grafana/pkg/services/secrets/kvstore/kvstore.go

package kvstore

import (
	"context"

	"github.com/grafana/grafana/pkg/infra/log"
	"github.com/grafana/grafana/pkg/services/secrets"
	"github.com/grafana/grafana/pkg/services/sqlstore"
)

const (
	// Wildcard to query all organizations
	AllOrganizations = -1
)

func ProvideService(sqlStore sqlstore.Store, secretsService secrets.Service, remoteCheck UseRemoteSecretsPluginCheck) SecretsKVStore {
	logger := log.New("secrets.kvstore")
	if remoteCheck.ShouldUseRemoteSecretsPlugin() {
		logger.Debug("secrets kvstore is using a remote plugin for secrets management")
		secretsPlugin, err := remoteCheck.GetPlugin()
		if err != nil {
			logger.Error("plugin client was nil, falling back to SQL implementation")
		} else {
			return &secretsKVStorePlugin{
				secretsPlugin:  secretsPlugin,
				secretsService: secretsService,
				log:            logger,
			}
		}
	}
	logger.Debug("secrets kvstore is using the default (SQL) implementation for secrets management")
	return &secretsKVStoreSQL{
		sqlStore:       sqlStore,
		secretsService: secretsService,
		log:            logger,
		decryptionCache: decryptionCache{
			cache: make(map[int64]cachedDecrypted),
		},
	}
}

// SecretsKVStore is an interface for k/v store.
type SecretsKVStore interface {
	Get(ctx context.Context, orgId int64, namespace string, typ string) (string, bool, error)
	Set(ctx context.Context, orgId int64, namespace string, typ string, value string) error
	Del(ctx context.Context, orgId int64, namespace string, typ string) error
	Keys(ctx context.Context, orgId int64, namespace string, typ string) ([]Key, error)
	Rename(ctx context.Context, orgId int64, namespace string, typ string, newNamespace string) error
}

// WithType returns a kvstore wrapper with fixed orgId and type.
func With(kv SecretsKVStore, orgId int64, namespace string, typ string) *FixedKVStore {
	return &FixedKVStore{
		kvStore:   kv,
		OrgId:     orgId,
		Namespace: namespace,
		Type:      typ,
	}
}

// FixedKVStore is a SecretsKVStore wrapper with fixed orgId, namespace and type.
type FixedKVStore struct {
	kvStore   SecretsKVStore
	OrgId     int64
	Namespace string
	Type      string
}

func (kv *FixedKVStore) Get(ctx context.Context) (string, bool, error) {
	return kv.kvStore.Get(ctx, kv.OrgId, kv.Namespace, kv.Type)
}

func (kv *FixedKVStore) Set(ctx context.Context, value string) error {
	return kv.kvStore.Set(ctx, kv.OrgId, kv.Namespace, kv.Type, value)
}

func (kv *FixedKVStore) Del(ctx context.Context) error {
	return kv.kvStore.Del(ctx, kv.OrgId, kv.Namespace, kv.Type)
}

func (kv *FixedKVStore) Keys(ctx context.Context) ([]Key, error) {
	return kv.kvStore.Keys(ctx, kv.OrgId, kv.Namespace, kv.Type)
}

func (kv *FixedKVStore) Rename(ctx context.Context, newNamespace string) error {
	err := kv.kvStore.Rename(ctx, kv.OrgId, kv.Namespace, kv.Type, newNamespace)
	if err != nil {
		return err
	}
	kv.Namespace = newNamespace
	return nil
}
Secrets: Implement basic unified secret store service (#45804) * wip: Implement kvstore for secrets * wip: Refactor kvstore for secrets * wip: Add format key function to secrets kvstore sql * wip: Add migration for secrets kvstore * Remove unused Key field from secrets kvstore * Remove secret values from debug logs * Integrate unified secrets with datasources * Fix minor issues and tests for kvstore * Create test service helper for secret store * Remove encryption tests from datasources * Move secret operations after datasources * Fix datasource proxy tests * Fix legacy data tests * Add Name to all delete data source commands * Implement decryption cache on sql secret store * Fix minor issue with cache and tests * Use secret type on secret store datasource operations * Add comments to make create and update clear * Rename itemFound variable to isFound * Improve secret deletion and cache management * Add base64 encoding to sql secret store * Move secret retrieval to decrypted values function * Refactor decrypt secure json data functions * Fix expr tests * Fix datasource tests * Fix plugin proxy tests * Fix query tests * Fix metrics api tests * Remove unused fake secrets service from query tests * Add rename function to secret store * Add check for error renaming secret * Remove bus from tests to fix merge conflicts * Add background secrets migration to datasources * Get datasource secure json fields from secrets * Move migration to secret store * Revert "Move migration to secret store" This reverts commit 7c3f872072e9aff601fb9d639127d468c03f97ef. * Add secret service to datasource service on tests * Fix datasource tests * Remove merge conflict on wire * Add ctx to data source http transport on prometheus stats collector * Add ctx to data source http transport on stats collector test 2022-04-25 11:57:45 -05:00			`package kvstore`

