root
/
grafana
mirror of https://github.com/grafana/grafana.git
1
0
Fork 0
Code Issues Actions 243 Packages Projects Releases Wiki Activity

WIP: Add private Secret Manager Plugins support to plugin platform (#49544) 

* Add protobuf config and generated code, and client wrapper

* wire up loading of secretsmanager plugin, using renderer plugin as a model

* update kvstore provider to check if we should use the grpc plugin. return false always in OSS

* add OSS remote plugin check

* refactor wire gen file

* log which secrets manager is being used

* Fix argument types for remote checker

* Turns out if err != nil, then the result is always nil. Return empty values if there is an error.

* remove duplicate import

* Update pkg/services/secrets/kvstore/kvstore.go

Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>

* Update pkg/services/secrets/kvstore/kvstore.go

Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>

* refactor RemotePluginCheck interface to just return the Plugin client directly

* rename struct to something less silly

* Update pkg/plugins/backendplugin/secretsmanagerplugin/secretsmanager.proto

Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>

Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
This commit is contained in:
Michael Mandrus 2022-06-09 13:19:27 -04:00 committed by GitHub
parent ef401f5d62
commit f376c33903
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
17 changed files with 1460 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
pkg/plugins/backendplugin/grpcplugin/client.go
View File

@ -7,6 +7,7 @@ import (
"github.com/grafana/grafana/pkg/infra/log"
"github.com/grafana/grafana/pkg/plugins/backendplugin"
"github.com/grafana/grafana/pkg/plugins/backendplugin/pluginextensionv2"
"github.com/grafana/grafana/pkg/plugins/backendplugin/secretsmanagerplugin"
goplugin "github.com/hashicorp/go-plugin"
)
@ -41,23 +42,28 @@ func newClientConfig(executablePath string, env []string, logger log.Logger,
// StartRendererFunc callback function called when a renderer plugin is started.
type StartRendererFunc func(pluginID string, renderer pluginextensionv2.RendererPlugin, logger log.Logger) error
// StartSecretsManagerFunc callback function called when a secrets manager plugin is started.
type StartSecretsManagerFunc func(pluginID string, secretsmanager secretsmanagerplugin.SecretsManagerPlugin, logger log.Logger) error
// PluginDescriptor is a descriptor used for registering backend plugins.
type PluginDescriptor struct {
pluginID string
executablePath string
managed bool
versionedPlugins map[int]goplugin.PluginSet
startRendererFn StartRendererFunc
pluginID string
executablePath string
managed bool
versionedPlugins map[int]goplugin.PluginSet
startRendererFn StartRendererFunc
startSecretsManagerFn StartSecretsManagerFunc
}
// getV2PluginSet returns list of plugins supported on v2.
func getV2PluginSet() goplugin.PluginSet {
return goplugin.PluginSet{
"diagnostics": &grpcplugin.DiagnosticsGRPCPlugin{},
"resource": &grpcplugin.ResourceGRPCPlugin{},
"data": &grpcplugin.DataGRPCPlugin{},
"stream": &grpcplugin.StreamGRPCPlugin{},
"renderer": &pluginextensionv2.RendererGRPCPlugin{},
"diagnostics": &grpcplugin.DiagnosticsGRPCPlugin{},
"resource": &grpcplugin.ResourceGRPCPlugin{},
"data": &grpcplugin.DataGRPCPlugin{},
"stream": &grpcplugin.StreamGRPCPlugin{},
"renderer": &pluginextensionv2.RendererGRPCPlugin{},
"secretsmanager": &secretsmanagerplugin.SecretsManagerGRPCPlugin{},
}
}
@ -85,3 +91,16 @@ func NewRendererPlugin(pluginID, executablePath string, startFn StartRendererFun
startRendererFn: startFn,
})
}
// NewSecetsManagerPlugin creates a new secrets manager plugin factory used for registering a backend secrets manager plugin.
func NewSecretsManagerPlugin(pluginID, executablePath string, startFn StartSecretsManagerFunc) backendplugin.PluginFactoryFunc {
return newPlugin(PluginDescriptor{
pluginID: pluginID,
executablePath: executablePath,
managed: false,
versionedPlugins: map[int]goplugin.PluginSet{
grpcplugin.ProtocolVersion: getV2PluginSet(),
},
startSecretsManagerFn: startFn,
})
}

19
pkg/plugins/backendplugin/grpcplugin/client_v2.go
View File

@ -12,6 +12,7 @@ import (
"github.com/grafana/grafana/pkg/infra/log"
"github.com/grafana/grafana/pkg/plugins/backendplugin"
"github.com/grafana/grafana/pkg/plugins/backendplugin/pluginextensionv2"
"github.com/grafana/grafana/pkg/plugins/backendplugin/secretsmanagerplugin"
"github.com/hashicorp/go-plugin"
"google.golang.org/grpc/codes"
"google.golang.org/grpc/status"
@ -23,6 +24,7 @@ type ClientV2 struct {
grpcplugin.DataClient
grpcplugin.StreamClient
pluginextensionv2.RendererPlugin
secretsmanagerplugin.SecretsManagerPlugin
}
func newClientV2(descriptor PluginDescriptor, logger log.Logger, rpcClient plugin.ClientProtocol) (pluginClient, error) {
@ -51,6 +53,11 @@ func newClientV2(descriptor PluginDescriptor, logger log.Logger, rpcClient plugi
return nil, err
}
rawSecretsManager, err := rpcClient.Dispense("secretsmanager")
if err != nil {
return nil, err
}
c := ClientV2{}
if rawDiagnostics != nil {
if diagnosticsClient, ok := rawDiagnostics.(grpcplugin.DiagnosticsClient); ok {
@ -82,12 +89,24 @@ func newClientV2(descriptor PluginDescriptor, logger log.Logger, rpcClient plugi
}
}
if rawSecretsManager != nil {
if secretsManagerPlugin, ok := rawSecretsManager.(secretsmanagerplugin.SecretsManagerPlugin); ok {
c.SecretsManagerPlugin = secretsManagerPlugin
}
}
if descriptor.startRendererFn != nil {
if err := descriptor.startRendererFn(descriptor.pluginID, c.RendererPlugin, logger); err != nil {
return nil, err
}
}
if descriptor.startSecretsManagerFn != nil {
if err := descriptor.startSecretsManagerFn(descriptor.pluginID, c.SecretsManagerPlugin, logger); err != nil {
return nil, err
}
}
return &c, nil
}

