Commit Graph

16 Commits

Author SHA1 Message Date
Tania B
5652bde447
Encryption: Use secrets service (#40251)
* Use secrets service in pluginproxy

* Use secrets service in pluginxontext

* Use secrets service in pluginsettings

* Use secrets service in provisioning

* Use secrets service in authinfoservice

* Use secrets service in api

* Use secrets service in sqlstore

* Use secrets service in dashboardshapshots

* Use secrets service in tsdb

* Use secrets service in datasources

* Use secrets service in alerting

* Use secrets service in ngalert

* Break cyclic dependancy

* Refactor service

* Break cyclic dependancy

* Add FakeSecretsStore

* Setup Secrets Service in sqlstore

* Fix

* Continue secrets service refactoring

* Fix cyclic dependancy in sqlstore tests

* Fix secrets service references

* Fix linter errors

* Add fake secrets service for tests

* Refactor SetupTestSecretsService

* Update setting up secret service in tests

* Fix missing secrets service in multiorg_alertmanager_test

* Use fake db in tests and sort imports

* Use fake db in datasources tests

* Fix more tests

* Fix linter issues

* Attempt to fix plugin proxy tests

* Pass secrets service to getPluginProxiedRequest in pluginproxy tests

* Fix pluginproxy tests

* Revert using secrets service in alerting and provisioning

* Update decryptFn in alerting migration

* Rename defaultProvider to currentProvider

* Use fake secrets service in alert channels tests

* Refactor secrets service test helper

* Update setting up secrets service in tests

* Revert alerting changes in api

* Add comments

* Remove secrets service from background services

* Convert global encryption functions into vars

* Revert "Convert global encryption functions into vars"

This reverts commit 498eb19859.

* Add feature toggle for envelope encryption

* Rename toggle

Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
Co-authored-by: Joan López de la Franca Beltran <joanjan14@gmail.com>
2021-11-04 18:47:21 +02:00
Tania B
ff086df3b5
Fix decrypting secrets in alerting migration (#41061) 2021-10-29 14:20:07 +03:00
Joan López de la Franca Beltran
722c414fef
Encryption: Refactor securejsondata.SecureJsonData to stop relying on global functions (#38865)
* Encryption: Add support to encrypt/decrypt sjd

* Add datasources.Service as a proxy to datasources db operations

* Encrypt ds.SecureJsonData before calling SQLStore

* Move ds cache code into ds service

* Fix tlsmanager tests

* Fix pluginproxy tests

* Remove some securejsondata.GetEncryptedJsonData usages

* Add pluginsettings.Service as a proxy for plugin settings db operations

* Add AlertNotificationService as a proxy for alert notification db operations

* Remove some securejsondata.GetEncryptedJsonData usages

* Remove more securejsondata.GetEncryptedJsonData usages

* Fix lint errors

* Minor fixes

* Remove encryption global functions usages from ngalert

* Fix lint errors

* Minor fixes

* Minor fixes

* Remove securejsondata.DecryptedValue usage

* Refactor the refactor

* Remove securejsondata.DecryptedValue usage

* Move securejsondata to migrations package

* Move securejsondata to migrations package

* Minor fix

* Fix integration test

* Fix integration tests

* Undo undesired changes

* Fix tests

* Add context.Context into encryption methods

* Fix tests

* Fix tests

* Fix tests

* Trigger CI

* Fix test

* Add names to params of encryption service interface

* Remove bus from CacheServiceImpl

* Add logging

* Add keys to logger

Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>

* Add missing key to logger

Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>

* Undo changes in markdown files

* Fix formatting

* Add context to secrets service

* Rename decryptSecureJsonData to decryptSecureJsonDataFn

* Name args in GetDecryptedValueFn

* Add template back to NewAlertmanagerNotifier

* Copy GetDecryptedValueFn to ngalert

* Add logging to pluginsettings

* Fix pluginsettings test

Co-authored-by: Tania B <yalyna.ts@gmail.com>
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
2021-10-07 17:33:50 +03:00
Tania B
62689ec804
Security: Add secrets service (#39418)
* Add secrets service

