Chore: SQL Store Split of datasource (#54262)

* refectory datasource

* fix linter

pkg/services/datasources/service/cache.go

@@ -52,7 +52,8 @@ func (dc *CacheServiceImpl) GetDatasource(
 	dc.logger.Debug("Querying for data source via SQL store", "id", datasourceID, "orgId", user.OrgID)
 
 	query := &datasources.GetDataSourceQuery{Id: datasourceID, OrgId: user.OrgID}
-	err := dc.SQLStore.GetDataSource(ctx, query)
+	ss := SqlStore{db: dc.SQLStore}
+	err := ss.GetDataSource(ctx, query)
 	if err != nil {
 		return nil, err
 	}
@@ -91,7 +92,8 @@ func (dc *CacheServiceImpl) GetDatasourceByUID(
 
 	dc.logger.Debug("Querying for data source via SQL store", "uid", datasourceUID, "orgId", user.OrgID)
 	query := &datasources.GetDataSourceQuery{Uid: datasourceUID, OrgId: user.OrgID}
-	err := dc.SQLStore.GetDataSource(ctx, query)
+	ss := SqlStore{db: dc.SQLStore}
+	err := ss.GetDataSource(ctx, query)
 	if err != nil {
 		return nil, err
 	}

pkg/services/datasources/service/datasource.go

@@ -21,12 +21,12 @@ import (
 	"github.com/grafana/grafana/pkg/services/featuremgmt"
 	"github.com/grafana/grafana/pkg/services/secrets"
 	"github.com/grafana/grafana/pkg/services/secrets/kvstore"
-	"github.com/grafana/grafana/pkg/services/sqlstore"
+	"github.com/grafana/grafana/pkg/services/sqlstore/db"
 	"github.com/grafana/grafana/pkg/setting"
 )
 
 type Service struct {
-	SQLStore           *sqlstore.SQLStore
+	SQLStore           Store
 	SecretsStore       kvstore.SecretsKVStore
 	SecretsService     secrets.Service
 	cfg                *setting.Cfg
@@ -34,6 +34,7 @@ type Service struct {
 	permissionsService accesscontrol.DatasourcePermissionsService
 	ac                 accesscontrol.AccessControl
 	logger             log.Logger
+	db                 db.DB
 
 	ptc proxyTransportCache
 }
@@ -49,9 +50,11 @@ type cachedRoundTripper struct {
 }
 
 func ProvideService(
-	store *sqlstore.SQLStore, secretsService secrets.Service, secretsStore kvstore.SecretsKVStore, cfg *setting.Cfg,
+	db db.DB, secretsService secrets.Service, secretsStore kvstore.SecretsKVStore, cfg *setting.Cfg,
 	features featuremgmt.FeatureToggles, ac accesscontrol.AccessControl, datasourcePermissionsService accesscontrol.DatasourcePermissionsService,
 ) *Service {
+	dslogger := log.New("datasources")
+	store := &SqlStore{db: db, logger: dslogger}
 	s := &Service{
 		SQLStore:       store,
 		SecretsStore:   secretsStore,
@@ -63,7 +66,8 @@ func ProvideService(
 		features:           features,
 		permissionsService: datasourcePermissionsService,
 		ac:                 ac,
-		logger:             log.New("datasources"),
+		logger:             dslogger,
+		db:                 db,
 	}
 
 	ac.RegisterScopeAttributeResolver(NewNameScopeResolver(store))
@@ -146,7 +150,7 @@ func (s *Service) GetDataSourcesByType(ctx context.Context, query *datasources.G
 }
 
 func (s *Service) AddDataSource(ctx context.Context, cmd *datasources.AddDataSourceCommand) error {
-	return s.SQLStore.InTransaction(ctx, func(ctx context.Context) error {
+	return s.db.InTransaction(ctx, func(ctx context.Context) error {
 		var err error
 
 		cmd.EncryptedSecureJsonData = make(map[string][]byte)
@@ -193,7 +197,7 @@ func (s *Service) AddDataSource(ctx context.Context, cmd *datasources.AddDataSou
 }
 
 func (s *Service) DeleteDataSource(ctx context.Context, cmd *datasources.DeleteDataSourceCommand) error {
-	return s.SQLStore.InTransaction(ctx, func(ctx context.Context) error {
+	return s.db.InTransaction(ctx, func(ctx context.Context) error {
 		cmd.UpdateSecretFn = func() error {
 			return s.SecretsStore.Del(ctx, cmd.OrgID, cmd.Name, kvstore.DataSourceSecretType)
 		}
@@ -203,7 +207,7 @@ func (s *Service) DeleteDataSource(ctx context.Context, cmd *datasources.DeleteD
 }
 
 func (s *Service) UpdateDataSource(ctx context.Context, cmd *datasources.UpdateDataSourceCommand) error {
-	return s.SQLStore.InTransaction(ctx, func(ctx context.Context) error {
+	return s.db.InTransaction(ctx, func(ctx context.Context) error {
 		var err error
 
 		query := &datasources.GetDataSourceQuery{

pkg/services/datasources/service/datasource_test.go

@@ -200,7 +200,7 @@ func TestService_GetHttpTransport(t *testing.T) {
 		sqlStore := sqlstore.InitTestDB(t)
 		secretsService := secretsmng.SetupTestService(t, fakes.NewFakeSecretsStore())
 		secretsStore := secretskvs.NewSQLSecretsKVStore(sqlStore, secretsService, log.New("test.logger"))
-		dsService := ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService())
+		dsService := ProvideService(sqlStore, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService())
 
 		rt1, err := dsService.GetHTTPTransport(context.Background(), &ds, provider)
 		require.NoError(t, err)
@@ -235,7 +235,7 @@ func TestService_GetHttpTransport(t *testing.T) {
 		sqlStore := sqlstore.InitTestDB(t)
 		secretsService := secretsmng.SetupTestService(t, fakes.NewFakeSecretsStore())
 		secretsStore := secretskvs.NewSQLSecretsKVStore(sqlStore, secretsService, log.New("test.logger"))
-		dsService := ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService())
+		dsService := ProvideService(sqlStore, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService())
 
 		ds := datasources.DataSource{
 			Id:             1,
@@ -284,7 +284,7 @@ func TestService_GetHttpTransport(t *testing.T) {
 		sqlStore := sqlstore.InitTestDB(t)
 		secretsService := secretsmng.SetupTestService(t, fakes.NewFakeSecretsStore())
 		secretsStore := secretskvs.NewSQLSecretsKVStore(sqlStore, secretsService, log.New("test.logger"))
-		dsService := ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService())
+		dsService := ProvideService(sqlStore, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService())
 
 		ds := datasources.DataSource{
 			Id:       1,
@@ -330,7 +330,7 @@ func TestService_GetHttpTransport(t *testing.T) {
 		sqlStore := sqlstore.InitTestDB(t)
 		secretsService := secretsmng.SetupTestService(t, fakes.NewFakeSecretsStore())
 		secretsStore := secretskvs.NewSQLSecretsKVStore(sqlStore, secretsService, log.New("test.logger"))
-		dsService := ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService())
+		dsService := ProvideService(sqlStore, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService())
 
