mirror of
https://github.com/grafana/grafana.git
synced 2025-02-25 18:55:37 -06:00
Encryption: Refactor securejsondata.SecureJsonData to stop relying on global functions (#38865)
* Encryption: Add support to encrypt/decrypt sjd * Add datasources.Service as a proxy to datasources db operations * Encrypt ds.SecureJsonData before calling SQLStore * Move ds cache code into ds service * Fix tlsmanager tests * Fix pluginproxy tests * Remove some securejsondata.GetEncryptedJsonData usages * Add pluginsettings.Service as a proxy for plugin settings db operations * Add AlertNotificationService as a proxy for alert notification db operations * Remove some securejsondata.GetEncryptedJsonData usages * Remove more securejsondata.GetEncryptedJsonData usages * Fix lint errors * Minor fixes * Remove encryption global functions usages from ngalert * Fix lint errors * Minor fixes * Minor fixes * Remove securejsondata.DecryptedValue usage * Refactor the refactor * Remove securejsondata.DecryptedValue usage * Move securejsondata to migrations package * Move securejsondata to migrations package * Minor fix * Fix integration test * Fix integration tests * Undo undesired changes * Fix tests * Add context.Context into encryption methods * Fix tests * Fix tests * Fix tests * Trigger CI * Fix test * Add names to params of encryption service interface * Remove bus from CacheServiceImpl * Add logging * Add keys to logger Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> * Add missing key to logger Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> * Undo changes in markdown files * Fix formatting * Add context to secrets service * Rename decryptSecureJsonData to decryptSecureJsonDataFn * Name args in GetDecryptedValueFn * Add template back to NewAlertmanagerNotifier * Copy GetDecryptedValueFn to ngalert * Add logging to pluginsettings * Fix pluginsettings test Co-authored-by: Tania B <yalyna.ts@gmail.com> Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
This commit is contained in:
Joan López de la Franca Beltran
committed by
GitHub
GitHub
parent
da813877fb
commit
722c414fef
@@ -1,6 +1,8 @@
|
||||
package dashboardsnapshots
|
||||
|
||||
import (
|
||||
"context"
|
||||
|
||||
"github.com/grafana/grafana/pkg/bus"
|
||||
"github.com/grafana/grafana/pkg/components/simplejson"
|
||||
"github.com/grafana/grafana/pkg/models"
|
||||
@@ -22,22 +24,22 @@ func ProvideService(bus bus.Bus, store *sqlstore.SQLStore, encryptionService enc
|
||||
EncryptionService: encryptionService,
|
||||
}
|
||||
|
||||
s.Bus.AddHandler(s.CreateDashboardSnapshot)
|
||||
s.Bus.AddHandler(s.GetDashboardSnapshot)
|
||||
s.Bus.AddHandler(s.DeleteDashboardSnapshot)
|
||||
s.Bus.AddHandler(s.SearchDashboardSnapshots)
|
||||
s.Bus.AddHandler(s.DeleteExpiredSnapshots)
|
||||
s.Bus.AddHandlerCtx(s.CreateDashboardSnapshot)
|
||||
s.Bus.AddHandlerCtx(s.GetDashboardSnapshot)
|
||||
s.Bus.AddHandlerCtx(s.DeleteDashboardSnapshot)
|
||||
s.Bus.AddHandlerCtx(s.SearchDashboardSnapshots)
|
||||
s.Bus.AddHandlerCtx(s.DeleteExpiredSnapshots)
|
||||
|
||||
return s
|
||||
}
|
||||
|
||||
func (s *Service) CreateDashboardSnapshot(cmd *models.CreateDashboardSnapshotCommand) error {
|
||||
func (s *Service) CreateDashboardSnapshot(ctx context.Context, cmd *models.CreateDashboardSnapshotCommand) error {
|
||||
marshalledData, err := cmd.Dashboard.Encode()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
encryptedDashboard, err := s.EncryptionService.Encrypt(marshalledData, setting.SecretKey)
|
||||
