Provisioning: fix hack-introduced bug on repository updates (#108298)

* Add log line to see which secret service we are using
* Add hack to make test and create endpoint work until we have InLineSecureValues

pkg/registry/apis/provisioning/secrets/repository.go

@@ -56,7 +56,9 @@ func NewRepositorySecrets(features featuremgmt.FeatureToggles, secretsSvc Servic
 // If the feature flag is disabled, it uses the legacy secrets service
 // If the feature flag is enabled, it uses the secrets service
 func (s *repositorySecrets) Encrypt(ctx context.Context, r *provisioning.Repository, name string, data string) (nameOrValue []byte, err error) {
+	logger := logging.FromContext(ctx).With("name", name, "namespace", r.GetNamespace())
 	if s.features.IsEnabled(ctx, featuremgmt.FlagProvisioningSecretsService) {
+		logger.Info("Encrypting secret with new secrets service")
 		encrypted, err := s.secretsSvc.Encrypt(ctx, r.GetNamespace(), name, data)
 		if err != nil {
 			return nil, err
@@ -64,6 +66,7 @@ func (s *repositorySecrets) Encrypt(ctx context.Context, r *provisioning.Reposit
 		return []byte(encrypted), err
 	}
 
+	logger.Info("Encrypting secret with legacy secrets service")
 	encrypted, err := s.legacySecrets.Encrypt(ctx, []byte(data))
 	if err != nil {
 		return nil, err
@@ -87,10 +90,10 @@ func (s *repositorySecrets) Decrypt(ctx context.Context, r *provisioning.Reposit
 	logger := logging.FromContext(ctx)
 	// HACK: this is a hack to identify if the name is a potential Kubernetes name for a secret.
 	if strings.HasPrefix(nameOrValue, r.GetName()) {
-		logger.Info("Decrypting secret with new secrets service", "name", nameOrValue)
+		logger.Info("Decrypting secret with new secrets service")
 		return s.secretsSvc.Decrypt(ctx, r.GetNamespace(), nameOrValue)
 	} else {
-		logger.Info("Decrypting secret with legacy secrets service", "name", nameOrValue)
+		logger.Info("Decrypting secret with legacy secrets service")
 		return s.legacySecrets.Decrypt(ctx, []byte(nameOrValue))
 	}
 }

pkg/registry/apis/provisioning/test.go

@@ -3,12 +3,14 @@ package provisioning
 import (
 	"context"
 	"encoding/json"
+	"fmt"
 	"net/http"
 	"reflect"
 	"time"
 
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apiserver/pkg/endpoints/request"
 	"k8s.io/apiserver/pkg/registry/rest"
 
 	provisioning "github.com/grafana/grafana/pkg/apis/provisioning/v0alpha1"
@@ -43,6 +45,11 @@ func (*testConnector) NewConnectOptions() (runtime.Object, bool, string) {
 }
 
 func (s *testConnector) Connect(ctx context.Context, name string, opts runtime.Object, responder rest.Responder) (http.Handler, error) {
+	ns, ok := request.NamespaceFrom(ctx)
+	if !ok {
+		return nil, fmt.Errorf("missing namespace")
+	}
+
 	return WithTimeout(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		body, err := readBody(r, defaultMaxBodySize)
 		if err != nil {
@@ -60,6 +67,23 @@ func (s *testConnector) Connect(ctx context.Context, name string, opts runtime.O
 
 			// In case the body is an empty object
 			if !reflect.ValueOf(cfg).IsZero() {
+				// HACK: Set the name and namespace if not set so that the temporary repository can be created
+				// This can be removed once we deprecate legacy secrets is deprecated or we use InLineSecureValues as we
+				// use the same field and repository name to detect which one to use.
+				if cfg.GetName() == "" {
+					if name == "new" {
+						// HACK: frontend is passing a "new" we need to remove the hack there as well
+						// Otherwise creation will fail as `new` is a reserved word. Not relevant here as we only "test"
+						name = "hack-on-hack-for-new"
+					}
+
+					cfg.SetName(name)
+				}
+
+				if cfg.GetNamespace() == "" {
+					cfg.SetNamespace(ns)
+				}
+
 				// Create a temporary repository
 				tmp, err := s.getter.AsRepository(ctx, &cfg)
 				if err != nil {