IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-01-01 03:37:24 -06:00
Code Issues Packages Projects Releases Wiki Activity

Secrets: Fix unified secrets backwards compatibility (#49719)

Browse Source 
* Fix unified secrets backwards compatibility

* Add compatibility fix to AddDataSource function

* Allow updating password on fail to decrypt secrets

* If unified secret is corrupt try migrating
This commit is contained in:
Guilherme Caulada 2022-06-01 06:45:43 -07:00 committed by GitHub
parent 9da41140aa
commit 470be98588
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 23 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
pkg/services/datasources/service/datasource_service.go
View File

@ -146,6 +146,12 @@ func (s *Service) GetDataSourcesByType(ctx context.Context, query *models.GetDat
func (s *Service) AddDataSource(ctx context.Context, cmd *models.AddDataSourceCommand) error {
var err error
// this is here for backwards compatibility
cmd.EncryptedSecureJsonData, err = s.SecretsService.EncryptJsonData(ctx, cmd.SecureJsonData, secrets.WithoutScope())
if err != nil {
return err
}
if err := s.SQLStore.AddDataSource(ctx, cmd); err != nil {
return err
}
@ -287,11 +293,10 @@ func (s *Service) DecryptedValues(ctx context.Context, ds *models.DataSource) (m
}
if exist {
err := json.Unmarshal([]byte(secret), &decryptedValues)
if err != nil {
return nil, err
}
} else if len(ds.SecureJsonData) > 0 {
err = json.Unmarshal([]byte(secret), &decryptedValues)
}
if (!exist || err != nil) && len(ds.SecureJsonData) > 0 {
decryptedValues, err = s.MigrateSecrets(ctx, ds)
if err != nil {
return nil, err
@ -302,9 +307,13 @@ func (s *Service) DecryptedValues(ctx context.Context, ds *models.DataSource) (m
}
func (s *Service) MigrateSecrets(ctx context.Context, ds *models.DataSource) (map[string]string, error) {
secureJsonData, err := s.SecretsService.DecryptJsonData(ctx, ds.SecureJsonData)
if err != nil {
return nil, err
secureJsonData := make(map[string]string)
for k, v := range ds.SecureJsonData {
decrypted, err := s.SecretsService.Decrypt(ctx, v)
if err != nil {
return nil, err
}
secureJsonData[k] = string(decrypted)
}
jsonData, err := json.Marshal(secureJsonData)
@ -579,5 +588,11 @@ func (s *Service) fillWithSecureJSONData(ctx context.Context, cmd *models.Update
}
}
// this is here for backwards compatibility
cmd.EncryptedSecureJsonData, err = s.SecretsService.EncryptJsonData(ctx, cmd.SecureJsonData, secrets.WithoutScope())
if err != nil {
return err
}
return nil
}