diff --git a/pkg/registry/apis/provisioning/secrets/repository.go b/pkg/registry/apis/provisioning/secrets/repository.go index 20d621b9def..c86917cb452 100644 --- a/pkg/registry/apis/provisioning/secrets/repository.go +++ b/pkg/registry/apis/provisioning/secrets/repository.go @@ -56,7 +56,9 @@ func NewRepositorySecrets(features featuremgmt.FeatureToggles, secretsSvc Servic // If the feature flag is disabled, it uses the legacy secrets service // If the feature flag is enabled, it uses the secrets service func (s *repositorySecrets) Encrypt(ctx context.Context, r *provisioning.Repository, name string, data string) (nameOrValue []byte, err error) { + logger := logging.FromContext(ctx).With("name", name, "namespace", r.GetNamespace()) if s.features.IsEnabled(ctx, featuremgmt.FlagProvisioningSecretsService) { + logger.Info("Encrypting secret with new secrets service") encrypted, err := s.secretsSvc.Encrypt(ctx, r.GetNamespace(), name, data) if err != nil { return nil, err @@ -64,6 +66,7 @@ func (s *repositorySecrets) Encrypt(ctx context.Context, r *provisioning.Reposit return []byte(encrypted), err } + logger.Info("Encrypting secret with legacy secrets service") encrypted, err := s.legacySecrets.Encrypt(ctx, []byte(data)) if err != nil { return nil, err @@ -87,10 +90,10 @@ func (s *repositorySecrets) Decrypt(ctx context.Context, r *provisioning.Reposit logger := logging.FromContext(ctx) // HACK: this is a hack to identify if the name is a potential Kubernetes name for a secret. if strings.HasPrefix(nameOrValue, r.GetName()) { - logger.Info("Decrypting secret with new secrets service", "name", nameOrValue) + logger.Info("Decrypting secret with new secrets service") return s.secretsSvc.Decrypt(ctx, r.GetNamespace(), nameOrValue) } else { - logger.Info("Decrypting secret with legacy secrets service", "name", nameOrValue) + logger.Info("Decrypting secret with legacy secrets service") return s.legacySecrets.Decrypt(ctx, []byte(nameOrValue)) } } diff --git a/pkg/registry/apis/provisioning/test.go b/pkg/registry/apis/provisioning/test.go index e54388c8eb2..9813c37a0ad 100644 --- a/pkg/registry/apis/provisioning/test.go +++ b/pkg/registry/apis/provisioning/test.go @@ -3,12 +3,14 @@ package provisioning import ( "context" "encoding/json" + "fmt" "net/http" "reflect" "time" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apiserver/pkg/endpoints/request" "k8s.io/apiserver/pkg/registry/rest" provisioning "github.com/grafana/grafana/pkg/apis/provisioning/v0alpha1" @@ -43,6 +45,11 @@ func (*testConnector) NewConnectOptions() (runtime.Object, bool, string) { } func (s *testConnector) Connect(ctx context.Context, name string, opts runtime.Object, responder rest.Responder) (http.Handler, error) { + ns, ok := request.NamespaceFrom(ctx) + if !ok { + return nil, fmt.Errorf("missing namespace") + } + return WithTimeout(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { body, err := readBody(r, defaultMaxBodySize) if err != nil { @@ -60,6 +67,23 @@ func (s *testConnector) Connect(ctx context.Context, name string, opts runtime.O // In case the body is an empty object if !reflect.ValueOf(cfg).IsZero() { + // HACK: Set the name and namespace if not set so that the temporary repository can be created + // This can be removed once we deprecate legacy secrets is deprecated or we use InLineSecureValues as we + // use the same field and repository name to detect which one to use. + if cfg.GetName() == "" { + if name == "new" { + // HACK: frontend is passing a "new" we need to remove the hack there as well + // Otherwise creation will fail as `new` is a reserved word. Not relevant here as we only "test" + name = "hack-on-hack-for-new" + } + + cfg.SetName(name) + } + + if cfg.GetNamespace() == "" { + cfg.SetNamespace(ns) + } + // Create a temporary repository tmp, err := s.getter.AsRepository(ctx, &cfg) if err != nil {