 		ds := datasources.DataSource{
 			Id:       1,
@@ -373,7 +373,7 @@ func TestService_GetHttpTransport(t *testing.T) {
 		sqlStore := sqlstore.InitTestDB(t)
 		secretsService := secretsmng.SetupTestService(t, fakes.NewFakeSecretsStore())
 		secretsStore := secretskvs.NewSQLSecretsKVStore(sqlStore, secretsService, log.New("test.logger"))
-		dsService := ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService())
+		dsService := ProvideService(sqlStore, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService())
 
 		ds := datasources.DataSource{
 			Id:       1,
@@ -406,7 +406,7 @@ func TestService_GetHttpTransport(t *testing.T) {
 		sqlStore := sqlstore.InitTestDB(t)
 		secretsService := secretsmng.SetupTestService(t, fakes.NewFakeSecretsStore())
 		secretsStore := secretskvs.NewSQLSecretsKVStore(sqlStore, secretsService, log.New("test.logger"))
-		dsService := ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService())
+		dsService := ProvideService(sqlStore, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService())
 
 		ds := datasources.DataSource{
 			Id:       1,
@@ -473,8 +473,7 @@ func TestService_GetHttpTransport(t *testing.T) {
 		sqlStore := sqlstore.InitTestDB(t)
 		secretsService := secretsmng.SetupTestService(t, fakes.NewFakeSecretsStore())
 		secretsStore := secretskvs.NewSQLSecretsKVStore(sqlStore, secretsService, log.New("test.logger"))
-		dsService := ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService())
-
+		dsService := ProvideService(sqlStore, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService())
 		ds := datasources.DataSource{
 			Id:       1,
 			Url:      "http://k8s:8001",
@@ -508,7 +507,7 @@ func TestService_GetHttpTransport(t *testing.T) {
 		sqlStore := sqlstore.InitTestDB(t)
 		secretsService := secretsmng.SetupTestService(t, fakes.NewFakeSecretsStore())
 		secretsStore := secretskvs.NewSQLSecretsKVStore(sqlStore, secretsService, log.New("test.logger"))
-		dsService := ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService())
+		dsService := ProvideService(sqlStore, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService())
 
 		ds := datasources.DataSource{
 			Type:     datasources.DS_ES,
@@ -545,7 +544,7 @@ func TestService_getTimeout(t *testing.T) {
 	sqlStore := sqlstore.InitTestDB(t)
 	secretsService := secretsmng.SetupTestService(t, fakes.NewFakeSecretsStore())
 	secretsStore := secretskvs.NewSQLSecretsKVStore(sqlStore, secretsService, log.New("test.logger"))
-	dsService := ProvideService(nil, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService())
+	dsService := ProvideService(sqlStore, secretsService, secretsStore, cfg, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService())
 
 	for _, tc := range testCases {
 		ds := &datasources.DataSource{
@@ -566,7 +565,7 @@ func TestService_GetDecryptedValues(t *testing.T) {
 		sqlStore := sqlstore.InitTestDB(t)
 		secretsService := secretsmng.SetupTestService(t, fakes.NewFakeSecretsStore())
 		secretsStore := secretskvs.NewSQLSecretsKVStore(sqlStore, secretsService, log.New("test.logger"))
-		dsService := ProvideService(nil, secretsService, secretsStore, nil, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService())
+		dsService := ProvideService(sqlStore, secretsService, secretsStore, nil, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService())
 
 		jsonData := map[string]string{
 			"password": "securePassword",
@@ -592,7 +591,7 @@ func TestService_GetDecryptedValues(t *testing.T) {
 		sqlStore := sqlstore.InitTestDB(t)
 		secretsService := secretsmng.SetupTestService(t, fakes.NewFakeSecretsStore())
 		secretsStore := secretskvs.NewSQLSecretsKVStore(sqlStore, secretsService, log.New("test.logger"))
-		dsService := ProvideService(nil, secretsService, secretsStore, nil, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService())
+		dsService := ProvideService(sqlStore, secretsService, secretsStore, nil, featuremgmt.WithFeatures(), acmock.New(), acmock.NewMockedPermissionsService())
 
