Encryption: Add usage stats to secrets service (#42437)

* Encryption: Add usage stats to secrets service * Sort imports
2025-02-25 18:55:37 -06:00 · 2021-11-29 16:35:15 +02:00 · 2021-11-29 16:35:15 +02:00 · 58978dcf96
commit 58978dcf96
parent e440796cb3
3 changed files with 35 additions and 4 deletions
--- a/pkg/services/secrets/manager/helpers.go
+++ b/pkg/services/secrets/manager/helpers.go
@ -3,6 +3,7 @@ package manager
 import (
 	"testing"

+	"github.com/grafana/grafana/pkg/infra/usagestats"
 	"github.com/grafana/grafana/pkg/services/encryption/ossencryption"
 	"github.com/grafana/grafana/pkg/services/kmsproviders/osskmsproviders"
 	"github.com/grafana/grafana/pkg/services/secrets"
@ -24,7 +25,6 @@ func SetupTestService(tb testing.TB, store secrets.Store) *SecretsService {
 	require.NoError(tb, err)
 	cfg := &setting.Cfg{Raw: raw}
 	cfg.FeatureToggles = map[string]bool{secrets.EnvelopeEncryptionFeatureToggle: true}
-
 	settings := &setting.OSSImpl{Cfg: cfg}
 	assert.True(tb, settings.IsFeatureToggleEnabled(secrets.EnvelopeEncryptionFeatureToggle))

@ -34,6 +34,7 @@ func SetupTestService(tb testing.TB, store secrets.Store) *SecretsService {
 		osskmsproviders.ProvideService(encryption, settings),
 		encryption,
 		settings,
+		&usagestats.UsageStatsMock{T: tb},
 	)
 	require.NoError(tb, err)

--- a/pkg/services/secrets/manager/manager.go
+++ b/pkg/services/secrets/manager/manager.go
@ -10,6 +10,7 @@ import (
 	"time"

 	"github.com/grafana/grafana/pkg/infra/log"
+	"github.com/grafana/grafana/pkg/infra/usagestats"
 	"github.com/grafana/grafana/pkg/services/encryption"
 	"github.com/grafana/grafana/pkg/services/kmsproviders"
 	"github.com/grafana/grafana/pkg/services/secrets"
@ -18,9 +19,10 @@ import (
 )

 type SecretsService struct {
-	store    secrets.Store
-	enc      encryption.Internal
-	settings setting.Provider
+	store      secrets.Store
+	enc        encryption.Internal
+	settings   setting.Provider
+	usageStats usagestats.Service

 	currentProvider string
 	providers       map[string]secrets.Provider
@ -33,6 +35,7 @@ func ProvideSecretsService(
 	kmsProvidersService kmsproviders.Service,
 	enc encryption.Internal,
 	settings setting.Provider,
+	usageStats usagestats.Service,
 ) (*SecretsService, error) {
 	providers, err := kmsProvidersService.Provide()
 	if err != nil {
@ -57,15 +60,30 @@ func ProvideSecretsService(
 		store:           store,
 		enc:             enc,
 		settings:        settings,
+		usageStats:      usageStats,
 		providers:       providers,
 		currentProvider: currentProvider,
 		dataKeyCache:    make(map[string]dataKeyCacheItem),
 		log:             logger,
 	}

+	s.registerUsageMetrics()
+
 	return s, nil
 }

+func (s *SecretsService) registerUsageMetrics() {
+	s.usageStats.RegisterMetricsFunc(func(context.Context) (map[string]interface{}, error) {
+		enabled := 0
+		if s.settings.IsFeatureToggleEnabled(secrets.EnvelopeEncryptionFeatureToggle) {
+			enabled = 1
+		}
+		return map[string]interface{}{
+			"stats.encryption.envelope_encryption_enabled.count": enabled,
+		}, nil
+	})
+}
+
 type dataKeyCacheItem struct {
 	expiry  time.Time
 	dataKey []byte
--- a/pkg/services/secrets/manager/manager_test.go
+++ b/pkg/services/secrets/manager/manager_test.go
@ -4,6 +4,7 @@ import (
 	"context"
 	"testing"

+	"github.com/grafana/grafana/pkg/infra/usagestats"
 	"github.com/grafana/grafana/pkg/services/encryption/ossencryption"
 	"github.com/grafana/grafana/pkg/services/kmsproviders/osskmsproviders"
 	"github.com/grafana/grafana/pkg/services/secrets"
@ -35,6 +36,7 @@ func TestSecretsService_EnvelopeEncryption(t *testing.T) {
 		require.NoError(t, err)
 		assert.Equal(t, len(keys), 1)
 	})
+
 	t.Run("encrypting another secret with no entity_id should use the same DEK", func(t *testing.T) {
 		plaintext := []byte("another very secret string")

@ -49,6 +51,7 @@ func TestSecretsService_EnvelopeEncryption(t *testing.T) {
 		require.NoError(t, err)
 		assert.Equal(t, len(keys), 1)
 	})
+
 	t.Run("encrypting with entity_id provided should create a new DEK", func(t *testing.T) {
 		plaintext := []byte("some test data")

@ -78,6 +81,13 @@ func TestSecretsService_EnvelopeEncryption(t *testing.T) {
 		require.NoError(t, err)
 		assert.Equal(t, expected, string(decrypted))
 	})
+
+	t.Run("usage stats should be registered", func(t *testing.T) {
+		reports, err := svc.usageStats.GetUsageReport(context.Background())
+		require.NoError(t, err)
+
+		assert.Equal(t, 1, reports.Metrics["stats.encryption.envelope_encryption_enabled.count"])
+	})
 }

 func TestSecretsService_DataKeys(t *testing.T) {
@ -181,6 +191,7 @@ func TestSecretsService_UseCurrentProvider(t *testing.T) {
 			&kms,
 			encr,
 			settings,
+			&usagestats.UsageStatsMock{T: t},
 		)
 		require.NoError(t, err)

@ -197,6 +208,7 @@ func TestSecretsService_UseCurrentProvider(t *testing.T) {
 			&kms,
 			encr,
 			settings,
+			&usagestats.UsageStatsMock{T: t},
 		)
 		require.NoError(t, err)