Encryption: Refactor securejsondata.SecureJsonData to stop relying on global functions (#38865)

* Encryption: Add support to encrypt/decrypt sjd * Add datasources.Service as a proxy to datasources db operations * Encrypt ds.SecureJsonData before calling SQLStore * Move ds cache code into ds service * Fix tlsmanager tests * Fix pluginproxy tests * Remove some securejsondata.GetEncryptedJsonData usages * Add pluginsettings.Service as a proxy for plugin settings db operations * Add AlertNotificationService as a proxy for alert notification db operations * Remove some securejsondata.GetEncryptedJsonData usages * Remove more securejsondata.GetEncryptedJsonData usages * Fix lint errors * Minor fixes * Remove encryption global functions usages from ngalert * Fix lint errors * Minor fixes * Minor fixes * Remove securejsondata.DecryptedValue usage * Refactor the refactor * Remove securejsondata.DecryptedValue usage * Move securejsondata to migrations package * Move securejsondata to migrations package * Minor fix * Fix integration test * Fix integration tests * Undo undesired changes * Fix tests * Add context.Context into encryption methods * Fix tests * Fix tests * Fix tests * Trigger CI * Fix test * Add names to params of encryption service interface * Remove bus from CacheServiceImpl * Add logging * Add keys to logger Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> * Add missing key to logger Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> * Undo changes in markdown files * Fix formatting * Add context to secrets service * Rename decryptSecureJsonData to decryptSecureJsonDataFn * Name args in GetDecryptedValueFn * Add template back to NewAlertmanagerNotifier * Copy GetDecryptedValueFn to ngalert * Add logging to pluginsettings * Fix pluginsettings test Co-authored-by: Tania B <yalyna.ts@gmail.com> Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
2025-02-25 18:55:37 -06:00 · 2021-10-07 16:33:50 +02:00
parent da813877fb
commit 722c414fef
141 changed files with 1968 additions and 1197 deletions
--- a/pkg/services/alerting/notifier.go
+++ b/pkg/services/alerting/notifier.go
@@ -83,16 +83,18 @@ type ShowWhen struct {
 	Is    string `json:"is"`
 }

-func newNotificationService(renderService rendering.Service) *notificationService {
+func newNotificationService(renderService rendering.Service, decryptFn GetDecryptedValueFn) *notificationService {
 	return &notificationService{
 		log:           log.New("alerting.notifier"),
 		renderService: renderService,
+		decryptFn:     decryptFn,
 	}
 }

 type notificationService struct {
 	log           log.Logger
 	renderService rendering.Service
+	decryptFn     GetDecryptedValueFn
 }

 func (n *notificationService) SendIfNeeded(evalCtx *EvalContext) error {
@@ -250,7 +252,7 @@ func (n *notificationService) getNeededNotifiers(orgID int64, notificationUids [

 	var result notifierStateSlice
 	for _, notification := range query.Result {
-		not, err := InitNotifier(notification)
+		not, err := InitNotifier(notification, n.decryptFn)
 		if err != nil {
 			n.log.Error("Could not create notifier", "notifier", notification.Uid, "error", err)
 			continue
@@ -280,17 +282,21 @@ func (n *notificationService) getNeededNotifiers(orgID int64, notificationUids [
 }

 // InitNotifier instantiate a new notifier based on the model.
-func InitNotifier(model *models.AlertNotification) (Notifier, error) {
+func InitNotifier(model *models.AlertNotification, fn GetDecryptedValueFn) (Notifier, error) {
 	notifierPlugin, found := notifierFactories[model.Type]
 	if !found {
 		return nil, fmt.Errorf("unsupported notification type %q", model.Type)
 	}

-	return notifierPlugin.Factory(model)
+	return notifierPlugin.Factory(model, fn)
 }

+// GetDecryptedValueFn is a function that returns the decrypted value of
+// the given key. If the key is not present, then it returns the fallback value.
+type GetDecryptedValueFn func(ctx context.Context, sjd map[string][]byte, key string, fallback string, secret string) string
+
 // NotifierFactory is a signature for creating notifiers.
-type NotifierFactory func(notification *models.AlertNotification) (Notifier, error)
+type NotifierFactory func(*models.AlertNotification, GetDecryptedValueFn) (Notifier, error)

 var notifierFactories = make(map[string]*NotifierPlugin)