			`import (`
			`"context"`

			`"github.com/grafana/grafana/pkg/infra/log"`
			`"github.com/grafana/grafana/pkg/services/secrets"`
			`"github.com/grafana/grafana/pkg/services/sqlstore"`
			`)`

			`const (`
			`// Wildcard to query all organizations`
			`AllOrganizations = -1`
			`)`

WIP: Add private Secret Manager Plugins support to plugin platform (#49544) * Add protobuf config and generated code, and client wrapper * wire up loading of secretsmanager plugin, using renderer plugin as a model * update kvstore provider to check if we should use the grpc plugin. return false always in OSS * add OSS remote plugin check * refactor wire gen file * log which secrets manager is being used * Fix argument types for remote checker * Turns out if err != nil, then the result is always nil. Return empty values if there is an error. * remove duplicate import * Update pkg/services/secrets/kvstore/kvstore.go Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com> * Update pkg/services/secrets/kvstore/kvstore.go Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com> * refactor RemotePluginCheck interface to just return the Plugin client directly * rename struct to something less silly * Update pkg/plugins/backendplugin/secretsmanagerplugin/secretsmanager.proto Co-authored-by: Will Browne <wbrowne@users.noreply.github.com> Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com> 2022-06-09 12:19:27 -05:00			`func ProvideService(sqlStore sqlstore.Store, secretsService secrets.Service, remoteCheck UseRemoteSecretsPluginCheck) SecretsKVStore {`
			`logger := log.New("secrets.kvstore")`
			`if remoteCheck.ShouldUseRemoteSecretsPlugin() {`
			`logger.Debug("secrets kvstore is using a remote plugin for secrets management")`
			`secretsPlugin, err := remoteCheck.GetPlugin()`
			`if err != nil {`
			`logger.Error("plugin client was nil, falling back to SQL implementation")`
			`} else {`
			`return &secretsKVStorePlugin{`
			`secretsPlugin: secretsPlugin,`
			`secretsService: secretsService,`
			`log: logger,`
			`}`
			`}`
			`}`
			`logger.Debug("secrets kvstore is using the default (SQL) implementation for secrets management")`
Secrets: Implement basic unified secret store service (#45804) * wip: Implement kvstore for secrets * wip: Refactor kvstore for secrets * wip: Add format key function to secrets kvstore sql * wip: Add migration for secrets kvstore * Remove unused Key field from secrets kvstore * Remove secret values from debug logs * Integrate unified secrets with datasources * Fix minor issues and tests for kvstore * Create test service helper for secret store * Remove encryption tests from datasources * Move secret operations after datasources * Fix datasource proxy tests * Fix legacy data tests * Add Name to all delete data source commands * Implement decryption cache on sql secret store * Fix minor issue with cache and tests * Use secret type on secret store datasource operations * Add comments to make create and update clear * Rename itemFound variable to isFound * Improve secret deletion and cache management * Add base64 encoding to sql secret store * Move secret retrieval to decrypted values function * Refactor decrypt secure json data functions * Fix expr tests * Fix datasource tests * Fix plugin proxy tests * Fix query tests * Fix metrics api tests * Remove unused fake secrets service from query tests * Add rename function to secret store * Add check for error renaming secret * Remove bus from tests to fix merge conflicts * Add background secrets migration to datasources * Get datasource secure json fields from secrets * Move migration to secret store * Revert "Move migration to secret store" This reverts commit 7c3f872072e9aff601fb9d639127d468c03f97ef. * Add secret service to datasource service on tests * Fix datasource tests * Remove merge conflict on wire * Add ctx to data source http transport on prometheus stats collector * Add ctx to data source http transport on stats collector test 2022-04-25 11:57:45 -05:00			`return &secretsKVStoreSQL{`
			`sqlStore: sqlStore,`
			`secretsService: secretsService,`
WIP: Add private Secret Manager Plugins support to plugin platform (#49544) * Add protobuf config and generated code, and client wrapper * wire up loading of secretsmanager plugin, using renderer plugin as a model * update kvstore provider to check if we should use the grpc plugin. return false always in OSS * add OSS remote plugin check * refactor wire gen file * log which secrets manager is being used * Fix argument types for remote checker * Turns out if err != nil, then the result is always nil. Return empty values if there is an error. * remove duplicate import * Update pkg/services/secrets/kvstore/kvstore.go Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com> * Update pkg/services/secrets/kvstore/kvstore.go Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com> * refactor RemotePluginCheck interface to just return the Plugin client directly * rename struct to something less silly * Update pkg/plugins/backendplugin/secretsmanagerplugin/secretsmanager.proto Co-authored-by: Will Browne <wbrowne@users.noreply.github.com> Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com> 2022-06-09 12:19:27 -05:00			`log: logger,`
Secrets: Implement basic unified secret store service (#45804) * wip: Implement kvstore for secrets * wip: Refactor kvstore for secrets * wip: Add format key function to secrets kvstore sql * wip: Add migration for secrets kvstore * Remove unused Key field from secrets kvstore * Remove secret values from debug logs * Integrate unified secrets with datasources * Fix minor issues and tests for kvstore * Create test service helper for secret store * Remove encryption tests from datasources * Move secret operations after datasources * Fix datasource proxy tests * Fix legacy data tests * Add Name to all delete data source commands * Implement decryption cache on sql secret store * Fix minor issue with cache and tests * Use secret type on secret store datasource operations * Add comments to make create and update clear * Rename itemFound variable to isFound * Improve secret deletion and cache management * Add base64 encoding to sql secret store * Move secret retrieval to decrypted values function * Refactor decrypt secure json data functions * Fix expr tests * Fix datasource tests * Fix plugin proxy tests * Fix query tests * Fix metrics api tests * Remove unused fake secrets service from query tests * Add rename function to secret store * Add check for error renaming secret * Remove bus from tests to fix merge conflicts * Add background secrets migration to datasources * Get datasource secure json fields from secrets * Move migration to secret store * Revert "Move migration to secret store" This reverts commit 7c3f872072e9aff601fb9d639127d468c03f97ef. * Add secret service to datasource service on tests * Fix datasource tests * Remove merge conflict on wire * Add ctx to data source http transport on prometheus stats collector * Add ctx to data source http transport on stats collector test 2022-04-25 11:57:45 -05:00			`decryptionCache: decryptionCache{`
			`cache: make(map[int64]cachedDecrypted),`
			`},`
			`}`
			`}`

