IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Datasource: Remove support for unencrypted passwords (#49987)

Browse Source 
* Datasource: Remove support for unencrypted passwords

* regenerate swagger

* [WIP] Remove references to datasource password and basic auth password fields (#50015)

* try delete moar tings

* delete provisioning stuff

* remove from yaml

* update snapshots

* remove lingering snapshot fields

* fix ds http settings

* Re-generate swagger and fix swagger-api-spec make target

Co-authored-by: Will Browne <will.browne@grafana.com>
Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
This commit is contained in:
Marcus Efraimsson
2022-06-03 17:38:22 +02:00
committed by GitHub
parent b344f48e68
commit 36c3398c6d
33 changed files with 268 additions and 430 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
pkg/services/datasources/service/datasource_service.go
View File

@@ -340,7 +340,7 @@ func (s *Service) DecryptedBasicAuthPassword(ctx context.Context, ds *models.Dat
return value, nil
}
return ds.BasicAuthPassword, err
return "", err
}
func (s *Service) DecryptedPassword(ctx context.Context, ds *models.DataSource) (string, error) {
@@ -349,7 +349,7 @@ func (s *Service) DecryptedPassword(ctx context.Context, ds *models.DataSource)
return value, nil
}
return ds.Password, err
return "", err
}
func (s *Service) httpClientOptions(ctx context.Context, ds *models.DataSource) (*sdkhttpclient.Options, error) {

2
pkg/services/provisioning/datasources/config_reader_test.go
View File

@@ -240,11 +240,9 @@ func validateDatasource(t *testing.T, dsCfg *configs) {
require.Equal(t, ds.OrgID, int64(2))
require.Equal(t, ds.URL, "url")
require.Equal(t, ds.User, "user")
require.Equal(t, ds.Password, "password")
require.Equal(t, ds.Database, "database")
require.True(t, ds.BasicAuth)
require.Equal(t, ds.BasicAuthUser, "basic_auth_user")
require.Equal(t, ds.BasicAuthPassword, "basic_auth_password")
require.True(t, ds.WithCredentials)
require.True(t, ds.IsDefault)
require.True(t, ds.Editable)

2
pkg/services/provisioning/datasources/testdata/all-properties/all-properties.yaml vendored
View File

@@ -6,12 +6,10 @@ datasources:
access: proxy
orgId: 2
url: url
password: password
user: user
database: database
basicAuth: true
basicAuthUser: basic_auth_user
basicAuthPassword: basic_auth_password
withCredentials: true
isDefault: true
jsonData:

2
pkg/services/provisioning/datasources/testdata/all-properties/sample.yaml vendored
View File

@@ -9,12 +9,10 @@ apiVersion: 1
# access: proxy
# orgId: 2
# url: url
# password: password
# user: user
# database: database
# basicAuth: true
# basicAuthUser: basic_auth_user
# basicAuthPassword: basic_auth_password
# withCredentials: true
# jsonData:
# graphiteVersion: "1.1"

4
pkg/services/provisioning/datasources/testdata/broken-yaml/commented.yaml vendored
View File

@@ -16,8 +16,6 @@
# org_id: 1
# # <string> url
# url: http://localhost:8080
# # <string> database password, if used
# password:
# # <string> database user, if used
# user:
# # <string> database name, if used
@@ -26,8 +24,6 @@
# basic_auth:
# # <string> basic auth username
# basic_auth_user:
# # <string> basic auth password
# basic_auth_password:
# # <bool> enable/disable with credentials headers
# with_credentials:
# # <bool> mark as default datasource. Max one per org

2
pkg/services/provisioning/datasources/testdata/version-0/version-0.yaml vendored
View File

@@ -4,12 +4,10 @@ datasources:
access: proxy
org_id: 2
url: url
password: password
user: user
database: database
basic_auth: true
basic_auth_user: basic_auth_user
basic_auth_password: basic_auth_password
with_credentials: true
is_default: true
json_data:

