IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Encryption: Add usage stats to secrets service (#42437) (#42450)

Browse Source 
* Encryption: Add usage stats to secrets service

* Sort imports

(cherry picked from commit 58978dcf96)

Co-authored-by: Tania B <yalyna.ts@gmail.com>
This commit is contained in:
Grot (@grafanabot) 2021-11-29 10:59:31 -05:00 committed by GitHub
parent 5044317310
commit edf4702d61
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 35 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
pkg/services/secrets/manager/helpers.go
View File

@ -3,6 +3,7 @@ package manager
import ( import (
"testing" "testing"
"github.com/grafana/grafana/pkg/infra/usagestats"
"github.com/grafana/grafana/pkg/services/encryption/ossencryption" "github.com/grafana/grafana/pkg/services/encryption/ossencryption"
"github.com/grafana/grafana/pkg/services/kmsproviders/osskmsproviders" "github.com/grafana/grafana/pkg/services/kmsproviders/osskmsproviders"
"github.com/grafana/grafana/pkg/services/secrets" "github.com/grafana/grafana/pkg/services/secrets"
@ -24,7 +25,6 @@ func SetupTestService(tb testing.TB, store secrets.Store) *SecretsService {
require.NoError(tb, err) require.NoError(tb, err)
cfg := &setting.Cfg{Raw: raw} cfg := &setting.Cfg{Raw: raw}
cfg.FeatureToggles = map[string]bool{secrets.EnvelopeEncryptionFeatureToggle: true} cfg.FeatureToggles = map[string]bool{secrets.EnvelopeEncryptionFeatureToggle: true}
settings := &setting.OSSImpl{Cfg: cfg} settings := &setting.OSSImpl{Cfg: cfg}
assert.True(tb, settings.IsFeatureToggleEnabled(secrets.EnvelopeEncryptionFeatureToggle)) assert.True(tb, settings.IsFeatureToggleEnabled(secrets.EnvelopeEncryptionFeatureToggle))
@ -34,6 +34,7 @@ func SetupTestService(tb testing.TB, store secrets.Store) *SecretsService {
osskmsproviders.ProvideService(encryption, settings), osskmsproviders.ProvideService(encryption, settings),
encryption, encryption,
settings, settings,
&usagestats.UsageStatsMock{T: tb},
) )
require.NoError(tb, err) require.NoError(tb, err)

24
pkg/services/secrets/manager/manager.go
View File

@ -10,6 +10,7 @@ import (
"time" "time"
"github.com/grafana/grafana/pkg/infra/log" "github.com/grafana/grafana/pkg/infra/log"
"github.com/grafana/grafana/pkg/infra/usagestats"
"github.com/grafana/grafana/pkg/services/encryption" "github.com/grafana/grafana/pkg/services/encryption"
"github.com/grafana/grafana/pkg/services/kmsproviders" "github.com/grafana/grafana/pkg/services/kmsproviders"
"github.com/grafana/grafana/pkg/services/secrets" "github.com/grafana/grafana/pkg/services/secrets"
@ -18,9 +19,10 @@ import (
) )
type SecretsService struct { type SecretsService struct {
store secrets.Store store secrets.Store
enc encryption.Internal enc encryption.Internal
settings setting.Provider settings setting.Provider
usageStats usagestats.Service
currentProvider string currentProvider string
providers map[string]secrets.Provider providers map[string]secrets.Provider
@ -33,6 +35,7 @@ func ProvideSecretsService(
kmsProvidersService kmsproviders.Service, kmsProvidersService kmsproviders.Service,
enc encryption.Internal, enc encryption.Internal,
settings setting.Provider, settings setting.Provider,
usageStats usagestats.Service,
) (*SecretsService, error) { ) (*SecretsService, error) {
providers, err := kmsProvidersService.Provide() providers, err := kmsProvidersService.Provide()
if err != nil { if err != nil {
@ -57,15 +60,30 @@ func ProvideSecretsService(
store: store, store: store,
enc: enc, enc: enc,
settings: settings, settings: settings,
usageStats: usageStats,
providers: providers, providers: providers,
currentProvider: currentProvider, currentProvider: currentProvider,
dataKeyCache: make(map[string]dataKeyCacheItem), dataKeyCache: make(map[string]dataKeyCacheItem),
log: logger, log: logger,
} }
s.registerUsageMetrics()
return s, nil return s, nil
} }
func (s *SecretsService) registerUsageMetrics() {
s.usageStats.RegisterMetricsFunc(func(context.Context) (map[string]interface{}, error) {
enabled := 0
if s.settings.IsFeatureToggleEnabled(secrets.EnvelopeEncryptionFeatureToggle) {
enabled = 1
}
return map[string]interface{}{
"stats.encryption.envelope_encryption_enabled.count": enabled,
}, nil
})
}
type dataKeyCacheItem struct { type dataKeyCacheItem struct {
expiry time.Time expiry time.Time
dataKey []byte dataKey []byte