			`// SecretsKVStore is an interface for k/v store.`
			`type SecretsKVStore interface {`
			`Get(ctx context.Context, orgId int64, namespace string, typ string) (string, bool, error)`
			`Set(ctx context.Context, orgId int64, namespace string, typ string, value string) error`
			`Del(ctx context.Context, orgId int64, namespace string, typ string) error`
			`Keys(ctx context.Context, orgId int64, namespace string, typ string) ([]Key, error)`
			`Rename(ctx context.Context, orgId int64, namespace string, typ string, newNamespace string) error`
			`}`

			`// WithType returns a kvstore wrapper with fixed orgId and type.`
			`func With(kv SecretsKVStore, orgId int64, namespace string, typ string) *FixedKVStore {`
			`return &FixedKVStore{`
			`kvStore: kv,`
			`OrgId: orgId,`
			`Namespace: namespace,`
			`Type: typ,`
			`}`
			`}`

			`// FixedKVStore is a SecretsKVStore wrapper with fixed orgId, namespace and type.`
			`type FixedKVStore struct {`
			`kvStore SecretsKVStore`
			`OrgId int64`
			`Namespace string`
			`Type string`
			`}`

			`func (kv *FixedKVStore) Get(ctx context.Context) (string, bool, error) {`
			`return kv.kvStore.Get(ctx, kv.OrgId, kv.Namespace, kv.Type)`
			`}`

			`func (kv *FixedKVStore) Set(ctx context.Context, value string) error {`
			`return kv.kvStore.Set(ctx, kv.OrgId, kv.Namespace, kv.Type, value)`
			`}`

			`func (kv *FixedKVStore) Del(ctx context.Context) error {`
			`return kv.kvStore.Del(ctx, kv.OrgId, kv.Namespace, kv.Type)`
			`}`

			`func (kv *FixedKVStore) Keys(ctx context.Context) ([]Key, error) {`
			`return kv.kvStore.Keys(ctx, kv.OrgId, kv.Namespace, kv.Type)`
			`}`

			`func (kv *FixedKVStore) Rename(ctx context.Context, newNamespace string) error {`
			`err := kv.kvStore.Rename(ctx, kv.OrgId, kv.Namespace, kv.Type, newNamespace)`
			`if err != nil {`
			`return err`
			`}`
			`kv.Namespace = newNamespace`
			`return nil`
			`}`