Encryption: Add usage stats to secrets service (#42437)

* Encryption: Add usage stats to secrets service

* Sort imports
This commit is contained in:
Tania B 2021-11-29 16:35:15 +02:00 committed by GitHub
parent e440796cb3
commit 58978dcf96
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 35 additions and 4 deletions

View File

@ -3,6 +3,7 @@ package manager
import (
"testing"
"github.com/grafana/grafana/pkg/infra/usagestats"
"github.com/grafana/grafana/pkg/services/encryption/ossencryption"
"github.com/grafana/grafana/pkg/services/kmsproviders/osskmsproviders"
"github.com/grafana/grafana/pkg/services/secrets"
@ -24,7 +25,6 @@ func SetupTestService(tb testing.TB, store secrets.Store) *SecretsService {
require.NoError(tb, err)
cfg := &setting.Cfg{Raw: raw}
cfg.FeatureToggles = map[string]bool{secrets.EnvelopeEncryptionFeatureToggle: true}
settings := &setting.OSSImpl{Cfg: cfg}
assert.True(tb, settings.IsFeatureToggleEnabled(secrets.EnvelopeEncryptionFeatureToggle))
@ -34,6 +34,7 @@ func SetupTestService(tb testing.TB, store secrets.Store) *SecretsService {
osskmsproviders.ProvideService(encryption, settings),
encryption,
settings,
&usagestats.UsageStatsMock{T: tb},
)
require.NoError(tb, err)

View File

@ -10,6 +10,7 @@ import (
"time"
"github.com/grafana/grafana/pkg/infra/log"
"github.com/grafana/grafana/pkg/infra/usagestats"
"github.com/grafana/grafana/pkg/services/encryption"
"github.com/grafana/grafana/pkg/services/kmsproviders"
"github.com/grafana/grafana/pkg/services/secrets"
@ -18,9 +19,10 @@ import (
)
type SecretsService struct {
store secrets.Store
enc encryption.Internal
settings setting.Provider
store secrets.Store
enc encryption.Internal
settings setting.Provider
usageStats usagestats.Service
currentProvider string
providers map[string]secrets.Provider
@ -33,6 +35,7 @@ func ProvideSecretsService(
kmsProvidersService kmsproviders.Service,
enc encryption.Internal,
settings setting.Provider,
usageStats usagestats.Service,
) (*SecretsService, error) {
providers, err := kmsProvidersService.Provide()
if err != nil {
@ -57,15 +60,30 @@ func ProvideSecretsService(
store: store,
enc: enc,
settings: settings,
usageStats: usageStats,
providers: providers,
currentProvider: currentProvider,
dataKeyCache: make(map[string]dataKeyCacheItem),
log: logger,
}
s.registerUsageMetrics()
return s, nil
}
func (s *SecretsService) registerUsageMetrics() {
s.usageStats.RegisterMetricsFunc(func(context.Context) (map[string]interface{}, error) {
enabled := 0
if s.settings.IsFeatureToggleEnabled(secrets.EnvelopeEncryptionFeatureToggle) {
enabled = 1
}
return map[string]interface{}{
"stats.encryption.envelope_encryption_enabled.count": enabled,
}, nil
})
}
type dataKeyCacheItem struct {
expiry time.Time
dataKey []byte

View File

@ -4,6 +4,7 @@ import (
"context"
"testing"
"github.com/grafana/grafana/pkg/infra/usagestats"
"github.com/grafana/grafana/pkg/services/encryption/ossencryption"
"github.com/grafana/grafana/pkg/services/kmsproviders/osskmsproviders"
"github.com/grafana/grafana/pkg/services/secrets"
@ -35,6 +36,7 @@ func TestSecretsService_EnvelopeEncryption(t *testing.T) {
require.NoError(t, err)
assert.Equal(t, len(keys), 1)
})
t.Run("encrypting another secret with no entity_id should use the same DEK", func(t *testing.T) {
plaintext := []byte("another very secret string")
@ -49,6 +51,7 @@ func TestSecretsService_EnvelopeEncryption(t *testing.T) {
require.NoError(t, err)
assert.Equal(t, len(keys), 1)
})
t.Run("encrypting with entity_id provided should create a new DEK", func(t *testing.T) {
plaintext := []byte("some test data")
@ -78,6 +81,13 @@ func TestSecretsService_EnvelopeEncryption(t *testing.T) {
require.NoError(t, err)
assert.Equal(t, expected, string(decrypted))
})
t.Run("usage stats should be registered", func(t *testing.T) {
reports, err := svc.usageStats.GetUsageReport(context.Background())
require.NoError(t, err)
assert.Equal(t, 1, reports.Metrics["stats.encryption.envelope_encryption_enabled.count"])
})
}
func TestSecretsService_DataKeys(t *testing.T) {
@ -181,6 +191,7 @@ func TestSecretsService_UseCurrentProvider(t *testing.T) {
&kms,
encr,
settings,
&usagestats.UsageStatsMock{T: t},
)
require.NoError(t, err)
@ -197,6 +208,7 @@ func TestSecretsService_UseCurrentProvider(t *testing.T) {
&kms,
encr,
settings,
&usagestats.UsageStatsMock{T: t},
)
require.NoError(t, err)