IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-16 18:34:52 -06:00
Code Issues Packages Projects Releases Wiki Activity

Encryption: Keep legacy default provider id on providers map (#44721)

Browse Source 
* Encryption: Keep legacy default provider id on providers map

* Minor fixes

* Refactor
This commit is contained in:
Joan López de la Franca Beltran 2022-02-02 12:10:46 +01:00 committed by GitHub
parent 7bb5a5b318
commit 3b4e812449
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
pkg/services/secrets/manager/manager.go
View File

@ -48,7 +48,9 @@ func ProvideSecretsService(
logger := log.New("secrets") logger := log.New("secrets")
enabled := features.IsEnabled(featuremgmt.FlagEnvelopeEncryption) enabled := features.IsEnabled(featuremgmt.FlagEnvelopeEncryption)
currentProviderID := readCurrentProviderID(settings) currentProviderID := normalizeProviderID(secrets.ProviderID(
settings.KeyValue("security", "encryption_provider").MustString(kmsproviders.Default),
))
if _, ok := providers[currentProviderID]; enabled && !ok { if _, ok := providers[currentProviderID]; enabled && !ok {
return nil, fmt.Errorf("missing configuration for current encryption provider %s", currentProviderID) return nil, fmt.Errorf("missing configuration for current encryption provider %s", currentProviderID)
@ -77,13 +79,12 @@ func ProvideSecretsService(
return s, nil return s, nil
} }
func readCurrentProviderID(settings setting.Provider) secrets.ProviderID { func normalizeProviderID(id secrets.ProviderID) secrets.ProviderID {
currentProvider := settings.KeyValue("security", "encryption_provider").MustString(kmsproviders.Default) if id == kmsproviders.Legacy {
if currentProvider == kmsproviders.Legacy { return kmsproviders.Default
currentProvider = kmsproviders.Default
} }
return secrets.ProviderID(currentProvider) return id
} }
func (s *SecretsService) registerUsageMetrics() { func (s *SecretsService) registerUsageMetrics() {
@ -329,7 +330,7 @@ func (s *SecretsService) dataKey(ctx context.Context, name string) ([]byte, erro
} }
// 2. decrypt data key // 2. decrypt data key
provider, exists := s.providers[dataKey.Provider] provider, exists := s.providers[normalizeProviderID(dataKey.Provider)]
if !exists { if !exists {
return nil, fmt.Errorf("could not find encryption provider '%s'", dataKey.Provider) return nil, fmt.Errorf("could not find encryption provider '%s'", dataKey.Provider)
} }