grafana/pkg/services/secrets/manager/helpers.go

package manager

import (
	"testing"

	"github.com/stretchr/testify/require"
	"gopkg.in/ini.v1"

	"github.com/grafana/grafana/pkg/infra/usagestats"
	encryptionprovider "github.com/grafana/grafana/pkg/services/encryption/provider"
	encryptionservice "github.com/grafana/grafana/pkg/services/encryption/service"
	"github.com/grafana/grafana/pkg/services/featuremgmt"
	"github.com/grafana/grafana/pkg/services/kmsproviders/osskmsproviders"
	"github.com/grafana/grafana/pkg/services/secrets"
	"github.com/grafana/grafana/pkg/setting"
)

func SetupTestService(tb testing.TB, store secrets.Store) *SecretsService {
	return setupTestService(tb, store, featuremgmt.WithFeatures())
}

func SetupDisabledTestService(tb testing.TB, store secrets.Store) *SecretsService {
	return setupTestService(tb, store, featuremgmt.WithFeatures(featuremgmt.FlagDisableEnvelopeEncryption))
}

func setupTestService(tb testing.TB, store secrets.Store, features *featuremgmt.FeatureManager) *SecretsService {
	tb.Helper()
	defaultKey := "SdlklWklckeLS"
	if len(setting.SecretKey) > 0 {
		defaultKey = setting.SecretKey
	}
	raw, err := ini.Load([]byte(`
		[security]
		secret_key = ` + defaultKey + `

		[security.encryption]
		data_keys_cache_ttl = 5m
		data_keys_cache_cleanup_interval = 1ns`))
	require.NoError(tb, err)

	cfg := &setting.Cfg{Raw: raw}
	settings := &setting.OSSImpl{Cfg: cfg}

	encProvider := encryptionprovider.Provider{}
	usageStats := &usagestats.UsageStatsMock{}

	encryption, err := encryptionservice.ProvideEncryptionService(encProvider, usageStats, settings)
	require.NoError(tb, err)

	secretsService, err := ProvideSecretsService(
		store,
		osskmsproviders.ProvideService(encryption, settings, features),
		encryption,
		settings,
		features,
		&usagestats.UsageStatsMock{T: tb},
	)
	require.NoError(tb, err)

	return secretsService
}
Chore: Refactor secrets service (#40331) 2021-10-12 09:08:07 -05:00			`package manager`
Security: Add secrets service (#39418) * Add secrets service * Revert accidental changes in util encryption * Make minor changes Move functional options to models Revert renaming types to models * Add context * Minor change in GetDataKey * Use CreateDataKeyWithDBSession in CreateDataKey * Handle empty DEK name in DeleteDataKey * Rename defaultProvider * Remove secrets store service 2021-10-01 07:39:57 -05:00
			`import (`
			`"testing"`

Chore: Fix goimports grouping in pkg/services (#62420) * fix goimports * fix goimports order 2023-01-30 02:21:27 -06:00			`"github.com/stretchr/testify/require"`
			`"gopkg.in/ini.v1"`

Encryption: Add usage stats to secrets service (#42437) * Encryption: Add usage stats to secrets service * Sort imports 2021-11-29 08:35:15 -06:00			`"github.com/grafana/grafana/pkg/infra/usagestats"`
Encryption: De-duplicate encryption code with extensible service (#52472) * Encryption: De-duplicate encryption code with extensible service * Fix Wire injections * Fix tests * Register reload handler 2022-08-02 08:08:09 -05:00			`encryptionprovider "github.com/grafana/grafana/pkg/services/encryption/provider"`
			`encryptionservice "github.com/grafana/grafana/pkg/services/encryption/service"`
FeatureFlags: define features outside settings.Cfg (take 3) (#44443) 2022-01-26 11:44:20 -06:00			`"github.com/grafana/grafana/pkg/services/featuremgmt"`
Grafana CLI Wire Runner (#41012) * Set up Wire build graph * Remove enterprise Wire set * Move runner package outside commands * Update Makefile (gen-go path) * Minor prettier fix * Include new Wire enterprise file into .gitignore * Update Wire deps * Update the grabpl version Co-authored-by: Dan Cech <dcech@grafana.com> 2021-11-17 13:43:09 -06:00			`"github.com/grafana/grafana/pkg/services/kmsproviders/osskmsproviders"`
Chore: Refactor secrets service (#40331) 2021-10-12 09:08:07 -05:00			`"github.com/grafana/grafana/pkg/services/secrets"`
Security: Add secrets service (#39418) * Add secrets service * Revert accidental changes in util encryption * Make minor changes Move functional options to models Revert renaming types to models * Add context * Minor change in GetDataKey * Use CreateDataKeyWithDBSession in CreateDataKey * Handle empty DEK name in DeleteDataKey * Rename defaultProvider * Remove secrets store service 2021-10-01 07:39:57 -05:00			`"github.com/grafana/grafana/pkg/setting"`
			`)`

