From 6b7b9f5158c7f9380cf4f125521b9426fc52fc08 Mon Sep 17 00:00:00 2001
From: Tania B <yalyna.ts@gmail.com>
Date: Tue, 31 Aug 2021 16:01:23 +0300
Subject: [PATCH] Chore: Remove global encryption calls from sqlstore (#38588)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Add encryption service

* Add tests for encryption service

* Inject encryption service into http server

* Replace encryption global function usage in login tests

* Refactor UpdatePluginSetting

* Refactor EncryptSecureSettings

* Fix wire.go

* Refactor service initialization

Co-authored-by: Joan López de la Franca Beltran <joanjan14@gmail.com>
Co-authored-by: Joan López de la Franca Beltran <5459617+joanlopez@users.noreply.github.com>
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
---
 pkg/services/sqlstore/migrations/ualert/channel.go | 10 +++-------
 pkg/services/sqlstore/plugin_setting.go            | 14 ++++++--------
 2 files changed, 9 insertions(+), 15 deletions(-)

diff --git a/pkg/services/sqlstore/migrations/ualert/channel.go b/pkg/services/sqlstore/migrations/ualert/channel.go
index bf4ff62cad0..cae250776e6 100644
--- a/pkg/services/sqlstore/migrations/ualert/channel.go
+++ b/pkg/services/sqlstore/migrations/ualert/channel.go
@@ -12,7 +12,6 @@ import (
 
 	"github.com/grafana/grafana/pkg/components/securejsondata"
 	"github.com/grafana/grafana/pkg/components/simplejson"
-	"github.com/grafana/grafana/pkg/setting"
 	"github.com/grafana/grafana/pkg/util"
 )
 
@@ -400,12 +399,9 @@ type amConfigsPerOrg = map[int64]*PostableUserConfig
 func (c *PostableUserConfig) EncryptSecureSettings() error {
 	for _, r := range c.AlertmanagerConfig.Receivers {
 		for _, gr := range r.GrafanaManagedReceivers {
-			for k, v := range gr.SecureSettings {
-				encryptedData, err := util.Encrypt([]byte(v), setting.SecretKey)
-				if err != nil {
-					return fmt.Errorf("failed to encrypt secure settings: %w", err)
-				}
-				gr.SecureSettings[k] = base64.StdEncoding.EncodeToString(encryptedData)
+			encryptedData := securejsondata.GetEncryptedJsonData(gr.SecureSettings)
+			for k, v := range encryptedData {
+				gr.SecureSettings[k] = base64.StdEncoding.EncodeToString(v)
 			}
 		}
 	}
diff --git a/pkg/services/sqlstore/plugin_setting.go b/pkg/services/sqlstore/plugin_setting.go
index 0b010f11a14..21777ee9080 100644
--- a/pkg/services/sqlstore/plugin_setting.go
+++ b/pkg/services/sqlstore/plugin_setting.go
@@ -3,10 +3,10 @@ package sqlstore
 import (
 	"time"
 
+	"github.com/grafana/grafana/pkg/components/securejsondata"
+
 	"github.com/grafana/grafana/pkg/bus"
 	"github.com/grafana/grafana/pkg/models"
-	"github.com/grafana/grafana/pkg/setting"
-	"github.com/grafana/grafana/pkg/util"
 )
 
 func init() {
@@ -46,6 +46,8 @@ func GetPluginSettingById(query *models.GetPluginSettingByIdQuery) error {
 }
 
 func UpdatePluginSetting(cmd *models.UpdatePluginSettingCmd) error {
+	encryptedJsonData := securejsondata.GetEncryptedJsonData(cmd.SecureJsonData)
+
 	return inTransaction(func(sess *DBSession) error {
 		var pluginSetting models.PluginSetting
 
@@ -63,7 +65,7 @@ func UpdatePluginSetting(cmd *models.UpdatePluginSettingCmd) error {
 				Pinned:         cmd.Pinned,
 				JsonData:       cmd.JsonData,
 				PluginVersion:  cmd.PluginVersion,
-				SecureJsonData: cmd.GetEncryptedJsonData(),
+				SecureJsonData: encryptedJsonData,
 				Created:        time.Now(),
 				Updated:        time.Now(),
 			}
@@ -78,12 +80,8 @@ func UpdatePluginSetting(cmd *models.UpdatePluginSettingCmd) error {
 			_, err = sess.Insert(&pluginSetting)
 			return err
 		}
-		for key, data := range cmd.SecureJsonData {
-			encryptedData, err := util.Encrypt([]byte(data), setting.SecretKey)
-			if err != nil {
-				return err
-			}
 
+		for key, encryptedData := range encryptedJsonData {
 			pluginSetting.SecureJsonData[key] = encryptedData
 		}