Encryption: Refactor securejsondata.SecureJsonData to stop relying on global functions (#38865)

* Encryption: Add support to encrypt/decrypt sjd * Add datasources.Service as a proxy to datasources db operations * Encrypt ds.SecureJsonData before calling SQLStore * Move ds cache code into ds service * Fix tlsmanager tests * Fix pluginproxy tests * Remove some securejsondata.GetEncryptedJsonData usages * Add pluginsettings.Service as a proxy for plugin settings db operations * Add AlertNotificationService as a proxy for alert notification db operations * Remove some securejsondata.GetEncryptedJsonData usages * Remove more securejsondata.GetEncryptedJsonData usages * Fix lint errors * Minor fixes * Remove encryption global functions usages from ngalert * Fix lint errors * Minor fixes * Minor fixes * Remove securejsondata.DecryptedValue usage * Refactor the refactor * Remove securejsondata.DecryptedValue usage * Move securejsondata to migrations package * Move securejsondata to migrations package * Minor fix * Fix integration test * Fix integration tests * Undo undesired changes * Fix tests * Add context.Context into encryption methods * Fix tests * Fix tests * Fix tests * Trigger CI * Fix test * Add names to params of encryption service interface * Remove bus from CacheServiceImpl * Add logging * Add keys to logger Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> * Add missing key to logger Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> * Undo changes in markdown files * Fix formatting * Add context to secrets service * Rename decryptSecureJsonData to decryptSecureJsonDataFn * Name args in GetDecryptedValueFn * Add template back to NewAlertmanagerNotifier * Copy GetDecryptedValueFn to ngalert * Add logging to pluginsettings * Fix pluginsettings test Co-authored-by: Tania B <yalyna.ts@gmail.com> Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
2025-02-25 18:55:37 -06:00 · 2021-10-07 16:33:50 +02:00
parent da813877fb
commit 722c414fef
141 changed files with 1968 additions and 1197 deletions
--- a/pkg/services/sqlstore/plugin_setting.go
+++ b/pkg/services/sqlstore/plugin_setting.go
@@ -3,18 +3,9 @@ package sqlstore
 import (
 	"time"

-	"github.com/grafana/grafana/pkg/components/securejsondata"
-
-	"github.com/grafana/grafana/pkg/bus"
 	"github.com/grafana/grafana/pkg/models"
 )

-func init() {
-	bus.AddHandler("sql", GetPluginSettingById)
-	bus.AddHandler("sql", UpdatePluginSetting)
-	bus.AddHandler("sql", UpdatePluginSettingVersion)
-}
-
 func (ss *SQLStore) GetPluginSettings(orgID int64) ([]*models.PluginSettingInfoDTO, error) {
 	sql := `SELECT org_id, plugin_id, enabled, pinned, plugin_version
 					FROM plugin_setting `
@@ -33,7 +24,7 @@ func (ss *SQLStore) GetPluginSettings(orgID int64) ([]*models.PluginSettingInfoD
 	return rslt, nil
 }

-func GetPluginSettingById(query *models.GetPluginSettingByIdQuery) error {
+func (ss *SQLStore) GetPluginSettingById(query *models.GetPluginSettingByIdQuery) error {
 	pluginSetting := models.PluginSetting{OrgId: query.OrgId, PluginId: query.PluginId}
 	has, err := x.Get(&pluginSetting)
 	if err != nil {
@@ -45,9 +36,7 @@ func GetPluginSettingById(query *models.GetPluginSettingByIdQuery) error {
 	return nil
 }

-func UpdatePluginSetting(cmd *models.UpdatePluginSettingCmd) error {
-	encryptedJsonData := securejsondata.GetEncryptedJsonData(cmd.SecureJsonData)
-
+func (ss *SQLStore) UpdatePluginSetting(cmd *models.UpdatePluginSettingCmd) error {
 	return inTransaction(func(sess *DBSession) error {
 		var pluginSetting models.PluginSetting

@@ -65,7 +54,7 @@ func UpdatePluginSetting(cmd *models.UpdatePluginSettingCmd) error {
 				Pinned:         cmd.Pinned,
 				JsonData:       cmd.JsonData,
 				PluginVersion:  cmd.PluginVersion,
-				SecureJsonData: encryptedJsonData,
+				SecureJsonData: cmd.EncryptedSecureJsonData,
 				Created:        time.Now(),
 				Updated:        time.Now(),
 			}
@@ -81,7 +70,7 @@ func UpdatePluginSetting(cmd *models.UpdatePluginSettingCmd) error {
 			return err
 		}

-		for key, encryptedData := range encryptedJsonData {
+		for key, encryptedData := range cmd.EncryptedSecureJsonData {
 			pluginSetting.SecureJsonData[key] = encryptedData
 		}

@@ -105,7 +94,7 @@ func UpdatePluginSetting(cmd *models.UpdatePluginSettingCmd) error {
 	})
 }

-func UpdatePluginSettingVersion(cmd *models.UpdatePluginSettingVersionCmd) error {
+func (ss *SQLStore) UpdatePluginSettingVersion(cmd *models.UpdatePluginSettingVersionCmd) error {
 	return inTransaction(func(sess *DBSession) error {
 		_, err := sess.Exec("UPDATE plugin_setting SET plugin_version=? WHERE org_id=? AND plugin_id=?", cmd.PluginVersion, cmd.OrgId, cmd.PluginId)
 		return err