29
pkg/plugins/backendplugin/provider/provider.go
View File

@ -13,6 +13,7 @@ import (
"github.com/grafana/grafana/pkg/plugins/backendplugin/coreplugin"
"github.com/grafana/grafana/pkg/plugins/backendplugin/grpcplugin"
"github.com/grafana/grafana/pkg/plugins/backendplugin/pluginextensionv2"
"github.com/grafana/grafana/pkg/plugins/backendplugin/secretsmanagerplugin"
)
// PluginBackendProvider is a function type for initializing a Plugin backend.
@ -24,7 +25,7 @@ type Service struct {
func New(providers ...PluginBackendProvider) *Service {
if len(providers) == 0 {
return New(RendererProvider, DefaultProvider)
return New(RendererProvider, SecretsManagerProvider, DefaultProvider)
}
return &Service{
providerChain: providers,
@ -32,7 +33,7 @@ func New(providers ...PluginBackendProvider) *Service {
}
func ProvideService(coreRegistry *coreplugin.Registry) *Service {
return New(coreRegistry.BackendFactoryProvider(), RendererProvider, DefaultProvider)
return New(coreRegistry.BackendFactoryProvider(), RendererProvider, SecretsManagerProvider, DefaultProvider)
}
func (s *Service) BackendFactory(ctx context.Context, p *plugins.Plugin) backendplugin.PluginFactoryFunc {
@ -56,6 +57,18 @@ var RendererProvider PluginBackendProvider = func(_ context.Context, p *plugins.
)
}
var SecretsManagerProvider PluginBackendProvider = func(_ context.Context, p *plugins.Plugin) backendplugin.PluginFactoryFunc {
if !p.IsSecretsManager() {
return nil
}
return grpcplugin.NewSecretsManagerPlugin(p.ID, filepath.Join(p.PluginDir, secretsManagerStartCmd()),
func(pluginID string, secretsmanager secretsmanagerplugin.SecretsManagerPlugin, logger log.Logger) error {
p.SecretsManager = secretsmanager
return nil
},
)
}
var DefaultProvider PluginBackendProvider = func(_ context.Context, p *plugins.Plugin) backendplugin.PluginFactoryFunc {
// TODO check for executable
return grpcplugin.NewBackendPlugin(p.ID, filepath.Join(p.PluginDir, pluginStartCmd(p.Executable)))
@ -84,3 +97,15 @@ func rendererStartCmd() string {
return fmt.Sprintf("%s_%s_%s%s", "plugin_start", os, strings.ToLower(arch), extension)
}
func secretsManagerStartCmd() string {
os := strings.ToLower(runtime.GOOS)
arch := runtime.GOARCH
extension := ""
if os == "windows" {
extension = ".exe"
}
return fmt.Sprintf("%s_%s_%s%s", "secrets_plugin_start", os, strings.ToLower(arch), extension)
}

3
pkg/plugins/backendplugin/secretsmanagerplugin/generate.sh Executable file
View File

@ -0,0 +1,3 @@
protoc --go_out=. --go_opt=paths=source_relative \
--go-grpc_out=. --go-grpc_opt=paths=source_relative \
secretsmanager.proto

786
pkg/plugins/backendplugin/secretsmanagerplugin/secretsmanager.pb.go Normal file
View File

