public/grafana
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
64,379 Commits 655 Branches 650 Tags
17459fe1f4f49ca81f57afa54c1f58a217841cb7
Commit Graph

14 Commits

Author SHA1 Message Date
Bruno 9091ac6f5c Secrets: add basic namespace and name checks to keeper store and secure value store (#114355) 2025-11-25 10:04:43 -03:00
Matheus Macabu 5e949fc955 Secrets: Fix secure value creation timestamp changing when updating it (#114290) 2025-11-21 16:31:17 +01:00
Bruno 0d67442f1a Secrets manager: create secure value using the active keeper (#114039) 
* Secrets manager: create secure value using the active keeper

* SecureValueService.Update: fetch secure value from db to get the keeper

* fix keeper_store_test.go

* SecureValueService: fix bug in update where the current version keeper wasn't being passed to the createNewVersion method

* make gofmt

* remove outdated test

* update TestModel

* undo enterprise_imports changes

* use xkube.Namespace

* migrator: set secret_secure_value.keeper to 'system' when the column is null

* indent cue

* fix tests

* fix enterprise imports

* properly fix enterprise imports

* make update-workspace

* go mod tidy

---------

Co-authored-by: Matheus Macabu <macabu.matheus@gmail.com>
 2025-11-21 11:20:16 -03:00
Mike 6c512dabdc Secrets: Fix MariaDB syntax error due to unsupported CTE syntax (#111610) (#113690) 
* Secrets: fix MariaDB syntax error due to unsupported CTE syntax (#111610)

* parametrize guid/created columns and re-generate test fixtures

---------

Co-authored-by: Matheus Macabu <macabu.matheus@gmail.com>
 2025-11-12 15:15:43 +01:00
Bruno 6b5cacfade use standard sql in secure_value_lease_inactive.sql (#110532) 
* use standard sql in secure_value_lease_inactive.sql

* ci
 2025-09-04 10:01:05 -03:00
Bruno f8cd7049e8 Secrets: garbage collection (#110247) 
* clean up older secret versions

* start gargbage collection worker as background service

* make gen-go

* fix typo

* make update-workspace

* undo go mod changes

* undo go work sum changes

* Update pkg/registry/apis/secret/garbagecollectionworker/worker.go

Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com>

* Update pkg/registry/apis/secret/garbagecollectionworker/worker.go

Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com>

* default gc_worker_batch_size to 1 minute

* fix typo

* fix typo

* add test to ensure cleaning up secure values is idempotent

* make gen-go

* make update-workspace

* undo go.mod and .sum changes

* undo enterprise imports

---------

Co-authored-by: Matheus Macabu <macabu.matheus@gmail.com>
Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com>
 2025-09-02 11:11:01 -03:00
Matheus Macabu 80d7892d6a Secrets: Save owner reference fields in secure value db table (#108905) 
* Secrets: Save owner reference fields in secure value db table

* Save api group and version separately
 2025-07-31 10:42:19 +02:00
Bruno 01692bc876 Secrets: remove unused SecureValueMetadataStorage.ReadForDecrypt method (#108181) 
* Secrets: remove unused SecureValueMetadataStorage.ReadForDecrypt method

* remove unused struct: secureValueForDecrypt
 2025-07-16 11:52:26 -03:00
Bruno 8283d35e56 Secrets: make operations sync (#107732) 
* Secrets: make operations sync

* k8s gen / update query to list secure values to include the version

* always store new version of a secret

* make update-workspace

* go mod tidy

* update queries

* update queries

* improve and use testutils in decrypt_store_test

* fix broken test

* make update-workspace

* ./hack/update-codegen.sh secret

* update Test_SecureValueMetadataStorage_CreateAndRead

* undo dependency changes

* linter: fix remaining errors

---------

Co-authored-by: Matheus Macabu <macabu.matheus@gmail.com>
Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com>
 2025-07-09 10:43:34 -03:00
Dana Axinte cfd3b9f582 SecretsManager: outbox use message id (#107472) 
* SecretsManager: outbox use message id

