public/grafana
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8eef17cb37fc3b56cab9b052d80b6ded998912c7
grafana/pkg/storage/secret/encryption/query.go
T
Bruno baa89f3eac Secrets: encryption encryption storage uses versioning (#108036) 
* Secrets: delete unused FakeKeeper

* Secrets: encrypted value storage stores versions

* add version to span

* trigger build

* remove ineffectual assignment

* lint

* drop secret_encrypted_value.uid / add name and version columns
2025-07-14 09:28:07 -03:00

143 lines
3.4 KiB
Go
Raw Blame History

package encryption
import (
"embed"
"fmt"
"text/template"
"time"
"github.com/grafana/grafana/pkg/registry/apis/secret/contracts"
"github.com/grafana/grafana/pkg/storage/unified/sql/sqltemplate"
)
var (
//go:embed data/*.sql
sqlTemplatesFS embed.FS
sqlTemplates = template.Must(template.New("sql").ParseFS(sqlTemplatesFS, `data/*.sql`))
// The SQL Commands
sqlEncryptedValueCreate = mustTemplate("encrypted_value_create.sql")
sqlEncryptedValueRead = mustTemplate("encrypted_value_read.sql")
sqlEncryptedValueUpdate = mustTemplate("encrypted_value_update.sql")
sqlEncryptedValueDelete = mustTemplate("encrypted_value_delete.sql")
sqlDataKeyCreate = mustTemplate("data_key_create.sql")
sqlDataKeyRead = mustTemplate("data_key_read.sql")
sqlDataKeyReadCurrent = mustTemplate("data_key_read_current.sql")
sqlDataKeyList = mustTemplate("data_key_list.sql")
sqlDataKeyDisable = mustTemplate("data_key_disable.sql")
sqlDataKeyDelete = mustTemplate("data_key_delete.sql")
)
// TODO: Move this to a common place so that all stores can use
func mustTemplate(filename string) *template.Template {
if t := sqlTemplates.Lookup(filename); t != nil {
return t
}
panic(fmt.Sprintf("template file not found: %s", filename))
}
/*************************************/
/**-- Encrypted Value Queries --**/
/*************************************/
type createEncryptedValue struct {
sqltemplate.SQLTemplate
Row *EncryptedValue
}
// Validate is only used if we use `dbutil` from `unifiedstorage`
func (r createEncryptedValue) Validate() error {
return nil // TODO
}
// Read Encrypted Value
type readEncryptedValue struct {
sqltemplate.SQLTemplate
Namespace string
Name string
Version int64
}
// Validate is only used if we use `dbutil` from `unifiedstorage`
func (r readEncryptedValue) Validate() error {
return nil // TODO
}
// Update Encrypted Value
type updateEncryptedValue struct {
sqltemplate.SQLTemplate
Namespace string
Name string
Version int64
EncryptedData []byte
Updated int64
}
// Validate is only used if we use `dbutil` from `unifiedstorage`
func (r updateEncryptedValue) Validate() error {
return nil // TODO
}
// Delete Encrypted Value
type deleteEncryptedValue struct {
sqltemplate.SQLTemplate
Namespace string
Name string
Version int64
}
// Validate is only used if we use `dbutil` from `unifiedstorage`
func (r deleteEncryptedValue) Validate() error {
return nil // TODO
}
/*************************************/
/**-- Data Key Queries --**/
/*************************************/
type createDataKey struct {
sqltemplate.SQLTemplate
Row *contracts.SecretDataKey
}
func (r createDataKey) Validate() error { return nil }
type readDataKey struct {
sqltemplate.SQLTemplate
Namespace string
UID string
}
func (r readDataKey) Validate() error { return nil }
type readCurrentDataKey struct {
sqltemplate.SQLTemplate
Namespace string
Label string
}
func (r readCurrentDataKey) Validate() error { return nil }
type listDataKeys struct {
sqltemplate.SQLTemplate
Namespace string
}
func (r listDataKeys) Validate() error { return nil }
type disableDataKeys struct {
sqltemplate.SQLTemplate
Namespace string
Updated time.Time
}
func (r disableDataKeys) Validate() error { return nil }
type deleteDataKey struct {
sqltemplate.SQLTemplate
Namespace string
UID string
}
func (r deleteDataKey) Validate() error { return nil }
Reference in New Issue View Git Blame Copy Permalink