2022-07-19 12:42:23 -05:00
|
|
|
package kvstore
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"context"
|
2022-08-23 10:21:54 -05:00
|
|
|
"errors"
|
2022-08-10 14:23:55 -05:00
|
|
|
"fmt"
|
2022-07-19 12:42:23 -05:00
|
|
|
|
2022-07-25 11:37:47 -05:00
|
|
|
"github.com/grafana/grafana/pkg/infra/kvstore"
|
2022-07-19 12:42:23 -05:00
|
|
|
"github.com/grafana/grafana/pkg/infra/log"
|
2022-08-10 14:47:03 -05:00
|
|
|
"github.com/grafana/grafana/pkg/plugins"
|
2022-07-19 12:42:23 -05:00
|
|
|
"github.com/grafana/grafana/pkg/services/secrets"
|
|
|
|
|
"github.com/grafana/grafana/pkg/services/sqlstore"
|
|
|
|
|
"github.com/grafana/grafana/pkg/setting"
|
|
|
|
|
)
|
|
|
|
|
|
2022-08-24 15:24:50 -05:00
|
|
|
// MigrateToPluginService This migrator will handle migration of datasource secrets (aka Unified secrets)
|
2022-07-19 12:42:23 -05:00
|
|
|
// into the plugin secrets configured
|
2022-08-24 15:24:50 -05:00
|
|
|
type MigrateToPluginService struct {
|
2022-07-19 12:42:23 -05:00
|
|
|
secretsStore SecretsKVStore
|
|
|
|
|
cfg *setting.Cfg
|
|
|
|
|
logger log.Logger
|
|
|
|
|
sqlStore sqlstore.Store
|
|
|
|
|
secretsService secrets.Service
|
2022-07-25 11:37:47 -05:00
|
|
|
kvstore kvstore.KVStore
|
2022-08-10 14:47:03 -05:00
|
|
|
manager plugins.SecretsPluginManager
|
2022-07-19 12:42:23 -05:00
|
|
|
}
|
|
|
|
|
|
2022-08-24 15:24:50 -05:00
|
|
|
func ProvideMigrateToPluginService(
|
2022-07-19 12:42:23 -05:00
|
|
|
secretsStore SecretsKVStore,
|
|
|
|
|
cfg *setting.Cfg,
|
|
|
|
|
sqlStore sqlstore.Store,
|
|
|
|
|
secretsService secrets.Service,
|
2022-07-25 11:37:47 -05:00
|
|
|
kvstore kvstore.KVStore,
|
2022-08-10 14:47:03 -05:00
|
|
|
manager plugins.SecretsPluginManager,
|
2022-08-24 15:24:50 -05:00
|
|
|
) *MigrateToPluginService {
|
|
|
|
|
return &MigrateToPluginService{
|
2022-07-19 12:42:23 -05:00
|
|
|
secretsStore: secretsStore,
|
|
|
|
|
cfg: cfg,
|
2022-08-23 10:21:54 -05:00
|
|
|
logger: log.New("secret.migration.plugin"),
|
2022-07-19 12:42:23 -05:00
|
|
|
sqlStore: sqlStore,
|
|
|
|
|
secretsService: secretsService,
|
2022-07-25 11:37:47 -05:00
|
|
|
kvstore: kvstore,
|
2022-08-10 14:47:03 -05:00
|
|
|
manager: manager,
|
2022-07-19 12:42:23 -05:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2022-08-24 15:24:50 -05:00
|
|
|
func (s *MigrateToPluginService) Migrate(ctx context.Context) error {
|
2022-08-10 14:47:03 -05:00
|
|
|
if err := EvaluateRemoteSecretsPlugin(s.manager, s.cfg); err == nil {
|
2022-07-19 15:36:51 -05:00
|
|
|
s.logger.Debug("starting migration of unified secrets to the plugin")
|
2022-08-23 10:21:54 -05:00
|
|
|
// we need to get the fallback store since in this scenario the secrets store would be the plugin.
|
|
|
|
|
fallbackStore := s.secretsStore.Fallback()
|
|
|
|
|
if fallbackStore == nil {
|
|
|
|
|
return errors.New("unable to get fallback secret store for migration")
|
2022-07-25 11:37:47 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// before we start migrating, check see if plugin startup failures were already fatal
|
|
|
|
|
namespacedKVStore := GetNamespacedKVStore(s.kvstore)
|
|
|
|
|
wasFatal, err := isPluginStartupErrorFatal(ctx, namespacedKVStore)
|
|
|
|
|
if err != nil {
|
2022-08-10 14:23:55 -05:00
|
|
|
s.logger.Warn("unable to determine whether plugin startup failures are fatal - continuing migration anyway.")
|
2022-07-19 12:42:23 -05:00
|
|
|
}
|
|
|
|
|
|
2022-08-23 10:21:54 -05:00
|
|
|
allSec, err := fallbackStore.GetAll(ctx)
|
2022-07-19 12:42:23 -05:00
|
|
|
if err != nil {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
2022-08-10 14:23:55 -05:00
|
|
|
totalSec := len(allSec)
|
2022-07-19 12:42:23 -05:00
|
|
|
// We just set it again as the current secret store should be the plugin secret
|
2022-08-10 14:23:55 -05:00
|
|
|
s.logger.Debug(fmt.Sprintf("Total amount of secrets to migrate: %d", totalSec))
|
|
|
|
|
for i, sec := range allSec {
|
|
|
|
|
s.logger.Debug(fmt.Sprintf("Migrating secret %d of %d", i+1, totalSec), "current", i+1, "secretCount", totalSec)
|
2022-07-19 12:42:23 -05:00
|
|
|
err = s.secretsStore.Set(ctx, *sec.OrgId, *sec.Namespace, *sec.Type, sec.Value)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
}
|
2022-08-10 14:23:55 -05:00
|
|
|
s.logger.Debug("migrated unified secrets to plugin", "number of secrets", totalSec)
|
2022-07-19 12:42:23 -05:00
|
|
|
// as no err was returned, when we delete all the secrets from the sql store
|
2022-07-25 11:37:47 -05:00
|
|
|
for index, sec := range allSec {
|
2022-08-10 14:23:55 -05:00
|
|
|
s.logger.Debug(fmt.Sprintf("Cleaning secret %d of %d", index+1, totalSec), "current", index+1, "secretCount", totalSec)
|
|
|
|
|
|
2022-08-23 10:21:54 -05:00
|
|
|
err = fallbackStore.Del(ctx, *sec.OrgId, *sec.Namespace, *sec.Type)
|
2022-07-19 12:42:23 -05:00
|
|
|
if err != nil {
|
2022-07-25 11:37:47 -05:00
|
|
|
s.logger.Error("plugin migrator encountered error while deleting unified secrets")
|
|
|
|
|
if index == 0 && !wasFatal {
|
|
|
|
|
// old unified secrets still exists, so plugin startup errors are still not fatal, unless they were before we started
|
|
|
|
|
err := setPluginStartupErrorFatal(ctx, namespacedKVStore, false)
|
|
|
|
|
if err != nil {
|
|
|
|
|
s.logger.Error("error reverting plugin failure fatal status", "error", err.Error())
|
|
|
|
|
} else {
|
|
|
|
|
s.logger.Debug("application will continue to function without the secrets plugin")
|
|
|
|
|
}
|
|
|
|
|
}
|
2022-07-19 12:42:23 -05:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
}
|
2022-08-10 14:23:55 -05:00
|
|
|
s.logger.Debug("deleted unified secrets after migration", "number of secrets", totalSec)
|
2022-07-19 12:42:23 -05:00
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
}
|