@ -0,0 +1,786 @@
// Code generated by protoc-gen-go. DO NOT EDIT.
// versions:
// protoc-gen-go v1.28.0
// protoc v3.19.4
// source: secretsmanager.proto
package secretsmanagerplugin
import (
protoreflect "google.golang.org/protobuf/reflect/protoreflect"
protoimpl "google.golang.org/protobuf/runtime/protoimpl"
reflect "reflect"
sync "sync"
)
const (
// Verify that this generated code is sufficiently up-to-date.
_ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion)
// Verify that runtime/protoimpl is sufficiently up-to-date.
_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
)
type SecretsGetRequest struct {
state protoimpl.MessageState
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
KeyDescriptor *Key `protobuf:"bytes,1,opt,name=keyDescriptor,proto3" json:"keyDescriptor,omitempty"`
}
func (x *SecretsGetRequest) Reset() {
*x = SecretsGetRequest{}
if protoimpl.UnsafeEnabled {
mi := &file_secretsmanager_proto_msgTypes[0]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
}
func (x *SecretsGetRequest) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*SecretsGetRequest) ProtoMessage() {}
func (x *SecretsGetRequest) ProtoReflect() protoreflect.Message {
mi := &file_secretsmanager_proto_msgTypes[0]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use SecretsGetRequest.ProtoReflect.Descriptor instead.
func (*SecretsGetRequest) Descriptor() ([]byte, []int) {
return file_secretsmanager_proto_rawDescGZIP(), []int{0}
}
func (x *SecretsGetRequest) GetKeyDescriptor() *Key {
if x != nil {
return x.KeyDescriptor
}
return nil
}
type SecretsSetRequest struct {
state protoimpl.MessageState
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
KeyDescriptor *Key `protobuf:"bytes,1,opt,name=keyDescriptor,proto3" json:"keyDescriptor,omitempty"`
Value string `protobuf:"bytes,2,opt,name=value,proto3" json:"value,omitempty"`
}
func (x *SecretsSetRequest) Reset() {
*x = SecretsSetRequest{}
if protoimpl.UnsafeEnabled {
mi := &file_secretsmanager_proto_msgTypes[1]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
}
func (x *SecretsSetRequest) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*SecretsSetRequest) ProtoMessage() {}
func (x *SecretsSetRequest) ProtoReflect() protoreflect.Message {
mi := &file_secretsmanager_proto_msgTypes[1]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use SecretsSetRequest.ProtoReflect.Descriptor instead.
func (*SecretsSetRequest) Descriptor() ([]byte, []int) {
return file_secretsmanager_proto_rawDescGZIP(), []int{1}
}
func (x *SecretsSetRequest) GetKeyDescriptor() *Key {
if x != nil {
return x.KeyDescriptor
}
return nil
}
func (x *SecretsSetRequest) GetValue() string {
if x != nil {
return x.Value
}
return ""
}
type SecretsDelRequest struct {
state protoimpl.MessageState
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
KeyDescriptor *Key `protobuf:"bytes,1,opt,name=keyDescriptor,proto3" json:"keyDescriptor,omitempty"`
}
func (x *SecretsDelRequest) Reset() {
*x = SecretsDelRequest{}
if protoimpl.UnsafeEnabled {
mi := &file_secretsmanager_proto_msgTypes[2]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
}
func (x *SecretsDelRequest) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*SecretsDelRequest) ProtoMessage() {}
func (x *SecretsDelRequest) ProtoReflect() protoreflect.Message {
mi := &file_secretsmanager_proto_msgTypes[2]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use SecretsDelRequest.ProtoReflect.Descriptor instead.
func (*SecretsDelRequest) Descriptor() ([]byte, []int) {
return file_secretsmanager_proto_rawDescGZIP(), []int{2}
}
func (x *SecretsDelRequest) GetKeyDescriptor() *Key {
if x != nil {
return x.KeyDescriptor
}
return nil
}
type SecretsKeysRequest struct {
state protoimpl.MessageState
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
KeyDescriptor *Key `protobuf:"bytes,1,opt,name=keyDescriptor,proto3" json:"keyDescriptor,omitempty"`
AllOrganizations bool `protobuf:"varint,2,opt,name=allOrganizations,proto3" json:"allOrganizations,omitempty"`
}
func (x *SecretsKeysRequest) Reset() {
*x = SecretsKeysRequest{}
if protoimpl.UnsafeEnabled {
mi := &file_secretsmanager_proto_msgTypes[3]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
}
func (x *SecretsKeysRequest) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*SecretsKeysRequest) ProtoMessage() {}
func (x *SecretsKeysRequest) ProtoReflect() protoreflect.Message {
mi := &file_secretsmanager_proto_msgTypes[3]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use SecretsKeysRequest.ProtoReflect.Descriptor instead.
func (*SecretsKeysRequest) Descriptor() ([]byte, []int) {
return file_secretsmanager_proto_rawDescGZIP(), []int{3}
}
func (x *SecretsKeysRequest) GetKeyDescriptor() *Key {
if x != nil {
return x.KeyDescriptor
}
return nil
}
func (x *SecretsKeysRequest) GetAllOrganizations() bool {
if x != nil {
return x.AllOrganizations
}
return false
}
type SecretsRenameRequest struct {
state protoimpl.MessageState
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
KeyDescriptor *Key `protobuf:"bytes,1,opt,name=keyDescriptor,proto3" json:"keyDescriptor,omitempty"`
NewNamespace string `protobuf:"bytes,4,opt,name=newNamespace,proto3" json:"newNamespace,omitempty"`
}
func (x *SecretsRenameRequest) Reset() {
*x = SecretsRenameRequest{}
if protoimpl.UnsafeEnabled {
mi := &file_secretsmanager_proto_msgTypes[4]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
}
func (x *SecretsRenameRequest) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*SecretsRenameRequest) ProtoMessage() {}
func (x *SecretsRenameRequest) ProtoReflect() protoreflect.Message {
mi := &file_secretsmanager_proto_msgTypes[4]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use SecretsRenameRequest.ProtoReflect.Descriptor instead.
func (*SecretsRenameRequest) Descriptor() ([]byte, []int) {
return file_secretsmanager_proto_rawDescGZIP(), []int{4}
}
func (x *SecretsRenameRequest) GetKeyDescriptor() *Key {
if x != nil {
return x.KeyDescriptor
}
return nil
}
func (x *SecretsRenameRequest) GetNewNamespace() string {
if x != nil {
return x.NewNamespace
}
return ""
}
type Key struct {
state protoimpl.MessageState
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
OrgId int64 `protobuf:"varint,1,opt,name=orgId,proto3" json:"orgId,omitempty"`
Namespace string `protobuf:"bytes,2,opt,name=namespace,proto3" json:"namespace,omitempty"`
Type string `protobuf:"bytes,3,opt,name=type,proto3" json:"type,omitempty"`
}
func (x *Key) Reset() {
*x = Key{}
if protoimpl.UnsafeEnabled {
mi := &file_secretsmanager_proto_msgTypes[5]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
}
func (x *Key) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*Key) ProtoMessage() {}
func (x *Key) ProtoReflect() protoreflect.Message {
mi := &file_secretsmanager_proto_msgTypes[5]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use Key.ProtoReflect.Descriptor instead.
func (*Key) Descriptor() ([]byte, []int) {
return file_secretsmanager_proto_rawDescGZIP(), []int{5}
}
func (x *Key) GetOrgId() int64 {
if x != nil {
return x.OrgId
}
return 0
}
func (x *Key) GetNamespace() string {
if x != nil {
return x.Namespace
}
return ""
}
func (x *Key) GetType() string {
if x != nil {
return x.Type
}
return ""
}
type SecretsErrorResponse struct {
state protoimpl.MessageState
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
Error string `protobuf:"bytes,1,opt,name=error,proto3" json:"error,omitempty"`
}
func (x *SecretsErrorResponse) Reset() {
*x = SecretsErrorResponse{}
if protoimpl.UnsafeEnabled {
mi := &file_secretsmanager_proto_msgTypes[6]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
}
func (x *SecretsErrorResponse) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*SecretsErrorResponse) ProtoMessage() {}
func (x *SecretsErrorResponse) ProtoReflect() protoreflect.Message {
mi := &file_secretsmanager_proto_msgTypes[6]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use SecretsErrorResponse.ProtoReflect.Descriptor instead.
func (*SecretsErrorResponse) Descriptor() ([]byte, []int) {
return file_secretsmanager_proto_rawDescGZIP(), []int{6}
}
func (x *SecretsErrorResponse) GetError() string {
if x != nil {
return x.Error
}
return ""
}
type SecretsGetResponse struct {
state protoimpl.MessageState
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
Error string `protobuf:"bytes,1,opt,name=error,proto3" json:"error,omitempty"`
DecryptedValue string `protobuf:"bytes,2,opt,name=decryptedValue,proto3" json:"decryptedValue,omitempty"`
Exists bool `protobuf:"varint,3,opt,name=exists,proto3" json:"exists,omitempty"`
}
func (x *SecretsGetResponse) Reset() {
*x = SecretsGetResponse{}
if protoimpl.UnsafeEnabled {
mi := &file_secretsmanager_proto_msgTypes[7]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
}
func (x *SecretsGetResponse) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*SecretsGetResponse) ProtoMessage() {}
func (x *SecretsGetResponse) ProtoReflect() protoreflect.Message {
mi := &file_secretsmanager_proto_msgTypes[7]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use SecretsGetResponse.ProtoReflect.Descriptor instead.
func (*SecretsGetResponse) Descriptor() ([]byte, []int) {
return file_secretsmanager_proto_rawDescGZIP(), []int{7}
}
func (x *SecretsGetResponse) GetError() string {
if x != nil {
return x.Error
}
return ""
}
func (x *SecretsGetResponse) GetDecryptedValue() string {
if x != nil {
return x.DecryptedValue
}
return ""
}
func (x *SecretsGetResponse) GetExists() bool {
if x != nil {
return x.Exists
}
return false
}
type SecretsKeysResponse struct {
state protoimpl.MessageState
sizeCache protoimpl.SizeCache
unknownFields protoimpl.UnknownFields
Error string `protobuf:"bytes,1,opt,name=error,proto3" json:"error,omitempty"`
Keys []*Key `protobuf:"bytes,2,rep,name=keys,proto3" json:"keys,omitempty"`
}
func (x *SecretsKeysResponse) Reset() {
*x = SecretsKeysResponse{}
if protoimpl.UnsafeEnabled {
mi := &file_secretsmanager_proto_msgTypes[8]
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
ms.StoreMessageInfo(mi)
}
}
func (x *SecretsKeysResponse) String() string {
return protoimpl.X.MessageStringOf(x)
}
func (*SecretsKeysResponse) ProtoMessage() {}
func (x *SecretsKeysResponse) ProtoReflect() protoreflect.Message {
mi := &file_secretsmanager_proto_msgTypes[8]
if protoimpl.UnsafeEnabled && x != nil {
ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x))
if ms.LoadMessageInfo() == nil {
ms.StoreMessageInfo(mi)
}
return ms
}
return mi.MessageOf(x)
}
// Deprecated: Use SecretsKeysResponse.ProtoReflect.Descriptor instead.
func (*SecretsKeysResponse) Descriptor() ([]byte, []int) {
return file_secretsmanager_proto_rawDescGZIP(), []int{8}
}
func (x *SecretsKeysResponse) GetError() string {
if x != nil {
return x.Error
}
return ""
}
func (x *SecretsKeysResponse) GetKeys() []*Key {
if x != nil {
return x.Keys
}
return nil
}
var File_secretsmanager_proto protoreflect.FileDescriptor
var file_secretsmanager_proto_rawDesc = []byte{
0x0a, 0x14, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x73, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x72,
0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x14, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x73, 0x6d,
0x61, 0x6e, 0x61, 0x67, 0x65, 0x72, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x22, 0x54, 0x0a, 0x11,
0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x73, 0x47, 0x65, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73,
0x74, 0x12, 0x3f, 0x0a, 0x0d, 0x6b, 0x65, 0x79, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74,
0x6f, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x73, 0x65, 0x63, 0x72, 0x65,
0x74, 0x73, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x72, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e,
0x4b, 0x65, 0x79, 0x52, 0x0d, 0x6b, 0x65, 0x79, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74,
0x6f, 0x72, 0x22, 0x6a, 0x0a, 0x11, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x73, 0x53, 0x65, 0x74,
0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x3f, 0x0a, 0x0d, 0x6b, 0x65, 0x79, 0x44, 0x65,
0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19,
0x2e, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x73, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x72, 0x70,
0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x4b, 0x65, 0x79, 0x52, 0x0d, 0x6b, 0x65, 0x79, 0x44, 0x65,
0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75,
0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x22, 0x54,
0x0a, 0x11, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x73, 0x44, 0x65, 0x6c, 0x52, 0x65, 0x71, 0x75,
0x65, 0x73, 0x74, 0x12, 0x3f, 0x0a, 0x0d, 0x6b, 0x65, 0x79, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69,
0x70, 0x74, 0x6f, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x73, 0x65, 0x63,
0x72, 0x65, 0x74, 0x73, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x72, 0x70, 0x6c, 0x75, 0x67, 0x69,
