grafana/pkg/services/pluginsintegration/pluginconfig/config.go

package pluginconfig

import (
	"fmt"
	"strings"

	"github.com/grafana/grafana/pkg/util"

	"github.com/grafana/grafana-azure-sdk-go/v2/azsettings"

	"github.com/grafana/grafana/pkg/plugins/config"
	"github.com/grafana/grafana/pkg/services/featuremgmt"
	"github.com/grafana/grafana/pkg/setting"
)

// ProvidePluginManagementConfig returns a new config.PluginManagementCfg.
// It is used to provide configuration to Grafana's implementation of the plugin management system.
func ProvidePluginManagementConfig(cfg *setting.Cfg, settingProvider setting.Provider, features featuremgmt.FeatureToggles) (*config.PluginManagementCfg, error) {
	plugins := settingProvider.Section("plugins")
	allowedUnsigned := cfg.PluginsAllowUnsigned
	if len(plugins.KeyValue("allow_loading_unsigned_plugins").Value()) > 0 {
		allowedUnsigned = strings.Split(plugins.KeyValue("allow_loading_unsigned_plugins").Value(), ",")
	}

	return config.NewPluginManagementCfg(
		settingProvider.KeyValue("", "app_mode").MustBool(cfg.Env == setting.Dev),
		cfg.PluginsPath,
		extractPluginSettings(settingProvider),
		allowedUnsigned,
		cfg.PluginsCDNURLTemplate,
		cfg.AppURL,
		config.Features{
			ExternalCorePluginsEnabled: features.IsEnabledGlobally(featuremgmt.FlagExternalCorePlugins),
			SkipHostEnvVarsEnabled:     features.IsEnabledGlobally(featuremgmt.FlagPluginsSkipHostEnvVars),
			SriChecksEnabled:           features.IsEnabledGlobally(featuremgmt.FlagPluginsSriChecks),
		},
		cfg.AngularSupportEnabled,
		cfg.GrafanaComAPIURL,
		cfg.DisablePlugins,
		cfg.HideAngularDeprecation,
		cfg.ForwardHostEnvVars,
	), nil
}

// PluginInstanceCfg contains the configuration for a plugin instance.
// It is used to provide configuration to the plugin instance either via env vars or via each plugin request.
type PluginInstanceCfg struct {
	GrafanaAppURL string
	Features      featuremgmt.FeatureToggles

	Tracing config.Tracing

	PluginSettings setting.PluginSettings

	AWSAllowedAuthProviders   []string
	AWSAssumeRoleEnabled      bool
	AWSExternalId             string
	AWSSessionDuration        string
	AWSListMetricsPageLimit   string
	AWSForwardSettingsPlugins []string

	Azure            *azsettings.AzureSettings
	AzureAuthEnabled bool

	ProxySettings setting.SecureSocksDSProxySettings

	GrafanaVersion string

	ConcurrentQueryCount int
	ResponseLimit        int64

	UserFacingDefaultError string

	DataProxyRowLimit int64

	SQLDatasourceMaxOpenConnsDefault    int
	SQLDatasourceMaxIdleConnsDefault    int
	SQLDatasourceMaxConnLifetimeDefault int

	SigV4AuthEnabled    bool
	SigV4VerboseLogging bool
}

// ProvidePluginInstanceConfig returns a new PluginInstanceCfg.
func ProvidePluginInstanceConfig(cfg *setting.Cfg, settingProvider setting.Provider, features featuremgmt.FeatureToggles) (*PluginInstanceCfg, error) {
	aws := settingProvider.Section("aws")
	allowedAuth := cfg.AWSAllowedAuthProviders
	if len(aws.KeyValue("allowed_auth_providers").Value()) > 0 {
		allowedAuth = util.SplitString(aws.KeyValue("allowed_auth_providers").Value())
	}
	awsForwardSettingsPlugins := cfg.AWSForwardSettingsPlugins
	if len(aws.KeyValue("forward_settings_to_plugins").Value()) > 0 {
		awsForwardSettingsPlugins = util.SplitString(aws.KeyValue("forward_settings_to_plugins").Value())
	}

