grafana/pkg/api/pluginproxy/ds_auth_provider.go

package pluginproxy

import (
	"context"
	"fmt"
	"net/http"
	"net/url"
	"strings"

	"github.com/grafana/grafana/pkg/models"
	"github.com/grafana/grafana/pkg/plugins"
	"github.com/grafana/grafana/pkg/util"
	"golang.org/x/oauth2/google"
)

// ApplyRoute should use the plugin route data to set auth headers and custom headers.
func ApplyRoute(ctx context.Context, req *http.Request, proxyPath string, route *plugins.AppPluginRoute, ds *models.DataSource) {
	proxyPath = strings.TrimPrefix(proxyPath, route.Path)

	data := templateData{
		JsonData:       ds.JsonData.Interface().(map[string]interface{}),
		SecureJsonData: ds.SecureJsonData.Decrypt(),
	}

	if len(route.URL) > 0 {
		interpolatedURL, err := InterpolateString(route.URL, data)
		if err != nil {
			logger.Error("Error interpolating proxy url", "error", err)
			return
		}

		routeURL, err := url.Parse(interpolatedURL)
		if err != nil {
			logger.Error("Error parsing plugin route url", "error", err)
			return
		}

		req.URL.Scheme = routeURL.Scheme
		req.URL.Host = routeURL.Host
		req.Host = routeURL.Host
		req.URL.Path = util.JoinURLFragments(routeURL.Path, proxyPath)
	}

	if err := addQueryString(req, route, data); err != nil {
		logger.Error("Failed to render plugin URL query string", "error", err)
	}

	if err := addHeaders(&req.Header, route, data); err != nil {
		logger.Error("Failed to render plugin headers", "error", err)
	}

	tokenProvider := newAccessTokenProvider(ds, route)

	if route.TokenAuth != nil {
		if token, err := tokenProvider.getAccessToken(data); err != nil {
			logger.Error("Failed to get access token", "error", err)
		} else {
			req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token))
		}
	}

	authenticationType := ds.JsonData.Get("authenticationType").MustString("jwt")
	if route.JwtTokenAuth != nil && authenticationType == "jwt" {
		if token, err := tokenProvider.getJwtAccessToken(ctx, data); err != nil {
			logger.Error("Failed to get access token", "error", err)
		} else {
			req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token))
		}
	}

	if authenticationType == "gce" {
		tokenSrc, err := google.DefaultTokenSource(ctx, route.JwtTokenAuth.Scopes...)
		if err != nil {
			logger.Error("Failed to get default token from meta data server", "error", err)
		} else {
			token, err := tokenSrc.Token()
			if err != nil {
				logger.Error("Failed to get default access token from meta data server", "error", err)
			} else {
				req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token.AccessToken))
			}
		}
	}

	logger.Info("Requesting", "url", req.URL.String())
}

func addQueryString(req *http.Request, route *plugins.AppPluginRoute, data templateData) error {
	q := req.URL.Query()
	for _, param := range route.URLParams {
		interpolatedName, err := InterpolateString(param.Name, data)
		if err != nil {
			return err
		}

		interpolatedContent, err := InterpolateString(param.Content, data)
		if err != nil {
			return err
		}

		q.Add(interpolatedName, interpolatedContent)
	}
	req.URL.RawQuery = q.Encode()

	return nil
}

func addHeaders(reqHeaders *http.Header, route *plugins.AppPluginRoute, data templateData) error {
	for _, header := range route.Headers {
		interpolated, err := InterpolateString(header.Content, data)
		if err != nil {
			return err
		}
		reqHeaders.Add(header.Name, interpolated)
	}

	return nil
}
Stackdriver: Add new file 2018-09-10 09:59:29 -05:00			`package pluginproxy`

			`import (`
			`"context"`
			`"fmt"`
			`"net/http"`
			`"net/url"`
			`"strings"`

Chore: Avoid aliasing importing models in api package (#22492) 2020-03-04 05:57:20 -06:00			`"github.com/grafana/grafana/pkg/models"`
Stackdriver: Add new file 2018-09-10 09:59:29 -05:00			`"github.com/grafana/grafana/pkg/plugins"`
			`"github.com/grafana/grafana/pkg/util"`
stackdriver: only get default token from metadata server when applying route 2018-10-09 08:23:13 -05:00			`"golang.org/x/oauth2/google"`
Stackdriver: Add new file 2018-09-10 09:59:29 -05:00			`)`

Chore: Convert API tests to standard Go lib (#29009) * Chore: Convert tests to standard Go lib Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com> 2020-11-13 02:52:38 -06:00			`// ApplyRoute should use the plugin route data to set auth headers and custom headers.`
Chore: Avoid aliasing importing models in api package (#22492) 2020-03-04 05:57:20 -06:00			`func ApplyRoute(ctx context.Context, req http.Request, proxyPath string, route plugins.AppPluginRoute, ds *models.DataSource) {`
Stackdriver: Add new file 2018-09-10 09:59:29 -05:00			`proxyPath = strings.TrimPrefix(proxyPath, route.Path)`

			`data := templateData{`
			`JsonData: ds.JsonData.Interface().(map[string]interface{}),`
			`SecureJsonData: ds.SecureJsonData.Decrypt(),`
			`}`

