0fccc01ebe
* SecretsManager: Add data key store Co-authored-by: Michael Mandrus <michael.mandrus@grafana.com> Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com> Co-authored-by: Dana Axinte <53751979+dana-axinte@users.noreply.github.com> * SecretsManager: Add wiring of data key store Co-authored-by: Michael Mandrus <michael.mandrus@grafana.com> Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com> Co-authored-by: Dana Axinte <53751979+dana-axinte@users.noreply.github.com> --------- Co-authored-by: Michael Mandrus <michael.mandrus@grafana.com> Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com>
140 lines
3.3 KiB
Go
140 lines
3.3 KiB
Go
package encryption
|
|
|
|
import (
|
|
"embed"
|
|
"fmt"
|
|
"text/template"
|
|
"time"
|
|
|
|
"github.com/grafana/grafana/pkg/registry/apis/secret/contracts"
|
|
"github.com/grafana/grafana/pkg/storage/unified/sql/sqltemplate"
|
|
)
|
|
|
|
var (
|
|
//go:embed data/*.sql
|
|
sqlTemplatesFS embed.FS
|
|
|
|
sqlTemplates = template.Must(template.New("sql").ParseFS(sqlTemplatesFS, `data/*.sql`))
|
|
|
|
// The SQL Commands
|
|
sqlEncryptedValueCreate = mustTemplate("encrypted_value_create.sql")
|
|
sqlEncryptedValueRead = mustTemplate("encrypted_value_read.sql")
|
|
sqlEncryptedValueUpdate = mustTemplate("encrypted_value_update.sql")
|
|
sqlEncryptedValueDelete = mustTemplate("encrypted_value_delete.sql")
|
|
|
|
sqlDataKeyCreate = mustTemplate("data_key_create.sql")
|
|
sqlDataKeyRead = mustTemplate("data_key_read.sql")
|
|
sqlDataKeyReadCurrent = mustTemplate("data_key_read_current.sql")
|
|
sqlDataKeyList = mustTemplate("data_key_list.sql")
|
|
sqlDataKeyDisable = mustTemplate("data_key_disable.sql")
|
|
sqlDataKeyDelete = mustTemplate("data_key_delete.sql")
|
|
)
|
|
|
|
// TODO: Move this to a common place so that all stores can use
|
|
func mustTemplate(filename string) *template.Template {
|
|
if t := sqlTemplates.Lookup(filename); t != nil {
|
|
return t
|
|
}
|
|
panic(fmt.Sprintf("template file not found: %s", filename))
|
|
}
|
|
|
|
/*************************************/
|
|
/**-- Encrypted Value Queries --**/
|
|
/*************************************/
|
|
type createEncryptedValue struct {
|
|
sqltemplate.SQLTemplate
|
|
Row *EncryptedValue
|
|
}
|
|
|
|
// Validate is only used if we use `dbutil` from `unifiedstorage`
|
|
func (r createEncryptedValue) Validate() error {
|
|
return nil // TODO
|
|
}
|
|
|
|
// Read Encrypted Value
|
|
type readEncryptedValue struct {
|
|
sqltemplate.SQLTemplate
|
|
Namespace string
|
|
UID string
|
|
}
|
|
|
|
// Validate is only used if we use `dbutil` from `unifiedstorage`
|
|
func (r readEncryptedValue) Validate() error {
|
|
return nil // TODO
|
|
}
|
|
|
|
// Update Encrypted Value
|
|
type updateEncryptedValue struct {
|
|
sqltemplate.SQLTemplate
|
|
Namespace string
|
|
UID string
|
|
EncryptedData []byte
|
|
Updated int64
|
|
}
|
|
|
|
// Validate is only used if we use `dbutil` from `unifiedstorage`
|
|
func (r updateEncryptedValue) Validate() error {
|
|
return nil // TODO
|
|
}
|
|
|
|
// Delete Encrypted Value
|
|
type deleteEncryptedValue struct {
|
|
sqltemplate.SQLTemplate
|
|
Namespace string
|
|
UID string
|
|
}
|
|
|
|
// Validate is only used if we use `dbutil` from `unifiedstorage`
|
|
func (r deleteEncryptedValue) Validate() error {
|
|
return nil // TODO
|
|
}
|
|
|
|
/*************************************/
|
|
/**-- Data Key Queries --**/
|
|
/*************************************/
|
|
type createDataKey struct {
|
|
sqltemplate.SQLTemplate
|
|
Row *contracts.SecretDataKey
|
|
}
|
|
|
|
func (r createDataKey) Validate() error { return nil }
|
|
|
|
type readDataKey struct {
|
|
sqltemplate.SQLTemplate
|
|
Namespace string
|
|
UID string
|
|
}
|
|
|
|
func (r readDataKey) Validate() error { return nil }
|
|
|
|
type readCurrentDataKey struct {
|
|
sqltemplate.SQLTemplate
|
|
Namespace string
|
|
Label string
|
|
}
|
|
|
|
func (r readCurrentDataKey) Validate() error { return nil }
|
|
|
|
type listDataKeys struct {
|
|
sqltemplate.SQLTemplate
|
|
Namespace string
|
|
}
|
|
|
|
func (r listDataKeys) Validate() error { return nil }
|
|
|
|
type disableDataKeys struct {
|
|
sqltemplate.SQLTemplate
|
|
Namespace string
|
|
Updated time.Time
|
|
}
|
|
|
|
func (r disableDataKeys) Validate() error { return nil }
|
|
|
|
type deleteDataKey struct {
|
|
sqltemplate.SQLTemplate
|
|
Namespace string
|
|
UID string
|
|
}
|
|
|
|
func (r deleteDataKey) Validate() error { return nil }
|