245
pkg/services/provisioning/datasources/types.go
View File

@@ -32,22 +32,20 @@ type upsertDataSourceFromConfig struct {
OrgID int64
Version int
Name string
Type string
Access string
URL string
Password string
User string
Database string
BasicAuth bool
BasicAuthUser string
BasicAuthPassword string
WithCredentials bool
IsDefault bool
JSONData map[string]interface{}
SecureJSONData map[string]string
Editable bool
UID string
Name string
Type string
Access string
URL string
User string
Database string
BasicAuth bool
BasicAuthUser string
WithCredentials bool
IsDefault bool
JSONData map[string]interface{}
SecureJSONData map[string]string
Editable bool
UID string
}
type configsV0 struct {
@@ -76,44 +74,40 @@ type deleteDatasourceConfigV1 struct {
}
type upsertDataSourceFromConfigV0 struct {
OrgID int64 `json:"org_id" yaml:"org_id"`
Version int `json:"version" yaml:"version"`
Name string `json:"name" yaml:"name"`
Type string `json:"type" yaml:"type"`
Access string `json:"access" yaml:"access"`
URL string `json:"url" yaml:"url"`
Password string `json:"password" yaml:"password"`
User string `json:"user" yaml:"user"`
Database string `json:"database" yaml:"database"`
BasicAuth bool `json:"basic_auth" yaml:"basic_auth"`
BasicAuthUser string `json:"basic_auth_user" yaml:"basic_auth_user"`
BasicAuthPassword string `json:"basic_auth_password" yaml:"basic_auth_password"`
WithCredentials bool `json:"with_credentials" yaml:"with_credentials"`
IsDefault bool `json:"is_default" yaml:"is_default"`
JSONData map[string]interface{} `json:"json_data" yaml:"json_data"`
SecureJSONData map[string]string `json:"secure_json_data" yaml:"secure_json_data"`
Editable bool `json:"editable" yaml:"editable"`
OrgID int64 `json:"org_id" yaml:"org_id"`
Version int `json:"version" yaml:"version"`
Name string `json:"name" yaml:"name"`
Type string `json:"type" yaml:"type"`
Access string `json:"access" yaml:"access"`
URL string `json:"url" yaml:"url"`
User string `json:"user" yaml:"user"`
Database string `json:"database" yaml:"database"`
BasicAuth bool `json:"basic_auth" yaml:"basic_auth"`
BasicAuthUser string `json:"basic_auth_user" yaml:"basic_auth_user"`
WithCredentials bool `json:"with_credentials" yaml:"with_credentials"`
IsDefault bool `json:"is_default" yaml:"is_default"`
JSONData map[string]interface{} `json:"json_data" yaml:"json_data"`
SecureJSONData map[string]string `json:"secure_json_data" yaml:"secure_json_data"`
Editable bool `json:"editable" yaml:"editable"`
}
type upsertDataSourceFromConfigV1 struct {
OrgID values.Int64Value `json:"orgId" yaml:"orgId"`
Version values.IntValue `json:"version" yaml:"version"`
Name values.StringValue `json:"name" yaml:"name"`
Type values.StringValue `json:"type" yaml:"type"`
Access values.StringValue `json:"access" yaml:"access"`
URL values.StringValue `json:"url" yaml:"url"`
Password values.StringValue `json:"password" yaml:"password"`
User values.StringValue `json:"user" yaml:"user"`
Database values.StringValue `json:"database" yaml:"database"`
BasicAuth values.BoolValue `json:"basicAuth" yaml:"basicAuth"`
BasicAuthUser values.StringValue `json:"basicAuthUser" yaml:"basicAuthUser"`
BasicAuthPassword values.StringValue `json:"basicAuthPassword" yaml:"basicAuthPassword"`
WithCredentials values.BoolValue `json:"withCredentials" yaml:"withCredentials"`
IsDefault values.BoolValue `json:"isDefault" yaml:"isDefault"`
JSONData values.JSONValue `json:"jsonData" yaml:"jsonData"`
SecureJSONData values.StringMapValue `json:"secureJsonData" yaml:"secureJsonData"`
Editable values.BoolValue `json:"editable" yaml:"editable"`
UID values.StringValue `json:"uid" yaml:"uid"`
OrgID values.Int64Value `json:"orgId" yaml:"orgId"`
Version values.IntValue `json:"version" yaml:"version"`
Name values.StringValue `json:"name" yaml:"name"`
Type values.StringValue `json:"type" yaml:"type"`
Access values.StringValue `json:"access" yaml:"access"`
URL values.StringValue `json:"url" yaml:"url"`
User values.StringValue `json:"user" yaml:"user"`
Database values.StringValue `json:"database" yaml:"database"`
BasicAuth values.BoolValue `json:"basicAuth" yaml:"basicAuth"`
BasicAuthUser values.StringValue `json:"basicAuthUser" yaml:"basicAuthUser"`
WithCredentials values.BoolValue `json:"withCredentials" yaml:"withCredentials"`
IsDefault values.BoolValue `json:"isDefault" yaml:"isDefault"`
JSONData values.JSONValue `json:"jsonData" yaml:"jsonData"`
SecureJSONData values.StringMapValue `json:"secureJsonData" yaml:"secureJsonData"`
Editable values.BoolValue `json:"editable" yaml:"editable"`
UID values.StringValue `json:"uid" yaml:"uid"`
}
func (cfg *configsV1) mapToDatasourceFromConfig(apiVersion int64) *configs {
