IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2024-11-28 03:34:15 -06:00
Code Issues Packages Projects Releases Wiki Activity
40,433 Commits 5,097 Branches 538 Tags 1.9 GiB
c4e067d49d
Commit Graph

16 Commits

Author SHA1 Message Date
Joan López de la Franca Beltran
c4e067d49d
Encryption: Cache new DEKs (only) after a caution period (#60664) 
* Encryption: Cache new DEKs (only) after commit

* Fix typo

* Update secrets manager tests with new failing case

* Update secrets manager tests with new clarifications (comments)

* Correct broken method calls

* Unify methods

* Cache data keys only after a caution period

* Caution period for data keys caching only for encrypt ops
 2023-01-26 10:54:31 +01:00
Joan López de la Franca Beltran
9abe9fa702
Encryption: Expose secrets migrations through HTTP API (#51707) 
* Encryption: Move secrets migrations into secrets.Migrator

* Encryption: Refactor secrets.Service initialization

* Encryption: Add support to run secrets migrations even when EE is disabled

* Encryption: Expose secrets migrations through HTTP API

* Update docs

* Fix docs links

* Some adjustments to makes errors explicit through HTTP response
 2022-07-18 08:57:58 +02:00
Joan López de la Franca Beltran
38bcd37fba
Encryption: Move secrets migrations into secrets.Migrator (#51014) 2022-07-04 12:17:21 +02:00
Tania
4f8111e24e
Encryption: Fix multiple data keys migration (#49848) 
* Add migration

* Migrator: Extend support to rename columns

* Fix getting current key

* Fix column name in migration

* Fix deks reencryption

* Fix caching

* Add back separate caches for byName and byPrefix

* Do not concatenate prefix with uid

* Rename DataKey struc fields

* SQLStore: Add deprecation comments for breaking migrations

* Add comment

* Minor corrections

Co-authored-by: Joan López de la Franca Beltran <joanjan14@gmail.com>
 2022-06-04 12:55:49 +02:00
Joan López de la Franca Beltran
e43879e55d
Encryption: Add support for multiple data keys per day (#47765) 
* Add database migrations

* Use short uids as data key ids

* Add support for manual data key rotation

* Fix duplicated mutex unlocks

* Fix migration

* Manage current data keys per name

* Adjust key re-encryption and test

* Modify rename column migration for MySQL compatibility

* Refactor secrets manager and data keys cache

* Multiple o11y adjustments

* Fix stats query

* Apply suggestions from code review

Co-authored-by: Tania <yalyna.ts@gmail.com>

* Fix linter

* Docs: Rotate data encryption keys API endpoint

Co-authored-by: Tania <yalyna.ts@gmail.com>
 2022-05-23 13:13:55 +02:00
Joan López de la Franca Beltran
b2655750e8
Encryption: Add support for data keys re-encryption (#43548) 
* Encryption: Add support for data keys re-encryption

* Add tests for data keys re-encryption

* Update code after refactorings

Co-authored-by: Leonard Gram <leo@xlson.com>
 2022-02-03 09:15:38 +01:00
Tania B
ca24b95b49
Encryption: Handle encryption key provider being a background service (#44007) 
* Encryption: Handle encryption key provider being a background service

* Sort imports

* Cleanup accidental changes

* Add proper error handling

* Apply review feedback
 2022-01-28 17:17:40 +02:00
Ryan McKinley
5d66194ec5
FeatureFlags: define features outside settings.Cfg (take 3) (#44443) 2022-01-26 09:44:20 -08:00
Joan López de la Franca Beltran
532e71554f
Usage Stats: Add metrics to count enabled kms providers per kind (#43640) 
* Usage Insights: Add metrics to count enabled kms providers per kind

* Add backwards compatibility
 2022-01-07 13:52:28 +01:00
Tania B
bc60ae3c66
Encryption: Refactor secrets service (#41771) 
* Refactor kmsproviders pkg

* Update tests

* Fix linting

Co-authored-by: Joan López de la Franca Beltran <joanjan14@gmail.com>
 2021-11-17 11:52:45 +02:00
Joan López de la Franca Beltran
d3e19b1b3b
Encryption: Improve the DX of encryption operations within database transactions (#41654) 
* Move user oauth info encryption away from db transaction

* Add encryption methods with support for db session reusability
 2021-11-16 11:51:13 +01:00
Tania B
e81d434edf
Encryption: Extend secrets service to support registering key providers (#40626) 
* Draft adding kms providers