 		jsonData := map[string]string{
 			"password": "securePassword",

pkg/services/datasources/service/store.go

@@ -0,0 +1,347 @@
+package service
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"strings"
+	"time"
+
+	"github.com/grafana/grafana/pkg/components/simplejson"
+	"github.com/grafana/grafana/pkg/events"
+	"github.com/grafana/grafana/pkg/infra/log"
+	"github.com/grafana/grafana/pkg/infra/metrics"
+	ac "github.com/grafana/grafana/pkg/services/accesscontrol"
+	"github.com/grafana/grafana/pkg/services/datasources"
+	"github.com/grafana/grafana/pkg/services/sqlstore"
+	"github.com/grafana/grafana/pkg/services/sqlstore/db"
+	"github.com/grafana/grafana/pkg/util"
+	"xorm.io/xorm"
+)
+
+// Store is the interface for the datasource Service's storage.
+type Store interface {
+	GetDataSource(context.Context, *datasources.GetDataSourceQuery) error
+	GetDataSources(context.Context, *datasources.GetDataSourcesQuery) error
+	GetDataSourcesByType(context.Context, *datasources.GetDataSourcesByTypeQuery) error
+	GetDefaultDataSource(context.Context, *datasources.GetDefaultDataSourceQuery) error
+	DeleteDataSource(context.Context, *datasources.DeleteDataSourceCommand) error
+	AddDataSource(context.Context, *datasources.AddDataSourceCommand) error
+	UpdateDataSource(context.Context, *datasources.UpdateDataSourceCommand) error
+	GetAllDataSources(ctx context.Context, query *datasources.GetAllDataSourcesQuery) error
+}
+
+type SqlStore struct {
+	db     db.DB
+	logger log.Logger
+}
+
+func CreateStore(db sqlstore.Store) *SqlStore {
+	return &SqlStore{db: db}
+}
+
+// GetDataSource adds a datasource to the query model by querying by org_id as well as
+// either uid (preferred), id, or name and is added to the bus.
+func (ss *SqlStore) GetDataSource(ctx context.Context, query *datasources.GetDataSourceQuery) error {
+	metrics.MDBDataSourceQueryByID.Inc()
+
+	return ss.db.WithDbSession(ctx, func(sess *sqlstore.DBSession) error {
+		return ss.getDataSource(ctx, query, sess)
+	})
+}
+
+func (ss *SqlStore) getDataSource(ctx context.Context, query *datasources.GetDataSourceQuery, sess *sqlstore.DBSession) error {
+	if query.OrgId == 0 || (query.Id == 0 && len(query.Name) == 0 && len(query.Uid) == 0) {
+		return datasources.ErrDataSourceIdentifierNotSet
+	}
+
+	datasource := &datasources.DataSource{Name: query.Name, OrgId: query.OrgId, Id: query.Id, Uid: query.Uid}
+	has, err := sess.Get(datasource)
+
+	if err != nil {
+		ss.logger.Error("Failed getting data source", "err", err, "uid", query.Uid, "id", query.Id, "name", query.Name, "orgId", query.OrgId)
+		return err
+	} else if !has {
+		return datasources.ErrDataSourceNotFound
+	}
+
+	query.Result = datasource
+
+	return nil
+}
+
+func (ss *SqlStore) GetDataSources(ctx context.Context, query *datasources.GetDataSourcesQuery) error {
+	var sess *xorm.Session
+	return ss.db.WithDbSession(ctx, func(dbSess *sqlstore.DBSession) error {
+		if query.DataSourceLimit <= 0 {
+			sess = dbSess.Where("org_id=?", query.OrgId).Asc("name")
+		} else {
+			sess = dbSess.Limit(query.DataSourceLimit, 0).Where("org_id=?", query.OrgId).Asc("name")
+		}
+
+		query.Result = make([]*datasources.DataSource, 0)
+		return sess.Find(&query.Result)
+	})
+}
+
+func (ss *SqlStore) GetAllDataSources(ctx context.Context, query *datasources.GetAllDataSourcesQuery) error {
+	return ss.db.WithDbSession(ctx, func(sess *sqlstore.DBSession) error {
+		query.Result = make([]*datasources.DataSource, 0)
+		return sess.Asc("name").Find(&query.Result)
+	})
+}
+
+// GetDataSourcesByType returns all datasources for a given type or an error if the specified type is an empty string
+func (ss *SqlStore) GetDataSourcesByType(ctx context.Context, query *datasources.GetDataSourcesByTypeQuery) error {
+	if query.Type == "" {
+		return fmt.Errorf("datasource type cannot be empty")
+	}
+
+	query.Result = make([]*datasources.DataSource, 0)
+	return ss.db.WithDbSession(ctx, func(sess *sqlstore.DBSession) error {
+		if query.OrgId > 0 {
+			return sess.Where("type=? AND org_id=?", query.Type, query.OrgId).Asc("id").Find(&query.Result)
+		}
+		return sess.Where("type=?", query.Type).Asc("id").Find(&query.Result)
+	})
+}
+
+// GetDefaultDataSource is used to get the default datasource of organization
+func (ss *SqlStore) GetDefaultDataSource(ctx context.Context, query *datasources.GetDefaultDataSourceQuery) error {
+	datasource := datasources.DataSource{}
+	return ss.db.WithDbSession(ctx, func(sess *sqlstore.DBSession) error {
+		exists, err := sess.Where("org_id=? AND is_default=?", query.OrgId, true).Get(&datasource)
+
+		if !exists {
+			return datasources.ErrDataSourceNotFound
+		}
+
+		query.Result = &datasource
+		return err
+	})
+}
+
+// DeleteDataSource removes a datasource by org_id as well as either uid (preferred), id, or name
+// and is added to the bus. It also removes permissions related to the datasource.
+func (ss *SqlStore) DeleteDataSource(ctx context.Context, cmd *datasources.DeleteDataSourceCommand) error {
+	return ss.db.WithTransactionalDbSession(ctx, func(sess *sqlstore.DBSession) error {
+		dsQuery := &datasources.GetDataSourceQuery{Id: cmd.ID, Uid: cmd.UID, Name: cmd.Name, OrgId: cmd.OrgID}
+		errGettingDS := ss.getDataSource(ctx, dsQuery, sess)
+
+		if errGettingDS != nil && !errors.Is(errGettingDS, datasources.ErrDataSourceNotFound) {
+			return errGettingDS
+		}
+
+		ds := dsQuery.Result
+		if ds != nil {
+			// Delete the data source
+			result, err := sess.Exec("DELETE FROM data_source WHERE org_id=? AND id=?", ds.OrgId, ds.Id)
+			if err != nil {
+				return err
+			}
+
+			cmd.DeletedDatasourcesCount, _ = result.RowsAffected()
+
+			// Remove associated AccessControl permissions
+			if _, errDeletingPerms := sess.Exec("DELETE FROM permission WHERE scope=?",
+				ac.Scope("datasources", "id", fmt.Sprint(dsQuery.Result.Id))); errDeletingPerms != nil {
+				return errDeletingPerms
+			}
+		}
+
