mirror of
https://github.com/grafana/grafana.git
synced 2025-01-16 19:52:33 -06:00
2d8a91a846
* Implement disableSecretsCompatibility flag * Allow secret deletion right after migration * Use dialect.Quote for secure_json_data on secret deletion Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com> * Set secure_json_data to NULL instead of empty json * Run toggles_gen_test and use generated flag variable * Add ID to delete data source secrets command on function call Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com> * Remove extra query to get datasource on secret deletion * Fix linting issues with CHANGELOG.md * Use empty json string when deleting secure json data * Implement secret migration as a background process * Refactor secret migration as a background service * Refactor migration to be inside secret store * Re-add secret deletion function removed on merge * Try using transaction to fix db lock during tests * Disable migration for pipeline debugging * Try adding sleep to fix database lock * Remove unecessary time sleep from migration * Fix merge issue, replace models with datasources * Try event listener approach * Fix merge issue, replace models with datasources * Fix linting issues with unchecked error * Remove unecessary trainling new line * Increase wait interval on background secret migration * Rename secret store migration folder for consistency * Convert background migration to blocking * Fix number of arguments on server tests * Check error value of secret migration provider * Fix linting issue with method varaible * Revert unintended change on background services * Move secret migration service provider to wire.go * Remove unecessary else from datasource service * Move transaction inside loop on secret migration * Remove unecessary GetServices function * Remove unecessary interface after method removal * Rename Run to Migrate on secret migration interface * Rename secret migrations service variable on server * Use MustBool on datasource secret migration * Revert changes to GetDataSources * Implement GetAllDataSources function * Remove DeleteDataSourceSecrets function * Move datasource secret migration to datasource service * Remove unecessary properties from datasource secret migration * Make DecryptLegacySecrets a private method * Remove context canceled check on secret migrator * Log error when fail to unmarshal datasource secret * Add necessary fields to update command on migration * Handle high availability on secret migration * Use kvstore for datasource secret migration status * Add error check for migration status set on kvstore * Remove NewSecretMigrationService from server tests * Use const for strings on datasource secrets migration * Test all cases for datasources secret migrations Co-authored-by: Sofia Papagiannaki <1632407+papagian@users.noreply.github.com>
220 lines
6.3 KiB
Go
220 lines
6.3 KiB
Go
package datasources
|
|
|
|
import (
|
|
"time"
|
|
|
|
"github.com/grafana/grafana/pkg/components/simplejson"
|
|
"github.com/grafana/grafana/pkg/models"
|
|
)
|
|
|
|
const (
|
|
DS_GRAPHITE = "graphite"
|
|
DS_INFLUXDB = "influxdb"
|
|
DS_INFLUXDB_08 = "influxdb_08"
|
|
DS_ES = "elasticsearch"
|
|
DS_PROMETHEUS = "prometheus"
|
|
DS_ALERTMANAGER = "alertmanager"
|
|
DS_JAEGER = "jaeger"
|
|
DS_LOKI = "loki"
|
|
DS_OPENTSDB = "opentsdb"
|
|
DS_TEMPO = "tempo"
|
|
DS_ZIPKIN = "zipkin"
|
|
DS_MYSQL = "mysql"
|
|
DS_POSTGRES = "postgres"
|
|
DS_MSSQL = "mssql"
|
|
DS_ACCESS_DIRECT = "direct"
|
|
DS_ACCESS_PROXY = "proxy"
|
|
DS_ES_OPEN_DISTRO = "grafana-es-open-distro-datasource"
|
|
DS_ES_OPENSEARCH = "grafana-opensearch-datasource"
|
|
)
|
|
|
|
type DsAccess string
|
|
|
|
type DataSource struct {
|
|
Id int64 `json:"id,omitempty"`
|
|
OrgId int64 `json:"orgId,omitempty"`
|
|
Version int `json:"version,omitempty"`
|
|
|
|
Name string `json:"name"`
|
|
Type string `json:"type"`
|
|
Access DsAccess `json:"access"`
|
|
Url string `json:"url"`
|
|
// swagger:ignore
|
|
Password string `json:"-"`
|
|
User string `json:"user"`
|
|
Database string `json:"database"`
|
|
BasicAuth bool `json:"basicAuth"`
|
|
BasicAuthUser string `json:"basicAuthUser"`
|
|
// swagger:ignore
|
|
BasicAuthPassword string `json:"-"`
|
|
WithCredentials bool `json:"withCredentials"`
|
|
IsDefault bool `json:"isDefault"`
|
|
JsonData *simplejson.Json `json:"jsonData"`
|
|
SecureJsonData map[string][]byte `json:"secureJsonData"`
|
|
ReadOnly bool `json:"readOnly"`
|
|
Uid string `json:"uid"`
|
|
|
|
Created time.Time `json:"created,omitempty"`
|
|
Updated time.Time `json:"updated,omitempty"`
|
|
}
|
|
|
|
// AllowedCookies parses the jsondata.keepCookies and returns a list of
|
|
// allowed cookies, otherwise an empty list.
