mirror of
https://github.com/grafana/grafana.git
synced 2024-11-30 20:54:22 -06:00
5652bde447
* Use secrets service in pluginproxy
* Use secrets service in pluginxontext
* Use secrets service in pluginsettings
* Use secrets service in provisioning
* Use secrets service in authinfoservice
* Use secrets service in api
* Use secrets service in sqlstore
* Use secrets service in dashboardshapshots
* Use secrets service in tsdb
* Use secrets service in datasources
* Use secrets service in alerting
* Use secrets service in ngalert
* Break cyclic dependancy
* Refactor service
* Break cyclic dependancy
* Add FakeSecretsStore
* Setup Secrets Service in sqlstore
* Fix
* Continue secrets service refactoring
* Fix cyclic dependancy in sqlstore tests
* Fix secrets service references
* Fix linter errors
* Add fake secrets service for tests
* Refactor SetupTestSecretsService
* Update setting up secret service in tests
* Fix missing secrets service in multiorg_alertmanager_test
* Use fake db in tests and sort imports
* Use fake db in datasources tests
* Fix more tests
* Fix linter issues
* Attempt to fix plugin proxy tests
* Pass secrets service to getPluginProxiedRequest in pluginproxy tests
* Fix pluginproxy tests
* Revert using secrets service in alerting and provisioning
* Update decryptFn in alerting migration
* Rename defaultProvider to currentProvider
* Use fake secrets service in alert channels tests
* Refactor secrets service test helper
* Update setting up secrets service in tests
* Revert alerting changes in api
* Add comments
* Remove secrets service from background services
* Convert global encryption functions into vars
* Revert "Convert global encryption functions into vars"
This reverts commit 498eb19859
.
* Add feature toggle for envelope encryption
* Rename toggle
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
Co-authored-by: Joan López de la Franca Beltran <joanjan14@gmail.com>
208 lines
6.1 KiB
Go
208 lines
6.1 KiB
Go
//go:build integration
|
|
// +build integration
|
|
|
|
package sqlstore
|
|
|
|
import (
|
|
"context"
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/grafana/grafana/pkg/components/simplejson"
|
|
"github.com/grafana/grafana/pkg/models"
|
|
"github.com/grafana/grafana/pkg/services/secrets"
|
|
"github.com/grafana/grafana/pkg/services/secrets/fakes"
|
|
"github.com/grafana/grafana/pkg/setting"
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
func TestDashboardSnapshotDBAccess(t *testing.T) {
|
|
sqlstore := InitTestDB(t)
|
|
|
|
origSecret := setting.SecretKey
|
|
setting.SecretKey = "dashboard_snapshot_testing"
|
|
t.Cleanup(func() {
|
|
setting.SecretKey = origSecret
|
|
})
|
|
secretsService := fakes.NewFakeSecretsService()
|
|
dashboard := simplejson.NewFromAny(map[string]interface{}{"hello": "mupp"})
|
|
|
|
t.Run("Given saved snapshot", func(t *testing.T) {
|
|
rawDashboard, err := dashboard.Encode()
|
|
require.NoError(t, err)
|
|
|
|
encryptedDashboard, err := secretsService.Encrypt(context.Background(), rawDashboard, secrets.WithoutScope())
|
|
require.NoError(t, err)
|
|
|
|
cmd := models.CreateDashboardSnapshotCommand{
|
|
Key: "hej",
|
|
DashboardEncrypted: encryptedDashboard,
|
|
UserId: 1000,
|
|
OrgId: 1,
|
|
}
|
|
|
|
err = sqlstore.CreateDashboardSnapshot(&cmd)
|
|
require.NoError(t, err)
|
|
|
|
t.Run("Should be able to get snapshot by key", func(t *testing.T) {
|
|
query := models.GetDashboardSnapshotQuery{Key: "hej"}
|
|
err := sqlstore.GetDashboardSnapshot(&query)
|
|
require.NoError(t, err)
|
|
|
|
assert.NotNil(t, query.Result)
|
|
|
|
decryptedDashboard, err := secretsService.Decrypt(
|
|
context.Background(),
|
|
query.Result.DashboardEncrypted,
|
|
)
|
|
require.NoError(t, err)
|
|
|
|
dashboard, err := simplejson.NewJson(decryptedDashboard)
|
|
require.NoError(t, err)
|
|
|
|
assert.Equal(t, "mupp", dashboard.Get("hello").MustString())
|
|
})
|
|
|
|
t.Run("And the user has the admin role", func(t *testing.T) {
|
|
query := models.GetDashboardSnapshotsQuery{
|
|
OrgId: 1,
|
|
SignedInUser: &models.SignedInUser{OrgRole: models.ROLE_ADMIN},
|
|
}
|
|
err := sqlstore.SearchDashboardSnapshots(&query)
|
|
require.NoError(t, err)
|
|
|
|
t.Run("Should return all the snapshots", func(t *testing.T) {
