mirror of
https://github.com/grafana/grafana.git
synced 2025-02-25 18:55:37 -06:00
DataSource: Fix secure json data reset on datasource update (#48557)
* Fix secure json data reset on datasource update * Update fillWithSecureJSONData to use DecryptedValues * Remove unecessary conversion * Move fillWithSecureJsonData logic to datasource service * Add sanity check for nil secure json data
This commit is contained in:
parent
c57924e332
commit
2533f21015
@ -302,11 +302,6 @@ func (hs *HTTPServer) UpdateDataSource(c *models.ReqContext) response.Response {
|
||||
return response.Error(403, "Cannot update read-only data source", nil)
|
||||
}
|
||||
|
||||
err = hs.fillWithSecureJSONData(c.Req.Context(), &cmd)
|
||||
if err != nil {
|
||||
return response.Error(500, "Failed to update datasource", err)
|
||||
}
|
||||
|
||||
err = hs.DataSourcesService.UpdateDataSource(c.Req.Context(), &cmd)
|
||||
if err != nil {
|
||||
if errors.Is(err, models.ErrDataSourceUpdatingOldVersion) {
|
||||
@ -339,33 +334,6 @@ func (hs *HTTPServer) UpdateDataSource(c *models.ReqContext) response.Response {
|
||||
})
|
||||
}
|
||||
|
||||
func (hs *HTTPServer) fillWithSecureJSONData(ctx context.Context, cmd *models.UpdateDataSourceCommand) error {
|
||||
if len(cmd.SecureJsonData) == 0 {
|
||||
return nil
|
||||
}
|
||||
|
||||
ds, err := hs.getRawDataSourceById(ctx, cmd.Id, cmd.OrgId)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if ds.ReadOnly {
|
||||
return models.ErrDatasourceIsReadOnly
|
||||
}
|
||||
|
||||
for k, v := range ds.SecureJsonData {
|
||||
if _, ok := cmd.SecureJsonData[k]; !ok {
|
||||
decrypted, err := hs.SecretsService.Decrypt(ctx, v)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
cmd.SecureJsonData[k] = string(decrypted)
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func (hs *HTTPServer) getRawDataSourceById(ctx context.Context, id int64, orgID int64) (*models.DataSource, error) {
|
||||
query := models.GetDataSourceQuery{
|
||||
Id: id,
|
||||
|
@ -192,10 +192,6 @@ func (s *Service) DeleteDataSource(ctx context.Context, cmd *models.DeleteDataSo
|
||||
|
||||
func (s *Service) UpdateDataSource(ctx context.Context, cmd *models.UpdateDataSourceCommand) error {
|
||||
var err error
|
||||
secret, err := json.Marshal(cmd.SecureJsonData)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
query := &models.GetDataSourceQuery{
|
||||
Id: cmd.Id,
|
||||
@ -206,6 +202,11 @@ func (s *Service) UpdateDataSource(ctx context.Context, cmd *models.UpdateDataSo
|
||||
return err
|
||||
}
|
||||
|
||||
err = s.fillWithSecureJSONData(ctx, cmd, query.Result)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
err = s.SQLStore.UpdateDataSource(ctx, cmd)
|
||||
if err != nil {
|
||||
return err
|
||||
@ -218,6 +219,11 @@ func (s *Service) UpdateDataSource(ctx context.Context, cmd *models.UpdateDataSo
|
||||
}
|
||||
}
|
||||
|
||||
secret, err := json.Marshal(cmd.SecureJsonData)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return s.SecretsStore.Set(ctx, cmd.OrgId, cmd.Name, secretType, string(secret))
|
||||
}
|
||||
|
||||
@ -559,3 +565,22 @@ func awsServiceNamespace(dsType string) string {
|
||||
panic(fmt.Sprintf("Unsupported datasource %q", dsType))
|
||||
}
|
||||
}
|
||||
|
||||
func (s *Service) fillWithSecureJSONData(ctx context.Context, cmd *models.UpdateDataSourceCommand, ds *models.DataSource) error {
|
||||
decrypted, err := s.DecryptedValues(ctx, ds)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if cmd.SecureJsonData == nil {
|
||||
cmd.SecureJsonData = make(map[string]string)
|
||||
}
|
||||
|
||||
for k, v := range decrypted {
|
||||
if _, ok := cmd.SecureJsonData[k]; !ok {
|
||||
cmd.SecureJsonData[k] = v
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user