IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Move migration to secret store

Browse Source
This commit is contained in:
Guilherme Caulada 2022-04-18 19:35:11 -03:00
parent 9c16deb33f
commit 7c3f872072
3 changed files with 36 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
pkg/services/datasources/service/datasource_service.go
View File

@ -51,13 +51,12 @@ type cachedRoundTripper struct {
} }
func ProvideService( func ProvideService(
store *sqlstore.SQLStore, secretsService secrets.Service, secretsStore kvstore.SecretsKVStore, cfg *setting.Cfg, store *sqlstore.SQLStore, secretsStore kvstore.SecretsKVStore, cfg *setting.Cfg, features featuremgmt.FeatureToggles,
features featuremgmt.FeatureToggles, ac accesscontrol.AccessControl, permissionsServices accesscontrol.PermissionsServices, ac accesscontrol.AccessControl, permissionsServices accesscontrol.PermissionsServices,
) *Service { ) *Service {
s := &Service{ s := &Service{
SQLStore: store, SQLStore: store,
SecretsStore: secretsStore, SecretsStore: secretsStore,
SecretsService: secretsService,
ptc: proxyTransportCache{ ptc: proxyTransportCache{
cache: make(map[int64]cachedRoundTripper), cache: make(map[int64]cachedRoundTripper),
}, },
@ -285,7 +284,7 @@ func (s *Service) DecryptedValues(ctx context.Context, ds *models.DataSource) (m
return nil, err return nil, err
} }
} else if len(ds.SecureJsonData) > 0 { } else if len(ds.SecureJsonData) > 0 {
decryptedValues, err = s.MigrateSecrets(ctx, ds) decryptedValues, err = s.SecretsStore.Migrate(ctx, ds.OrgId, ds.Name, secretType)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -294,21 +293,6 @@ func (s *Service) DecryptedValues(ctx context.Context, ds *models.DataSource) (m
return decryptedValues, nil return decryptedValues, nil
} }
func (s *Service) MigrateSecrets(ctx context.Context, ds *models.DataSource) (map[string]string, error) {
secureJsonData, err := s.SecretsService.DecryptJsonData(ctx, ds.SecureJsonData)
if err != nil {
return nil, err
}
jsonData, err := json.Marshal(secureJsonData)
if err != nil {
return nil, err
}
err = s.SecretsStore.Set(ctx, ds.OrgId, ds.Name, secretType, string(jsonData))
return secureJsonData, err
}
func (s *Service) DecryptedValue(ctx context.Context, ds *models.DataSource, key string) (string, bool, error) { func (s *Service) DecryptedValue(ctx context.Context, ds *models.DataSource, key string) (string, bool, error) {
values, err := s.DecryptedValues(ctx, ds) values, err := s.DecryptedValues(ctx, ds)
if err != nil { if err != nil {

5
pkg/services/secrets/kvstore/kvstore.go
View File

@ -30,6 +30,7 @@ type SecretsKVStore interface {
Set(ctx context.Context, orgId int64, namespace string, typ string, value string) error Set(ctx context.Context, orgId int64, namespace string, typ string, value string) error
Del(ctx context.Context, orgId int64, namespace string, typ string) error Del(ctx context.Context, orgId int64, namespace string, typ string) error
Keys(ctx context.Context, orgId int64, namespace string, typ string) ([]Key, error) Keys(ctx context.Context, orgId int64, namespace string, typ string) ([]Key, error)
Migrate(ctx context.Context, orgId int64, namespace string, typ string) (map[string]string, error)
Rename(ctx context.Context, orgId int64, namespace string, typ string, newNamespace string) error Rename(ctx context.Context, orgId int64, namespace string, typ string, newNamespace string) error
} }
@ -67,6 +68,10 @@ func (kv *FixedKVStore) Keys(ctx context.Context) ([]Key, error) {
return kv.kvStore.Keys(ctx, kv.OrgId, kv.Namespace, kv.Type) return kv.kvStore.Keys(ctx, kv.OrgId, kv.Namespace, kv.Type)
} }
func (kv *FixedKVStore) Migrate(ctx context.Context) ([]Key, error) {
return kv.kvStore.Keys(ctx, kv.OrgId, kv.Namespace, kv.Type)
}
func (kv *FixedKVStore) Rename(ctx context.Context, newNamespace string) error { func (kv *FixedKVStore) Rename(ctx context.Context, newNamespace string) error {
err := kv.kvStore.Rename(ctx, kv.OrgId, kv.Namespace, kv.Type, newNamespace) err := kv.kvStore.Rename(ctx, kv.OrgId, kv.Namespace, kv.Type, newNamespace)
if err != nil { if err != nil {

26
pkg/services/secrets/kvstore/sql.go
View File

@ -3,10 +3,12 @@ package kvstore
import ( import (
"context" "context"
"encoding/base64" "encoding/base64"
"encoding/json"
"sync" "sync"
"time" "time"
"github.com/grafana/grafana/pkg/infra/log" "github.com/grafana/grafana/pkg/infra/log"
"github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/services/secrets" "github.com/grafana/grafana/pkg/services/secrets"
"github.com/grafana/grafana/pkg/services/sqlstore" "github.com/grafana/grafana/pkg/services/sqlstore"
) )
@ -218,3 +220,27 @@ func (kv *secretsKVStoreSQL) Rename(ctx context.Context, orgId int64, namespace
return err return err
}) })
} }
func (kv *secretsKVStoreSQL) Migrate(ctx context.Context, orgId int64, namespace string, typ string) (map[string]string, error) {
query := &models.GetDataSourceQuery{
OrgId: orgId,
Name: namespace,
}
err := kv.sqlStore.GetDataSource(ctx, query)
if err != nil {
return nil, err
}
secureJsonData, err := kv.secretsService.DecryptJsonData(ctx, query.Result.SecureJsonData)
if err != nil {
return nil, err
}
jsonData, err := json.Marshal(secureJsonData)
if err != nil {
return nil, err
}
err = kv.Set(ctx, orgId, namespace, typ, string(jsonData))
return secureJsonData, err
}