes different SSL Keys during update

[tcfdev]

This Bug Report affects these Traffic Control components:

• Traffic Vault

Current behavior:

When running the reencrypt utility located at trafficcontrol/traffic_ops/app/db/reencrypt/reencrypt.go for SSL Keys (misnomer) all versions of the SSL Keys entries are replaced by a single entry multiple times. As an example, if a delivery service has multiple "versions" of SSL Key data information, all of them are reencrypted into a single data blob for every version.

Before running reencrypt:

DeliveryServiceXMLId	Version	Data
sampleDS1	latest	\xa0f3d800...
sampleDS1	2	\x93c7b213...
sampleDS1	1	\x7418e801...
sampleDS2	latest	\x48b1c9ff...
sampleDS2	3	\x88b7a3dd...
sampleDS2	2	\x1967c3b9...
sampleDS2	1	\x19f3a2bb...

After running reencrypt (notice the data columns have the same value for each DS, regardless of the version):

DeliveryServiceXMLId	Version	Data
sampleDS1	latest	\xc4f1a823...
sampleDS1	2	\xc4f1a823...
sampleDS1	1	\xc4f1a823...
sampleDS2	latest	\xaa45b8f1...
sampleDS2	3	\xaa45b8f1...
sampleDS2	2	\xaa45b8f1...
sampleDS2	1	\xaa45b8f1...

Expected behavior:

Each row should be uniquely decrypted and reencrypted resulting in a different correctly encrypted data for each delivery service ssl key version.

Steps to reproduce:

Execute the reencrypt utility on a Traffic Vault dump with a delivery service that has 3 or more entries (2 or more versions plus 'latest') for SSL Keys.