12
pkg/services/secrets/manager/manager_test.go
View File

@ -4,6 +4,7 @@ import (
"context" "context"
"testing" "testing"
"github.com/grafana/grafana/pkg/infra/usagestats"
"github.com/grafana/grafana/pkg/services/encryption/ossencryption" "github.com/grafana/grafana/pkg/services/encryption/ossencryption"
"github.com/grafana/grafana/pkg/services/kmsproviders/osskmsproviders" "github.com/grafana/grafana/pkg/services/kmsproviders/osskmsproviders"
"github.com/grafana/grafana/pkg/services/secrets" "github.com/grafana/grafana/pkg/services/secrets"
@ -35,6 +36,7 @@ func TestSecretsService_EnvelopeEncryption(t *testing.T) {
require.NoError(t, err) require.NoError(t, err)
assert.Equal(t, len(keys), 1) assert.Equal(t, len(keys), 1)
}) })
t.Run("encrypting another secret with no entity_id should use the same DEK", func(t *testing.T) { t.Run("encrypting another secret with no entity_id should use the same DEK", func(t *testing.T) {
plaintext := []byte("another very secret string") plaintext := []byte("another very secret string")
@ -49,6 +51,7 @@ func TestSecretsService_EnvelopeEncryption(t *testing.T) {
require.NoError(t, err) require.NoError(t, err)
assert.Equal(t, len(keys), 1) assert.Equal(t, len(keys), 1)
}) })
t.Run("encrypting with entity_id provided should create a new DEK", func(t *testing.T) { t.Run("encrypting with entity_id provided should create a new DEK", func(t *testing.T) {
plaintext := []byte("some test data") plaintext := []byte("some test data")
@ -78,6 +81,13 @@ func TestSecretsService_EnvelopeEncryption(t *testing.T) {
require.NoError(t, err) require.NoError(t, err)
assert.Equal(t, expected, string(decrypted)) assert.Equal(t, expected, string(decrypted))
}) })
t.Run("usage stats should be registered", func(t *testing.T) {
reports, err := svc.usageStats.GetUsageReport(context.Background())
require.NoError(t, err)
assert.Equal(t, 1, reports.Metrics["stats.encryption.envelope_encryption_enabled.count"])
})
} }
func TestSecretsService_DataKeys(t *testing.T) { func TestSecretsService_DataKeys(t *testing.T) {
@ -181,6 +191,7 @@ func TestSecretsService_UseCurrentProvider(t *testing.T) {
&kms, &kms,
encr, encr,
settings, settings,
&usagestats.UsageStatsMock{T: t},
) )
require.NoError(t, err) require.NoError(t, err)
@ -197,6 +208,7 @@ func TestSecretsService_UseCurrentProvider(t *testing.T) {
&kms, &kms,
encr, encr,
settings, settings,
&usagestats.UsageStatsMock{T: t},
) )
require.NoError(t, err) require.NoError(t, err)