mirror of
https://github.com/grafana/grafana.git
synced 2025-07-30 16:52:54 +08:00
5652bde447
* Use secrets service in pluginproxy * Use secrets service in pluginxontext * Use secrets service in pluginsettings * Use secrets service in provisioning * Use secrets service in authinfoservice * Use secrets service in api * Use secrets service in sqlstore * Use secrets service in dashboardshapshots * Use secrets service in tsdb * Use secrets service in datasources * Use secrets service in alerting * Use secrets service in ngalert * Break cyclic dependancy * Refactor service * Break cyclic dependancy * Add FakeSecretsStore * Setup Secrets Service in sqlstore * Fix * Continue secrets service refactoring * Fix cyclic dependancy in sqlstore tests * Fix secrets service references * Fix linter errors * Add fake secrets service for tests * Refactor SetupTestSecretsService * Update setting up secret service in tests * Fix missing secrets service in multiorg_alertmanager_test * Use fake db in tests and sort imports * Use fake db in datasources tests * Fix more tests * Fix linter issues * Attempt to fix plugin proxy tests * Pass secrets service to getPluginProxiedRequest in pluginproxy tests * Fix pluginproxy tests * Revert using secrets service in alerting and provisioning * Update decryptFn in alerting migration * Rename defaultProvider to currentProvider * Use fake secrets service in alert channels tests * Refactor secrets service test helper * Update setting up secrets service in tests * Revert alerting changes in api * Add comments * Remove secrets service from background services * Convert global encryption functions into vars * Revert "Convert global encryption functions into vars" This reverts commit 498eb19859eba364a2400a6d7e73236b1c9a5b37. * Add feature toggle for envelope encryption * Rename toggle Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> Co-authored-by: Joan López de la Franca Beltran <joanjan14@gmail.com>
95 lines
2.6 KiB
Go
95 lines
2.6 KiB
Go
package pluginsettings
|
|
|
|
import (
|
|
"context"
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/grafana/grafana/pkg/bus"
|
|
"github.com/grafana/grafana/pkg/models"
|
|
"github.com/grafana/grafana/pkg/services/secrets"
|
|
"github.com/grafana/grafana/pkg/services/secrets/fakes"
|
|
secretsManager "github.com/grafana/grafana/pkg/services/secrets/manager"
|
|
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
func TestService_DecryptedValuesCache(t *testing.T) {
|
|
t.Run("When plugin settings hasn't been updated, encrypted JSON should be fetched from cache", func(t *testing.T) {
|
|
ctx := context.Background()
|
|
|
|
secretsService := secretsManager.SetupTestService(t, fakes.NewFakeSecretsStore())
|
|
psService := ProvideService(bus.New(), nil, secretsService)
|
|
|
|
encryptedJsonData, err := secretsService.EncryptJsonData(
|
|
ctx,
|
|
map[string]string{
|
|
"password": "password",
|
|
}, secrets.WithoutScope())
|
|
require.NoError(t, err)
|
|
|
|
ps := models.PluginSetting{
|
|
Id: 1,
|
|
JsonData: map[string]interface{}{},
|
|
SecureJsonData: encryptedJsonData,
|
|
}
|
|
|
|
// Populate cache
|
|
password, ok := psService.DecryptedValues(&ps)["password"]
|
|
require.Equal(t, "password", password)
|
|
require.True(t, ok)
|
|
|
|
encryptedJsonData, err = secretsService.EncryptJsonData(
|
|
ctx,
|
|
map[string]string{
|
|
"password": "",
|
|
}, secrets.WithoutScope())
|
|
require.NoError(t, err)
|
|
|
|
ps.SecureJsonData = encryptedJsonData
|
|
|
|
password, ok = psService.DecryptedValues(&ps)["password"]
|
|
require.Equal(t, "password", password)
|
|
require.True(t, ok)
|
|
})
|
|
|
|
t.Run("When plugin settings is updated, encrypted JSON should not be fetched from cache", func(t *testing.T) {
|
|
ctx := context.Background()
|
|
|
|
secretsService := secretsManager.SetupTestService(t, fakes.NewFakeSecretsStore())
|
|
psService := ProvideService(bus.New(), nil, secretsService)
|
|
|
|
encryptedJsonData, err := secretsService.EncryptJsonData(
|
|
ctx,
|
|
map[string]string{
|
|
"password": "password",
|
|
}, secrets.WithoutScope())
|
|
require.NoError(t, err)
|
|
|
|
ps := models.PluginSetting{
|
|
Id: 1,
|
|
JsonData: map[string]interface{}{},
|
|
SecureJsonData: encryptedJsonData,
|
|
}
|
|
|
|
// Populate cache
|
|
password, ok := psService.DecryptedValues(&ps)["password"]
|
|
require.Equal(t, "password", password)
|
|
require.True(t, ok)
|
|
|
|
encryptedJsonData, err = secretsService.EncryptJsonData(
|
|
ctx,
|
|
map[string]string{
|
|
"password": "",
|
|
}, secrets.WithoutScope())
|
|
require.NoError(t, err)
|
|
|
|
ps.SecureJsonData = encryptedJsonData
|
|
ps.Updated = time.Now()
|
|
|
|
password, ok = psService.DecryptedValues(&ps)["password"]
|
|
require.Empty(t, password)
|
|
require.True(t, ok)
|
|
})
|
|
}
|