Co-authored-by: PoorlyDefinedBehaviour <brunotj2015@hotmail.com>

* Remove query timestamp

* Add missing query

---------

Co-authored-by: PoorlyDefinedBehaviour <brunotj2015@hotmail.com>
Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com>
Co-authored-by: Matheus Macabu <macabu.matheus@gmail.com>
 2025-07-03 15:21:47 +01:00
Dana Axinte dbe815ee68 SecretsManager: keepers with secure values credentials (#106761) 
* SecretsManager: keepers with secure values

Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com>
Co-authored-by: Dana Axinte <53751979+dana-axinte@users.noreply.github.com>

* Keepers: Refactor extract secure values remove extra helper functions

Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com>

---------

Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com>
 2025-06-16 14:37:36 +01:00
Dana Axinte 6097841e67 SecretsManager: add secure value store (#106708) 
* SecretsManager: add secure value model and sql templates

Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com>
Co-authored-by: Dana Axinte <53751979+dana-axinte@users.noreply.github.com>
Co-authored-by: Leandro Deveikis <leandro.deveikis@gmail.com>
Co-authored-by: PoorlyDefinedBehaviour <brunotj2015@hotmail.com>

* SecretsManager: secure value rest layer to use store

Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com>
Co-authored-by: Dana Axinte <53751979+dana-axinte@users.noreply.github.com>
Co-authored-by: Leandro Deveikis <leandro.deveikis@gmail.com>
Co-authored-by: PoorlyDefinedBehaviour <brunotj2015@hotmail.com>

* SecretsManager: temporary add actor prefix to decrypters

* Remove list securevalue by namefor now

---------

Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com>
Co-authored-by: Leandro Deveikis <leandro.deveikis@gmail.com>
Co-authored-by: PoorlyDefinedBehaviour <brunotj2015@hotmail.com>
 2025-06-16 10:19:44 +01:00
Dana Axinte de28231f2f SecretsManager: Add outbox store (#106613) 
SecretsManager: add outbox store

Co-authored-by: PoorlyDefinedBehaviour <brunotj2015@hotmail.com>
Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com>
 2025-06-12 13:31:48 +01:00
Dana Axinte 7f2923d4ed SecretsManager: Introduce keeper store (#105557) 
* SecretsManager: Introduce secret database wrapper

Co-authored-by: PoorlyDefinedBehaviour <brunotj2015@hotmail.com>
Co-authored-by: Leandro Deveikis <leandro.deveikis@gmail.com>
Co-authored-by: Dana Axinte <53751979+dana-axinte@users.noreply.github.com>
Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com>

* SecretsManager: Introduce db migrator with keeper table

Co-authored-by: PoorlyDefinedBehaviour <brunotj2015@hotmail.com>
Co-authored-by: Leandro Deveikis <leandro.deveikis@gmail.com>
Co-authored-by: Dana Axinte <53751979+dana-axinte@users.noreply.github.com>
Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com>

* SecretsManager: Introduce keeper store

Co-authored-by: Leandro Deveikis <leandro.deveikis@gmail.com>
Co-authored-by: Dana Axinte <53751979+dana-axinte@users.noreply.github.com>
Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com>

* new line

* without query listByNameSecureValue

* remove unused extractSecureValues for now

* SecretsManager: Add keeper integration tests

Co-authored-by: Leandro Deveikis <leandro.deveikis@gmail.com>
Co-authored-by: Dana Axinte <53751979+dana-axinte@users.noreply.github.com>
Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com>

---------

Co-authored-by: PoorlyDefinedBehaviour <brunotj2015@hotmail.com>
Co-authored-by: Leandro Deveikis <leandro.deveikis@gmail.com>
Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com>
 2025-05-22 14:26:47 +01:00