apitech
/
grafana
mirror of https://github.com/grafana/grafana
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many more.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
47970 Commits
2179 Branches
608 Tags
1.9 GiB
Tag: Branch: Tree: 6768c6c059
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '6768c6c059'
${ noResults }
grafana/pkg/cmd/grafana-cli/commands/datamigrations/encrypt_datasource_password...

134 lines
3.7 KiB
Raw Normal View History Unescape

CLI: Add command to migrate all datasources to use encrypted password fields (#17118) closes: #17107
6 years ago
package datamigrations
import (
"context"
"encoding/json"
Chore: Remove Wrap (#50048) * Chore: Remove Wrap and Wrapf * Fix: Add error check
3 years ago
"fmt"
CLI: Add command to migrate all datasources to use encrypted password fields (#17118) closes: #17107
6 years ago
"github.com/fatih/color"
chore: remove sqlstore & mockstore dependencies from (most) packages (#57087) * chore: add alias for InitTestDB and Session Adds an alias for the sqlstore InitTestDB and Session, and updates tests using these to reduce dependencies on the sqlstore.Store. * next pass of removing sqlstore imports * last little bit * remove mockstore where possible
3 years ago
"github.com/grafana/grafana/pkg/cmd/grafana-cli/logger"
CLI: Add command to migrate all datasources to use encrypted password fields (#17118) closes: #17107
6 years ago
"github.com/grafana/grafana/pkg/cmd/grafana-cli/utils"
chore: remove sqlstore & mockstore dependencies from (most) packages (#57087) * chore: add alias for InitTestDB and Session Adds an alias for the sqlstore InitTestDB and Session, and updates tests using these to reduce dependencies on the sqlstore.Store. * next pass of removing sqlstore imports * last little bit * remove mockstore where possible
3 years ago
"github.com/grafana/grafana/pkg/infra/db"
CLI: Add command to migrate all datasources to use encrypted password fields (#17118) closes: #17107
6 years ago
"github.com/grafana/grafana/pkg/setting"
"github.com/grafana/grafana/pkg/util"
)
var (
datasourceTypes = []string{
"mysql",
"influxdb",
"elasticsearch",
"graphite",
"prometheus",
"opentsdb",
}
)
Chore: Fix various spelling errors in back-end code (#25241) * Chore: Fix various spelling errors in back-end code Co-authored-by: Sofia Papagiannaki <papagian@users.noreply.github.com> Co-authored-by: Josh Soref <jsoref@users.noreply.github.com>>
5 years ago
// EncryptDatasourcePasswords migrates unencrypted secrets on datasources
CLI: Add command to migrate all datasources to use encrypted password fields (#17118) closes: #17107
6 years ago
// to the secureJson Column.
Chore: Remove public vars in setting package (#81018) Removes the public variable setting.SecretKey plus some other ones. Introduces some new functions for creating setting.Cfg.
1 year ago
func EncryptDatasourcePasswords(c utils.CommandLine, cfg *setting.Cfg, sqlStore db.DB) error {
chore: remove sqlstore & mockstore dependencies from (most) packages (#57087) * chore: add alias for InitTestDB and Session Adds an alias for the sqlstore InitTestDB and Session, and updates tests using these to reduce dependencies on the sqlstore.Store. * next pass of removing sqlstore imports * last little bit * remove mockstore where possible
3 years ago
return sqlStore.WithDbSession(context.Background(), func(session *db.Session) error {
Chore: Remove public vars in setting package (#81018) Removes the public variable setting.SecretKey plus some other ones. Introduces some new functions for creating setting.Cfg.
1 year ago
passwordsUpdated, err := migrateColumn(cfg, session, "password")
CLI: Add command to migrate all datasources to use encrypted password fields (#17118) closes: #17107
6 years ago
if err != nil {
return err
}
Chore: Remove public vars in setting package (#81018) Removes the public variable setting.SecretKey plus some other ones. Introduces some new functions for creating setting.Cfg.
1 year ago
basicAuthUpdated, err := migrateColumn(cfg, session, "basic_auth_password")
CLI: Add command to migrate all datasources to use encrypted password fields (#17118) closes: #17107
6 years ago
if err != nil {
return err
}
logger.Info("\n")
if passwordsUpdated > 0 {
logger.Infof("%s Encrypted password field for %d datasources \n", color.GreenString("✔"), passwordsUpdated)
}
if basicAuthUpdated > 0 {
logger.Infof("%s Encrypted basic_auth_password field for %d datasources \n", color.GreenString("✔"), basicAuthUpdated)
}
if passwordsUpdated == 0 && basicAuthUpdated == 0 {
Fix misspell issues (#23905) * Fix misspell issues See, $ golangci-lint run --timeout 10m --disable-all -E misspell ./... Signed-off-by: Mario Trangoni <mjtrangoni@gmail.com> * Fix codespell issues See, $ codespell -S './.git*' -L 'uint,thru,pres,unknwon,serie,referer,uptodate,durationm' Signed-off-by: Mario Trangoni <mjtrangoni@gmail.com> * ci please? * non-empty commit - ci? * Trigger build Co-authored-by: bergquist <carl.bergquist@gmail.com> Co-authored-by: Kyle Brandt <kyle@grafana.com>
5 years ago
logger.Infof("%s All datasources secrets are already encrypted\n", color.GreenString("✔"))
CLI: Add command to migrate all datasources to use encrypted password fields (#17118) closes: #17107
6 years ago
}
logger.Info("\n")
logger.Warn("Warning: Datasource provisioning files need to be manually changed to prevent overwriting of " +
"the data during provisioning. See https://grafana.com/docs/installation/upgrading/#upgrading-to-v6-2 for " +
"details")
return nil
})
}
Chore: Remove public vars in setting package (#81018) Removes the public variable setting.SecretKey plus some other ones. Introduces some new functions for creating setting.Cfg.