* Revert accidental changes in util encryption

* Make minor changes

Move functional options to models

Revert renaming types to models

* Add context

* Minor change in GetDataKey

* Use CreateDataKeyWithDBSession in CreateDataKey

* Handle empty DEK name in DeleteDataKey

* Rename defaultProvider

* Remove secrets store service
2021-10-01 15:39:57 +03:00
Joan López de la Franca Beltran
8433def04f
Encryption: Convert functions into global variables (#37240) 2021-07-30 15:48:27 +02:00
Sofia Papagiannaki
a5082ab112
Chore: additional check when decrypting values (#34637)
* Chore: additional check when decrypting values

* Apply suggestions from code review
2021-05-25 18:35:54 +03:00
Arve Knudsen
a5d9196a53
Chore/fix lint issues (#27704)
* Chore: Fix linting issues

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-09-22 16:22:19 +02:00
Arve Knudsen
5070f7a75b
Chore: Start harmonizing linting with plugin SDK (#25854)
* Chore: Harmonize linting with plugin SDK

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>

* Chore: Fix linting issues

Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-06-29 14:08:32 +02:00
Stephan Eicher
8cf75b4e75 pkg/util: Replace custom pbkdf2 implementation by maintained version (#19941) 2019-11-06 10:03:10 +02:00
Arve Knudsen
35e0e078b7
pkg/util: Check errors (#19832)
* pkg/util: Check errors
* pkg/services: DRY up code
2019-10-23 10:40:12 +02:00
Mario Trangoni
5f6383a750 pkg/util/*: Add missing function comments.
See,

$ gometalinter --vendor --deadline 10m --disable-all --enable=golint  ./...
encoding.go:15:1⚠️ comment on exported function GetRandomString should be of the form "GetRandomString ..." (golint)
encoding.go:30:1⚠️ exported function EncodePassword should have comment or be unexported (golint)
encoding.go:35:1⚠️ comment on exported function EncodeMd5 should be of the form "EncodeMd5 ..." (golint)
encoding.go:42:1⚠️ comment on exported function PBKDF2 should be of the form "PBKDF2 ..." (golint)
encoding.go:80:1⚠️ exported function GetBasicAuthHeader should have comment or be unexported (golint)
encoding.go:85:1⚠️ exported function DecodeBasicAuthHeader should have comment or be unexported (golint)
encoding.go:105:1⚠️ exported function RandomHex should have comment or be unexported (golint)
encryption.go:14:1⚠️ exported function Decrypt should have comment or be unexported (golint)
encryption.go:39:1⚠️ exported function Encrypt should have comment or be unexported (golint)
ip.go:7:1⚠️ exported function SplitIpPort should have comment or be unexported (golint)
json.go:3:6⚠️ exported type DynMap should have comment or be unexported (golint)
md5.go:22:1⚠️ comment on exported function Md5SumString should be of the form "Md5SumString ..." (golint)
strings.go:10:1⚠️ exported function StringsFallback2 should have comment or be unexported (golint)
strings.go:14:1⚠️ exported function StringsFallback3 should have comment or be unexported (golint)
strings.go:27:1⚠️ exported function SplitString should have comment or be unexported (golint)
strings.go:35:1⚠️ exported function GetAgeString should have comment or be unexported (golint)
url.go:8:6⚠️ exported type UrlQueryReader should have comment or be unexported (golint)
url.go:12:1⚠️ exported function NewUrlQueryReader should have comment or be unexported (golint)
url.go:23:1⚠️ exported method UrlQueryReader.Get should have comment or be unexported (golint)
url.go:32:1⚠️ exported function JoinUrlFragments should have comment or be unexported (golint)
validation.go:16:1⚠️ exported function IsEmail should have comment or be unexported (golint)
2019-01-28 22:09:40 +01:00
Daniel Lee
b1506a2b09 securejson: decrypt should not modify src
When decrypting a source securejson byte array, should not
modify the source and now passes back a new dest byte array.
2017-09-08 10:19:07 +02:00
Dan Cech
b489e93d94 Config Array Syntax (#8204)
* refactor util encryption library so it doesn't have to import log

* add util.SplitString to handle space and/or comma-separated config lines

* go fmt
2017-04-25 09:14:29 +02:00
Anthony Woods
c8c337cead use PBKDF2 to esnure key is 23bytes. 2016-01-26 05:15:29 +08:00
Anthony Woods
092bb69c41 instead of padding with 0's, cycle through the secret. 2016-01-26 04:18:44 +08:00
Anthony Woods
ab3b586838 add encryption util functions 2016-01-23 03:15:39 +08:00