manager exposes renderer + secrets manager (#54629)

2025-02-25 18:55:37 -06:00 · 2022-09-02 14:20:10 +02:00
parent 43987e7f8c
commit ecdcafb258
26 changed files with 126 additions and 122 deletions
--- a/pkg/services/secrets/kvstore/kvstore.go
+++ b/pkg/services/secrets/kvstore/kvstore.go
@@ -29,18 +29,19 @@ func ProvideService(
 ) (SecretsKVStore, error) {
 	var logger = log.New("secrets.kvstore")
 	var store SecretsKVStore
+	ctx := context.Background()
 	store = NewSQLSecretsKVStore(sqlStore, secretsService, logger)
-	err := EvaluateRemoteSecretsPlugin(pluginsManager, cfg)
+	err := EvaluateRemoteSecretsPlugin(ctx, pluginsManager, cfg)
 	if err != nil {
 		logger.Debug("secrets manager evaluator returned false", "reason", err.Error())
 	} else {
 		// Attempt to start the plugin
 		var secretsPlugin secretsmanagerplugin.SecretsManagerPlugin
-		secretsPlugin, err = StartAndReturnPlugin(pluginsManager, context.Background())
+		secretsPlugin, err = StartAndReturnPlugin(pluginsManager, ctx)
 		namespacedKVStore := GetNamespacedKVStore(kvstore)
 		if err != nil || secretsPlugin == nil {
 			logger.Error("failed to start remote secrets management plugin", "msg", err.Error())
-			if isFatal, readErr := IsPluginStartupErrorFatal(context.Background(), namespacedKVStore); isFatal || readErr != nil {
+			if isFatal, readErr := IsPluginStartupErrorFatal(ctx, namespacedKVStore); isFatal || readErr != nil {
 				// plugin error was fatal or there was an error determining if the error was fatal
 				logger.Error("secrets management plugin is required to start -- exiting app")
 				if readErr != nil {
--- a/pkg/services/secrets/kvstore/migrations/from_plugin_mig.go
+++ b/pkg/services/secrets/kvstore/migrations/from_plugin_mig.go
@@ -96,7 +96,7 @@ func (s *MigrateFromPluginService) Migrate(ctx context.Context) error {
 	logger.Debug("Shutting down secrets plugin now that migration is complete")
 	// if `use_plugin` wasn't set, stop the plugin after migration
 	if !s.cfg.SectionWithEnvOverrides("secrets").Key("use_plugin").MustBool(false) {
-		err := s.manager.SecretsManager().Stop(ctx)
+		err := s.manager.SecretsManager(ctx).Stop(ctx)
 		if err != nil {
 			// Log a warning but don't throw an error
 			logger.Error("Error stopping secrets plugin after migration", "error", err.Error())
--- a/pkg/services/secrets/kvstore/migrations/from_plugin_mig_test.go
+++ b/pkg/services/secrets/kvstore/migrations/from_plugin_mig_test.go
@@ -57,7 +57,7 @@ func setupTestMigrateFromPluginService(t *testing.T) (*MigrateFromPluginService,

 	secretsSql := secretskvs.NewSQLSecretsKVStore(sqlStore, secretsService, log.New("test.logger"))

-	return migratorService, manager.SecretsManager().SecretsManager, secretsSql
+	return migratorService, manager.SecretsManager(context.Background()).SecretsManager, secretsSql
 }

 func addSecretToPluginStore(t *testing.T, plugin secretsmanagerplugin.SecretsManagerPlugin, ctx context.Context, orgId int64, namespace string, typ string, value string) {
--- a/pkg/services/secrets/kvstore/migrations/to_plugin_mig.go
+++ b/pkg/services/secrets/kvstore/migrations/to_plugin_mig.go
@@ -43,7 +43,7 @@ func ProvideMigrateToPluginService(
 }

 func (s *MigrateToPluginService) Migrate(ctx context.Context) error {
-	if err := secretskvs.EvaluateRemoteSecretsPlugin(s.manager, s.cfg); err == nil {
+	if err := secretskvs.EvaluateRemoteSecretsPlugin(ctx, s.manager, s.cfg); err == nil {
 		logger.Debug("starting migration of unified secrets to the plugin")
 		// we need to get the fallback store since in this scenario the secrets store would be the plugin.
 		fallbackStore := s.secretsStore.Fallback()
--- a/pkg/services/secrets/kvstore/plugin.go
+++ b/pkg/services/secrets/kvstore/plugin.go
@@ -225,12 +225,12 @@ func SetPluginStartupErrorFatal(ctx context.Context, kvstore *kvstore.Namespaced
 	return kvstore.Set(ctx, QuitOnPluginStartupFailureKey, "true")
 }

-func EvaluateRemoteSecretsPlugin(mg plugins.SecretsPluginManager, cfg *setting.Cfg) error {
+func EvaluateRemoteSecretsPlugin(ctx context.Context, mg plugins.SecretsPluginManager, cfg *setting.Cfg) error {
 	usePlugin := cfg.SectionWithEnvOverrides("secrets").Key("use_plugin").MustBool()
 	if !usePlugin {
 		return errPluginDisabledByConfig
 	}
-	pluginInstalled := mg.SecretsManager() != nil
+	pluginInstalled := mg.SecretsManager(ctx) != nil
 	if !pluginInstalled {
 		return errPluginNotInstalled
 	}
@@ -240,10 +240,10 @@ func EvaluateRemoteSecretsPlugin(mg plugins.SecretsPluginManager, cfg *setting.C
 func StartAndReturnPlugin(mg plugins.SecretsPluginManager, ctx context.Context) (smp.SecretsManagerPlugin, error) {
 	var err error
 	startupOnce.Do(func() {
-		err = mg.SecretsManager().Start(ctx)
+		err = mg.SecretsManager(ctx).Start(ctx)
 	})
 	if err != nil {
 		return nil, err
 	}
-	return mg.SecretsManager().SecretsManager, nil
+	return mg.SecretsManager(ctx).SecretsManager, nil
 }
--- a/pkg/services/secrets/kvstore/plugin_test.go
+++ b/pkg/services/secrets/kvstore/plugin_test.go
@@ -52,7 +52,7 @@ func TestFatalPluginErr_FatalFlagGetsUnSetWithBackwardsCompatEnabled(t *testing.
 	require.NotNil(t, p.SecretsKVStore)

 	// setup - store secret and manually bypassing the remote plugin impl
-	_, err = p.PluginManager.SecretsManager().SecretsManager.SetSecret(context.Background(), &secretsmanagerplugin.SetSecretRequest{
+	_, err = p.PluginManager.SecretsManager(context.Background()).SecretsManager.SetSecret(context.Background(), &secretsmanagerplugin.SetSecretRequest{
 		KeyDescriptor: &secretsmanagerplugin.Key{
 			OrgId:     0,
 			Namespace: "postgres",
--- a/pkg/services/secrets/kvstore/test_helpers.go
+++ b/pkg/services/secrets/kvstore/test_helpers.go
@@ -196,7 +196,7 @@ type fakePluginManager struct {
 	plugin            *plugins.Plugin
 }

-func (mg *fakePluginManager) SecretsManager() *plugins.Plugin {
+func (mg *fakePluginManager) SecretsManager(_ context.Context) *plugins.Plugin {
 	if mg.plugin != nil {
 		return mg.plugin
 	}