1 year ago
func migrateColumn(cfg *setting.Cfg, session *db.Session, column string) (int, error) {
CLI: Fix encrypt-datasource-passwords fails with sql error (#18014) Now handles secure_json_data stored as null in database when running the encrypt-datasource-passwords migration. Fixes #17948
6 years ago
var rows []map[string][]byte
CLI: Add command to migrate all datasources to use encrypted password fields (#17118) closes: #17107
6 years ago
session.Cols("id", column, "secure_json_data")
session.Table("data_source")
session.In("type", datasourceTypes)
session.Where(column + " IS NOT NULL AND " + column + " != ''")
err := session.Find(&rows)
if err != nil {
Chore: Remove Wrapf (#50128) * Chore: Remove Wrapf * Remove all Wrapf refs * Remove last Wrapf ref * Fix lint errors * Remove Wrap and Wrapf definitions * Remove unnecessary colon
3 years ago
return 0, fmt.Errorf("failed to select column: %s: %w", column, err)
CLI: Add command to migrate all datasources to use encrypted password fields (#17118) closes: #17107
6 years ago
}
Chore: Remove public vars in setting package (#81018) Removes the public variable setting.SecretKey plus some other ones. Introduces some new functions for creating setting.Cfg.
1 year ago
rowsUpdated, err := updateRows(cfg, session, rows, column)
Chore: Remove Wrapf (#50128) * Chore: Remove Wrapf * Remove all Wrapf refs * Remove last Wrapf ref * Fix lint errors * Remove Wrap and Wrapf definitions * Remove unnecessary colon
3 years ago
if err != nil {
return rowsUpdated, fmt.Errorf("failed to update column: %s: %w", column, err)
}
return rowsUpdated, err
CLI: Add command to migrate all datasources to use encrypted password fields (#17118) closes: #17107
6 years ago
}
Chore: Remove public vars in setting package (#81018) Removes the public variable setting.SecretKey plus some other ones. Introduces some new functions for creating setting.Cfg.
1 year ago
func updateRows(cfg *setting.Cfg, session *db.Session, rows []map[string][]byte, passwordFieldName string) (int, error) {
CLI: Add command to migrate all datasources to use encrypted password fields (#17118) closes: #17107
6 years ago
var rowsUpdated int
for _, row := range rows {
Chore: Remove public vars in setting package (#81018) Removes the public variable setting.SecretKey plus some other ones. Introduces some new functions for creating setting.Cfg.
1 year ago
newSecureJSONData, err := getUpdatedSecureJSONData(cfg.SecretKey, row, passwordFieldName)
CLI: Add command to migrate all datasources to use encrypted password fields (#17118) closes: #17107
6 years ago
if err != nil {
return 0, err
}
data, err := json.Marshal(newSecureJSONData)
if err != nil {
Chore: Remove Wrap (#50048) * Chore: Remove Wrap and Wrapf * Fix: Add error check
3 years ago
return 0, fmt.Errorf("%v: %w", "marshaling newSecureJsonData failed", err)
CLI: Add command to migrate all datasources to use encrypted password fields (#17118) closes: #17107
6 years ago
}
Chore: use any rather than interface{} (#74066)
2 years ago
newRow := map[string]any{"secure_json_data": data, passwordFieldName: ""}
CLI: Add command to migrate all datasources to use encrypted password fields (#17118) closes: #17107
6 years ago
session.Table("data_source")
CLI: Fix encrypt-datasource-passwords fails with sql error (#18014) Now handles secure_json_data stored as null in database when running the encrypt-datasource-passwords migration. Fixes #17948
6 years ago
session.Where("id = ?", string(row["id"]))
CLI: Add command to migrate all datasources to use encrypted password fields (#17118) closes: #17107
6 years ago
// Setting both columns while having value only for secure_json_data should clear the [passwordFieldName] column
session.Cols("secure_json_data", passwordFieldName)
_, err = session.Update(newRow)
if err != nil {
return 0, err
}
rowsUpdated++
}
return rowsUpdated, nil
}
Chore: Remove public vars in setting package (#81018) Removes the public variable setting.SecretKey plus some other ones. Introduces some new functions for creating setting.Cfg.
1 year ago
func getUpdatedSecureJSONData(secretKey string, row map[string][]byte, passwordFieldName string) (map[string]any, error) {
encryptedPassword, err := util.Encrypt(row[passwordFieldName], secretKey)
CLI: Add command to migrate all datasources to use encrypted password fields (#17118) closes: #17107
6 years ago
if err != nil {
return nil, err
}
Chore: use any rather than interface{} (#74066)
2 years ago
var secureJSONData map[string]any
CLI: Add command to migrate all datasources to use encrypted password fields (#17118) closes: #17107
6 years ago
CLI: Fix encrypt-datasource-passwords fails with sql error (#18014) Now handles secure_json_data stored as null in database when running the encrypt-datasource-passwords migration. Fixes #17948
6 years ago
if len(row["secure_json_data"]) > 0 {
if err := json.Unmarshal(row["secure_json_data"], &secureJSONData); err != nil {
return nil, err
}
} else {
Chore: use any rather than interface{} (#74066)
2 years ago
secureJSONData = map[string]any{}
CLI: Add command to migrate all datasources to use encrypted password fields (#17118) closes: #17107
6 years ago
}
jsonFieldName := util.ToCamelCase(passwordFieldName)
secureJSONData[jsonFieldName] = encryptedPassword
return secureJSONData, nil
}