+		if cmd.UpdateSecretFn != nil {
+			if err := cmd.UpdateSecretFn(); err != nil {
+				ss.logger.Error("Failed to update datasource secrets -- rolling back update", "UID", cmd.UID, "name", cmd.Name, "orgId", cmd.OrgID)
+				return err
+			}
+		}
+
+		// Publish data source deletion event
+		if cmd.DeletedDatasourcesCount > 0 {
+			sess.PublishAfterCommit(&events.DataSourceDeleted{
+				Timestamp: time.Now(),
+				Name:      ds.Name,
+				ID:        ds.Id,
+				UID:       ds.Uid,
+				OrgID:     ds.OrgId,
+			})
+		}
+
+		return nil
+	})
+}
+
+func (ss *SqlStore) AddDataSource(ctx context.Context, cmd *datasources.AddDataSourceCommand) error {
+	return ss.db.WithTransactionalDbSession(ctx, func(sess *sqlstore.DBSession) error {
+		existing := datasources.DataSource{OrgId: cmd.OrgId, Name: cmd.Name}
+		has, _ := sess.Get(&existing)
+
+		if has {
+			return datasources.ErrDataSourceNameExists
+		}
+
+		if cmd.JsonData == nil {
+			cmd.JsonData = simplejson.New()
+		}
+
+		if cmd.Uid == "" {
+			uid, err := generateNewDatasourceUid(sess, cmd.OrgId)
+			if err != nil {
+				return fmt.Errorf("failed to generate UID for datasource %q: %w", cmd.Name, err)
+			}
+			cmd.Uid = uid
+		}
+
+		ds := &datasources.DataSource{
+			OrgId:           cmd.OrgId,
+			Name:            cmd.Name,
+			Type:            cmd.Type,
+			Access:          cmd.Access,
+			Url:             cmd.Url,
+			User:            cmd.User,
+			Database:        cmd.Database,
+			IsDefault:       cmd.IsDefault,
+			BasicAuth:       cmd.BasicAuth,
+			BasicAuthUser:   cmd.BasicAuthUser,
+			WithCredentials: cmd.WithCredentials,
+			JsonData:        cmd.JsonData,
+			SecureJsonData:  cmd.EncryptedSecureJsonData,
+			Created:         time.Now(),
+			Updated:         time.Now(),
+			Version:         1,
+			ReadOnly:        cmd.ReadOnly,
+			Uid:             cmd.Uid,
+		}
+
+		if _, err := sess.Insert(ds); err != nil {
+			if ss.db.GetDialect().IsUniqueConstraintViolation(err) && strings.Contains(strings.ToLower(ss.db.GetDialect().ErrorMessage(err)), "uid") {
+				return datasources.ErrDataSourceUidExists
+			}
+			return err
+		}
+		if err := updateIsDefaultFlag(ds, sess); err != nil {
+			return err
+		}
+
+		if cmd.UpdateSecretFn != nil {
+			if err := cmd.UpdateSecretFn(); err != nil {
+				// ss.logger.Error("Failed to update datasource secrets -- rolling back update", "name", cmd.Name, "type", cmd.Type, "orgId", cmd.OrgId)
+				return err
+			}
+		}
+
+		cmd.Result = ds
+
+		sess.PublishAfterCommit(&events.DataSourceCreated{
+			Timestamp: time.Now(),
+			Name:      cmd.Name,
+			ID:        ds.Id,
+			UID:       cmd.Uid,
+			OrgID:     cmd.OrgId,
+		})
+		return nil
+	})
+}
+
+func updateIsDefaultFlag(ds *datasources.DataSource, sess *sqlstore.DBSession) error {
+	// Handle is default flag
+	if ds.IsDefault {
+		rawSQL := "UPDATE data_source SET is_default=? WHERE org_id=? AND id <> ?"
+		if _, err := sess.Exec(rawSQL, false, ds.OrgId, ds.Id); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func (ss *SqlStore) UpdateDataSource(ctx context.Context, cmd *datasources.UpdateDataSourceCommand) error {
+	return ss.db.WithTransactionalDbSession(ctx, func(sess *sqlstore.DBSession) error {
+		if cmd.JsonData == nil {
+			cmd.JsonData = simplejson.New()
+		}
+
+		ds := &datasources.DataSource{
+			Id:              cmd.Id,
+			OrgId:           cmd.OrgId,
+			Name:            cmd.Name,
+			Type:            cmd.Type,
+			Access:          cmd.Access,
+			Url:             cmd.Url,
+			User:            cmd.User,
+			Database:        cmd.Database,
+			IsDefault:       cmd.IsDefault,
+			BasicAuth:       cmd.BasicAuth,
+			BasicAuthUser:   cmd.BasicAuthUser,
+			WithCredentials: cmd.WithCredentials,
+			JsonData:        cmd.JsonData,
+			SecureJsonData:  cmd.EncryptedSecureJsonData,
+			Updated:         time.Now(),
+			ReadOnly:        cmd.ReadOnly,
+			Version:         cmd.Version + 1,
+			Uid:             cmd.Uid,
+		}
+
+		sess.UseBool("is_default")
+		sess.UseBool("basic_auth")
+		sess.UseBool("with_credentials")
+		sess.UseBool("read_only")
+		// Make sure password are zeroed out if empty. We do this as we want to migrate passwords from
+		// plain text fields to SecureJsonData.
+		sess.MustCols("password")
+		sess.MustCols("basic_auth_password")
+		sess.MustCols("user")
+		// Make sure secure json data is zeroed out if empty. We do this as we want to migrate secrets from
+		// secure json data to the unified secrets table.
+		sess.MustCols("secure_json_data")
+
+		var updateSession *xorm.Session
+		if cmd.Version != 0 {
+			// the reason we allow cmd.version > db.version is make it possible for people to force
+			// updates to datasources using the datasource.yaml file without knowing exactly what version
+			// a datasource have in the db.
+			updateSession = sess.Where("id=? and org_id=? and version < ?", ds.Id, ds.OrgId, ds.Version)
+		} else {
+			updateSession = sess.Where("id=? and org_id=?", ds.Id, ds.OrgId)
+		}
+
+		affected, err := updateSession.Update(ds)
+		if err != nil {
+			return err
+		}
+
+		if affected == 0 {
+			return datasources.ErrDataSourceUpdatingOldVersion
+		}
+
+		err = updateIsDefaultFlag(ds, sess)
+
+		if cmd.UpdateSecretFn != nil {
+			if err := cmd.UpdateSecretFn(); err != nil {
+				ss.logger.Error("Failed to update datasource secrets -- rolling back update", "UID", cmd.Uid, "name", cmd.Name, "type", cmd.Type, "orgId", cmd.OrgId)
+				return err
+			}
+		}
+
+		cmd.Result = ds
+		return err
+	})
+}
+
+func generateNewDatasourceUid(sess *sqlstore.DBSession, orgId int64) (string, error) {
+	for i := 0; i < 3; i++ {
+		uid := generateNewUid()
+
+		exists, err := sess.Where("org_id=? AND uid=?", orgId, uid).Get(&datasources.DataSource{})
+		if err != nil {
+			return "", err
+		}
+
+		if !exists {
+			return uid, nil
+		}
+	}
+
+	return "", datasources.ErrDataSourceFailedGenerateUniqueUid
+}
+
+var generateNewUid func() string = util.GenerateShortUID

