SigningKeys: Use xorm for signing_key store (#75957)

use xorm form signing_key store
2024-11-23 09:26:43 -06:00 · 2023-10-04 15:28:12 +02:00 · 2023-10-04 15:28:12 +02:00 · d494f69660
commit d494f69660
parent 607a664ef4
2 changed files with 27 additions and 22 deletions
--- a/pkg/services/signingkeys/signingkeystore/store.go
+++ b/pkg/services/signingkeys/signingkeystore/store.go
@ -15,7 +15,7 @@ import (
 	"github.com/grafana/grafana/pkg/infra/db"
 	"github.com/grafana/grafana/pkg/services/secrets"
 	"github.com/grafana/grafana/pkg/services/signingkeys"
-	"github.com/grafana/grafana/pkg/services/sqlstore/session"
+	"github.com/grafana/grafana/pkg/services/sqlstore"
 )

 type SigningStore interface {
@ -38,12 +38,12 @@ type Store struct {
 }

 type SigningKey struct {
-	ID         int64                   `json:"-" db:"id"`
-	KeyID      string                  `json:"key_id" db:"key_id"`
-	PrivateKey []byte                  `json:"private_key" db:"private_key"`
-	AddedAt    time.Time               `json:"added_at" db:"added_at"`
-	ExpiresAt  *time.Time              `json:"expires_at" db:"expires_at"`
-	Alg        jose.SignatureAlgorithm `json:"alg" db:"alg"`
+	ID         int64                   `json:"-" xorm:"id" db:"id"`
+	KeyID      string                  `json:"key_id" xorm:"key_id" db:"key_id"`
+	PrivateKey []byte                  `json:"private_key" xorm:"private_key" db:"private_key"`
+	AddedAt    time.Time               `json:"added_at" xorm:"added_at" db:"added_at"`
+	ExpiresAt  *time.Time              `json:"expires_at" xorm:"expires_at" db:"expires_at"`
+	Alg        jose.SignatureAlgorithm `json:"alg" xorm:"alg" db:"alg"`
 }

 func NewSigningKeyStore(dbStore db.DB, secretsService secrets.Service) *Store {
@ -58,8 +58,11 @@ func (s *Store) GetJWKS(ctx context.Context) (jose.JSONWebKeySet, error) {
 	keySet := jose.JSONWebKeySet{}

 	keys := []*SigningKey{}
-	if err := s.dbStore.GetSqlxSession().Select(ctx,
-		&keys, "SELECT * FROM signing_key WHERE expires_at IS NULL OR expires_at > ?", time.Now()); err != nil {
+	err := s.dbStore.WithDbSession(ctx, func(dbSession *sqlstore.DBSession) error {
+		return dbSession.SQL("SELECT * FROM signing_key WHERE expires_at IS NULL OR expires_at > ?", time.Now()).Find(&keys)
+	})
+
+	if err != nil {
 		return keySet, err
 	}

@ -96,26 +99,24 @@ func (s *Store) AddPrivateKey(ctx context.Context,
 		ExpiresAt:  expiresAt,
 	}

-	dbSession := s.dbStore.GetSqlxSession()
 	var signer crypto.Signer
-	err = dbSession.WithTransaction(ctx, func(tx *session.SessionTx) error {
+	err = s.dbStore.WithTransactionalDbSession(ctx, func(tx *sqlstore.DBSession) error {
 		existingKey := SigningKey{}
-		err := tx.Get(ctx, &existingKey, "SELECT * FROM signing_key WHERE key_id = ?", keyID)
+		_, err := tx.SQL("SELECT * FROM signing_key WHERE key_id = ?", keyID).Get(&existingKey)
 		if err != nil && !errors.Is(err, sql.ErrNoRows) {
 			return err
 		}

 		if len(existingKey.PrivateKey) == 0 {
-			_, err = tx.Exec(ctx,
-				"INSERT INTO signing_key (key_id, private_key, added_at, alg, expires_at) VALUES (?, ?, ?, ?, ?)",
-				key.KeyID, key.PrivateKey, key.AddedAt, key.Alg, key.ExpiresAt)
+			_, err = tx.Exec("INSERT INTO signing_key (key_id, private_key, added_at, alg, expires_at) VALUES (?, ?, ?, ?, ?)",
+				key.KeyID, key.PrivateKey, key.AddedAt, key.Alg, key.ExpiresAt,
+			)
 			signer = privateKey
 			return err
 		}

 		if force || (existingKey.ExpiresAt != nil && existingKey.ExpiresAt.Before(time.Now())) {
-			_, err = tx.Exec(ctx,
-				"UPDATE signing_key SET private_key = ?, added_at = ?, alg = ?, expires_at = ? WHERE key_id = ?",
+			_, err = tx.Exec("UPDATE signing_key SET private_key = ?, added_at = ?, alg = ?, expires_at = ? WHERE key_id = ?",
 				key.PrivateKey, key.AddedAt, key.Alg, key.ExpiresAt, key.KeyID)
 			signer = privateKey
 			return err
@ -128,14 +129,18 @@ func (s *Store) AddPrivateKey(ctx context.Context,

 		return signingkeys.ErrSigningKeyAlreadyExists.Errorf("The specified key already exists: %s", keyID)
 	})
+
 	return signer, err
 }

 // GetPrivateKey returns the private key with the specified key ID. Expired keys will not be returned.
 func (s *Store) GetPrivateKey(ctx context.Context, keyID string) (crypto.Signer, error) {
-	key := &SigningKey{}
-	err := s.dbStore.GetSqlxSession().Get(ctx, key,
-		"SELECT * FROM signing_key WHERE key_id = ?", keyID)
+	key := SigningKey{}
+	err := s.dbStore.WithDbSession(ctx, func(dbSession *sqlstore.DBSession) error {
+		_, err := dbSession.SQL("SELECT * FROM signing_key WHERE key_id = ?", keyID).Get(&key)
+		return err
+	})
+
 	if err != nil {
 		return nil, err
 	}
@ -145,7 +150,7 @@ func (s *Store) GetPrivateKey(ctx context.Context, keyID string) (crypto.Signer,
 		return nil, signingkeys.ErrSigningKeyNotFound.Errorf("The specified key was not found: %s", keyID)
 	}

-	signKey, err := s.decodePrivateKey(ctx, key)
+	signKey, err := s.decodePrivateKey(ctx, &key)
 	if err != nil {
 		return nil, err
 	}
--- a/pkg/services/signingkeys/signingkeystore/store_test.go
+++ b/pkg/services/signingkeys/signingkeystore/store_test.go
@ -72,7 +72,7 @@ func TestIntegrationSigningKeyStore(t *testing.T) {
 			assert.NoError(t, err)

 			retrievedKey, err := store.GetPrivateKey(ctx, tc.keyID)
-			assert.NoError(t, err)
+			require.NoError(t, err)

 			assert.Equal(t, key.Public(), retrievedKey.Public())