grafana/pkg/storage/secret/encryption/query_test.go

package encryption

import (
	"testing"
	"text/template"
	"time"

	"github.com/grafana/grafana/pkg/registry/apis/secret/contracts"
	"github.com/grafana/grafana/pkg/storage/unified/sql/sqltemplate/mocks"
)

func TestEncryptedValueQueries(t *testing.T) {
	mocks.CheckQuerySnapshots(t, mocks.TemplateTestSetup{
		RootDir: "testdata",
		Templates: map[*template.Template][]mocks.TemplateTestCase{
			sqlEncryptedValueCreate: {
				{
					Name: "create",
					Data: &createEncryptedValue{
						SQLTemplate: mocks.NewTestingSQLTemplate(),
						Row: &EncryptedValue{
							Namespace:     "ns",
							UID:           "abc123",
							EncryptedData: []byte("secret"),
							Created:       1234,
							Updated:       5678,
						},
					},
				},
			},
			sqlEncryptedValueRead: {
				{
					Name: "read",
					Data: &readEncryptedValue{
						SQLTemplate: mocks.NewTestingSQLTemplate(),
						Namespace:   "ns",
						UID:         "abc123",
					},
				},
			},
			sqlEncryptedValueUpdate: {
				{
					Name: "update",
					Data: &updateEncryptedValue{
						SQLTemplate:   mocks.NewTestingSQLTemplate(),
						Namespace:     "ns",
						UID:           "abc123",
						EncryptedData: []byte("secret"),
						Updated:       5679,
					},
				},
			},
			sqlEncryptedValueDelete: {
				{
					Name: "delete",
					Data: &deleteEncryptedValue{
						SQLTemplate: mocks.NewTestingSQLTemplate(),
						Namespace:   "ns",
						UID:         "abc123",
					},
				},
			},
		},
	})
}

func TestDataKeyQueries(t *testing.T) {
	mocks.CheckQuerySnapshots(t, mocks.TemplateTestSetup{
		RootDir: "testdata",
		Templates: map[*template.Template][]mocks.TemplateTestCase{
			sqlDataKeyCreate: {
				{
					Name: "create",
					Data: &createDataKey{
						SQLTemplate: mocks.NewTestingSQLTemplate(),
						Row: &contracts.SecretDataKey{
							UID:           "abc123",
							Active:        true,
							Namespace:     "ns",
							Label:         "label",
							Provider:      "provider",
							EncryptedData: []byte("secret"),
						},
					},
				},
				{
					Name: "create-not-active",
					Data: &createDataKey{
						SQLTemplate: mocks.NewTestingSQLTemplate(),
						Row: &contracts.SecretDataKey{
							UID:           "abc123",
							Active:        false,
							Namespace:     "ns",
							Label:         "label",
							Provider:      "provider",
							EncryptedData: []byte("secret"),
						},
					},
				},
			},
			sqlDataKeyRead: {
				{
					Name: "read",
					Data: &readDataKey{
						SQLTemplate: mocks.NewTestingSQLTemplate(),
						Namespace:   "ns",
						UID:         "abc123",
					},
				},
			},
			sqlDataKeyReadCurrent: {
				{
					Name: "read_current",
					Data: &readCurrentDataKey{
						SQLTemplate: mocks.NewTestingSQLTemplate(),
						Namespace:   "ns",
						Label:       "label",
					},
				},
			},
			sqlDataKeyList: {
				{
					Name: "list",
					Data: &listDataKeys{
						SQLTemplate: mocks.NewTestingSQLTemplate(),
						Namespace:   "ns",
					},
				},
			},
			sqlDataKeyDisable: {
				{
					Name: "disable",
					Data: &disableDataKeys{
						SQLTemplate: mocks.NewTestingSQLTemplate(),
						Namespace:   "ns",
						Updated:     time.Unix(1735689600, 0).UTC(),
					},
				},
			},
			sqlDataKeyDelete: {
				{
					Name: "delete",
					Data: &deleteDataKey{
						SQLTemplate: mocks.NewTestingSQLTemplate(),
						Namespace:   "ns",
						UID:         "abc123",
					},
				},
				{
					Name: "delete-no-uid",
					Data: &deleteDataKey{
						SQLTemplate: mocks.NewTestingSQLTemplate(),
						Namespace:   "ns",
						UID:         "",
					},
				},
			},
		},
	})
}
SecretsManager: Add encrypted value store (#106607) * SecretsManager: add encrypted value store Co-authored-by: Dana Axinte <53751979+dana-axinte@users.noreply.github.com> Co-authored-by: Leandro Deveikis <leandro.deveikis@gmail.com> Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com> Co-authored-by: PoorlyDefinedBehaviour <brunotj2015@hotmail.com> * SecretsManager: wiring of encrypted value store --------- Co-authored-by: Leandro Deveikis <leandro.deveikis@gmail.com> Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com> Co-authored-by: PoorlyDefinedBehaviour <brunotj2015@hotmail.com> 2025-06-12 18:52:01 +08:00			`package encryption`

