Encryption: Add support to run secrets migrations even when EE is disabled (#51705)

* Encryption: Move secrets migrations into secrets.Migrator * Encryption: Refactor secrets.Service initialization * Encryption: Add support to run secrets migrations even when EE is disabled * Init EE providers on-demand (only when needed) * Add multiple tests + some adjustments * Apply feedback
2025-02-25 18:55:37 -06:00 · 2022-07-15 18:33:34 +02:00
parent a7509ba18b
commit 7b40322bbe
5 changed files with 139 additions and 55 deletions
--- a/pkg/cmd/grafana-cli/commands/secretsmigrations/secretsmigrations.go
+++ b/pkg/cmd/grafana-cli/commands/secretsmigrations/secretsmigrations.go
@@ -5,35 +5,16 @@ import (

 	"github.com/grafana/grafana/pkg/cmd/grafana-cli/runner"
 	"github.com/grafana/grafana/pkg/cmd/grafana-cli/utils"
-	"github.com/grafana/grafana/pkg/infra/log"
-	"github.com/grafana/grafana/pkg/services/featuremgmt"
 )

-var logger = log.New("secrets.migrations")
-
 func ReEncryptDEKS(_ utils.CommandLine, runner runner.Runner) error {
-	if runner.Features.IsEnabled(featuremgmt.FlagDisableEnvelopeEncryption) {
-		logger.Warn("Envelope encryption is not enabled, quitting...")
-		return nil
-	}
-
 	return runner.SecretsService.ReEncryptDataKeys(context.Background())
 }

 func ReEncryptSecrets(_ utils.CommandLine, runner runner.Runner) error {
-	if runner.Features.IsEnabled(featuremgmt.FlagDisableEnvelopeEncryption) {
-		logger.Warn("Envelope encryption is not enabled, quitting...")
-		return nil
-	}
-
 	return runner.SecretsMigrator.ReEncryptSecrets(context.Background())
 }

 func RollBackSecrets(_ utils.CommandLine, runner runner.Runner) error {
-	if runner.Features.IsEnabled(featuremgmt.FlagDisableEnvelopeEncryption) {
-		logger.Warn("Envelope encryption is not enabled, quitting...")
-		return nil
-	}
-
 	return runner.SecretsMigrator.RollBackSecrets(context.Background())
 }