opensource/grafana
1
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-07-29 17:42:19 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
grafana/pkg/storage/secret/encryption/query.go
Dana Axinte b1b9cc43a8 SecretsManager: Adding ability to disable all DEKs (#108444) 
* Adding dek deactivation and rename list dek

* disable data keys from manager

* separate interface and don't use in encryption manager
2025-07-25 17:11:17 +01:00

151 lines
3.6 KiB
Go
Raw Permalink Blame History

package encryption
import (
"embed"
"fmt"
"text/template"
"time"
"github.com/grafana/grafana/pkg/registry/apis/secret/contracts"
"github.com/grafana/grafana/pkg/storage/unified/sql/sqltemplate"
)
var (
//go:embed data/*.sql
sqlTemplatesFS embed.FS
sqlTemplates = template.Must(template.New("sql").ParseFS(sqlTemplatesFS, `data/*.sql`))
// The SQL Commands
sqlEncryptedValueCreate = mustTemplate("encrypted_value_create.sql")
sqlEncryptedValueRead = mustTemplate("encrypted_value_read.sql")
sqlEncryptedValueUpdate = mustTemplate("encrypted_value_update.sql")
sqlEncryptedValueDelete = mustTemplate("encrypted_value_delete.sql")
sqlDataKeyCreate = mustTemplate("data_key_create.sql")
sqlDataKeyRead = mustTemplate("data_key_read.sql")
sqlDataKeyReadCurrent = mustTemplate("data_key_read_current.sql")
sqlDataKeyList = mustTemplate("data_key_list.sql")
sqlDataKeyDisable = mustTemplate("data_key_disable.sql")
sqlDataKeyDelete = mustTemplate("data_key_delete.sql")
sqlDataKeyDisableAll = mustTemplate("data_key_disable_all.sql")
)
// TODO: Move this to a common place so that all stores can use
func mustTemplate(filename string) *template.Template {
if t := sqlTemplates.Lookup(filename); t != nil {
return t
}
panic(fmt.Sprintf("template file not found: %s", filename))
}
/*************************************/
/**-- Encrypted Value Queries --**/
/*************************************/
type createEncryptedValue struct {
sqltemplate.SQLTemplate
Row *EncryptedValue
}
// Validate is only used if we use `dbutil` from `unifiedstorage`
func (r createEncryptedValue) Validate() error {
return nil // TODO
}
// Read Encrypted Value
type readEncryptedValue struct {
sqltemplate.SQLTemplate
Namespace string
Name string
Version int64
}
// Validate is only used if we use `dbutil` from `unifiedstorage`
func (r readEncryptedValue) Validate() error {
return nil // TODO
}
// Update Encrypted Value
type updateEncryptedValue struct {
sqltemplate.SQLTemplate
Namespace string
Name string
Version int64
EncryptedData []byte
Updated int64
}
// Validate is only used if we use `dbutil` from `unifiedstorage`
func (r updateEncryptedValue) Validate() error {
return nil // TODO
}
// Delete Encrypted Value
type deleteEncryptedValue struct {
sqltemplate.SQLTemplate
Namespace string
Name string
Version int64
}
// Validate is only used if we use `dbutil` from `unifiedstorage`
func (r deleteEncryptedValue) Validate() error {
return nil // TODO
}
/*************************************/
/**-- Data Key Queries --**/
/*************************************/
type createDataKey struct {
sqltemplate.SQLTemplate
Row *contracts.SecretDataKey
}
func (r createDataKey) Validate() error { return nil }
type readDataKey struct {
sqltemplate.SQLTemplate
Namespace string
UID string
}
func (r readDataKey) Validate() error { return nil }
type readCurrentDataKey struct {
sqltemplate.SQLTemplate
Namespace string
Label string
}
func (r readCurrentDataKey) Validate() error { return nil }
type listDataKeys struct {
sqltemplate.SQLTemplate
Namespace string
}
func (r listDataKeys) Validate() error { return nil }
type disableDataKeys struct {
sqltemplate.SQLTemplate
Namespace string
Updated time.Time
}
func (r disableDataKeys) Validate() error { return nil }
type deleteDataKey struct {
sqltemplate.SQLTemplate
Namespace string
UID string
}
func (r deleteDataKey) Validate() error { return nil }
type disableAllDataKeys struct {
sqltemplate.SQLTemplate
Updated time.Time
}
func (r disableAllDataKeys) Validate() error { return nil }
Reference in New Issue View Git Blame Copy Permalink