Alerting: Support storing sensitive notifier settings securely/encrypted (#25114)

Support storing sensitive notification settings securely/encrypted. Move slack notifier url and api token to secure settings. Migrating slack notifier to store token and url encrypted is currently a manual process by saving an existing slack alert notification channel. saving an existing slack alert notification channel will reset the stored non-secure url and token. Closes #25113 Ref #25967 Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
2025-02-25 18:55:37 -06:00 · 2020-07-08 17:17:05 +09:00
parent b26ef1db25
commit 292c985b76
9 changed files with 295 additions and 67 deletions
--- a/pkg/services/sqlstore/alert_notification.go
+++ b/pkg/services/sqlstore/alert_notification.go
@@ -9,6 +9,7 @@ import (
 	"time"

 	"github.com/grafana/grafana/pkg/bus"
+	"github.com/grafana/grafana/pkg/components/securejsondata"
 	"github.com/grafana/grafana/pkg/models"
 	"github.com/grafana/grafana/pkg/util"
 )
@@ -120,6 +121,7 @@ func GetAlertNotificationsWithUidToSend(query *models.GetAlertNotificationsWithU
 										alert_notification.created,
 										alert_notification.updated,
 										alert_notification.settings,
+										alert_notification.secure_settings,
 										alert_notification.is_default,
 										alert_notification.disable_resolve_message,
 										alert_notification.send_reminder,
@@ -192,6 +194,7 @@ func getAlertNotificationInternal(query *models.GetAlertNotificationsQuery, sess
 										alert_notification.created,
 										alert_notification.updated,
 										alert_notification.settings,
+										alert_notification.secure_settings,
 										alert_notification.is_default,
 										alert_notification.disable_resolve_message,
 										alert_notification.send_reminder,
@@ -241,6 +244,7 @@ func getAlertNotificationWithUidInternal(query *models.GetAlertNotificationsWith
 										alert_notification.created,
 										alert_notification.updated,
 										alert_notification.settings,
+										alert_notification.secure_settings,
 										alert_notification.is_default,
 										alert_notification.disable_resolve_message,
 										alert_notification.send_reminder,
@@ -308,12 +312,20 @@ func CreateAlertNotificationCommand(cmd *models.CreateAlertNotificationCommand)
 			}
 		}

+		// delete empty keys
+		for k, v := range cmd.SecureSettings {
+			if v == "" {
+				delete(cmd.SecureSettings, k)
+			}
+		}
+
 		alertNotification := &models.AlertNotification{
 			Uid:                   cmd.Uid,
 			OrgId:                 cmd.OrgId,
 			Name:                  cmd.Name,
 			Type:                  cmd.Type,
 			Settings:              cmd.Settings,
+			SecureSettings:        securejsondata.GetEncryptedJsonData(cmd.SecureSettings),
 			SendReminder:          cmd.SendReminder,
 			DisableResolveMessage: cmd.DisableResolveMessage,
 			Frequency:             frequency,
@@ -365,8 +377,16 @@ func UpdateAlertNotification(cmd *models.UpdateAlertNotificationCommand) error {
 			return fmt.Errorf("Alert notification name %s already exists", cmd.Name)
 		}

+		// delete empty keys
+		for k, v := range cmd.SecureSettings {
+			if v == "" {
+				delete(cmd.SecureSettings, k)
+			}
+		}
+
 		current.Updated = time.Now()
 		current.Settings = cmd.Settings
+		current.SecureSettings = securejsondata.GetEncryptedJsonData(cmd.SecureSettings)
 		current.Name = cmd.Name
 		current.Type = cmd.Type
 		current.IsDefault = cmd.IsDefault
@@ -430,6 +450,7 @@ func UpdateAlertNotificationWithUid(cmd *models.UpdateAlertNotificationWithUidCo
 		Frequency:             cmd.Frequency,
 		IsDefault:             cmd.IsDefault,
 		Settings:              cmd.Settings,
+		SecureSettings:        cmd.SecureSettings,

 		OrgId: cmd.OrgId,
 	}