Encryption: Use secrets service (#40251) * Use secrets service in pluginproxy * Use secrets service in pluginxontext * Use secrets service in pluginsettings * Use secrets service in provisioning * Use secrets service in authinfoservice * Use secrets service in api * Use secrets service in sqlstore * Use secrets service in dashboardshapshots * Use secrets service in tsdb * Use secrets service in datasources * Use secrets service in alerting * Use secrets service in ngalert * Break cyclic dependancy * Refactor service * Break cyclic dependancy * Add FakeSecretsStore * Setup Secrets Service in sqlstore * Fix * Continue secrets service refactoring * Fix cyclic dependancy in sqlstore tests * Fix secrets service references * Fix linter errors * Add fake secrets service for tests * Refactor SetupTestSecretsService * Update setting up secret service in tests * Fix missing secrets service in multiorg_alertmanager_test * Use fake db in tests and sort imports * Use fake db in datasources tests * Fix more tests * Fix linter issues * Attempt to fix plugin proxy tests * Pass secrets service to getPluginProxiedRequest in pluginproxy tests * Fix pluginproxy tests * Revert using secrets service in alerting and provisioning * Update decryptFn in alerting migration * Rename defaultProvider to currentProvider * Use fake secrets service in alert channels tests * Refactor secrets service test helper * Update setting up secrets service in tests * Revert alerting changes in api * Add comments * Remove secrets service from background services * Convert global encryption functions into vars * Revert "Convert global encryption functions into vars" This reverts commit 498eb19859eba364a2400a6d7e73236b1c9a5b37. * Add feature toggle for envelope encryption * Rename toggle Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> Co-authored-by: Joan López de la Franca Beltran <joanjan14@gmail.com> 2021-11-04 11:47:21 -05:00			`func SetupTestService(tb testing.TB, store secrets.Store) *SecretsService {`
Encryption: Add support to run secrets migrations even when EE is disabled (#51705) * Encryption: Move secrets migrations into secrets.Migrator * Encryption: Refactor secrets.Service initialization * Encryption: Add support to run secrets migrations even when EE is disabled * Init EE providers on-demand (only when needed) * Add multiple tests + some adjustments * Apply feedback 2022-07-15 11:33:34 -05:00			`return setupTestService(tb, store, featuremgmt.WithFeatures())`
			`}`

			`func SetupDisabledTestService(tb testing.TB, store secrets.Store) *SecretsService {`
			`return setupTestService(tb, store, featuremgmt.WithFeatures(featuremgmt.FlagDisableEnvelopeEncryption))`
			`}`

			`func setupTestService(tb testing.TB, store secrets.Store, features featuremgmt.FeatureManager) SecretsService {`
Chore: Refactor secrets service (#40331) 2021-10-12 09:08:07 -05:00			`tb.Helper()`
Security: Add secrets service (#39418) * Add secrets service * Revert accidental changes in util encryption * Make minor changes Move functional options to models Revert renaming types to models * Add context * Minor change in GetDataKey * Use CreateDataKeyWithDBSession in CreateDataKey * Handle empty DEK name in DeleteDataKey * Rename defaultProvider * Remove secrets store service 2021-10-01 07:39:57 -05:00			`defaultKey := "SdlklWklckeLS"`
			`if len(setting.SecretKey) > 0 {`
			`defaultKey = setting.SecretKey`
			`}`
			raw, err := ini.Load([]byte(`
			`[security]`
Encryption: Make DEKs cache TTL & cleanup interval configurable (#46042) * Make DEKs cache TTL & cleanup interval configurable * Improve 'data_keys_cache_ttl' setting description * Fix test 2022-03-16 14:05:13 -05:00			secret_key = ` + defaultKey + `

