* Secrets: Update proto inline secure values to take variadic names on delete
* Secrets: Update inline delete when owned to take multiple names
* trigger CI
* TestUtils: Add helper to create certs
* InlineSecureValue: Move to its own package rather than service
* Settings: Rename decrypt server configs to grpc prefixed as it is more generic
* InlineSecureValue: Add gRPC client
* InlineSecureValue: Add service provider grpc/local depending on setting.Cfg
* Wire: Add ProvideInlineSecureValueService to basic wireset
* InlineSecureValue: Re-export in root secret pkg and generate mocks for interface
* Settings: Unify decrypt+inline setting into generic grpc client
* Secrets: Add service name as explicit parameter for Decrypt
* Apply suggestions from code review
Co-authored-by: Stephanie Hingtgen <stephanie.hingtgen@grafana.com>
---------
Co-authored-by: Stephanie Hingtgen <stephanie.hingtgen@grafana.com>
* list all encrypted values and count
* separate interfaces
* add time filter to global queries
* initial secrets consolidation
* Revert defaults
* More verbose description of the operation
* Add consolidation tests and tracing
* Fix lint
* Revert debug log
* Use provider in Webhooks registration
* First stab at using the new client
* Simplify mock
* Able to generate graph in OSS
* Remove line already ensured by provider
* Handle the K8s not found error as well
* Commit regenerated wire file
* Add the hack also for deletion
* Fix secrets test util
* Format file
* Secrets: Add single tenant SecureValueClient
* SecureValueClient: Rename file
* SecureValueClient: Move original type to contracts package and export it by aliasing
- Provisioning: Begin using secrets store
- Refactor integration with secrets store
- Add back the legacy service
- Separate concerns for encrypt and decrypt
- Handle update within Encrypt function
- Add interface for secure value service
- Add feature flag for using secrets service
- Add the dual service for temporary solution.
* Add first integration tests for encrypted tokens
* Add integration test for app platform secrets
* Validate it has the name or not
* Create wire provider
* Always save to the secret if provided secret
---------
Co-authored-by: Roberto Jimenez Sanchez <roberto.jimenez@grafana.com>
Co-authored-by: Roberto Jiménez Sánchez <jszroberto@gmail.com>
* Secrets: delete unused FakeKeeper
* Secrets: encrypted value storage stores versions
* add version to span
* trigger build
* remove ineffectual assignment
* lint
* drop secret_encrypted_value.uid / add name and version columns
* Secrets: add state machine test for CRUDL+decrpt operations
* make update-workspace
* make update-workspace
* make enterprise-dev
* make update-workspace
* fix go.mod
* make update-workspace
* fix gomod
* make update-workspace
---------
Co-authored-by: Matheus Macabu <macabu.matheus@gmail.com>
* Secrets: make operations sync
* k8s gen / update query to list secure values to include the version
* always store new version of a secret
* make update-workspace
* go mod tidy
* update queries
* update queries
* improve and use testutils in decrypt_store_test
* fix broken test
* make update-workspace
* ./hack/update-codegen.sh secret
* update Test_SecureValueMetadataStorage_CreateAndRead
* undo dependency changes
* linter: fix remaining errors
---------
Co-authored-by: Matheus Macabu <macabu.matheus@gmail.com>
Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com>
Bruno
Matheus Macabu
Stephanie Hingtgen
lean.dev
Ryan McKinley
Dana Axinte
Serge Zaitsev
Roberto Jiménez Sánchez
Michael Mandrus