0x6e, 0x2e, 0x4b, 0x65, 0x79, 0x52, 0x0d, 0x6b, 0x65, 0x79, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69,
0x70, 0x74, 0x6f, 0x72, 0x22, 0x81, 0x01, 0x0a, 0x12, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x73,
0x4b, 0x65, 0x79, 0x73, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x3f, 0x0a, 0x0d, 0x6b,
0x65, 0x79, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x18, 0x01, 0x20, 0x01,
0x28, 0x0b, 0x32, 0x19, 0x2e, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x73, 0x6d, 0x61, 0x6e, 0x61,
0x67, 0x65, 0x72, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x4b, 0x65, 0x79, 0x52, 0x0d, 0x6b,
0x65, 0x79, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f, 0x72, 0x12, 0x2a, 0x0a, 0x10,
0x61, 0x6c, 0x6c, 0x4f, 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73,
0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x10, 0x61, 0x6c, 0x6c, 0x4f, 0x72, 0x67, 0x61, 0x6e,
0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0x7b, 0x0a, 0x14, 0x53, 0x65, 0x63, 0x72,
0x65, 0x74, 0x73, 0x52, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74,
0x12, 0x3f, 0x0a, 0x0d, 0x6b, 0x65, 0x79, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f,
0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74,
0x73, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x72, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x4b,
0x65, 0x79, 0x52, 0x0d, 0x6b, 0x65, 0x79, 0x44, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x6f,
0x72, 0x12, 0x22, 0x0a, 0x0c, 0x6e, 0x65, 0x77, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63,
0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x6e, 0x65, 0x77, 0x4e, 0x61, 0x6d, 0x65,
0x73, 0x70, 0x61, 0x63, 0x65, 0x22, 0x4d, 0x0a, 0x03, 0x4b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05,
0x6f, 0x72, 0x67, 0x49, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x03, 0x52, 0x05, 0x6f, 0x72, 0x67,
0x49, 0x64, 0x12, 0x1c, 0x0a, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18,
0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65,
0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04,
0x74, 0x79, 0x70, 0x65, 0x22, 0x2c, 0x0a, 0x14, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x73, 0x45,
0x72, 0x72, 0x6f, 0x72, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x14, 0x0a, 0x05,
0x65, 0x72, 0x72, 0x6f, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x65, 0x72, 0x72,
0x6f, 0x72, 0x22, 0x6a, 0x0a, 0x12, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x73, 0x47, 0x65, 0x74,
0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x65, 0x72, 0x72, 0x6f,
0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x26,
0x0a, 0x0e, 0x64, 0x65, 0x63, 0x72, 0x79, 0x70, 0x74, 0x65, 0x64, 0x56, 0x61, 0x6c, 0x75, 0x65,
0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x64, 0x65, 0x63, 0x72, 0x79, 0x70, 0x74, 0x65,
0x64, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x65, 0x78, 0x69, 0x73, 0x74, 0x73,
0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06, 0x65, 0x78, 0x69, 0x73, 0x74, 0x73, 0x22, 0x5a,
0x0a, 0x13, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x73, 0x4b, 0x65, 0x79, 0x73, 0x52, 0x65, 0x73,
0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x18, 0x01,
0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x2d, 0x0a, 0x04, 0x6b,
0x65, 0x79, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x73, 0x65, 0x63, 0x72,
0x65, 0x74, 0x73, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x72, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e,
0x2e, 0x4b, 0x65, 0x79, 0x52, 0x04, 0x6b, 0x65, 0x79, 0x73, 0x32, 0xe7, 0x03, 0x0a, 0x14, 0x52,
0x65, 0x6d, 0x6f, 0x74, 0x65, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x73, 0x4d, 0x61, 0x6e, 0x61,
0x67, 0x65, 0x72, 0x12, 0x58, 0x0a, 0x03, 0x47, 0x65, 0x74, 0x12, 0x27, 0x2e, 0x73, 0x65, 0x63,
0x72, 0x65, 0x74, 0x73, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x72, 0x70, 0x6c, 0x75, 0x67, 0x69,
0x6e, 0x2e, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x73, 0x47, 0x65, 0x74, 0x52, 0x65, 0x71, 0x75,
0x65, 0x73, 0x74, 0x1a, 0x28, 0x2e, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x73, 0x6d, 0x61, 0x6e,
0x61, 0x67, 0x65, 0x72, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x53, 0x65, 0x63, 0x72, 0x65,
0x74, 0x73, 0x47, 0x65, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x5a, 0x0a,
0x03, 0x53, 0x65, 0x74, 0x12, 0x27, 0x2e, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x73, 0x6d, 0x61,
0x6e, 0x61, 0x67, 0x65, 0x72, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x53, 0x65, 0x63, 0x72,
0x65, 0x74, 0x73, 0x53, 0x65, 0x74, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2a, 0x2e,
0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x73, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x72, 0x70, 0x6c,
0x75, 0x67, 0x69, 0x6e, 0x2e, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x73, 0x45, 0x72, 0x72, 0x6f,
0x72, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x5a, 0x0a, 0x03, 0x44, 0x65, 0x6c,
0x12, 0x27, 0x2e, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x73, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65,
0x72, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x73, 0x44,
0x65, 0x6c, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2a, 0x2e, 0x73, 0x65, 0x63, 0x72,
0x65, 0x74, 0x73, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x72, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e,
0x2e, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x73, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x52, 0x65, 0x73,
0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x5b, 0x0a, 0x04, 0x4b, 0x65, 0x79, 0x73, 0x12, 0x28, 0x2e,
0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x73, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x72, 0x70, 0x6c,
0x75, 0x67, 0x69, 0x6e, 0x2e, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x73, 0x4b, 0x65, 0x79, 0x73,
0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x29, 0x2e, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74,
0x73, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x72, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e, 0x53,
0x65, 0x63, 0x72, 0x65, 0x74, 0x73, 0x4b, 0x65, 0x79, 0x73, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e,
0x73, 0x65, 0x12, 0x60, 0x0a, 0x06, 0x52, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x2a, 0x2e, 0x73,
0x65, 0x63, 0x72, 0x65, 0x74, 0x73, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x72, 0x70, 0x6c, 0x75,
0x67, 0x69, 0x6e, 0x2e, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x73, 0x52, 0x65, 0x6e, 0x61, 0x6d,
0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2a, 0x2e, 0x73, 0x65, 0x63, 0x72, 0x65,
0x74, 0x73, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x72, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x2e,
0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x73, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x52, 0x65, 0x73, 0x70,
0x6f, 0x6e, 0x73, 0x65, 0x42, 0x19, 0x5a, 0x17, 0x2e, 0x2f, 0x3b, 0x73, 0x65, 0x63, 0x72, 0x65,
0x74, 0x73, 0x6d, 0x61, 0x6e, 0x61, 0x67, 0x65, 0x72, 0x70, 0x6c, 0x75, 0x67, 0x69, 0x6e, 0x62,
0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
}
var (
file_secretsmanager_proto_rawDescOnce sync.Once
file_secretsmanager_proto_rawDescData = file_secretsmanager_proto_rawDesc
)
func file_secretsmanager_proto_rawDescGZIP() []byte {
file_secretsmanager_proto_rawDescOnce.Do(func() {
file_secretsmanager_proto_rawDescData = protoimpl.X.CompressGZIP(file_secretsmanager_proto_rawDescData)
})
return file_secretsmanager_proto_rawDescData
}
var file_secretsmanager_proto_msgTypes = make([]protoimpl.MessageInfo, 9)
var file_secretsmanager_proto_goTypes = []interface{}{
(*SecretsGetRequest)(nil), // 0: secretsmanagerplugin.SecretsGetRequest
(*SecretsSetRequest)(nil), // 1: secretsmanagerplugin.SecretsSetRequest
(*SecretsDelRequest)(nil), // 2: secretsmanagerplugin.SecretsDelRequest
(*SecretsKeysRequest)(nil), // 3: secretsmanagerplugin.SecretsKeysRequest
(*SecretsRenameRequest)(nil), // 4: secretsmanagerplugin.SecretsRenameRequest
(*Key)(nil), // 5: secretsmanagerplugin.Key
(*SecretsErrorResponse)(nil), // 6: secretsmanagerplugin.SecretsErrorResponse
(*SecretsGetResponse)(nil), // 7: secretsmanagerplugin.SecretsGetResponse
(*SecretsKeysResponse)(nil), // 8: secretsmanagerplugin.SecretsKeysResponse
}
var file_secretsmanager_proto_depIdxs = []int32{
5, // 0: secretsmanagerplugin.SecretsGetRequest.keyDescriptor:type_name -> secretsmanagerplugin.Key
5, // 1: secretsmanagerplugin.SecretsSetRequest.keyDescriptor:type_name -> secretsmanagerplugin.Key
5, // 2: secretsmanagerplugin.SecretsDelRequest.keyDescriptor:type_name -> secretsmanagerplugin.Key
5, // 3: secretsmanagerplugin.SecretsKeysRequest.keyDescriptor:type_name -> secretsmanagerplugin.Key
5, // 4: secretsmanagerplugin.SecretsRenameRequest.keyDescriptor:type_name -> secretsmanagerplugin.Key
5, // 5: secretsmanagerplugin.SecretsKeysResponse.keys:type_name -> secretsmanagerplugin.Key
0, // 6: secretsmanagerplugin.RemoteSecretsManager.Get:input_type -> secretsmanagerplugin.SecretsGetRequest
1, // 7: secretsmanagerplugin.RemoteSecretsManager.Set:input_type -> secretsmanagerplugin.SecretsSetRequest
2, // 8: secretsmanagerplugin.RemoteSecretsManager.Del:input_type -> secretsmanagerplugin.SecretsDelRequest
3, // 9: secretsmanagerplugin.RemoteSecretsManager.Keys:input_type -> secretsmanagerplugin.SecretsKeysRequest
4, // 10: secretsmanagerplugin.RemoteSecretsManager.Rename:input_type -> secretsmanagerplugin.SecretsRenameRequest
7, // 11: secretsmanagerplugin.RemoteSecretsManager.Get:output_type -> secretsmanagerplugin.SecretsGetResponse
6, // 12: secretsmanagerplugin.RemoteSecretsManager.Set:output_type -> secretsmanagerplugin.SecretsErrorResponse
6, // 13: secretsmanagerplugin.RemoteSecretsManager.Del:output_type -> secretsmanagerplugin.SecretsErrorResponse
8, // 14: secretsmanagerplugin.RemoteSecretsManager.Keys:output_type -> secretsmanagerplugin.SecretsKeysResponse
6, // 15: secretsmanagerplugin.RemoteSecretsManager.Rename:output_type -> secretsmanagerplugin.SecretsErrorResponse
11, // [11:16] is the sub-list for method output_type
6, // [6:11] is the sub-list for method input_type
6, // [6:6] is the sub-list for extension type_name
6, // [6:6] is the sub-list for extension extendee
0, // [0:6] is the sub-list for field type_name
}
func init() { file_secretsmanager_proto_init() }
func file_secretsmanager_proto_init() {
if File_secretsmanager_proto != nil {
return
}
if !protoimpl.UnsafeEnabled {
file_secretsmanager_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*SecretsGetRequest); i {
case 0:
return &v.state
case 1:
return &v.sizeCache
case 2:
return &v.unknownFields
default:
return nil
}
}
file_secretsmanager_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*SecretsSetRequest); i {
case 0:
return &v.state
case 1:
return &v.sizeCache
case 2:
return &v.unknownFields
default:
return nil
}
}
file_secretsmanager_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*SecretsDelRequest); i {
case 0:
return &v.state
case 1:
return &v.sizeCache
case 2:
return &v.unknownFields
default:
return nil
}
}
file_secretsmanager_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*SecretsKeysRequest); i {
case 0:
return &v.state
case 1:
return &v.sizeCache
case 2:
return &v.unknownFields
default:
return nil
}
}
file_secretsmanager_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*SecretsRenameRequest); i {
case 0:
return &v.state
case 1:
return &v.sizeCache
case 2:
return &v.unknownFields
default:
return nil
}
}
file_secretsmanager_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*Key); i {
case 0:
return &v.state
case 1:
return &v.sizeCache
case 2:
return &v.unknownFields
default:
return nil
}
}
file_secretsmanager_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*SecretsErrorResponse); i {
case 0:
return &v.state
case 1:
return &v.sizeCache
case 2:
return &v.unknownFields
default:
return nil
}
}
file_secretsmanager_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*SecretsGetResponse); i {
case 0:
return &v.state
case 1:
return &v.sizeCache
case 2:
return &v.unknownFields
default:
return nil
}
}
file_secretsmanager_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} {
switch v := v.(*SecretsKeysResponse); i {
case 0:
return &v.state
case 1:
return &v.sizeCache
case 2:
return &v.unknownFields
default:
return nil
}
}
}
type x struct{}
out := protoimpl.TypeBuilder{
File: protoimpl.DescBuilder{
GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
RawDescriptor: file_secretsmanager_proto_rawDesc,
NumEnums: 0,
NumMessages: 9,
NumExtensions: 0,
NumServices: 1,
},
GoTypes: file_secretsmanager_proto_goTypes,
DependencyIndexes: file_secretsmanager_proto_depIdxs,
MessageInfos: file_secretsmanager_proto_msgTypes,
}.Build()
File_secretsmanager_proto = out.File
file_secretsmanager_proto_rawDesc = nil
file_secretsmanager_proto_goTypes = nil
file_secretsmanager_proto_depIdxs = nil
}