|
|
assert.NotNil(t, query.Result)
|
|
assert.Len(t, query.Result, 1)
|
|
})
|
|
})
|
|
|
|
t.Run("And the user has the editor role and has created a snapshot", func(t *testing.T) {
|
|
query := models.GetDashboardSnapshotsQuery{
|
|
OrgId: 1,
|
|
SignedInUser: &models.SignedInUser{OrgRole: models.ROLE_EDITOR, UserId: 1000},
|
|
}
|
|
err := sqlstore.SearchDashboardSnapshots(&query)
|
|
require.NoError(t, err)
|
|
|
|
t.Run("Should return all the snapshots", func(t *testing.T) {
|
|
require.NotNil(t, query.Result)
|
|
assert.Len(t, query.Result, 1)
|
|
})
|
|
})
|
|
|
|
t.Run("And the user has the editor role and has not created any snapshot", func(t *testing.T) {
|
|
query := models.GetDashboardSnapshotsQuery{
|
|
OrgId: 1,
|
|
SignedInUser: &models.SignedInUser{OrgRole: models.ROLE_EDITOR, UserId: 2},
|
|
}
|
|
err := sqlstore.SearchDashboardSnapshots(&query)
|
|
require.NoError(t, err)
|
|
|
|
t.Run("Should not return any snapshots", func(t *testing.T) {
|
|
require.NotNil(t, query.Result)
|
|
assert.Empty(t, query.Result)
|
|
})
|
|
})
|
|
|
|
t.Run("And the user is anonymous", func(t *testing.T) {
|
|
cmd := models.CreateDashboardSnapshotCommand{
|
|
Key: "strangesnapshotwithuserid0",
|
|
DeleteKey: "adeletekey",
|
|
Dashboard: simplejson.NewFromAny(map[string]interface{}{
|
|
"hello": "mupp",
|
|
}),
|
|
UserId: 0,
|
|
OrgId: 1,
|
|
}
|
|
err := sqlstore.CreateDashboardSnapshot(&cmd)
|
|
require.NoError(t, err)
|
|
|
|
t.Run("Should not return any snapshots", func(t *testing.T) {
|
|
query := models.GetDashboardSnapshotsQuery{
|
|
OrgId: 1,
|
|
SignedInUser: &models.SignedInUser{OrgRole: models.ROLE_EDITOR, IsAnonymous: true, UserId: 0},
|
|
}
|
|
err := sqlstore.SearchDashboardSnapshots(&query)
|
|
require.NoError(t, err)
|
|
|
|
require.NotNil(t, query.Result)
|
|
assert.Empty(t, query.Result)
|
|
})
|
|
})
|
|
|
|
t.Run("Should have encrypted dashboard data", func(t *testing.T) {
|
|
decryptedDashboard, err := secretsService.Decrypt(
|
|
context.Background(),
|
|
cmd.Result.DashboardEncrypted,
|
|
)
|
|
require.NoError(t, err)
|
|
|
|
require.Equal(t, decryptedDashboard, rawDashboard)
|
|
})
|
|
})
|
|
}
|
|
|
|
func TestDeleteExpiredSnapshots(t *testing.T) {
|
|
sqlstore := InitTestDB(t)
|
|
|
|
t.Run("Testing dashboard snapshots clean up", func(t *testing.T) {
|
|
setting.SnapShotRemoveExpired = true
|
|
|
|
nonExpiredSnapshot := createTestSnapshot(t, sqlstore, "key1", 48000)
|
|
createTestSnapshot(t, sqlstore, "key2", -1200)
|
|
createTestSnapshot(t, sqlstore, "key3", -1200)
|
|
|
|
err := sqlstore.DeleteExpiredSnapshots(&models.DeleteExpiredSnapshotsCommand{})
|
|
require.NoError(t, err)
|
|
|
|
query := models.GetDashboardSnapshotsQuery{
|
|
OrgId: 1,
|
|
SignedInUser: &models.SignedInUser{OrgRole: models.ROLE_ADMIN},
|
|
}
|
|
err = sqlstore.SearchDashboardSnapshots(&query)
|
|
require.NoError(t, err)
|
|
|
|
assert.Len(t, query.Result, 1)
|
|
assert.Equal(t, nonExpiredSnapshot.Key, query.Result[0].Key)
|
|
|
|
err = sqlstore.DeleteExpiredSnapshots(&models.DeleteExpiredSnapshotsCommand{})
|
|
require.NoError(t, err)
|
|
|
|
query = models.GetDashboardSnapshotsQuery{
|
|
OrgId: 1,
|
|
SignedInUser: &models.SignedInUser{OrgRole: models.ROLE_ADMIN},
|
|
}
|
|
err = sqlstore.SearchDashboardSnapshots(&query)
|
|
require.NoError(t, err)
|
|
|
|
require.Len(t, query.Result, 1)
|
|
require.Equal(t, nonExpiredSnapshot.Key, query.Result[0].Key)
|
|
})
|
|
}
|
|
|
|
func createTestSnapshot(t *testing.T, sqlstore *SQLStore, key string, expires int64) *models.DashboardSnapshot {
|
|
cmd := models.CreateDashboardSnapshotCommand{
|
|
Key: key,
|
|
DeleteKey: "delete" + key,
|
|
Dashboard: simplejson.NewFromAny(map[string]interface{}{
|
|
"hello": "mupp",
|
|
}),
|
|
UserId: 1000,
|
|
OrgId: 1,
|
|
Expires: expires,
|
|
}
|
|
err := sqlstore.CreateDashboardSnapshot(&cmd)
|
|
require.NoError(t, err)
|
|
|
|
// Set expiry date manually - to be able to create expired snapshots
|
|
if expires < 0 {
|
|
expireDate := time.Now().Add(time.Second * time.Duration(expires))
|
|
_, err = sqlstore.engine.Exec("UPDATE dashboard_snapshot SET expires = ? WHERE id = ?", expireDate, cmd.Result.Id)
|
|
require.NoError(t, err)
|
|
}
|
|
|
|
return cmd.Result
|
|
}
|