			`import (`
			`"testing"`
			`"text/template"`
SecretsManager: add data key store (#107396) * SecretsManager: Add data key store Co-authored-by: Michael Mandrus <michael.mandrus@grafana.com> Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com> Co-authored-by: Dana Axinte <53751979+dana-axinte@users.noreply.github.com> * SecretsManager: Add wiring of data key store Co-authored-by: Michael Mandrus <michael.mandrus@grafana.com> Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com> Co-authored-by: Dana Axinte <53751979+dana-axinte@users.noreply.github.com> --------- Co-authored-by: Michael Mandrus <michael.mandrus@grafana.com> Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com> 2025-07-01 00:17:07 +08:00			`"time"`
SecretsManager: Add encrypted value store (#106607) * SecretsManager: add encrypted value store Co-authored-by: Dana Axinte <53751979+dana-axinte@users.noreply.github.com> Co-authored-by: Leandro Deveikis <leandro.deveikis@gmail.com> Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com> Co-authored-by: PoorlyDefinedBehaviour <brunotj2015@hotmail.com> * SecretsManager: wiring of encrypted value store --------- Co-authored-by: Leandro Deveikis <leandro.deveikis@gmail.com> Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com> Co-authored-by: PoorlyDefinedBehaviour <brunotj2015@hotmail.com> 2025-06-12 18:52:01 +08:00
SecretsManager: add data key store (#107396) * SecretsManager: Add data key store Co-authored-by: Michael Mandrus <michael.mandrus@grafana.com> Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com> Co-authored-by: Dana Axinte <53751979+dana-axinte@users.noreply.github.com> * SecretsManager: Add wiring of data key store Co-authored-by: Michael Mandrus <michael.mandrus@grafana.com> Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com> Co-authored-by: Dana Axinte <53751979+dana-axinte@users.noreply.github.com> --------- Co-authored-by: Michael Mandrus <michael.mandrus@grafana.com> Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com> 2025-07-01 00:17:07 +08:00			`"github.com/grafana/grafana/pkg/registry/apis/secret/contracts"`
SecretsManager: Add encrypted value store (#106607) * SecretsManager: add encrypted value store Co-authored-by: Dana Axinte <53751979+dana-axinte@users.noreply.github.com> Co-authored-by: Leandro Deveikis <leandro.deveikis@gmail.com> Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com> Co-authored-by: PoorlyDefinedBehaviour <brunotj2015@hotmail.com> * SecretsManager: wiring of encrypted value store --------- Co-authored-by: Leandro Deveikis <leandro.deveikis@gmail.com> Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com> Co-authored-by: PoorlyDefinedBehaviour <brunotj2015@hotmail.com> 2025-06-12 18:52:01 +08:00			`"github.com/grafana/grafana/pkg/storage/unified/sql/sqltemplate/mocks"`
			`)`