56
pkg/plugins/backendplugin/secretsmanagerplugin/secretsmanager.proto Normal file
View File

@ -0,0 +1,56 @@
syntax = "proto3";
package secretsmanagerplugin;
option go_package = "./;secretsmanagerplugin";
message SecretsGetRequest {
Key keyDescriptor = 1;
}
message SecretsSetRequest {
Key keyDescriptor = 1;
string value = 2;
}
message SecretsDelRequest {
Key keyDescriptor = 1;
}
message SecretsKeysRequest {
Key keyDescriptor = 1;
bool allOrganizations = 2;
}
message SecretsRenameRequest {
Key keyDescriptor = 1;
string newNamespace = 2;
}
message Key {
int64 orgId = 1;
string namespace = 2;
string type = 3;
}
message SecretsErrorResponse {
string error = 1;
}
message SecretsGetResponse {
string error = 1;
string decryptedValue = 2;
bool exists = 3;
}
message SecretsKeysResponse {
string error = 1;
repeated Key keys = 2;
}
service RemoteSecretsManager {
rpc Get(SecretsGetRequest) returns (SecretsGetResponse);
rpc Set(SecretsSetRequest) returns (SecretsErrorResponse);
rpc Del(SecretsDelRequest) returns (SecretsErrorResponse);
rpc Keys(SecretsKeysRequest) returns (SecretsKeysResponse);
rpc Rename(SecretsRenameRequest) returns (SecretsErrorResponse);
}

56
pkg/plugins/backendplugin/secretsmanagerplugin/secretsmanager_grcp_plugin.go Normal file
View File

