mirror of
https://github.com/grafana/grafana.git
synced 2025-02-25 18:55:37 -06:00
Encryption: Add usage stats to secrets service (#42437)
* Encryption: Add usage stats to secrets service * Sort imports
This commit is contained in:
parent
e440796cb3
commit
58978dcf96
@ -3,6 +3,7 @@ package manager
|
||||
import (
|
||||
"testing"
|
||||
|
||||
"github.com/grafana/grafana/pkg/infra/usagestats"
|
||||
"github.com/grafana/grafana/pkg/services/encryption/ossencryption"
|
||||
"github.com/grafana/grafana/pkg/services/kmsproviders/osskmsproviders"
|
||||
"github.com/grafana/grafana/pkg/services/secrets"
|
||||
@ -24,7 +25,6 @@ func SetupTestService(tb testing.TB, store secrets.Store) *SecretsService {
|
||||
require.NoError(tb, err)
|
||||
cfg := &setting.Cfg{Raw: raw}
|
||||
cfg.FeatureToggles = map[string]bool{secrets.EnvelopeEncryptionFeatureToggle: true}
|
||||
|
||||
settings := &setting.OSSImpl{Cfg: cfg}
|
||||
assert.True(tb, settings.IsFeatureToggleEnabled(secrets.EnvelopeEncryptionFeatureToggle))
|
||||
|
||||
@ -34,6 +34,7 @@ func SetupTestService(tb testing.TB, store secrets.Store) *SecretsService {
|
||||
osskmsproviders.ProvideService(encryption, settings),
|
||||
encryption,
|
||||
settings,
|
||||
&usagestats.UsageStatsMock{T: tb},
|
||||
)
|
||||
require.NoError(tb, err)
|
||||
|
||||
|
@ -10,6 +10,7 @@ import (
|
||||
"time"
|
||||
|
||||
"github.com/grafana/grafana/pkg/infra/log"
|
||||
"github.com/grafana/grafana/pkg/infra/usagestats"
|
||||
"github.com/grafana/grafana/pkg/services/encryption"
|
||||
"github.com/grafana/grafana/pkg/services/kmsproviders"
|
||||
"github.com/grafana/grafana/pkg/services/secrets"
|
||||
@ -18,9 +19,10 @@ import (
|
||||
)
|
||||
|
||||
type SecretsService struct {
|
||||
store secrets.Store
|
||||
enc encryption.Internal
|
||||
settings setting.Provider
|
||||
store secrets.Store
|
||||
enc encryption.Internal
|
||||
settings setting.Provider
|
||||
usageStats usagestats.Service
|
||||
|
||||
currentProvider string
|
||||
providers map[string]secrets.Provider
|
||||
@ -33,6 +35,7 @@ func ProvideSecretsService(
|
||||
kmsProvidersService kmsproviders.Service,
|
||||
enc encryption.Internal,
|
||||
settings setting.Provider,
|
||||
usageStats usagestats.Service,
|
||||
) (*SecretsService, error) {
|
||||
providers, err := kmsProvidersService.Provide()
|
||||
if err != nil {
|
||||
@ -57,15 +60,30 @@ func ProvideSecretsService(
|
||||
store: store,
|
||||
enc: enc,
|
||||
settings: settings,
|
||||
usageStats: usageStats,
|
||||
providers: providers,
|
||||
currentProvider: currentProvider,
|
||||
dataKeyCache: make(map[string]dataKeyCacheItem),
|
||||
log: logger,
|
||||
}
|
||||
|
||||
s.registerUsageMetrics()
|
||||
|
||||
return s, nil
|
||||
}
|
||||
|
||||
func (s *SecretsService) registerUsageMetrics() {
|
||||
s.usageStats.RegisterMetricsFunc(func(context.Context) (map[string]interface{}, error) {
|
||||
enabled := 0
|
||||
if s.settings.IsFeatureToggleEnabled(secrets.EnvelopeEncryptionFeatureToggle) {
|
||||
enabled = 1
|
||||
}
|
||||
return map[string]interface{}{
|
||||
"stats.encryption.envelope_encryption_enabled.count": enabled,
|
||||
}, nil
|
||||
})
|
||||
}
|
||||
|
||||
type dataKeyCacheItem struct {
|
||||
expiry time.Time
|
||||
dataKey []byte
|
||||
|
@ -4,6 +4,7 @@ import (
|
||||
"context"
|
||||
"testing"
|
||||
|
||||
"github.com/grafana/grafana/pkg/infra/usagestats"
|
||||
"github.com/grafana/grafana/pkg/services/encryption/ossencryption"
|
||||
"github.com/grafana/grafana/pkg/services/kmsproviders/osskmsproviders"
|
||||
"github.com/grafana/grafana/pkg/services/secrets"
|
||||
@ -35,6 +36,7 @@ func TestSecretsService_EnvelopeEncryption(t *testing.T) {
|
||||
require.NoError(t, err)
|
||||
assert.Equal(t, len(keys), 1)
|
||||
})
|
||||
|
||||
t.Run("encrypting another secret with no entity_id should use the same DEK", func(t *testing.T) {
|
||||
plaintext := []byte("another very secret string")
|
||||
|
||||
@ -49,6 +51,7 @@ func TestSecretsService_EnvelopeEncryption(t *testing.T) {
|
||||
require.NoError(t, err)
|
||||
assert.Equal(t, len(keys), 1)
|
||||
})
|
||||
|
||||
t.Run("encrypting with entity_id provided should create a new DEK", func(t *testing.T) {
|
||||
plaintext := []byte("some test data")
|
||||
|
||||
@ -78,6 +81,13 @@ func TestSecretsService_EnvelopeEncryption(t *testing.T) {
|
||||
require.NoError(t, err)
|
||||
assert.Equal(t, expected, string(decrypted))
|
||||
})
|
||||
|
||||
t.Run("usage stats should be registered", func(t *testing.T) {
|
||||
reports, err := svc.usageStats.GetUsageReport(context.Background())
|
||||
require.NoError(t, err)
|
||||
|
||||
assert.Equal(t, 1, reports.Metrics["stats.encryption.envelope_encryption_enabled.count"])
|
||||
})
|
||||
}
|
||||
|
||||
func TestSecretsService_DataKeys(t *testing.T) {
|
||||
@ -181,6 +191,7 @@ func TestSecretsService_UseCurrentProvider(t *testing.T) {
|
||||
&kms,
|
||||
encr,
|
||||
settings,
|
||||
&usagestats.UsageStatsMock{T: t},
|
||||
)
|
||||
require.NoError(t, err)
|
||||
|
||||
@ -197,6 +208,7 @@ func TestSecretsService_UseCurrentProvider(t *testing.T) {
|
||||
&kms,
|
||||
encr,
|
||||
settings,
|
||||
&usagestats.UsageStatsMock{T: t},
|
||||
)
|
||||
require.NoError(t, err)
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user