pkg/services/datasources/service/store_test.go

@@ -0,0 +1,527 @@
+package service
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"strconv"
+	"testing"
+	"time"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
+	"github.com/grafana/grafana/pkg/events"
+	ac "github.com/grafana/grafana/pkg/services/accesscontrol"
+	"github.com/grafana/grafana/pkg/services/datasources"
+	"github.com/grafana/grafana/pkg/services/sqlstore"
+)
+
+func TestIntegrationDataAccess(t *testing.T) {
+	if testing.Short() {
+		t.Skip("skipping integration test")
+	}
+	defaultAddDatasourceCommand := datasources.AddDataSourceCommand{
+		OrgId:  10,
+		Name:   "nisse",
+		Type:   datasources.DS_GRAPHITE,
+		Access: datasources.DS_ACCESS_DIRECT,
+		Url:    "http://test",
+	}
+
+	defaultUpdateDatasourceCommand := datasources.UpdateDataSourceCommand{
+		OrgId:  10,
+		Name:   "nisse_updated",
+		Type:   datasources.DS_GRAPHITE,
+		Access: datasources.DS_ACCESS_DIRECT,
+		Url:    "http://test",
+	}
+
+	initDatasource := func(db *sqlstore.SQLStore) *datasources.DataSource {
+		cmd := defaultAddDatasourceCommand
+		ss := SqlStore{db: db}
+		err := ss.AddDataSource(context.Background(), &cmd)
+		require.NoError(t, err)
+
+		query := datasources.GetDataSourcesQuery{OrgId: 10}
+		err = ss.GetDataSources(context.Background(), &query)
+		require.NoError(t, err)
+		require.Equal(t, 1, len(query.Result))
+
+		return query.Result[0]
+	}
+
+	t.Run("AddDataSource", func(t *testing.T) {
+		t.Run("Can add datasource", func(t *testing.T) {
+			db := sqlstore.InitTestDB(t)
+			ss := SqlStore{db: db}
+			err := ss.AddDataSource(context.Background(), &datasources.AddDataSourceCommand{
+				OrgId:    10,
+				Name:     "laban",
+				Type:     datasources.DS_GRAPHITE,
+				Access:   datasources.DS_ACCESS_DIRECT,
+				Url:      "http://test",
+				Database: "site",
+				ReadOnly: true,
+			})
+			require.NoError(t, err)
+
+			query := datasources.GetDataSourcesQuery{OrgId: 10}
+			err = ss.GetDataSources(context.Background(), &query)
+			require.NoError(t, err)
+
+			require.Equal(t, 1, len(query.Result))
+			ds := query.Result[0]
+
+			require.EqualValues(t, 10, ds.OrgId)
+			require.Equal(t, "site", ds.Database)
+			require.True(t, ds.ReadOnly)
+		})
+
+		t.Run("generates uid if not specified", func(t *testing.T) {
+			db := sqlstore.InitTestDB(t)
+			ds := initDatasource(db)
+			require.NotEmpty(t, ds.Uid)
+		})
+
+		t.Run("fails to insert ds with same uid", func(t *testing.T) {
+			db := sqlstore.InitTestDB(t)
+			ss := SqlStore{db: db}
+			cmd1 := defaultAddDatasourceCommand
+			cmd2 := defaultAddDatasourceCommand
+			cmd1.Uid = "test"
+			cmd2.Uid = "test"
+			err := ss.AddDataSource(context.Background(), &cmd1)
+			require.NoError(t, err)
+			err = ss.AddDataSource(context.Background(), &cmd2)
+			require.Error(t, err)
+			require.IsType(t, datasources.ErrDataSourceUidExists, err)
+		})
+
+		t.Run("fires an event when the datasource is added", func(t *testing.T) {
+			db := sqlstore.InitTestDB(t)
+			sqlStore := SqlStore{db: db}
+			var created *events.DataSourceCreated
+			db.Bus().AddEventListener(func(ctx context.Context, e *events.DataSourceCreated) error {
+				created = e
+				return nil
+			})
+
+			err := sqlStore.AddDataSource(context.Background(), &defaultAddDatasourceCommand)
+			require.NoError(t, err)
+
+			require.Eventually(t, func() bool {
+				return assert.NotNil(t, created)
+			}, time.Second, time.Millisecond)
+
+			query := datasources.GetDataSourcesQuery{OrgId: 10}
+			err = sqlStore.GetDataSources(context.Background(), &query)
+			require.NoError(t, err)
+			require.Equal(t, 1, len(query.Result))
+
+			require.Equal(t, query.Result[0].Id, created.ID)
+			require.Equal(t, query.Result[0].Uid, created.UID)
+			require.Equal(t, int64(10), created.OrgID)
+			require.Equal(t, "nisse", created.Name)
+		})
+	})
+
+	t.Run("UpdateDataSource", func(t *testing.T) {
+		t.Run("updates datasource with version", func(t *testing.T) {
+			db := sqlstore.InitTestDB(t)
+			ds := initDatasource(db)
+			cmd := defaultUpdateDatasourceCommand
+			cmd.Id = ds.Id
+			cmd.Version = ds.Version
+			ss := SqlStore{db: db}
+			err := ss.UpdateDataSource(context.Background(), &cmd)
+			require.NoError(t, err)
+		})
+
+		t.Run("does not overwrite Uid if not specified", func(t *testing.T) {
+			db := sqlstore.InitTestDB(t)
+			ds := initDatasource(db)
+			ss := SqlStore{db: db}
+			require.NotEmpty(t, ds.Uid)
+
+			cmd := defaultUpdateDatasourceCommand
+			cmd.Id = ds.Id
+			err := ss.UpdateDataSource(context.Background(), &cmd)
+			require.NoError(t, err)
+
+			query := datasources.GetDataSourceQuery{Id: ds.Id, OrgId: 10}
+			err = ss.GetDataSource(context.Background(), &query)
+			require.NoError(t, err)
+			require.Equal(t, ds.Uid, query.Result.Uid)
+		})
+
+		t.Run("prevents update if version changed", func(t *testing.T) {
+			db := sqlstore.InitTestDB(t)
+			ds := initDatasource(db)
+			ss := SqlStore{db: db}
+
+			cmd := datasources.UpdateDataSourceCommand{
+				Id:      ds.Id,
+				OrgId:   10,
+				Name:    "nisse",
+				Type:    datasources.DS_GRAPHITE,
+				Access:  datasources.DS_ACCESS_PROXY,
+				Url:     "http://test",
+				Version: ds.Version,
+			}
+			// Make a copy as UpdateDataSource modifies it
+			cmd2 := cmd
+
+			err := ss.UpdateDataSource(context.Background(), &cmd)
+			require.NoError(t, err)
+
+			err = ss.UpdateDataSource(context.Background(), &cmd2)
+			require.Error(t, err)
+		})
+
+		t.Run("updates ds without version specified", func(t *testing.T) {
+			db := sqlstore.InitTestDB(t)
+			ds := initDatasource(db)
+			ss := SqlStore{db: db}
+
+			cmd := &datasources.UpdateDataSourceCommand{
+				Id:     ds.Id,
+				OrgId:  10,
+				Name:   "nisse",
+				Type:   datasources.DS_GRAPHITE,
+				Access: datasources.DS_ACCESS_PROXY,
+				Url:    "http://test",
+			}
+
+			err := ss.UpdateDataSource(context.Background(), cmd)
+			require.NoError(t, err)
+		})
+
+		t.Run("updates ds without higher version", func(t *testing.T) {
+			db := sqlstore.InitTestDB(t)
+			ds := initDatasource(db)
+			ss := SqlStore{db: db}
+
+			cmd := &datasources.UpdateDataSourceCommand{
+				Id:      ds.Id,
+				OrgId:   10,
+				Name:    "nisse",
+				Type:    datasources.DS_GRAPHITE,
+				Access:  datasources.DS_ACCESS_PROXY,
+				Url:     "http://test",
+				Version: 90000,
+			}
+
+			err := ss.UpdateDataSource(context.Background(), cmd)
+			require.NoError(t, err)
+		})
+	})
+
+	t.Run("DeleteDataSourceById", func(t *testing.T) {
+		t.Run("can delete datasource", func(t *testing.T) {
+			db := sqlstore.InitTestDB(t)
+			ds := initDatasource(db)
+			ss := SqlStore{db: db}
+
+			err := ss.DeleteDataSource(context.Background(), &datasources.DeleteDataSourceCommand{ID: ds.Id, OrgID: ds.OrgId})
+			require.NoError(t, err)
+
+			query := datasources.GetDataSourcesQuery{OrgId: 10}
+			err = ss.GetDataSources(context.Background(), &query)
+			require.NoError(t, err)
+
+			require.Equal(t, 0, len(query.Result))
+		})
+
+		t.Run("Can not delete datasource with wrong orgId", func(t *testing.T) {
+			db := sqlstore.InitTestDB(t)
+			ds := initDatasource(db)
+			ss := SqlStore{db: db}
+
+			err := ss.DeleteDataSource(context.Background(),
+				&datasources.DeleteDataSourceCommand{ID: ds.Id, OrgID: 123123})
+			require.NoError(t, err)
+
+			query := datasources.GetDataSourcesQuery{OrgId: 10}
+			err = ss.GetDataSources(context.Background(), &query)
+			require.NoError(t, err)
+
+			require.Equal(t, 1, len(query.Result))
+		})
+	})
+
+	t.Run("fires an event when the datasource is deleted", func(t *testing.T) {
+		db := sqlstore.InitTestDB(t)
+		ds := initDatasource(db)
+		ss := SqlStore{db: db}
+
+		var deleted *events.DataSourceDeleted
+		db.Bus().AddEventListener(func(ctx context.Context, e *events.DataSourceDeleted) error {
+			deleted = e
+			return nil
+		})
+
+		err := ss.DeleteDataSource(context.Background(),
+			&datasources.DeleteDataSourceCommand{ID: ds.Id, UID: ds.Uid, Name: ds.Name, OrgID: ds.OrgId})
+		require.NoError(t, err)
+
+		require.Eventually(t, func() bool {
+			return assert.NotNil(t, deleted)
+		}, time.Second, time.Millisecond)
+
+		require.Equal(t, ds.Id, deleted.ID)
+		require.Equal(t, ds.OrgId, deleted.OrgID)