	tracingCfg, err := newTracingCfg(cfg)
	if err != nil {
		return nil, fmt.Errorf("new opentelemetry cfg: %w", err)
	}

	if cfg.Azure == nil {
		cfg.Azure = &azsettings.AzureSettings{}
	}

	return &PluginInstanceCfg{
		GrafanaAppURL:                       cfg.AppURL,
		Features:                            features,
		Tracing:                             tracingCfg,
		PluginSettings:                      extractPluginSettings(settingProvider),
		AWSAllowedAuthProviders:             allowedAuth,
		AWSAssumeRoleEnabled:                aws.KeyValue("assume_role_enabled").MustBool(cfg.AWSAssumeRoleEnabled),
		AWSExternalId:                       aws.KeyValue("external_id").Value(),
		AWSSessionDuration:                  aws.KeyValue("session_duration").Value(),
		AWSListMetricsPageLimit:             aws.KeyValue("list_metrics_page_limit").Value(),
		AWSForwardSettingsPlugins:           awsForwardSettingsPlugins,
		Azure:                               cfg.Azure,
		AzureAuthEnabled:                    cfg.Azure.AzureAuthEnabled,
		ProxySettings:                       cfg.SecureSocksDSProxy,
		GrafanaVersion:                      cfg.BuildVersion,
		ConcurrentQueryCount:                cfg.ConcurrentQueryCount,
		UserFacingDefaultError:              cfg.UserFacingDefaultError,
		DataProxyRowLimit:                   cfg.DataProxyRowLimit,
		SQLDatasourceMaxOpenConnsDefault:    cfg.SqlDatasourceMaxOpenConnsDefault,
		SQLDatasourceMaxIdleConnsDefault:    cfg.SqlDatasourceMaxIdleConnsDefault,
		SQLDatasourceMaxConnLifetimeDefault: cfg.SqlDatasourceMaxConnLifetimeDefault,
		ResponseLimit:                       cfg.ResponseLimit,
		SigV4AuthEnabled:                    cfg.SigV4AuthEnabled,
		SigV4VerboseLogging:                 cfg.SigV4VerboseLogging,
	}, nil
}

func extractPluginSettings(settingProvider setting.Provider) setting.PluginSettings {
	ps := setting.PluginSettings{}
	for sectionName, sectionCopy := range settingProvider.Current() {
		if !strings.HasPrefix(sectionName, "plugin.") {
			continue
		}
		// Calling Current() returns a redacted version of section. We need to replace the map values with the unredacted values.
		section := settingProvider.Section(sectionName)
		for k := range sectionCopy {
			sectionCopy[k] = section.KeyValue(k).MustString("")
		}
		pluginID := strings.Replace(sectionName, "plugin.", "", 1)
		ps[pluginID] = sectionCopy
	}

	return ps
}
Plugins: Refactor plugin config into separate env var and request scoped services (#83261) * seperate services for env + req * merge with main * fix tests * undo changes to golden file * fix linter * remove unused fields * split out new config struct * provide config * undo go mod changes * more renaming * fix tests * undo bra.toml changes * update go.work.sum * undo changes * trigger * apply PR feedback 2024-02-27 12:38:02 +01:00			`package pluginconfig`

			`import (`
			`"fmt"`
			`"strings"`

			`"github.com/grafana/grafana/pkg/util"`

Chore: Update grafana-azure-sdk-go (#84741) * Update grafana-azure-sdk-go * Update test 2024-03-19 14:56:40 +00:00			`"github.com/grafana/grafana-azure-sdk-go/v2/azsettings"`
Plugins: Refactor plugin config into separate env var and request scoped services (#83261) * seperate services for env + req * merge with main * fix tests * undo changes to golden file * fix linter * remove unused fields * split out new config struct * provide config * undo go mod changes * more renaming * fix tests * undo bra.toml changes * update go.work.sum * undo changes * trigger * apply PR feedback 2024-02-27 12:38:02 +01:00
			`"github.com/grafana/grafana/pkg/plugins/config"`
			`"github.com/grafana/grafana/pkg/services/featuremgmt"`
			`"github.com/grafana/grafana/pkg/setting"`
			`)`

