opensource/grafana
1
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-07-31 08:42:19 +08:00
Code Issues Packages Projects Releases Wiki Activity

Secrets: Implement admin mechanism for deleting all secrets stored on the secrets plugin (#54264)

Browse Source 
* implement delete all secrets endpoint

* change deletion check to just check for installed plugin

* refactor function call
This commit is contained in:
Michael Mandrus
2022-08-29 14:44:55 -04:00
committed by GitHub
parent 3f0beee362
commit 2c21113917
3 changed files with 43 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
pkg/api/admin_encryption.go
View File

@ -1,6 +1,7 @@
package api
import (
"fmt"
"net/http"
"github.com/grafana/grafana/pkg/api/response"
@ -52,7 +53,7 @@ func (hs *HTTPServer) AdminRollbackSecrets(c *models.ReqContext) response.Respon
// To migrate to the plugin, it must be installed and configured
// so as not to lose access to migrated secrets
func (hs *HTTPServer) MigrateSecretsToPlugin(c *models.ReqContext) response.Response {
func (hs *HTTPServer) AdminMigrateSecretsToPlugin(c *models.ReqContext) response.Response {
if skv.EvaluateRemoteSecretsPlugin(hs.secretsPluginManager, hs.Cfg) != nil {
hs.log.Warn("Received secrets plugin migration request while plugin is not available")
return response.Respond(http.StatusBadRequest, "Secrets plugin is not available")
@ -67,7 +68,7 @@ func (hs *HTTPServer) MigrateSecretsToPlugin(c *models.ReqContext) response.Resp
// To migrate from the plugin, it must be installed only
// as it is possible the user disabled it and then wants to migrate
func (hs *HTTPServer) MigrateSecretsFromPlugin(c *models.ReqContext) response.Response {
func (hs *HTTPServer) AdminMigrateSecretsFromPlugin(c *models.ReqContext) response.Response {
if hs.secretsPluginManager.SecretsManager() == nil {
hs.log.Warn("Received secrets plugin migration request while plugin is not installed")
return response.Respond(http.StatusBadRequest, "Secrets plugin is not installed")
@ -79,3 +80,21 @@ func (hs *HTTPServer) MigrateSecretsFromPlugin(c *models.ReqContext) response.Re
}
return response.Respond(http.StatusOK, "Secret migration from plugin triggered successfully")
}
func (hs *HTTPServer) AdminDeleteAllSecretsManagerPluginSecrets(c *models.ReqContext) response.Response {
if hs.secretsPluginManager.SecretsManager() == nil {
hs.log.Warn("Received secrets plugin deletion request while plugin is not installed")
return response.Respond(http.StatusBadRequest, "Secrets plugin is not installed")
}
items, err := hs.secretsStore.GetAll(c.Req.Context())
if err != nil {
return response.Respond(http.StatusInternalServerError, "an error occurred while retrieving secrets")
}
for _, item := range items {
err := hs.secretsStore.Del(c.Req.Context(), *item.OrgId, *item.Namespace, *item.Type)
if err != nil {
return response.Respond(http.StatusInternalServerError, fmt.Sprintf("error deleting key with org=%v namespace=%v type=%v. error=%v", *item.OrgId, *item.Namespace, *item.Type, err.Error()))
}
}
return response.Respond(http.StatusOK, fmt.Sprintf("All %d Secrets Manager plugin secrets deleted", len(items)))
}