@ -0,0 +1,56 @@
package secretsmanagerplugin
import (
"context"
"github.com/hashicorp/go-plugin"
"google.golang.org/grpc"
)
type SecretsManagerPlugin interface {
RemoteSecretsManagerClient
}
type SecretsManagerGRPCPlugin struct {
plugin.NetRPCUnsupportedPlugin
}
func (p *SecretsManagerGRPCPlugin) GRPCServer(broker *plugin.GRPCBroker, s *grpc.Server) error {
return nil
}
func (p *SecretsManagerGRPCPlugin) GRPCClient(ctx context.Context, broker *plugin.GRPCBroker, c *grpc.ClientConn) (interface{}, error) {
return &SecretsManagerGRPCClient{NewRemoteSecretsManagerClient(c)}, nil
}
type SecretsManagerGRPCClient struct {
RemoteSecretsManagerClient
}
// Get an item from the store
func (sm *SecretsManagerGRPCClient) Get(ctx context.Context, req *SecretsGetRequest, opts ...grpc.CallOption) (*SecretsGetResponse, error) {
return sm.RemoteSecretsManagerClient.Get(ctx, req)
}
// Set an item in the store
func (sm *SecretsManagerGRPCClient) Set(ctx context.Context, req *SecretsSetRequest, opts ...grpc.CallOption) (*SecretsErrorResponse, error) {
return sm.RemoteSecretsManagerClient.Set(ctx, req)
}
// Del deletes an item from the store.
func (sm *SecretsManagerGRPCClient) Del(ctx context.Context, req *SecretsDelRequest, opts ...grpc.CallOption) (*SecretsErrorResponse, error) {
return sm.RemoteSecretsManagerClient.Del(ctx, req)
}
// Keys get all keys for a given namespace.
func (sm *SecretsManagerGRPCClient) Keys(ctx context.Context, req *SecretsKeysRequest, opts ...grpc.CallOption) (*SecretsKeysResponse, error) {
return sm.RemoteSecretsManagerClient.Keys(ctx, req)
}
// Rename an item in the store
func (sm *SecretsManagerGRPCClient) Rename(ctx context.Context, req *SecretsRenameRequest, opts ...grpc.CallOption) (*SecretsErrorResponse, error) {
return sm.RemoteSecretsManagerClient.Rename(ctx, req)
}
var _ RemoteSecretsManagerClient = &SecretsManagerGRPCClient{}
var _ plugin.GRPCPlugin = &SecretsManagerGRPCPlugin{}

249
pkg/plugins/backendplugin/secretsmanagerplugin/secretsmanager_grpc.pb.go Normal file
View File

@ -0,0 +1,249 @@
// Code generated by protoc-gen-go-grpc. DO NOT EDIT.
// versions:
// - protoc-gen-go-grpc v1.2.0
// - protoc v3.19.4
// source: secretsmanager.proto
package secretsmanagerplugin
import (
context "context"
grpc "google.golang.org/grpc"
codes "google.golang.org/grpc/codes"
status "google.golang.org/grpc/status"
)
// This is a compile-time assertion to ensure that this generated file
// is compatible with the grpc package it is being compiled against.
// Requires gRPC-Go v1.32.0 or later.
const _ = grpc.SupportPackageIsVersion7
// RemoteSecretsManagerClient is the client API for RemoteSecretsManager service.
//
// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
type RemoteSecretsManagerClient interface {
Get(ctx context.Context, in *SecretsGetRequest, opts ...grpc.CallOption) (*SecretsGetResponse, error)
Set(ctx context.Context, in *SecretsSetRequest, opts ...grpc.CallOption) (*SecretsErrorResponse, error)
Del(ctx context.Context, in *SecretsDelRequest, opts ...grpc.CallOption) (*SecretsErrorResponse, error)
Keys(ctx context.Context, in *SecretsKeysRequest, opts ...grpc.CallOption) (*SecretsKeysResponse, error)
Rename(ctx context.Context, in *SecretsRenameRequest, opts ...grpc.CallOption) (*SecretsErrorResponse, error)
}
type remoteSecretsManagerClient struct {
cc grpc.ClientConnInterface
}
func NewRemoteSecretsManagerClient(cc grpc.ClientConnInterface) RemoteSecretsManagerClient {
return &remoteSecretsManagerClient{cc}
}
func (c *remoteSecretsManagerClient) Get(ctx context.Context, in *SecretsGetRequest, opts ...grpc.CallOption) (*SecretsGetResponse, error) {
out := new(SecretsGetResponse)
err := c.cc.Invoke(ctx, "/secretsmanagerplugin.RemoteSecretsManager/Get", in, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *remoteSecretsManagerClient) Set(ctx context.Context, in *SecretsSetRequest, opts ...grpc.CallOption) (*SecretsErrorResponse, error) {
out := new(SecretsErrorResponse)
err := c.cc.Invoke(ctx, "/secretsmanagerplugin.RemoteSecretsManager/Set", in, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *remoteSecretsManagerClient) Del(ctx context.Context, in *SecretsDelRequest, opts ...grpc.CallOption) (*SecretsErrorResponse, error) {
out := new(SecretsErrorResponse)
err := c.cc.Invoke(ctx, "/secretsmanagerplugin.RemoteSecretsManager/Del", in, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *remoteSecretsManagerClient) Keys(ctx context.Context, in *SecretsKeysRequest, opts ...grpc.CallOption) (*SecretsKeysResponse, error) {
out := new(SecretsKeysResponse)
err := c.cc.Invoke(ctx, "/secretsmanagerplugin.RemoteSecretsManager/Keys", in, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
func (c *remoteSecretsManagerClient) Rename(ctx context.Context, in *SecretsRenameRequest, opts ...grpc.CallOption) (*SecretsErrorResponse, error) {
out := new(SecretsErrorResponse)
err := c.cc.Invoke(ctx, "/secretsmanagerplugin.RemoteSecretsManager/Rename", in, out, opts...)
if err != nil {
return nil, err
}
return out, nil
}
// RemoteSecretsManagerServer is the server API for RemoteSecretsManager service.
// All implementations must embed UnimplementedRemoteSecretsManagerServer
// for forward compatibility
type RemoteSecretsManagerServer interface {
Get(context.Context, *SecretsGetRequest) (*SecretsGetResponse, error)
Set(context.Context, *SecretsSetRequest) (*SecretsErrorResponse, error)
Del(context.Context, *SecretsDelRequest) (*SecretsErrorResponse, error)
Keys(context.Context, *SecretsKeysRequest) (*SecretsKeysResponse, error)
Rename(context.Context, *SecretsRenameRequest) (*SecretsErrorResponse, error)
mustEmbedUnimplementedRemoteSecretsManagerServer()
}
// UnimplementedRemoteSecretsManagerServer must be embedded to have forward compatible implementations.
type UnimplementedRemoteSecretsManagerServer struct {
}
func (UnimplementedRemoteSecretsManagerServer) Get(context.Context, *SecretsGetRequest) (*SecretsGetResponse, error) {
return nil, status.Errorf(codes.Unimplemented, "method Get not implemented")
}
func (UnimplementedRemoteSecretsManagerServer) Set(context.Context, *SecretsSetRequest) (*SecretsErrorResponse, error) {
return nil, status.Errorf(codes.Unimplemented, "method Set not implemented")
}
func (UnimplementedRemoteSecretsManagerServer) Del(context.Context, *SecretsDelRequest) (*SecretsErrorResponse, error) {
return nil, status.Errorf(codes.Unimplemented, "method Del not implemented")
}
func (UnimplementedRemoteSecretsManagerServer) Keys(context.Context, *SecretsKeysRequest) (*SecretsKeysResponse, error) {
return nil, status.Errorf(codes.Unimplemented, "method Keys not implemented")
}
func (UnimplementedRemoteSecretsManagerServer) Rename(context.Context, *SecretsRenameRequest) (*SecretsErrorResponse, error) {
return nil, status.Errorf(codes.Unimplemented, "method Rename not implemented")
}
func (UnimplementedRemoteSecretsManagerServer) mustEmbedUnimplementedRemoteSecretsManagerServer() {}
// UnsafeRemoteSecretsManagerServer may be embedded to opt out of forward compatibility for this service.
// Use of this interface is not recommended, as added methods to RemoteSecretsManagerServer will
// result in compilation errors.
type UnsafeRemoteSecretsManagerServer interface {
mustEmbedUnimplementedRemoteSecretsManagerServer()
}
func RegisterRemoteSecretsManagerServer(s grpc.ServiceRegistrar, srv RemoteSecretsManagerServer) {
s.RegisterService(&RemoteSecretsManager_ServiceDesc, srv)
}
func _RemoteSecretsManager_Get_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(SecretsGetRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(RemoteSecretsManagerServer).Get(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: "/secretsmanagerplugin.RemoteSecretsManager/Get",
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(RemoteSecretsManagerServer).Get(ctx, req.(*SecretsGetRequest))
}
return interceptor(ctx, in, info, handler)
}
func _RemoteSecretsManager_Set_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(SecretsSetRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(RemoteSecretsManagerServer).Set(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: "/secretsmanagerplugin.RemoteSecretsManager/Set",
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(RemoteSecretsManagerServer).Set(ctx, req.(*SecretsSetRequest))
}
return interceptor(ctx, in, info, handler)
}
func _RemoteSecretsManager_Del_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(SecretsDelRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(RemoteSecretsManagerServer).Del(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: "/secretsmanagerplugin.RemoteSecretsManager/Del",
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(RemoteSecretsManagerServer).Del(ctx, req.(*SecretsDelRequest))
}
return interceptor(ctx, in, info, handler)
}
func _RemoteSecretsManager_Keys_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(SecretsKeysRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(RemoteSecretsManagerServer).Keys(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: "/secretsmanagerplugin.RemoteSecretsManager/Keys",
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(RemoteSecretsManagerServer).Keys(ctx, req.(*SecretsKeysRequest))
}
return interceptor(ctx, in, info, handler)
}
func _RemoteSecretsManager_Rename_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) {
in := new(SecretsRenameRequest)
if err := dec(in); err != nil {
return nil, err
}
if interceptor == nil {
return srv.(RemoteSecretsManagerServer).Rename(ctx, in)
}
info := &grpc.UnaryServerInfo{
Server: srv,
FullMethod: "/secretsmanagerplugin.RemoteSecretsManager/Rename",
}
handler := func(ctx context.Context, req interface{}) (interface{}, error) {
return srv.(RemoteSecretsManagerServer).Rename(ctx, req.(*SecretsRenameRequest))
}
return interceptor(ctx, in, info, handler)
}
// RemoteSecretsManager_ServiceDesc is the grpc.ServiceDesc for RemoteSecretsManager service.
// It's only intended for direct use with grpc.RegisterService,
// and not to be introspected or modified (even as a copy)
var RemoteSecretsManager_ServiceDesc = grpc.ServiceDesc{
ServiceName: "secretsmanagerplugin.RemoteSecretsManager",
HandlerType: (*RemoteSecretsManagerServer)(nil),
Methods: []grpc.MethodDesc{
{
MethodName: "Get",
Handler: _RemoteSecretsManager_Get_Handler,
},
{
MethodName: "Set",
Handler: _RemoteSecretsManager_Set_Handler,
},
{
MethodName: "Del",
Handler: _RemoteSecretsManager_Del_Handler,
},
{
MethodName: "Keys",
Handler: _RemoteSecretsManager_Keys_Handler,
},
{
MethodName: "Rename",
Handler: _RemoteSecretsManager_Rename_Handler,
},
},
Streams: []grpc.StreamDesc{},
Metadata: "secretsmanager.proto",
}