|
|
func (ds DataSource) AllowedCookies() []string {
|
|
if ds.JsonData != nil {
|
|
if keepCookies := ds.JsonData.Get("keepCookies"); keepCookies != nil {
|
|
return keepCookies.MustStringArray()
|
|
}
|
|
}
|
|
|
|
return []string{}
|
|
}
|
|
|
|
// Specific error type for grpc secrets management so that we can show more detailed plugin errors to users
|
|
type ErrDatasourceSecretsPluginUserFriendly struct {
|
|
Err string
|
|
}
|
|
|
|
func (e ErrDatasourceSecretsPluginUserFriendly) Error() string {
|
|
return e.Err
|
|
}
|
|
|
|
// ----------------------
|
|
// COMMANDS
|
|
|
|
// Also acts as api DTO
|
|
type AddDataSourceCommand struct {
|
|
Name string `json:"name" binding:"Required"`
|
|
Type string `json:"type" binding:"Required"`
|
|
Access DsAccess `json:"access" binding:"Required"`
|
|
Url string `json:"url"`
|
|
Database string `json:"database"`
|
|
User string `json:"user"`
|
|
BasicAuth bool `json:"basicAuth"`
|
|
BasicAuthUser string `json:"basicAuthUser"`
|
|
WithCredentials bool `json:"withCredentials"`
|
|
IsDefault bool `json:"isDefault"`
|
|
JsonData *simplejson.Json `json:"jsonData"`
|
|
SecureJsonData map[string]string `json:"secureJsonData"`
|
|
Uid string `json:"uid"`
|
|
|
|
OrgId int64 `json:"-"`
|
|
UserId int64 `json:"-"`
|
|
ReadOnly bool `json:"-"`
|
|
EncryptedSecureJsonData map[string][]byte `json:"-"`
|
|
UpdateSecretFn UpdateSecretFn `json:"-"`
|
|
|
|
Result *DataSource `json:"-"`
|
|
}
|
|
|
|
// Also acts as api DTO
|
|
type UpdateDataSourceCommand struct {
|
|
Name string `json:"name" binding:"Required"`
|
|
Type string `json:"type" binding:"Required"`
|
|
Access DsAccess `json:"access" binding:"Required"`
|
|
Url string `json:"url"`
|
|
User string `json:"user"`
|
|
Database string `json:"database"`
|
|
BasicAuth bool `json:"basicAuth"`
|
|
BasicAuthUser string `json:"basicAuthUser"`
|
|
WithCredentials bool `json:"withCredentials"`
|
|
IsDefault bool `json:"isDefault"`
|
|
JsonData *simplejson.Json `json:"jsonData"`
|
|
SecureJsonData map[string]string `json:"secureJsonData"`
|
|
Version int `json:"version"`
|
|
Uid string `json:"uid"`
|
|
|
|
OrgId int64 `json:"-"`
|
|
Id int64 `json:"-"`
|
|
ReadOnly bool `json:"-"`
|
|
EncryptedSecureJsonData map[string][]byte `json:"-"`
|
|
UpdateSecretFn UpdateSecretFn `json:"-"`
|
|
|
|
Result *DataSource `json:"-"`
|
|
}
|
|
|
|
// DeleteDataSourceCommand will delete a DataSource based on OrgID as well as the UID (preferred), ID, or Name.
|
|
// At least one of the UID, ID, or Name properties must be set in addition to OrgID.
|
|
type DeleteDataSourceCommand struct {
|
|
ID int64
|
|
UID string
|
|
Name string
|
|
|
|
OrgID int64
|
|
|
|
DeletedDatasourcesCount int64
|
|
|
|
UpdateSecretFn UpdateSecretFn
|
|
}
|
|
|
|
// Function for updating secrets along with datasources, to ensure atomicity
|
|
type UpdateSecretFn func() error
|
|
|
|
// ---------------------
|
|
// QUERIES
|
|
|
|
type GetDataSourcesQuery struct {
|
|
OrgId int64
|
|
DataSourceLimit int
|
|
User *models.SignedInUser
|
|
Result []*DataSource
|
|
}
|
|
|
|
type GetAllDataSourcesQuery struct {
|
|
Result []*DataSource
|
|
}
|
|
|
|
type GetDataSourcesByTypeQuery struct {
|
|
Type string
|
|
Result []*DataSource
|
|
}
|
|
|
|
type GetDefaultDataSourceQuery struct {
|
|
OrgId int64
|
|
User *models.SignedInUser
|
|
Result *DataSource
|
|
}
|
|
|
|
// GetDataSourceQuery will get a DataSource based on OrgID as well as the UID (preferred), ID, or Name.
|
|
// At least one of the UID, ID, or Name properties must be set in addition to OrgID.
|
|
type GetDataSourceQuery struct {
|
|
Id int64
|
|
Uid string
|
|
Name string
|
|
|
|
OrgId int64
|
|
|
|
Result *DataSource
|
|
}
|
|
|
|
// ---------------------
|
|
// Permissions
|
|
// ---------------------
|
|
|
|
// Datasource permission
|
|
// Description:
|
|
// * `0` - No Access
|
|
// * `1` - Query
|
|
// Enum: 0,1
|
|
// swagger:model
|
|
type DsPermissionType int
|
|
|
|
const (
|
|
DsPermissionNoAccess DsPermissionType = iota
|
|
DsPermissionQuery
|
|
)
|
|
|
|
func (p DsPermissionType) String() string {
|
|
names := map[int]string{
|
|
int(DsPermissionQuery): "Query",
|
|
int(DsPermissionNoAccess): "No Access",
|
|
}
|
|
return names[int(p)]
|
|
}
|
|
|
|
type DatasourcesPermissionFilterQuery struct {
|
|
User *models.SignedInUser
|
|
Datasources []*DataSource
|
|
Result []*DataSource
|
|
}
|