encryptedDashboard, err := s.EncryptionService.Encrypt(ctx, marshalledData, setting.SecretKey)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@@ -47,14 +49,14 @@ func (s *Service) CreateDashboardSnapshot(cmd *models.CreateDashboardSnapshotCom
|
||||
return s.SQLStore.CreateDashboardSnapshot(cmd)
|
||||
}
|
||||
|
||||
func (s *Service) GetDashboardSnapshot(query *models.GetDashboardSnapshotQuery) error {
|
||||
func (s *Service) GetDashboardSnapshot(ctx context.Context, query *models.GetDashboardSnapshotQuery) error {
|
||||
err := s.SQLStore.GetDashboardSnapshot(query)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if query.Result.DashboardEncrypted != nil {
|
||||
decryptedDashboard, err := s.EncryptionService.Decrypt(query.Result.DashboardEncrypted, setting.SecretKey)
|
||||
decryptedDashboard, err := s.EncryptionService.Decrypt(ctx, query.Result.DashboardEncrypted, setting.SecretKey)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@@ -70,14 +72,14 @@ func (s *Service) GetDashboardSnapshot(query *models.GetDashboardSnapshotQuery)
|
||||
return err
|
||||
}
|
||||
|
||||
func (s *Service) DeleteDashboardSnapshot(cmd *models.DeleteDashboardSnapshotCommand) error {
|
||||
func (s *Service) DeleteDashboardSnapshot(_ context.Context, cmd *models.DeleteDashboardSnapshotCommand) error {
|
||||
return s.SQLStore.DeleteDashboardSnapshot(cmd)
|
||||
}
|
||||
|
||||
func (s *Service) SearchDashboardSnapshots(query *models.GetDashboardSnapshotsQuery) error {
|
||||
func (s *Service) SearchDashboardSnapshots(_ context.Context, query *models.GetDashboardSnapshotsQuery) error {
|
||||
return s.SQLStore.SearchDashboardSnapshots(query)
|
||||
}
|
||||
|
||||
func (s *Service) DeleteExpiredSnapshots(cmd *models.DeleteExpiredSnapshotsCommand) error {
|
||||
func (s *Service) DeleteExpiredSnapshots(_ context.Context, cmd *models.DeleteExpiredSnapshotsCommand) error {
|
||||
return s.SQLStore.DeleteExpiredSnapshots(cmd)
|
||||
}
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
package dashboardsnapshots
|
||||
|
||||
import (
|
||||
"context"
|
||||
"testing"
|
||||
|
||||
"github.com/grafana/grafana/pkg/components/simplejson"
|
||||
@@ -32,28 +33,32 @@ func TestDashboardSnapshotsService(t *testing.T) {
|
||||
require.NoError(t, err)
|
||||
|
||||
t.Run("create dashboard snapshot should encrypt the dashboard", func(t *testing.T) {
|
||||
ctx := context.Background()
|
||||
|
||||
cmd := models.CreateDashboardSnapshotCommand{
|
||||
Key: dashboardKey,
|
||||
DeleteKey: dashboardKey,
|
||||
Dashboard: dashboard,
|
||||
}
|
||||
|
||||
err = s.CreateDashboardSnapshot(&cmd)
|
||||
err = s.CreateDashboardSnapshot(ctx, &cmd)
|
||||
require.NoError(t, err)
|
||||
|
||||
decrypted, err := s.EncryptionService.Decrypt(cmd.Result.DashboardEncrypted, setting.SecretKey)
|
||||
decrypted, err := s.EncryptionService.Decrypt(ctx, cmd.Result.DashboardEncrypted, setting.SecretKey)
|
||||
require.NoError(t, err)
|
||||
|
||||
require.Equal(t, rawDashboard, decrypted)
|
||||
})
|
||||
|
||||
t.Run("get dashboard snapshot should return the dashboard decrypted", func(t *testing.T) {
|
||||
ctx := context.Background()
|
||||
|
||||
query := models.GetDashboardSnapshotQuery{
|
||||
Key: dashboardKey,
|
||||
DeleteKey: dashboardKey,
|
||||
}
|
||||
|
||||
err := s.GetDashboardSnapshot(&query)
|
||||
err := s.GetDashboardSnapshot(ctx, &query)
|
||||
require.NoError(t, err)
|
||||
|
||||
decrypted, err := query.Result.Dashboard.Encode()
|
||||
|
||||
Reference in New Issue
Block a user