5
pkg/plugins/ifaces.go
View File

@ -47,6 +47,11 @@ type RendererManager interface {
Renderer() *Plugin
}
type SecretsPluginManager interface {
// SecretsManager returns a secretsmanager plugin
SecretsManager() *Plugin
}
type StaticRouteResolver interface {
Routes() []*StaticRoute
}

30
pkg/plugins/manager/loader/initializer/initializer_test.go
View File

@ -79,6 +79,36 @@ func TestInitializer_Initialize(t *testing.T) {
assert.NotNil(t, c)
})
t.Run("secretsmanager", func(t *testing.T) {
p := &plugins.Plugin{
JSONData: plugins.JSONData{
ID: "test",
Type: plugins.SecretsManager,
Dependencies: plugins.Dependencies{
GrafanaVersion: ">=8.x",
},
Backend: true,
},
PluginDir: absCurPath,
Class: plugins.External,
}
i := &Initializer{
cfg: plugins.NewCfg(),
log: log.NewNopLogger(),
backendProvider: &fakeBackendProvider{
plugin: p,
},
}
err := i.Initialize(context.Background(), p)
assert.NoError(t, err)
c, exists := p.Client()
assert.True(t, exists)
assert.NotNil(t, c)
})
t.Run("non backend plugin app", func(t *testing.T) {
p := &plugins.Plugin{
JSONData: plugins.JSONData{

11
pkg/plugins/manager/manager.go
View File

@ -24,6 +24,7 @@ var _ plugins.Client = (*PluginManager)(nil)
var _ plugins.Store = (*PluginManager)(nil)
var _ plugins.StaticRouteResolver = (*PluginManager)(nil)
var _ plugins.RendererManager = (*PluginManager)(nil)
var _ plugins.SecretsPluginManager = (*PluginManager)(nil)
type PluginManager struct {
cfg *plugins.Cfg
@ -117,6 +118,16 @@ func (m *PluginManager) Renderer() *plugins.Plugin {
return nil
}
func (m *PluginManager) SecretsManager() *plugins.Plugin {
for _, p := range m.availablePlugins(context.TODO()) {
if p.IsSecretsManager() {
return p
}
}
return nil
}
func (m *PluginManager) Routes() []*plugins.StaticRoute {
staticRoutes := make([]*plugins.StaticRoute, 0)

26
pkg/plugins/plugins.go
View File

@ -10,6 +10,7 @@ import (
"github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/plugins/backendplugin"
"github.com/grafana/grafana/pkg/plugins/backendplugin/pluginextensionv2"
"github.com/grafana/grafana/pkg/plugins/backendplugin/secretsmanagerplugin"
)
type Plugin struct {
@ -36,9 +37,10 @@ type Plugin struct {
Module string
BaseURL string
Renderer pluginextensionv2.RendererPlugin
client backendplugin.Plugin
log log.Logger
Renderer pluginextensionv2.RendererPlugin
SecretsManager secretsmanagerplugin.SecretsManagerPlugin
client backendplugin.Plugin
log log.Logger
}
type PluginDTO struct {
@ -132,7 +134,7 @@ type JSONData struct {
Streaming bool `json:"streaming"`
SDK bool `json:"sdk,omitempty"`
// Backend (Datasource + Renderer)
// Backend (Datasource + Renderer + SecretsManager)
Executable string `json:"executable,omitempty"`
}
@ -347,6 +349,10 @@ func (p *Plugin) IsRenderer() bool {
return p.Type == "renderer"
}
func (p *Plugin) IsSecretsManager() bool {
return p.Type == "secretsmanager"
}
func (p *Plugin) IsDataSource() bool {
return p.Type == "datasource"
}
@ -384,20 +390,22 @@ var PluginTypes = []Type{
Panel,
App,
Renderer,
SecretsManager,
}
type Type string
const (
DataSource Type = "datasource"
Panel Type = "panel"
App Type = "app"
Renderer Type = "renderer"
DataSource Type = "datasource"
Panel Type = "panel"
App Type = "app"
Renderer Type = "renderer"
SecretsManager Type = "secretsmanager"
)
func (pt Type) IsValid() bool {
switch pt {
case DataSource, Panel, App, Renderer:
case DataSource, Panel, App, Renderer, SecretsManager:
return true
}
return false

