Chore: Remove global encryption calls from sqlstore (#38588)

* Add encryption service * Add tests for encryption service * Inject encryption service into http server * Replace encryption global function usage in login tests * Refactor UpdatePluginSetting * Refactor EncryptSecureSettings * Fix wire.go * Refactor service initialization Co-authored-by: Joan López de la Franca Beltran <joanjan14@gmail.com> Co-authored-by: Joan López de la Franca Beltran <5459617+joanlopez@users.noreply.github.com> Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
2025-02-25 18:55:37 -06:00 · 2021-08-31 16:01:23 +03:00 · 2021-08-31 16:01:23 +03:00 · 6b7b9f5158
commit 6b7b9f5158
parent aa7a6633b8
2 changed files with 9 additions and 15 deletions
--- a/pkg/services/sqlstore/migrations/ualert/channel.go
+++ b/pkg/services/sqlstore/migrations/ualert/channel.go
@ -12,7 +12,6 @@ import (

 	"github.com/grafana/grafana/pkg/components/securejsondata"
 	"github.com/grafana/grafana/pkg/components/simplejson"
-	"github.com/grafana/grafana/pkg/setting"
 	"github.com/grafana/grafana/pkg/util"
 )

@ -400,12 +399,9 @@ type amConfigsPerOrg = map[int64]*PostableUserConfig
 func (c *PostableUserConfig) EncryptSecureSettings() error {
 	for _, r := range c.AlertmanagerConfig.Receivers {
 		for _, gr := range r.GrafanaManagedReceivers {
-			for k, v := range gr.SecureSettings {
-				encryptedData, err := util.Encrypt([]byte(v), setting.SecretKey)
-				if err != nil {
-					return fmt.Errorf("failed to encrypt secure settings: %w", err)
-				}
-				gr.SecureSettings[k] = base64.StdEncoding.EncodeToString(encryptedData)
+			encryptedData := securejsondata.GetEncryptedJsonData(gr.SecureSettings)
+			for k, v := range encryptedData {
+				gr.SecureSettings[k] = base64.StdEncoding.EncodeToString(v)
 			}
 		}
 	}
--- a/pkg/services/sqlstore/plugin_setting.go
+++ b/pkg/services/sqlstore/plugin_setting.go
@ -3,10 +3,10 @@ package sqlstore
 import (
 	"time"

+	"github.com/grafana/grafana/pkg/components/securejsondata"
+
 	"github.com/grafana/grafana/pkg/bus"
 	"github.com/grafana/grafana/pkg/models"
-	"github.com/grafana/grafana/pkg/setting"
-	"github.com/grafana/grafana/pkg/util"
 )

 func init() {
@ -46,6 +46,8 @@ func GetPluginSettingById(query *models.GetPluginSettingByIdQuery) error {
 }

 func UpdatePluginSetting(cmd *models.UpdatePluginSettingCmd) error {
+	encryptedJsonData := securejsondata.GetEncryptedJsonData(cmd.SecureJsonData)
+
 	return inTransaction(func(sess *DBSession) error {
 		var pluginSetting models.PluginSetting

@ -63,7 +65,7 @@ func UpdatePluginSetting(cmd *models.UpdatePluginSettingCmd) error {
 				Pinned:         cmd.Pinned,
 				JsonData:       cmd.JsonData,
 				PluginVersion:  cmd.PluginVersion,
-				SecureJsonData: cmd.GetEncryptedJsonData(),
+				SecureJsonData: encryptedJsonData,
 				Created:        time.Now(),
 				Updated:        time.Now(),
 			}
@ -78,12 +80,8 @@ func UpdatePluginSetting(cmd *models.UpdatePluginSettingCmd) error {
 			_, err = sess.Insert(&pluginSetting)
 			return err
 		}
-		for key, data := range cmd.SecureJsonData {
-			encryptedData, err := util.Encrypt([]byte(data), setting.SecretKey)
-			if err != nil {
-				return err
-			}

+		for key, encryptedData := range encryptedJsonData {
 			pluginSetting.SecureJsonData[key] = encryptedData
 		}