+		require.Equal(t, ds.Name, deleted.Name)
+		require.Equal(t, ds.Uid, deleted.UID)
+	})
+
+	t.Run("does not fire an event when the datasource is not deleted", func(t *testing.T) {
+		db := sqlstore.InitTestDB(t)
+		ss := SqlStore{db: db}
+
+		var called bool
+		db.Bus().AddEventListener(func(ctx context.Context, e *events.DataSourceDeleted) error {
+			called = true
+			return nil
+		})
+
+		err := ss.DeleteDataSource(context.Background(),
+			&datasources.DeleteDataSourceCommand{ID: 1, UID: "non-existing", Name: "non-existing", OrgID: int64(10)})
+		require.NoError(t, err)
+
+		require.Never(t, func() bool {
+			return called
+		}, time.Second, time.Millisecond)
+	})
+
+	t.Run("DeleteDataSourceByName", func(t *testing.T) {
+		db := sqlstore.InitTestDB(t)
+		ds := initDatasource(db)
+		ss := SqlStore{db: db}
+		query := datasources.GetDataSourcesQuery{OrgId: 10}
+
+		err := ss.DeleteDataSource(context.Background(), &datasources.DeleteDataSourceCommand{Name: ds.Name, OrgID: ds.OrgId})
+		require.NoError(t, err)
+
+		err = ss.GetDataSources(context.Background(), &query)
+		require.NoError(t, err)
+
+		require.Equal(t, 0, len(query.Result))
+	})
+
+	t.Run("DeleteDataSourceAccessControlPermissions", func(t *testing.T) {
+		db := sqlstore.InitTestDB(t)
+		ds := initDatasource(db)
+		ss := SqlStore{db: db}
+
+		// Init associated permission
+		errAddPermissions := db.WithTransactionalDbSession(context.TODO(), func(sess *sqlstore.DBSession) error {
+			_, err := sess.Table("permission").Insert(ac.Permission{
+				RoleID:  1,
+				Action:  "datasources:read",
+				Scope:   ac.Scope("datasources", "id", fmt.Sprintf("%d", ds.Id)),
+				Updated: time.Now(),
+				Created: time.Now(),
+			})
+			return err
+		})
+		require.NoError(t, errAddPermissions)
+		query := datasources.GetDataSourcesQuery{OrgId: 10}
+
+		errDeletingDS := ss.DeleteDataSource(context.Background(),
+			&datasources.DeleteDataSourceCommand{Name: ds.Name, OrgID: ds.OrgId},
+		)
+		require.NoError(t, errDeletingDS)
+
+		// Check associated permission
+		permCount := int64(0)
+		errGetPermissions := db.WithTransactionalDbSession(context.TODO(), func(sess *sqlstore.DBSession) error {
+			var err error
+			permCount, err = sess.Table("permission").Count()
+			return err
+		})
+		require.NoError(t, errGetPermissions)
+		require.Zero(t, permCount, "permissions associated to the data source should have been removed")
+
+		require.Equal(t, 0, len(query.Result))
+	})
+
+	t.Run("GetDataSources", func(t *testing.T) {
+		t.Run("Number of data sources returned limited to 6 per organization", func(t *testing.T) {
+			db := sqlstore.InitTestDB(t)
+			ss := SqlStore{db: db}
+			datasourceLimit := 6
+			for i := 0; i < datasourceLimit+1; i++ {
+				err := ss.AddDataSource(context.Background(), &datasources.AddDataSourceCommand{
+					OrgId:    10,
+					Name:     "laban" + strconv.Itoa(i),
+					Type:     datasources.DS_GRAPHITE,
+					Access:   datasources.DS_ACCESS_DIRECT,
+					Url:      "http://test",
+					Database: "site",
+					ReadOnly: true,
+				})
+				require.NoError(t, err)
+			}
+			query := datasources.GetDataSourcesQuery{OrgId: 10, DataSourceLimit: datasourceLimit}
+
+			err := ss.GetDataSources(context.Background(), &query)
+
+			require.NoError(t, err)
+			require.Equal(t, datasourceLimit, len(query.Result))
+		})
+
+		t.Run("No limit should be applied on the returned data sources if the limit is not set", func(t *testing.T) {
+			db := sqlstore.InitTestDB(t)
+			ss := SqlStore{db: db}
+			numberOfDatasource := 5100
+			for i := 0; i < numberOfDatasource; i++ {
+				err := ss.AddDataSource(context.Background(), &datasources.AddDataSourceCommand{
+					OrgId:    10,
+					Name:     "laban" + strconv.Itoa(i),
+					Type:     datasources.DS_GRAPHITE,
+					Access:   datasources.DS_ACCESS_DIRECT,
+					Url:      "http://test",
+					Database: "site",
+					ReadOnly: true,
+				})
+				require.NoError(t, err)
+			}
+			query := datasources.GetDataSourcesQuery{OrgId: 10}
+
+			err := ss.GetDataSources(context.Background(), &query)
+
+			require.NoError(t, err)
+			require.Equal(t, numberOfDatasource, len(query.Result))
+		})
+
+		t.Run("No limit should be applied on the returned data sources if the limit is negative", func(t *testing.T) {
+			db := sqlstore.InitTestDB(t)
+			ss := SqlStore{db: db}
+			numberOfDatasource := 5100
+			for i := 0; i < numberOfDatasource; i++ {
+				err := ss.AddDataSource(context.Background(), &datasources.AddDataSourceCommand{
+					OrgId:    10,
+					Name:     "laban" + strconv.Itoa(i),
+					Type:     datasources.DS_GRAPHITE,
+					Access:   datasources.DS_ACCESS_DIRECT,
+					Url:      "http://test",
+					Database: "site",
+					ReadOnly: true,
+				})
+				require.NoError(t, err)
+			}
+			query := datasources.GetDataSourcesQuery{OrgId: 10, DataSourceLimit: -1}
+
+			err := ss.GetDataSources(context.Background(), &query)
+
+			require.NoError(t, err)
+			require.Equal(t, numberOfDatasource, len(query.Result))
+		})
+	})
+
+	t.Run("GetDataSourcesByType", func(t *testing.T) {
+		t.Run("Only returns datasources of specified type", func(t *testing.T) {
+			db := sqlstore.InitTestDB(t)
+			ss := SqlStore{db: db}
+
+			err := ss.AddDataSource(context.Background(), &datasources.AddDataSourceCommand{
+				OrgId:    10,
+				Name:     "Elasticsearch",
+				Type:     datasources.DS_ES,
+				Access:   datasources.DS_ACCESS_DIRECT,
+				Url:      "http://test",
+				Database: "site",
+				ReadOnly: true,
+			})
+			require.NoError(t, err)
+
+			err = ss.AddDataSource(context.Background(), &datasources.AddDataSourceCommand{
+				OrgId:    10,
+				Name:     "Graphite",
+				Type:     datasources.DS_GRAPHITE,
+				Access:   datasources.DS_ACCESS_DIRECT,
+				Url:      "http://test",
+				Database: "site",
+				ReadOnly: true,
+			})
+			require.NoError(t, err)
+
+			query := datasources.GetDataSourcesByTypeQuery{Type: datasources.DS_ES}
+
+			err = ss.GetDataSourcesByType(context.Background(), &query)
+
+			require.NoError(t, err)
+			require.Equal(t, 1, len(query.Result))
+		})
+
+		t.Run("Returns an error if no type specified", func(t *testing.T) {
+			db := sqlstore.InitTestDB(t)
+			ss := SqlStore{db: db}
+
+			query := datasources.GetDataSourcesByTypeQuery{}
+
+			err := ss.GetDataSourcesByType(context.Background(), &query)
+
+			require.Error(t, err)
+		})
+	})
+}
+
+func TestIntegrationGetDefaultDataSource(t *testing.T) {
+	if testing.Short() {
+		t.Skip("skipping integration test")
+	}
+
+	t.Run("should return error if there is no default datasource", func(t *testing.T) {
+		db := sqlstore.InitTestDB(t)
+		ss := SqlStore{db: db}
+
+		cmd := datasources.AddDataSourceCommand{
+			OrgId:  10,
+			Name:   "nisse",
+			Type:   datasources.DS_GRAPHITE,
+			Access: datasources.DS_ACCESS_DIRECT,
+			Url:    "http://test",
+		}
+
+		err := ss.AddDataSource(context.Background(), &cmd)
+		require.NoError(t, err)
+
+		query := datasources.GetDefaultDataSourceQuery{OrgId: 10}
+		err = ss.GetDefaultDataSource(context.Background(), &query)
+		require.Error(t, err)
+		assert.True(t, errors.Is(err, datasources.ErrDataSourceNotFound))
+	})
+
+	t.Run("should return default datasource if exists", func(t *testing.T) {
+		db := sqlstore.InitTestDB(t)
+		ss := SqlStore{db: db}
+
+		cmd := datasources.AddDataSourceCommand{
+			OrgId:     10,
+			Name:      "default datasource",
+			Type:      datasources.DS_GRAPHITE,
+			Access:    datasources.DS_ACCESS_DIRECT,
+			Url:       "http://test",
+			IsDefault: true,
+		}
+
+		err := ss.AddDataSource(context.Background(), &cmd)
+		require.NoError(t, err)
+
+		query := datasources.GetDefaultDataSourceQuery{OrgId: 10}
+		err = ss.GetDefaultDataSource(context.Background(), &query)
+		require.NoError(t, err)
+		assert.Equal(t, "default datasource", query.Result.Name)
+	})
+
+	t.Run("should not return default datasource of other organisation", func(t *testing.T) {
+		db := sqlstore.InitTestDB(t)
+		ss := SqlStore{db: db}
+		query := datasources.GetDefaultDataSourceQuery{OrgId: 1}
+		err := ss.GetDefaultDataSource(context.Background(), &query)
+		require.Error(t, err)
+		assert.True(t, errors.Is(err, datasources.ErrDataSourceNotFound))
+	})
+}