			`func TestEncryptedValueQueries(t *testing.T) {`
			`mocks.CheckQuerySnapshots(t, mocks.TemplateTestSetup{`
			`RootDir: "testdata",`
			`Templates: map[*template.Template][]mocks.TemplateTestCase{`
			`sqlEncryptedValueCreate: {`
			`{`
			`Name: "create",`
			`Data: &createEncryptedValue{`
			`SQLTemplate: mocks.NewTestingSQLTemplate(),`
			`Row: &EncryptedValue{`
			`Namespace: "ns",`
			`UID: "abc123",`
			`EncryptedData: []byte("secret"),`
			`Created: 1234,`
			`Updated: 5678,`
			`},`
			`},`
			`},`
			`},`
			`sqlEncryptedValueRead: {`
			`{`
			`Name: "read",`
			`Data: &readEncryptedValue{`
			`SQLTemplate: mocks.NewTestingSQLTemplate(),`
			`Namespace: "ns",`
			`UID: "abc123",`
			`},`
			`},`
			`},`
			`sqlEncryptedValueUpdate: {`
			`{`
			`Name: "update",`
			`Data: &updateEncryptedValue{`
			`SQLTemplate: mocks.NewTestingSQLTemplate(),`
			`Namespace: "ns",`
			`UID: "abc123",`
			`EncryptedData: []byte("secret"),`
			`Updated: 5679,`
			`},`
			`},`
			`},`
			`sqlEncryptedValueDelete: {`
			`{`
			`Name: "delete",`
			`Data: &deleteEncryptedValue{`
			`SQLTemplate: mocks.NewTestingSQLTemplate(),`
			`Namespace: "ns",`
			`UID: "abc123",`
			`},`
			`},`
			`},`
			`},`
			`})`
			`}`
SecretsManager: add data key store (#107396) * SecretsManager: Add data key store Co-authored-by: Michael Mandrus <michael.mandrus@grafana.com> Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com> Co-authored-by: Dana Axinte <53751979+dana-axinte@users.noreply.github.com> * SecretsManager: Add wiring of data key store Co-authored-by: Michael Mandrus <michael.mandrus@grafana.com> Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com> Co-authored-by: Dana Axinte <53751979+dana-axinte@users.noreply.github.com> --------- Co-authored-by: Michael Mandrus <michael.mandrus@grafana.com> Co-authored-by: Matheus Macabu <macabu@users.noreply.github.com> 2025-07-01 00:17:07 +08:00
			`func TestDataKeyQueries(t *testing.T) {`
			`mocks.CheckQuerySnapshots(t, mocks.TemplateTestSetup{`
			`RootDir: "testdata",`
			`Templates: map[*template.Template][]mocks.TemplateTestCase{`
			`sqlDataKeyCreate: {`
			`{`
			`Name: "create",`
			`Data: &createDataKey{`
			`SQLTemplate: mocks.NewTestingSQLTemplate(),`
			`Row: &contracts.SecretDataKey{`
			`UID: "abc123",`
			`Active: true,`
			`Namespace: "ns",`
			`Label: "label",`
			`Provider: "provider",`
			`EncryptedData: []byte("secret"),`
			`},`
			`},`
			`},`
			`{`
			`Name: "create-not-active",`
			`Data: &createDataKey{`
			`SQLTemplate: mocks.NewTestingSQLTemplate(),`
			`Row: &contracts.SecretDataKey{`
			`UID: "abc123",`
			`Active: false,`
			`Namespace: "ns",`
			`Label: "label",`
			`Provider: "provider",`
			`EncryptedData: []byte("secret"),`
			`},`
			`},`
			`},`
			`},`
			`sqlDataKeyRead: {`
			`{`
			`Name: "read",`
			`Data: &readDataKey{`
			`SQLTemplate: mocks.NewTestingSQLTemplate(),`
			`Namespace: "ns",`
			`UID: "abc123",`
			`},`
			`},`
			`},`
			`sqlDataKeyReadCurrent: {`
			`{`
			`Name: "read_current",`
			`Data: &readCurrentDataKey{`
			`SQLTemplate: mocks.NewTestingSQLTemplate(),`
			`Namespace: "ns",`
			`Label: "label",`
			`},`
			`},`
			`},`
			`sqlDataKeyList: {`
			`{`
			`Name: "list",`
			`Data: &listDataKeys{`
			`SQLTemplate: mocks.NewTestingSQLTemplate(),`
			`Namespace: "ns",`
			`},`
			`},`
			`},`
			`sqlDataKeyDisable: {`
			`{`
			`Name: "disable",`
			`Data: &disableDataKeys{`
			`SQLTemplate: mocks.NewTestingSQLTemplate(),`
			`Namespace: "ns",`
			`Updated: time.Unix(1735689600, 0).UTC(),`
			`},`
			`},`
			`},`
			`sqlDataKeyDelete: {`
			`{`
			`Name: "delete",`
			`Data: &deleteDataKey{`
			`SQLTemplate: mocks.NewTestingSQLTemplate(),`
			`Namespace: "ns",`
			`UID: "abc123",`
			`},`
			`},`
			`{`
			`Name: "delete-no-uid",`
			`Data: &deleteDataKey{`
			`SQLTemplate: mocks.NewTestingSQLTemplate(),`
			`Namespace: "ns",`
			`UID: "",`
			`},`
			`},`
			`},`
			`},`
			`})`
			`}`