1
pkg/server/wire.go
View File

@ -149,6 +149,7 @@ var wireBasicSet = wire.NewSet(
wire.Bind(new(plugins.DashboardFileStore), new(*manager.PluginManager)),
wire.Bind(new(plugins.StaticRouteResolver), new(*manager.PluginManager)),
wire.Bind(new(plugins.RendererManager), new(*manager.PluginManager)),
wire.Bind(new(plugins.SecretsPluginManager), new(*manager.PluginManager)),
coreplugin.ProvideCoreRegistry,
loader.ProvideService,
wire.Bind(new(loader.Service), new(*loader.Loader)),

3
pkg/server/wireexts_oss.go
View File

@ -31,6 +31,7 @@ import (
"github.com/grafana/grafana/pkg/services/provisioning"
"github.com/grafana/grafana/pkg/services/searchusers"
"github.com/grafana/grafana/pkg/services/searchusers/filters"
secretsStore "github.com/grafana/grafana/pkg/services/secrets/kvstore"
"github.com/grafana/grafana/pkg/services/sqlstore/migrations"
"github.com/grafana/grafana/pkg/services/thumbs"
"github.com/grafana/grafana/pkg/services/validations"
@ -85,6 +86,8 @@ var wireExtsBasicSet = wire.NewSet(
wire.Bind(new(registry.UsageStatsProvidersRegistry), new(*usagestatssvcs.UsageStatsProvidersRegistry)),
ossaccesscontrol.ProvideDatasourcePermissionsService,
wire.Bind(new(accesscontrol.DatasourcePermissionsService), new(*ossaccesscontrol.DatasourcePermissionsService)),
secretsStore.ProvideRemotePluginCheck,
wire.Bind(new(secretsStore.UseRemoteSecretsPluginCheck), new(*secretsStore.OSSRemoteSecretsPluginCheck)),
)
var wireExtsSet = wire.NewSet(

19
pkg/services/secrets/kvstore/kvstore.go
View File

@ -13,11 +13,26 @@ const (
AllOrganizations = -1
)
func ProvideService(sqlStore sqlstore.Store, secretsService secrets.Service) SecretsKVStore {
func ProvideService(sqlStore sqlstore.Store, secretsService secrets.Service, remoteCheck UseRemoteSecretsPluginCheck) SecretsKVStore {
logger := log.New("secrets.kvstore")
if remoteCheck.ShouldUseRemoteSecretsPlugin() {
logger.Debug("secrets kvstore is using a remote plugin for secrets management")
secretsPlugin, err := remoteCheck.GetPlugin()
if err != nil {
logger.Error("plugin client was nil, falling back to SQL implementation")
} else {
return &secretsKVStorePlugin{
secretsPlugin: secretsPlugin,
secretsService: secretsService,
log: logger,
}
}
}
logger.Debug("secrets kvstore is using the default (SQL) implementation for secrets management")
return &secretsKVStoreSQL{
sqlStore: sqlStore,
secretsService: secretsService,
log: log.New("secrets.kvstore"),
log: logger,
decryptionCache: decryptionCache{
cache: make(map[int64]cachedDecrypted),
},

125
pkg/services/secrets/kvstore/remote_plugin.go Normal file
View File

@ -0,0 +1,125 @@
package kvstore
import (
"context"
"fmt"
"github.com/grafana/grafana/pkg/infra/log"
smp "github.com/grafana/grafana/pkg/plugins/backendplugin/secretsmanagerplugin"
"github.com/grafana/grafana/pkg/services/secrets"
)
// secretsKVStorePlugin provides a key/value store backed by the Grafana plugin gRPC interface
type secretsKVStorePlugin struct {
log log.Logger
secretsPlugin smp.SecretsManagerPlugin
secretsService secrets.Service
}
// Get an item from the store
func (kv *secretsKVStorePlugin) Get(ctx context.Context, orgId int64, namespace string, typ string) (string, bool, error) {
req := &smp.SecretsGetRequest{
KeyDescriptor: &smp.Key{
OrgId: orgId,
Namespace: namespace,
Type: typ,
},
}
res, err := kv.secretsPlugin.Get(ctx, req)
if err != nil {
return "", false, err
} else if res.Error != "" {
err = fmt.Errorf(res.Error)
}
return res.DecryptedValue, res.Exists, err
}
// Set an item in the store
func (kv *secretsKVStorePlugin) Set(ctx context.Context, orgId int64, namespace string, typ string, value string) error {
req := &smp.SecretsSetRequest{
KeyDescriptor: &smp.Key{
OrgId: orgId,
Namespace: namespace,
Type: typ,
},
Value: value,
}
res, err := kv.secretsPlugin.Set(ctx, req)
if err == nil && res.Error != "" {
err = fmt.Errorf(res.Error)
}
return err
}
// Del deletes an item from the store.
func (kv *secretsKVStorePlugin) Del(ctx context.Context, orgId int64, namespace string, typ string) error {
req := &smp.SecretsDelRequest{
KeyDescriptor: &smp.Key{
OrgId: orgId,
Namespace: namespace,
Type: typ,
},
}
res, err := kv.secretsPlugin.Del(ctx, req)
if err == nil && res.Error != "" {
err = fmt.Errorf(res.Error)
}
return err
}
// Keys get all keys for a given namespace. To query for all
// organizations the constant 'kvstore.AllOrganizations' can be passed as orgId.
func (kv *secretsKVStorePlugin) Keys(ctx context.Context, orgId int64, namespace string, typ string) ([]Key, error) {
req := &smp.SecretsKeysRequest{
KeyDescriptor: &smp.Key{
OrgId: orgId,
Namespace: namespace,
Type: typ,
},
AllOrganizations: orgId == AllOrganizations,
}
res, err := kv.secretsPlugin.Keys(ctx, req)
if err != nil {
return nil, err
} else if res.Error != "" {
err = fmt.Errorf(res.Error)
}
return parseKeys(res.Keys), err
}
// Rename an item in the store
func (kv *secretsKVStorePlugin) Rename(ctx context.Context, orgId int64, namespace string, typ string, newNamespace string) error {
req := &smp.SecretsRenameRequest{
KeyDescriptor: &smp.Key{
OrgId: orgId,
Namespace: namespace,
Type: typ,
},
NewNamespace: newNamespace,
}
res, err := kv.secretsPlugin.Rename(ctx, req)
if err == nil && res.Error != "" {
err = fmt.Errorf(res.Error)
}
return err
}
func parseKeys(keys []*smp.Key) []Key {
var newKeys []Key
for _, k := range keys {
newKey := Key{OrgId: k.OrgId, Namespace: k.Namespace, Type: k.Type}
newKeys = append(newKeys, newKey)
}
return newKeys
}

26
pkg/services/secrets/kvstore/remote_plugin_check.go Normal file
View File

@ -0,0 +1,26 @@
package kvstore
import (
"github.com/grafana/grafana/pkg/plugins/backendplugin/secretsmanagerplugin"
)
type UseRemoteSecretsPluginCheck interface {
ShouldUseRemoteSecretsPlugin() bool
GetPlugin() (secretsmanagerplugin.SecretsManagerPlugin, error)
}
type OSSRemoteSecretsPluginCheck struct {
UseRemoteSecretsPluginCheck
}
func ProvideRemotePluginCheck() *OSSRemoteSecretsPluginCheck {
return &OSSRemoteSecretsPluginCheck{}
}
func (c *OSSRemoteSecretsPluginCheck) ShouldUseRemoteSecretsPlugin() bool {
return false
}
func (c *OSSRemoteSecretsPluginCheck) GetPlugin() (secretsmanagerplugin.SecretsManagerPlugin, error) {
return nil, nil
}