grafana/pkg/services/sqlstore/dashboard_snapshot_test.go
Tania B 5652bde447
Encryption: Use secrets service (#40251)
* Use secrets service in pluginproxy

* Use secrets service in pluginxontext

* Use secrets service in pluginsettings

* Use secrets service in provisioning

* Use secrets service in authinfoservice

* Use secrets service in api

* Use secrets service in sqlstore

* Use secrets service in dashboardshapshots

* Use secrets service in tsdb

* Use secrets service in datasources

* Use secrets service in alerting

* Use secrets service in ngalert

* Break cyclic dependancy

* Refactor service

* Break cyclic dependancy

* Add FakeSecretsStore

* Setup Secrets Service in sqlstore

* Fix

* Continue secrets service refactoring

* Fix cyclic dependancy in sqlstore tests

* Fix secrets service references

* Fix linter errors

* Add fake secrets service for tests

* Refactor SetupTestSecretsService

* Update setting up secret service in tests

* Fix missing secrets service in multiorg_alertmanager_test

* Use fake db in tests and sort imports

* Use fake db in datasources tests

* Fix more tests

* Fix linter issues

* Attempt to fix plugin proxy tests

* Pass secrets service to getPluginProxiedRequest in pluginproxy tests

* Fix pluginproxy tests

* Revert using secrets service in alerting and provisioning

* Update decryptFn in alerting migration

* Rename defaultProvider to currentProvider

* Use fake secrets service in alert channels tests

* Refactor secrets service test helper

* Update setting up secrets service in tests

* Revert alerting changes in api

* Add comments

* Remove secrets service from background services

* Convert global encryption functions into vars

* Revert "Convert global encryption functions into vars"

This reverts commit 498eb19859.

* Add feature toggle for envelope encryption

* Rename toggle

Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
Co-authored-by: Joan López de la Franca Beltran <joanjan14@gmail.com>
2021-11-04 18:47:21 +02:00