* Rename defaultProvider to currentProvider

* Add getting current provider from config

* Remove comments

* Make current provider service struct field

* Add methods to secrets service

* Test getting current provider

* Implements missing methods for fake secrets service

* Remove accidental changes

* Fix linter issue

* Update configuration examples

* Rename CurrentProvider method

* Split service interface

* Update wire

Co-authored-by: spinillos <selenepinillos@gmail.com>
 2021-11-04 19:25:01 +02:00
Tania B
5652bde447
Encryption: Use secrets service (#40251) 
* Use secrets service in pluginproxy

* Use secrets service in pluginxontext

* Use secrets service in pluginsettings

* Use secrets service in provisioning

* Use secrets service in authinfoservice

* Use secrets service in api

* Use secrets service in sqlstore

* Use secrets service in dashboardshapshots

* Use secrets service in tsdb

* Use secrets service in datasources

* Use secrets service in alerting

* Use secrets service in ngalert

* Break cyclic dependancy

* Refactor service

* Break cyclic dependancy

* Add FakeSecretsStore

* Setup Secrets Service in sqlstore

* Fix

* Continue secrets service refactoring

* Fix cyclic dependancy in sqlstore tests

* Fix secrets service references

* Fix linter errors

* Add fake secrets service for tests

* Refactor SetupTestSecretsService

* Update setting up secret service in tests

* Fix missing secrets service in multiorg_alertmanager_test

* Use fake db in tests and sort imports

* Use fake db in datasources tests

* Fix more tests

* Fix linter issues

* Attempt to fix plugin proxy tests

* Pass secrets service to getPluginProxiedRequest in pluginproxy tests

* Fix pluginproxy tests

* Revert using secrets service in alerting and provisioning

* Update decryptFn in alerting migration

* Rename defaultProvider to currentProvider

* Use fake secrets service in alert channels tests

* Refactor secrets service test helper

* Update setting up secrets service in tests

* Revert alerting changes in api

* Add comments

* Remove secrets service from background services

* Convert global encryption functions into vars

* Revert "Convert global encryption functions into vars"

This reverts commit 498eb19859.

* Add feature toggle for envelope encryption

* Rename toggle

Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
Co-authored-by: Joan López de la Franca Beltran <joanjan14@gmail.com>
 2021-11-04 18:47:21 +02:00
Tania B
f59aabbd3b
Chore: Refactor secrets service (#40331) 2021-10-12 17:08:07 +03:00
Joan López de la Franca Beltran
722c414fef
Encryption: Refactor securejsondata.SecureJsonData to stop relying on global functions (#38865) 
* Encryption: Add support to encrypt/decrypt sjd

* Add datasources.Service as a proxy to datasources db operations

* Encrypt ds.SecureJsonData before calling SQLStore

* Move ds cache code into ds service

* Fix tlsmanager tests

* Fix pluginproxy tests

* Remove some securejsondata.GetEncryptedJsonData usages

* Add pluginsettings.Service as a proxy for plugin settings db operations

* Add AlertNotificationService as a proxy for alert notification db operations

* Remove some securejsondata.GetEncryptedJsonData usages

* Remove more securejsondata.GetEncryptedJsonData usages

* Fix lint errors

* Minor fixes

* Remove encryption global functions usages from ngalert

* Fix lint errors

* Minor fixes

* Minor fixes

* Remove securejsondata.DecryptedValue usage

* Refactor the refactor

* Remove securejsondata.DecryptedValue usage

* Move securejsondata to migrations package

* Move securejsondata to migrations package

* Minor fix

* Fix integration test

* Fix integration tests

* Undo undesired changes

* Fix tests

* Add context.Context into encryption methods

* Fix tests

* Fix tests

* Fix tests

* Trigger CI

* Fix test

* Add names to params of encryption service interface

* Remove bus from CacheServiceImpl

* Add logging

* Add keys to logger

Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>

* Add missing key to logger

Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>

* Undo changes in markdown files

* Fix formatting

* Add context to secrets service

* Rename decryptSecureJsonData to decryptSecureJsonDataFn

* Name args in GetDecryptedValueFn

* Add template back to NewAlertmanagerNotifier

* Copy GetDecryptedValueFn to ngalert

* Add logging to pluginsettings

* Fix pluginsettings test

Co-authored-by: Tania B <yalyna.ts@gmail.com>
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
 2021-10-07 17:33:50 +03:00
Tania B
62689ec804
Security: Add secrets service (#39418) 
* Add secrets service

* Revert accidental changes in util encryption

* Make minor changes

Move functional options to models

Revert renaming types to models

* Add context

* Minor change in GetDataKey

* Use CreateDataKeyWithDBSession in CreateDataKey

* Handle empty DEK name in DeleteDataKey

* Rename defaultProvider

* Remove secrets store service
 2021-10-01 15:39:57 +03:00