			`[security.encryption]`
			`data_keys_cache_ttl = 5m`
			data_keys_cache_cleanup_interval = 1ns`))
Chore: Refactor secrets service (#40331) 2021-10-12 09:08:07 -05:00			`require.NoError(tb, err)`
FeatureFlags: define features outside settings.Cfg (take 3) (#44443) 2022-01-26 11:44:20 -06:00
Encryption: Use secrets service (#40251) * Use secrets service in pluginproxy * Use secrets service in pluginxontext * Use secrets service in pluginsettings * Use secrets service in provisioning * Use secrets service in authinfoservice * Use secrets service in api * Use secrets service in sqlstore * Use secrets service in dashboardshapshots * Use secrets service in tsdb * Use secrets service in datasources * Use secrets service in alerting * Use secrets service in ngalert * Break cyclic dependancy * Refactor service * Break cyclic dependancy * Add FakeSecretsStore * Setup Secrets Service in sqlstore * Fix * Continue secrets service refactoring * Fix cyclic dependancy in sqlstore tests * Fix secrets service references * Fix linter errors * Add fake secrets service for tests * Refactor SetupTestSecretsService * Update setting up secret service in tests * Fix missing secrets service in multiorg_alertmanager_test * Use fake db in tests and sort imports * Use fake db in datasources tests * Fix more tests * Fix linter issues * Attempt to fix plugin proxy tests * Pass secrets service to getPluginProxiedRequest in pluginproxy tests * Fix pluginproxy tests * Revert using secrets service in alerting and provisioning * Update decryptFn in alerting migration * Rename defaultProvider to currentProvider * Use fake secrets service in alert channels tests * Refactor secrets service test helper * Update setting up secrets service in tests * Revert alerting changes in api * Add comments * Remove secrets service from background services * Convert global encryption functions into vars * Revert "Convert global encryption functions into vars" This reverts commit 498eb19859eba364a2400a6d7e73236b1c9a5b37. * Add feature toggle for envelope encryption * Rename toggle Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> Co-authored-by: Joan López de la Franca Beltran <joanjan14@gmail.com> 2021-11-04 11:47:21 -05:00			`cfg := &setting.Cfg{Raw: raw}`
			`settings := &setting.OSSImpl{Cfg: cfg}`
Security: Add secrets service (#39418) * Add secrets service * Revert accidental changes in util encryption * Make minor changes Move functional options to models Revert renaming types to models * Add context * Minor change in GetDataKey * Use CreateDataKeyWithDBSession in CreateDataKey * Handle empty DEK name in DeleteDataKey * Rename defaultProvider * Remove secrets store service 2021-10-01 07:39:57 -05:00
Encryption: De-duplicate encryption code with extensible service (#52472) * Encryption: De-duplicate encryption code with extensible service * Fix Wire injections * Fix tests * Register reload handler 2022-08-02 08:08:09 -05:00			`encProvider := encryptionprovider.Provider{}`
			`usageStats := &usagestats.UsageStatsMock{}`

			`encryption, err := encryptionservice.ProvideEncryptionService(encProvider, usageStats, settings)`
			`require.NoError(tb, err)`

Encryption: Refactor secrets service (#41771) * Refactor kmsproviders pkg * Update tests * Fix linting Co-authored-by: Joan López de la Franca Beltran <joanjan14@gmail.com> 2021-11-17 03:52:45 -06:00			`secretsService, err := ProvideSecretsService(`
Chore: Refactor secrets service (#40331) 2021-10-12 09:08:07 -05:00			`store,`
FeatureToggls: remove IsFeatureToggleEnabled from SettingsProvider (#44574) 2022-02-01 12:24:59 -06:00			`osskmsproviders.ProvideService(encryption, settings, features),`
Encryption: Refactor secrets service (#41771) * Refactor kmsproviders pkg * Update tests * Fix linting Co-authored-by: Joan López de la Franca Beltran <joanjan14@gmail.com> 2021-11-17 03:52:45 -06:00			`encryption,`
Security: Add secrets service (#39418) * Add secrets service * Revert accidental changes in util encryption * Make minor changes Move functional options to models Revert renaming types to models * Add context * Minor change in GetDataKey * Use CreateDataKeyWithDBSession in CreateDataKey * Handle empty DEK name in DeleteDataKey * Rename defaultProvider * Remove secrets store service 2021-10-01 07:39:57 -05:00			`settings,`
FeatureToggls: remove IsFeatureToggleEnabled from SettingsProvider (#44574) 2022-02-01 12:24:59 -06:00			`features,`
Encryption: Add usage stats to secrets service (#42437) * Encryption: Add usage stats to secrets service * Sort imports 2021-11-29 08:35:15 -06:00			`&usagestats.UsageStatsMock{T: tb},`
Security: Add secrets service (#39418) * Add secrets service * Revert accidental changes in util encryption * Make minor changes Move functional options to models Revert renaming types to models * Add context * Minor change in GetDataKey * Use CreateDataKeyWithDBSession in CreateDataKey * Handle empty DEK name in DeleteDataKey * Rename defaultProvider * Remove secrets store service 2021-10-01 07:39:57 -05:00			`)`
Encryption: Refactor secrets service (#41771) * Refactor kmsproviders pkg * Update tests * Fix linting Co-authored-by: Joan López de la Franca Beltran <joanjan14@gmail.com> 2021-11-17 03:52:45 -06:00			`require.NoError(tb, err)`

			`return secretsService`
Security: Add secrets service (#39418) * Add secrets service * Revert accidental changes in util encryption * Make minor changes Move functional options to models Revert renaming types to models * Add context * Minor change in GetDataKey * Use CreateDataKeyWithDBSession in CreateDataKey * Handle empty DEK name in DeleteDataKey * Rename defaultProvider * Remove secrets store service 2021-10-01 07:39:57 -05:00			`}`