@@ -127,42 +121,23 @@ func (cfg *configsV1) mapToDatasourceFromConfig(apiVersion int64) *configs {
for _, ds := range cfg.Datasources {
r.Datasources = append(r.Datasources, &upsertDataSourceFromConfig{
OrgID: ds.OrgID.Value(),
Name: ds.Name.Value(),
Type: ds.Type.Value(),
Access: ds.Access.Value(),
URL: ds.URL.Value(),
Password: ds.Password.Value(),
User: ds.User.Value(),
Database: ds.Database.Value(),
BasicAuth: ds.BasicAuth.Value(),
BasicAuthUser: ds.BasicAuthUser.Value(),
BasicAuthPassword: ds.BasicAuthPassword.Value(),
WithCredentials: ds.WithCredentials.Value(),
IsDefault: ds.IsDefault.Value(),
JSONData: ds.JSONData.Value(),
SecureJSONData: ds.SecureJSONData.Value(),
Editable: ds.Editable.Value(),
Version: ds.Version.Value(),
UID: ds.UID.Value(),
OrgID: ds.OrgID.Value(),
Name: ds.Name.Value(),
Type: ds.Type.Value(),
Access: ds.Access.Value(),
URL: ds.URL.Value(),
User: ds.User.Value(),
Database: ds.Database.Value(),
BasicAuth: ds.BasicAuth.Value(),
BasicAuthUser: ds.BasicAuthUser.Value(),
WithCredentials: ds.WithCredentials.Value(),
IsDefault: ds.IsDefault.Value(),
JSONData: ds.JSONData.Value(),
SecureJSONData: ds.SecureJSONData.Value(),
Editable: ds.Editable.Value(),
Version: ds.Version.Value(),
UID: ds.UID.Value(),
})
// Using Raw value for the warnings here so that even if it uses env interpolation and the env var is empty
// it will still warn
if len(ds.Password.Raw) > 0 {
cfg.log.Warn(
"[Deprecated] the use of password field is deprecated. Please use secureJsonData.password",
"datasource name",
ds.Name.Value(),
)
}
if len(ds.BasicAuthPassword.Raw) > 0 {
cfg.log.Warn(
"[Deprecated] the use of basicAuthPassword field is deprecated. Please use secureJsonData.basicAuthPassword",
"datasource name",
ds.Name.Value(),
)
}
}
for _, ds := range cfg.DeleteDatasources {
@@ -186,23 +161,21 @@ func (cfg *configsV0) mapToDatasourceFromConfig(apiVersion int64) *configs {
for _, ds := range cfg.Datasources {
r.Datasources = append(r.Datasources, &upsertDataSourceFromConfig{
OrgID: ds.OrgID,
Name: ds.Name,
Type: ds.Type,
Access: ds.Access,
URL: ds.URL,
Password: ds.Password,
User: ds.User,
Database: ds.Database,
BasicAuth: ds.BasicAuth,
BasicAuthUser: ds.BasicAuthUser,
BasicAuthPassword: ds.BasicAuthPassword,
WithCredentials: ds.WithCredentials,
IsDefault: ds.IsDefault,
JSONData: ds.JSONData,
SecureJSONData: ds.SecureJSONData,
Editable: ds.Editable,
Version: ds.Version,
OrgID: ds.OrgID,
Name: ds.Name,
Type: ds.Type,
Access: ds.Access,
URL: ds.URL,
User: ds.User,
Database: ds.Database,
BasicAuth: ds.BasicAuth,
BasicAuthUser: ds.BasicAuthUser,
WithCredentials: ds.WithCredentials,
IsDefault: ds.IsDefault,
JSONData: ds.JSONData,
SecureJSONData: ds.SecureJSONData,
Editable: ds.Editable,
Version: ds.Version,
})
}
@@ -225,23 +198,21 @@ func createInsertCommand(ds *upsertDataSourceFromConfig) *models.AddDataSourceCo
}
cmd := &models.AddDataSourceCommand{
OrgId: ds.OrgID,
Name: ds.Name,
Type: ds.Type,
Access: models.DsAccess(ds.Access),
Url: ds.URL,
Password: ds.Password,
User: ds.User,
Database: ds.Database,
BasicAuth: ds.BasicAuth,
BasicAuthUser: ds.BasicAuthUser,
BasicAuthPassword: ds.BasicAuthPassword,
WithCredentials: ds.WithCredentials,
IsDefault: ds.IsDefault,
JsonData: jsonData,
SecureJsonData: ds.SecureJSONData,
ReadOnly: !ds.Editable,
Uid: ds.UID,
OrgId: ds.OrgID,
Name: ds.Name,
Type: ds.Type,
Access: models.DsAccess(ds.Access),
Url: ds.URL,
User: ds.User,
Database: ds.Database,
BasicAuth: ds.BasicAuth,
BasicAuthUser: ds.BasicAuthUser,
WithCredentials: ds.WithCredentials,
IsDefault: ds.IsDefault,
JsonData: jsonData,
SecureJsonData: ds.SecureJSONData,
ReadOnly: !ds.Editable,
Uid: ds.UID,
}
if cmd.Uid == "" {
@@ -266,23 +237,21 @@ func createUpdateCommand(ds *upsertDataSourceFromConfig, id int64) *models.Updat
}
return &models.UpdateDataSourceCommand{
Id: id,
Uid: ds.UID,
OrgId: ds.OrgID,
Name: ds.Name,
Type: ds.Type,
Access: models.DsAccess(ds.Access),
Url: ds.URL,
Password: ds.Password,
User: ds.User,
Database: ds.Database,
BasicAuth: ds.BasicAuth,
BasicAuthUser: ds.BasicAuthUser,
BasicAuthPassword: ds.BasicAuthPassword,
WithCredentials: ds.WithCredentials,
IsDefault: ds.IsDefault,
JsonData: jsonData,
SecureJsonData: ds.SecureJSONData,
ReadOnly: !ds.Editable,
Id: id,
Uid: ds.UID,
OrgId: ds.OrgID,
Name: ds.Name,
Type: ds.Type,
Access: models.DsAccess(ds.Access),
Url: ds.URL,
User: ds.User,
Database: ds.Database,
BasicAuth: ds.BasicAuth,
BasicAuthUser: ds.BasicAuthUser,
WithCredentials: ds.WithCredentials,
IsDefault: ds.IsDefault,
JsonData: jsonData,
SecureJsonData: ds.SecureJSONData,
ReadOnly: !ds.Editable,
}
}