pkg/services/datasources/store.go

@@ -1,16 +0,0 @@
-package datasources
-
-import (
-	"context"
-)
-
-// Store is the interface for the datasource Service's storage.
-type Store interface {
-	GetDataSource(context.Context, *GetDataSourceQuery) error
-	GetDataSources(context.Context, *GetDataSourcesQuery) error
-	GetDataSourcesByType(context.Context, *GetDataSourcesByTypeQuery) error
-	GetDefaultDataSource(context.Context, *GetDefaultDataSourceQuery) error
-	DeleteDataSource(context.Context, *DeleteDataSourceCommand) error
-	AddDataSource(context.Context, *AddDataSourceCommand) error
-	UpdateDataSource(context.Context, *UpdateDataSourceCommand) error
-}

pkg/services/secrets/kvstore/migrations/datasource_mig_test.go

@@ -38,12 +38,10 @@ func TestMigrate(t *testing.T) {
 		secretsService := secretsmng.SetupTestService(t, fakes.NewFakeSecretsStore())
 		secretsStore := secretskvs.NewSQLSecretsKVStore(sqlStore, secretsService, log.New("test.logger"))
 		migService := SetupTestDataSourceSecretMigrationService(t, sqlStore, kvStore, secretsStore, false)
-
+		ds := dsservice.CreateStore(sqlStore)
 		dataSourceName := "Test"
 		dataSourceOrg := int64(1)
-
-		// Add test data source
-		err := sqlStore.AddDataSource(context.Background(), &datasources.AddDataSourceCommand{
+		err := ds.AddDataSource(context.Background(), &datasources.AddDataSourceCommand{
 			OrgId:  dataSourceOrg,
 			Name:   dataSourceName,
 			Type:   datasources.DS_MYSQL,
@@ -57,7 +55,7 @@ func TestMigrate(t *testing.T) {
 
 		// Check if the secret json data was added
 		query := &datasources.GetDataSourceQuery{OrgId: dataSourceOrg, Name: dataSourceName}
-		err = sqlStore.GetDataSource(context.Background(), query)
+		err = ds.GetDataSource(context.Background(), query)
 		assert.NoError(t, err)
 		assert.NotNil(t, query.Result)
 		assert.NotEmpty(t, query.Result.SecureJsonData)
@@ -80,7 +78,7 @@ func TestMigrate(t *testing.T) {
 
 		// Check if the secure json data was deleted
 		query = &datasources.GetDataSourceQuery{OrgId: dataSourceOrg, Name: dataSourceName}
-		err = sqlStore.GetDataSource(context.Background(), query)
+		err = ds.GetDataSource(context.Background(), query)
 		assert.NoError(t, err)
 		assert.NotNil(t, query.Result)
 		assert.Empty(t, query.Result.SecureJsonData)
@@ -104,12 +102,12 @@ func TestMigrate(t *testing.T) {
 		secretsService := secretsmng.SetupTestService(t, fakes.NewFakeSecretsStore())
 		secretsStore := secretskvs.NewSQLSecretsKVStore(sqlStore, secretsService, log.New("test.logger"))
 		migService := SetupTestDataSourceSecretMigrationService(t, sqlStore, kvStore, secretsStore, true)
-
+		ds := dsservice.CreateStore(sqlStore)
 		dataSourceName := "Test"
 		dataSourceOrg := int64(1)
 
