DataSource: Fix secure json data reset on datasource update (#48557)

* Fix secure json data reset on datasource update

* Update fillWithSecureJSONData to use DecryptedValues

* Remove unecessary conversion

* Move fillWithSecureJsonData logic to datasource service

* Add sanity check for nil secure json data
This commit is contained in:
Guilherme Caulada 2022-05-02 11:29:13 -03:00 committed by GitHub
parent c57924e332
commit 2533f21015
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 29 additions and 36 deletions

View File

@ -302,11 +302,6 @@ func (hs *HTTPServer) UpdateDataSource(c *models.ReqContext) response.Response {
return response.Error(403, "Cannot update read-only data source", nil)
}
err = hs.fillWithSecureJSONData(c.Req.Context(), &cmd)
if err != nil {
return response.Error(500, "Failed to update datasource", err)
}
err = hs.DataSourcesService.UpdateDataSource(c.Req.Context(), &cmd)
if err != nil {
if errors.Is(err, models.ErrDataSourceUpdatingOldVersion) {
@ -339,33 +334,6 @@ func (hs *HTTPServer) UpdateDataSource(c *models.ReqContext) response.Response {
})
}
func (hs *HTTPServer) fillWithSecureJSONData(ctx context.Context, cmd *models.UpdateDataSourceCommand) error {
if len(cmd.SecureJsonData) == 0 {
return nil
}
ds, err := hs.getRawDataSourceById(ctx, cmd.Id, cmd.OrgId)
if err != nil {
return err
}
if ds.ReadOnly {
return models.ErrDatasourceIsReadOnly
}
for k, v := range ds.SecureJsonData {
if _, ok := cmd.SecureJsonData[k]; !ok {
decrypted, err := hs.SecretsService.Decrypt(ctx, v)
if err != nil {
return err
}
cmd.SecureJsonData[k] = string(decrypted)
}
}
return nil
}
func (hs *HTTPServer) getRawDataSourceById(ctx context.Context, id int64, orgID int64) (*models.DataSource, error) {
query := models.GetDataSourceQuery{
Id: id,

View File

@ -192,10 +192,6 @@ func (s *Service) DeleteDataSource(ctx context.Context, cmd *models.DeleteDataSo
func (s *Service) UpdateDataSource(ctx context.Context, cmd *models.UpdateDataSourceCommand) error {
var err error
secret, err := json.Marshal(cmd.SecureJsonData)
if err != nil {
return err
}
query := &models.GetDataSourceQuery{
Id: cmd.Id,
@ -206,6 +202,11 @@ func (s *Service) UpdateDataSource(ctx context.Context, cmd *models.UpdateDataSo
return err
}
err = s.fillWithSecureJSONData(ctx, cmd, query.Result)
if err != nil {
return err
}
err = s.SQLStore.UpdateDataSource(ctx, cmd)
if err != nil {
return err
@ -218,6 +219,11 @@ func (s *Service) UpdateDataSource(ctx context.Context, cmd *models.UpdateDataSo
}
}
secret, err := json.Marshal(cmd.SecureJsonData)
if err != nil {
return err
}
return s.SecretsStore.Set(ctx, cmd.OrgId, cmd.Name, secretType, string(secret))
}
@ -559,3 +565,22 @@ func awsServiceNamespace(dsType string) string {
panic(fmt.Sprintf("Unsupported datasource %q", dsType))
}
}
func (s *Service) fillWithSecureJSONData(ctx context.Context, cmd *models.UpdateDataSourceCommand, ds *models.DataSource) error {
decrypted, err := s.DecryptedValues(ctx, ds)
if err != nil {
return err
}
if cmd.SecureJsonData == nil {
cmd.SecureJsonData = make(map[string]string)
}
for k, v := range decrypted {
if _, ok := cmd.SecureJsonData[k]; !ok {
cmd.SecureJsonData[k] = v
}
}
return nil
}