			`// ProvidePluginManagementConfig returns a new config.PluginManagementCfg.`
			`// It is used to provide configuration to Grafana's implementation of the plugin management system.`
			`func ProvidePluginManagementConfig(cfg setting.Cfg, settingProvider setting.Provider, features featuremgmt.FeatureToggles) (config.PluginManagementCfg, error) {`
			`plugins := settingProvider.Section("plugins")`
			`allowedUnsigned := cfg.PluginsAllowUnsigned`
			`if len(plugins.KeyValue("allow_loading_unsigned_plugins").Value()) > 0 {`
			`allowedUnsigned = strings.Split(plugins.KeyValue("allow_loading_unsigned_plugins").Value(), ",")`
			`}`

			`return config.NewPluginManagementCfg(`
			`settingProvider.KeyValue("", "app_mode").MustBool(cfg.Env == setting.Dev),`
			`cfg.PluginsPath,`
			`extractPluginSettings(settingProvider),`
			`allowedUnsigned,`
			`cfg.PluginsCDNURLTemplate,`
			`cfg.AppURL,`
Plugins: Remove direct featuremgmt.FeatureToggles dependency from plugins config (#84482) 2024-03-15 10:58:51 +01:00			`config.Features{`
			`ExternalCorePluginsEnabled: features.IsEnabledGlobally(featuremgmt.FlagExternalCorePlugins),`
			`SkipHostEnvVarsEnabled: features.IsEnabledGlobally(featuremgmt.FlagPluginsSkipHostEnvVars),`
Plugins: Add Subresource Integrity checks (#93024) * Plugins: Pass hashes for SRI to frontend * Add SRI hashes to frontendsettings DTOs * Add docstring * TestSriHashes * Fix typo * Changed SriHashes to ModuleHash * update loader_test compareOpts * update ModuleHash error message * Add TestModuleHash/no_module.js * Add omitEmpty to moduleHash * Add ModuleHash to api/plugins/${pluginId}/settings * moved ModuleHash field * feat(plugins): add moduleHash to bootData and plugin types * feat(plugins): if moduleHash is available apply it to systemjs importmap * Calculate ModuleHash for CDN provisioned plugins * Add ModuleHash tests for TestCalculate * adjust test case name * removed .envrc * Fix signature verification failing for internal plugins * fix tests * Add pluginsFilesystemSriChecks feature togglemk * renamed FilesystemSriChecksEnabled * refactor(plugin_loader): prefer extending type declaration over ts-error * added a couple more tests * Removed unused features * Removed unused argument from signature.DefaultCalculator call * Removed unused argument from bootstrap.DefaultConstructFunc * Moved ModuleHash to pluginassets service * update docstring * lint * Removed cdn dependency from manifest.Signature * add tests * fix extra parameters in tests * "fix" tests * removed outdated test * removed unused cdn dependency in signature.DefaultCalculator * reduce diff * Cache returned values * Add support for deeply nested plugins (more than 1 hierarchy level) * simplify cache usage * refactor TestService_ModuleHash_Cache * removed unused testdata * re-generate feature toggles * use version for module hash cache * Renamed feature toggle to pluginsSriChecks and use it for both cdn and filesystem * Removed app/types/system-integrity.d.ts * re-generate feature toggles * re-generate feature toggles * feat(plugins): put systemjs integrity hash behind feature flag --------- Co-authored-by: Jack Westbrook <jack.westbrook@gmail.com> 2024-10-04 14:55:09 +02:00			`SriChecksEnabled: features.IsEnabledGlobally(featuremgmt.FlagPluginsSriChecks),`
Plugins: Remove direct featuremgmt.FeatureToggles dependency from plugins config (#84482) 2024-03-15 10:58:51 +01:00			`},`
Plugins: Refactor plugin config into separate env var and request scoped services (#83261) * seperate services for env + req * merge with main * fix tests * undo changes to golden file * fix linter * remove unused fields * split out new config struct * provide config * undo go mod changes * more renaming * fix tests * undo bra.toml changes * update go.work.sum * undo changes * trigger * apply PR feedback 2024-02-27 12:38:02 +01:00			`cfg.AngularSupportEnabled,`
Plugins: Make grafana-com API URL usage consistent (#86920) Plugins: Fix grafana-com API URL usage 2024-04-26 16:47:38 +02:00			`cfg.GrafanaComAPIURL,`
Plugins: Refactor plugin config into separate env var and request scoped services (#83261) * seperate services for env + req * merge with main * fix tests * undo changes to golden file * fix linter * remove unused fields * split out new config struct * provide config * undo go mod changes * more renaming * fix tests * undo bra.toml changes * update go.work.sum * undo changes * trigger * apply PR feedback 2024-02-27 12:38:02 +01:00			`cfg.DisablePlugins,`
			`cfg.HideAngularDeprecation,`
			`cfg.ForwardHostEnvVars,`
			`), nil`
			`}`