208 lines
6.1 KiB
Go

//go:build integration
// +build integration
package sqlstore
import (
"context"
"testing"
"time"
"github.com/grafana/grafana/pkg/components/simplejson"
"github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/services/secrets"
"github.com/grafana/grafana/pkg/services/secrets/fakes"
"github.com/grafana/grafana/pkg/setting"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
func TestDashboardSnapshotDBAccess(t *testing.T) {
sqlstore := InitTestDB(t)
origSecret := setting.SecretKey
setting.SecretKey = "dashboard_snapshot_testing"
t.Cleanup(func() {
setting.SecretKey = origSecret
})
secretsService := fakes.NewFakeSecretsService()
dashboard := simplejson.NewFromAny(map[string]interface{}{"hello": "mupp"})
t.Run("Given saved snapshot", func(t *testing.T) {
rawDashboard, err := dashboard.Encode()
require.NoError(t, err)
encryptedDashboard, err := secretsService.Encrypt(context.Background(), rawDashboard, secrets.WithoutScope())
require.NoError(t, err)
cmd := models.CreateDashboardSnapshotCommand{
Key: "hej",
DashboardEncrypted: encryptedDashboard,
UserId: 1000,
OrgId: 1,
}
err = sqlstore.CreateDashboardSnapshot(&cmd)
require.NoError(t, err)
t.Run("Should be able to get snapshot by key", func(t *testing.T) {
query := models.GetDashboardSnapshotQuery{Key: "hej"}
err := sqlstore.GetDashboardSnapshot(&query)
require.NoError(t, err)
assert.NotNil(t, query.Result)
decryptedDashboard, err := secretsService.Decrypt(
context.Background(),
query.Result.DashboardEncrypted,
)
require.NoError(t, err)
dashboard, err := simplejson.NewJson(decryptedDashboard)
require.NoError(t, err)
assert.Equal(t, "mupp", dashboard.Get("hello").MustString())
})
t.Run("And the user has the admin role", func(t *testing.T) {
query := models.GetDashboardSnapshotsQuery{
OrgId: 1,
SignedInUser: &models.SignedInUser{OrgRole: models.ROLE_ADMIN},
}
err := sqlstore.SearchDashboardSnapshots(&query)
require.NoError(t, err)
t.Run("Should return all the snapshots", func(t *testing.T) {
assert.NotNil(t, query.Result)
assert.Len(t, query.Result, 1)
})
})
t.Run("And the user has the editor role and has created a snapshot", func(t *testing.T) {
query := models.GetDashboardSnapshotsQuery{
OrgId: 1,
SignedInUser: &models.SignedInUser{OrgRole: models.ROLE_EDITOR, UserId: 1000},
}
err := sqlstore.SearchDashboardSnapshots(&query)
require.NoError(t, err)
t.Run("Should return all the snapshots", func(t *testing.T) {
require.NotNil(t, query.Result)
assert.Len(t, query.Result, 1)
})
})
t.Run("And the user has the editor role and has not created any snapshot", func(t *testing.T) {
query := models.GetDashboardSnapshotsQuery{
OrgId: 1,
SignedInUser: &models.SignedInUser{OrgRole: models.ROLE_EDITOR, UserId: 2},
}
err := sqlstore.SearchDashboardSnapshots(&query)
require.NoError(t, err)
t.Run("Should not return any snapshots", func(t *testing.T) {
require.NotNil(t, query.Result)
assert.Empty(t, query.Result)
})
})
t.Run("And the user is anonymous", func(t *testing.T) {
cmd := models.CreateDashboardSnapshotCommand{
Key: "strangesnapshotwithuserid0",
DeleteKey: "adeletekey",
Dashboard: simplejson.NewFromAny(map[string]interface{}{
"hello": "mupp",
}),
UserId: 0,
OrgId: 1,
}
err := sqlstore.CreateDashboardSnapshot(&cmd)
require.NoError(t, err)
t.Run("Should not return any snapshots", func(t *testing.T) {
query := models.GetDashboardSnapshotsQuery{
OrgId: 1,
SignedInUser: &models.SignedInUser{OrgRole: models.ROLE_EDITOR, IsAnonymous: true, UserId: 0},
}
err := sqlstore.SearchDashboardSnapshots(&query)
require.NoError(t, err)
require.NotNil(t, query.Result)
assert.Empty(t, query.Result)
})
})
t.Run("Should have encrypted dashboard data", func(t *testing.T) {
decryptedDashboard, err := secretsService.Decrypt(
context.Background(),
cmd.Result.DashboardEncrypted,
)
require.NoError(t, err)
require.Equal(t, decryptedDashboard, rawDashboard)
})
})
}
func TestDeleteExpiredSnapshots(t *testing.T) {
sqlstore := InitTestDB(t)
t.Run("Testing dashboard snapshots clean up", func(t *testing.T) {
setting.SnapShotRemoveExpired = true
nonExpiredSnapshot := createTestSnapshot(t, sqlstore, "key1", 48000)
createTestSnapshot(t, sqlstore, "key2", -1200)
createTestSnapshot(t, sqlstore, "key3", -1200)
err := sqlstore.DeleteExpiredSnapshots(&models.DeleteExpiredSnapshotsCommand{})
require.NoError(t, err)
query := models.GetDashboardSnapshotsQuery{
OrgId: 1,
SignedInUser: &models.SignedInUser{OrgRole: models.ROLE_ADMIN},
}
err = sqlstore.SearchDashboardSnapshots(&query)
require.NoError(t, err)
assert.Len(t, query.Result, 1)
assert.Equal(t, nonExpiredSnapshot.Key, query.Result[0].Key)
err = sqlstore.DeleteExpiredSnapshots(&models.DeleteExpiredSnapshotsCommand{})
require.NoError(t, err)
query = models.GetDashboardSnapshotsQuery{
OrgId: 1,
SignedInUser: &models.SignedInUser{OrgRole: models.ROLE_ADMIN},
}
err = sqlstore.SearchDashboardSnapshots(&query)
require.NoError(t, err)
require.Len(t, query.Result, 1)
require.Equal(t, nonExpiredSnapshot.Key, query.Result[0].Key)
})
}
func createTestSnapshot(t *testing.T, sqlstore *SQLStore, key string, expires int64) *models.DashboardSnapshot {
cmd := models.CreateDashboardSnapshotCommand{
Key: key,
DeleteKey: "delete" + key,
Dashboard: simplejson.NewFromAny(map[string]interface{}{
"hello": "mupp",
}),
UserId: 1000,
OrgId: 1,
Expires: expires,
}
err := sqlstore.CreateDashboardSnapshot(&cmd)
require.NoError(t, err)
// Set expiry date manually - to be able to create expired snapshots
if expires < 0 {
expireDate := time.Now().Add(time.Second * time.Duration(expires))
_, err = sqlstore.engine.Exec("UPDATE dashboard_snapshot SET expires = ? WHERE id = ?", expireDate, cmd.Result.Id)
require.NoError(t, err)
}
return cmd.Result
}