76
pkg/services/sqlstore/datasource.go
View File

@@ -152,26 +152,24 @@ func (ss *SQLStore) AddDataSource(ctx context.Context, cmd *models.AddDataSource
}
ds := &models.DataSource{
OrgId: cmd.OrgId,
Name: cmd.Name,
Type: cmd.Type,
Access: cmd.Access,
Url: cmd.Url,
User: cmd.User,
Password: cmd.Password,
Database: cmd.Database,
IsDefault: cmd.IsDefault,
BasicAuth: cmd.BasicAuth,
BasicAuthUser: cmd.BasicAuthUser,
BasicAuthPassword: cmd.BasicAuthPassword,
WithCredentials: cmd.WithCredentials,
JsonData: cmd.JsonData,
SecureJsonData: cmd.EncryptedSecureJsonData,
Created: time.Now(),
Updated: time.Now(),
Version: 1,
ReadOnly: cmd.ReadOnly,
Uid: cmd.Uid,
OrgId: cmd.OrgId,
Name: cmd.Name,
Type: cmd.Type,
Access: cmd.Access,
Url: cmd.Url,
User: cmd.User,
Database: cmd.Database,
IsDefault: cmd.IsDefault,
BasicAuth: cmd.BasicAuth,
BasicAuthUser: cmd.BasicAuthUser,
WithCredentials: cmd.WithCredentials,
JsonData: cmd.JsonData,
SecureJsonData: cmd.EncryptedSecureJsonData,
Created: time.Now(),
Updated: time.Now(),
Version: 1,
ReadOnly: cmd.ReadOnly,
Uid: cmd.Uid,
}
if _, err := sess.Insert(ds); err != nil {
@@ -215,26 +213,24 @@ func (ss *SQLStore) UpdateDataSource(ctx context.Context, cmd *models.UpdateData
}
ds := &models.DataSource{
Id: cmd.Id,
OrgId: cmd.OrgId,
Name: cmd.Name,
Type: cmd.Type,
Access: cmd.Access,
Url: cmd.Url,
User: cmd.User,
Password: cmd.Password,
Database: cmd.Database,
IsDefault: cmd.IsDefault,
BasicAuth: cmd.BasicAuth,
BasicAuthUser: cmd.BasicAuthUser,
BasicAuthPassword: cmd.BasicAuthPassword,
WithCredentials: cmd.WithCredentials,
JsonData: cmd.JsonData,
SecureJsonData: cmd.EncryptedSecureJsonData,
Updated: time.Now(),
ReadOnly: cmd.ReadOnly,
Version: cmd.Version + 1,
Uid: cmd.Uid,
Id: cmd.Id,
OrgId: cmd.OrgId,
Name: cmd.Name,
Type: cmd.Type,
Access: cmd.Access,
Url: cmd.Url,
User: cmd.User,
Database: cmd.Database,
IsDefault: cmd.IsDefault,
BasicAuth: cmd.BasicAuth,
BasicAuthUser: cmd.BasicAuthUser,
WithCredentials: cmd.WithCredentials,
JsonData: cmd.JsonData,
SecureJsonData: cmd.EncryptedSecureJsonData,
Updated: time.Now(),
ReadOnly: cmd.ReadOnly,
Version: cmd.Version + 1,
Uid: cmd.Uid,
}
sess.UseBool("is_default")