			`// PluginInstanceCfg contains the configuration for a plugin instance.`
			`// It is used to provide configuration to the plugin instance either via env vars or via each plugin request.`
			`type PluginInstanceCfg struct {`
			`GrafanaAppURL string`
			`Features featuremgmt.FeatureToggles`

			`Tracing config.Tracing`

			`PluginSettings setting.PluginSettings`

			`AWSAllowedAuthProviders []string`
			`AWSAssumeRoleEnabled bool`
			`AWSExternalId string`
			`AWSSessionDuration string`
			`AWSListMetricsPageLimit string`
			`AWSForwardSettingsPlugins []string`

			`Azure *azsettings.AzureSettings`
			`AzureAuthEnabled bool`

			`ProxySettings setting.SecureSocksDSProxySettings`

			`GrafanaVersion string`

			`ConcurrentQueryCount int`
Chore: Use response limit middleware from SDK (#83915) 2024-03-13 10:14:16 +01:00			`ResponseLimit int64`
Plugins: Refactor plugin config into separate env var and request scoped services (#83261) * seperate services for env + req * merge with main * fix tests * undo changes to golden file * fix linter * remove unused fields * split out new config struct * provide config * undo go mod changes * more renaming * fix tests * undo bra.toml changes * update go.work.sum * undo changes * trigger * apply PR feedback 2024-02-27 12:38:02 +01:00
			`UserFacingDefaultError string`

			`DataProxyRowLimit int64`

			`SQLDatasourceMaxOpenConnsDefault int`
			`SQLDatasourceMaxIdleConnsDefault int`
			`SQLDatasourceMaxConnLifetimeDefault int`
Chore: Use SigV4 middleware from aws-sdk (#84462) 2024-03-18 09:33:22 +01:00
			`SigV4AuthEnabled bool`
			`SigV4VerboseLogging bool`
Plugins: Refactor plugin config into separate env var and request scoped services (#83261) * seperate services for env + req * merge with main * fix tests * undo changes to golden file * fix linter * remove unused fields * split out new config struct * provide config * undo go mod changes * more renaming * fix tests * undo bra.toml changes * update go.work.sum * undo changes * trigger * apply PR feedback 2024-02-27 12:38:02 +01:00			`}`

			`// ProvidePluginInstanceConfig returns a new PluginInstanceCfg.`
			`func ProvidePluginInstanceConfig(cfg setting.Cfg, settingProvider setting.Provider, features featuremgmt.FeatureToggles) (PluginInstanceCfg, error) {`
			`aws := settingProvider.Section("aws")`
			`allowedAuth := cfg.AWSAllowedAuthProviders`
			`if len(aws.KeyValue("allowed_auth_providers").Value()) > 0 {`
			`allowedAuth = util.SplitString(aws.KeyValue("allowed_auth_providers").Value())`
			`}`
			`awsForwardSettingsPlugins := cfg.AWSForwardSettingsPlugins`
			`if len(aws.KeyValue("forward_settings_to_plugins").Value()) > 0 {`
			`awsForwardSettingsPlugins = util.SplitString(aws.KeyValue("forward_settings_to_plugins").Value())`
			`}`