 		// Add test data source
-		err := sqlStore.AddDataSource(context.Background(), &datasources.AddDataSourceCommand{
+		err := ds.AddDataSource(context.Background(), &datasources.AddDataSourceCommand{
 			OrgId:  dataSourceOrg,
 			Name:   dataSourceName,
 			Type:   datasources.DS_MYSQL,
@@ -123,7 +121,7 @@ func TestMigrate(t *testing.T) {
 
 		// Check if the secret json data was added
 		query := &datasources.GetDataSourceQuery{OrgId: dataSourceOrg, Name: dataSourceName}
-		err = sqlStore.GetDataSource(context.Background(), query)
+		err = ds.GetDataSource(context.Background(), query)
 		assert.NoError(t, err)
 		assert.NotNil(t, query.Result)
 		assert.NotEmpty(t, query.Result.SecureJsonData)
@@ -146,7 +144,7 @@ func TestMigrate(t *testing.T) {
 
 		// Check if the secure json data was maintained for compatibility
 		query = &datasources.GetDataSourceQuery{OrgId: dataSourceOrg, Name: dataSourceName}
-		err = sqlStore.GetDataSource(context.Background(), query)
+		err = ds.GetDataSource(context.Background(), query)
 		assert.NoError(t, err)
 		assert.NotNil(t, query.Result)
 		assert.NotEmpty(t, query.Result.SecureJsonData)
@@ -166,16 +164,18 @@ func TestMigrate(t *testing.T) {
 
 	t.Run("should replicate from unified to legacy for compatibility", func(t *testing.T) {
 		sqlStore := sqlstore.InitTestDB(t)
+
 		kvStore := kvstore.ProvideService(sqlStore)
 		secretsService := secretsmng.SetupTestService(t, fakes.NewFakeSecretsStore())
 		secretsStore := secretskvs.NewSQLSecretsKVStore(sqlStore, secretsService, log.New("test.logger"))
 		migService := SetupTestDataSourceSecretMigrationService(t, sqlStore, kvStore, secretsStore, false)
+		ds := dsservice.CreateStore(sqlStore)
 
 		dataSourceName := "Test"
 		dataSourceOrg := int64(1)
 
 		// Add test data source
-		err := sqlStore.AddDataSource(context.Background(), &datasources.AddDataSourceCommand{
+		err := ds.AddDataSource(context.Background(), &datasources.AddDataSourceCommand{
 			OrgId:  dataSourceOrg,
 			Name:   dataSourceName,
 			Type:   datasources.DS_MYSQL,
@@ -189,7 +189,7 @@ func TestMigrate(t *testing.T) {
 
 		// Check if the secret json data was added
 		query := &datasources.GetDataSourceQuery{OrgId: dataSourceOrg, Name: dataSourceName}
-		err = sqlStore.GetDataSource(context.Background(), query)
+		err = ds.GetDataSource(context.Background(), query)
 		assert.NoError(t, err)
 		assert.NotNil(t, query.Result)
 		assert.NotEmpty(t, query.Result.SecureJsonData)
@@ -212,7 +212,7 @@ func TestMigrate(t *testing.T) {
 
 		// Check if the secure json data was deleted
 		query = &datasources.GetDataSourceQuery{OrgId: dataSourceOrg, Name: dataSourceName}
-		err = sqlStore.GetDataSource(context.Background(), query)
+		err = ds.GetDataSource(context.Background(), query)
 		assert.NoError(t, err)
 		assert.NotNil(t, query.Result)
 		assert.Empty(t, query.Result.SecureJsonData)
@@ -236,7 +236,7 @@ func TestMigrate(t *testing.T) {
 
 		// Check if the secure json data was re-added for compatibility
 		query = &datasources.GetDataSourceQuery{OrgId: dataSourceOrg, Name: dataSourceName}
-		err = sqlStore.GetDataSource(context.Background(), query)
+		err = ds.GetDataSource(context.Background(), query)
 		assert.NoError(t, err)
 		assert.NotNil(t, query.Result)
 		assert.NotEmpty(t, query.Result.SecureJsonData)
@@ -260,12 +260,13 @@ func TestMigrate(t *testing.T) {
 		secretsService := secretsmng.SetupTestService(t, fakes.NewFakeSecretsStore())
 		secretsStore := secretskvs.NewSQLSecretsKVStore(sqlStore, secretsService, log.New("test.logger"))
 		migService := SetupTestDataSourceSecretMigrationService(t, sqlStore, kvStore, secretsStore, true)
+		ds := dsservice.CreateStore(sqlStore)
 
 		dataSourceName := "Test"
 		dataSourceOrg := int64(1)
 
 		// Add test data source
-		err := sqlStore.AddDataSource(context.Background(), &datasources.AddDataSourceCommand{
+		err := ds.AddDataSource(context.Background(), &datasources.AddDataSourceCommand{
 			OrgId:  dataSourceOrg,
 			Name:   dataSourceName,
 			Type:   datasources.DS_MYSQL,
@@ -279,7 +280,7 @@ func TestMigrate(t *testing.T) {
 
 		// Check if the secret json data was added
 		query := &datasources.GetDataSourceQuery{OrgId: dataSourceOrg, Name: dataSourceName}
-		err = sqlStore.GetDataSource(context.Background(), query)
+		err = ds.GetDataSource(context.Background(), query)
 		assert.NoError(t, err)
 		assert.NotNil(t, query.Result)
 		assert.NotEmpty(t, query.Result.SecureJsonData)
@@ -302,7 +303,7 @@ func TestMigrate(t *testing.T) {
 
 		// Check if the secure json data was maintained for compatibility
 		query = &datasources.GetDataSourceQuery{OrgId: dataSourceOrg, Name: dataSourceName}
-		err = sqlStore.GetDataSource(context.Background(), query)
+		err = ds.GetDataSource(context.Background(), query)
 		assert.NoError(t, err)
 		assert.NotNil(t, query.Result)
 		assert.NotEmpty(t, query.Result.SecureJsonData)
@@ -326,7 +327,7 @@ func TestMigrate(t *testing.T) {
 
 		// Check if the secure json data was deleted
 		query = &datasources.GetDataSourceQuery{OrgId: dataSourceOrg, Name: dataSourceName}
-		err = sqlStore.GetDataSource(context.Background(), query)
+		err = ds.GetDataSource(context.Background(), query)
 		assert.NoError(t, err)
 		assert.NotNil(t, query.Result)
 		assert.Empty(t, query.Result.SecureJsonData)

pkg/services/sqlstore/db/db.go

@@ -14,4 +14,5 @@ type DB interface {
 	NewSession(ctx context.Context) *sqlstore.DBSession
 	GetDialect() migrator.Dialect
 	GetSqlxSession() *session.SessionDB
+	InTransaction(ctx context.Context, fn func(ctx context.Context) error) error
 }