			`tracingCfg, err := newTracingCfg(cfg)`
			`if err != nil {`
			`return nil, fmt.Errorf("new opentelemetry cfg: %w", err)`
			`}`

			`if cfg.Azure == nil {`
			`cfg.Azure = &azsettings.AzureSettings{}`
			`}`

			`return &PluginInstanceCfg{`
			`GrafanaAppURL: cfg.AppURL,`
			`Features: features,`
			`Tracing: tracingCfg,`
			`PluginSettings: extractPluginSettings(settingProvider),`
			`AWSAllowedAuthProviders: allowedAuth,`
			`AWSAssumeRoleEnabled: aws.KeyValue("assume_role_enabled").MustBool(cfg.AWSAssumeRoleEnabled),`
			`AWSExternalId: aws.KeyValue("external_id").Value(),`
			`AWSSessionDuration: aws.KeyValue("session_duration").Value(),`
			`AWSListMetricsPageLimit: aws.KeyValue("list_metrics_page_limit").Value(),`
			`AWSForwardSettingsPlugins: awsForwardSettingsPlugins,`
			`Azure: cfg.Azure,`
			`AzureAuthEnabled: cfg.Azure.AzureAuthEnabled,`
			`ProxySettings: cfg.SecureSocksDSProxy,`
			`GrafanaVersion: cfg.BuildVersion,`
			`ConcurrentQueryCount: cfg.ConcurrentQueryCount,`
			`UserFacingDefaultError: cfg.UserFacingDefaultError,`
			`DataProxyRowLimit: cfg.DataProxyRowLimit,`
			`SQLDatasourceMaxOpenConnsDefault: cfg.SqlDatasourceMaxOpenConnsDefault,`
			`SQLDatasourceMaxIdleConnsDefault: cfg.SqlDatasourceMaxIdleConnsDefault,`
			`SQLDatasourceMaxConnLifetimeDefault: cfg.SqlDatasourceMaxConnLifetimeDefault,`
Chore: Use response limit middleware from SDK (#83915) 2024-03-13 10:14:16 +01:00			`ResponseLimit: cfg.ResponseLimit,`
Chore: Use SigV4 middleware from aws-sdk (#84462) 2024-03-18 09:33:22 +01:00			`SigV4AuthEnabled: cfg.SigV4AuthEnabled,`
			`SigV4VerboseLogging: cfg.SigV4VerboseLogging,`
Plugins: Refactor plugin config into separate env var and request scoped services (#83261) * seperate services for env + req * merge with main * fix tests * undo changes to golden file * fix linter * remove unused fields * split out new config struct * provide config * undo go mod changes * more renaming * fix tests * undo bra.toml changes * update go.work.sum * undo changes * trigger * apply PR feedback 2024-02-27 12:38:02 +01:00			`}, nil`
			`}`

			`func extractPluginSettings(settingProvider setting.Provider) setting.PluginSettings {`
			`ps := setting.PluginSettings{}`
			`for sectionName, sectionCopy := range settingProvider.Current() {`
			`if !strings.HasPrefix(sectionName, "plugin.") {`
			`continue`
			`}`
			`// Calling Current() returns a redacted version of section. We need to replace the map values with the unredacted values.`
			`section := settingProvider.Section(sectionName)`
			`for k := range sectionCopy {`
			`sectionCopy[k] = section.KeyValue(k).MustString("")`
			`}`
			`pluginID := strings.Replace(sectionName, "plugin.", "", 1)`
			`ps[pluginID] = sectionCopy`
			`}`

			`return ps`
			`}`