DataProxy: Ignore empty URL's in plugin routes (#27653) This adds a check to see if plugin route URL is empty, and in such case does not modify request schema and host of the request to be proxied. This behavior is now the same as in the plugin proxy. 2020-09-18 06:22:07 -05:00			`if len(route.URL) > 0 {`
			`interpolatedURL, err := InterpolateString(route.URL, data)`
			`if err != nil {`
			`logger.Error("Error interpolating proxy url", "error", err)`
			`return`
			`}`

			`routeURL, err := url.Parse(interpolatedURL)`
			`if err != nil {`
			`logger.Error("Error parsing plugin route url", "error", err)`
			`return`
			`}`

			`req.URL.Scheme = routeURL.Scheme`
			`req.URL.Host = routeURL.Host`
			`req.Host = routeURL.Host`
			`req.URL.Path = util.JoinURLFragments(routeURL.Path, proxyPath)`
Stackdriver: Add new file 2018-09-10 09:59:29 -05:00			`}`

dsproxy: adds support for url params for plugin routes (#23503) * dsproxy: adds support for url params for plugin routes * docs: fixes after review * pluginproxy: rename Params to URLParams * Update pkg/plugins/app_plugin.go Co-Authored-By: Arve Knudsen <arve.knudsen@gmail.com> * Apply suggestions from code review Co-Authored-By: Diana Payton <52059945+oddlittlebird@users.noreply.github.com> Co-Authored-By: Arve Knudsen <arve.knudsen@gmail.com> * pluginproxy: rename struct Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com> 2020-04-24 03:32:13 -05:00			`if err := addQueryString(req, route, data); err != nil {`
			`logger.Error("Failed to render plugin URL query string", "error", err)`
			`}`

Stackdriver: Add new file 2018-09-10 09:59:29 -05:00			`if err := addHeaders(&req.Header, route, data); err != nil {`
			`logger.Error("Failed to render plugin headers", "error", err)`
			`}`

invalidate access token cache after datasource is updated 2018-09-21 07:24:44 -05:00			`tokenProvider := newAccessTokenProvider(ds, route)`
Stackdriver: Add new file 2018-09-10 09:59:29 -05:00
			`if route.TokenAuth != nil {`
			`if token, err := tokenProvider.getAccessToken(data); err != nil {`
			`logger.Error("Failed to get access token", "error", err)`
			`} else {`
dataproxy: Override incoming Authorization header 2018-11-30 13:12:55 -06:00			`req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token))`
Stackdriver: Add new file 2018-09-10 09:59:29 -05:00			`}`
			`}`

stackdriver: add default value for authentication type 2018-10-09 09:36:45 -05:00			`authenticationType := ds.JsonData.Get("authenticationType").MustString("jwt")`
stackdriver: wip - remove debug code 2018-10-09 09:28:04 -05:00			`if route.JwtTokenAuth != nil && authenticationType == "jwt" {`
stackdriver: wip - add logic for retrieving token from gce metadata server in the auth provider 2018-10-08 06:49:27 -05:00			`if token, err := tokenProvider.getJwtAccessToken(ctx, data); err != nil {`
			`logger.Error("Failed to get access token", "error", err)`
			`} else {`
dataproxy: Override incoming Authorization header 2018-11-30 13:12:55 -06:00			`req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token))`
stackdriver: wip - add logic for retrieving token from gce metadata server in the auth provider 2018-10-08 06:49:27 -05:00			`}`
			`}`

stackdriver: wip - remove debug code 2018-10-09 09:28:04 -05:00			`if authenticationType == "gce" {`
stackdriver: only get default token from metadata server when applying route 2018-10-09 08:23:13 -05:00			`tokenSrc, err := google.DefaultTokenSource(ctx, route.JwtTokenAuth.Scopes...)`
stackdriver: WIP - test retrieving project id from gce metadata 2018-10-03 10:08:13 -05:00			`if err != nil {`
stackdriver: only get default token from metadata server when applying route 2018-10-09 08:23:13 -05:00			`logger.Error("Failed to get default token from meta data server", "error", err)`
stackdriver: WIP - test retrieving project id from gce metadata 2018-10-03 10:08:13 -05:00			`} else {`
stackdriver: only get default token from metadata server when applying route 2018-10-09 08:23:13 -05:00			`token, err := tokenSrc.Token()`
stackdriver: WIP - test retrieving project id from gce metadata 2018-10-03 10:08:13 -05:00			`if err != nil {`
stackdriver: only get default token from metadata server when applying route 2018-10-09 08:23:13 -05:00			`logger.Error("Failed to get default access token from meta data server", "error", err)`
stackdriver: WIP - test retrieving project id from gce metadata 2018-10-03 10:08:13 -05:00			`} else {`
dataproxy: Override incoming Authorization header 2018-11-30 13:12:55 -06:00			`req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token.AccessToken))`
stackdriver: WIP - test retrieving project id from gce metadata 2018-10-03 10:08:13 -05:00			`}`
			`}`
			`}`

Stackdriver: Add new file 2018-09-10 09:59:29 -05:00			`logger.Info("Requesting", "url", req.URL.String())`
			`}`

dsproxy: adds support for url params for plugin routes (#23503) * dsproxy: adds support for url params for plugin routes * docs: fixes after review * pluginproxy: rename Params to URLParams * Update pkg/plugins/app_plugin.go Co-Authored-By: Arve Knudsen <arve.knudsen@gmail.com> * Apply suggestions from code review Co-Authored-By: Diana Payton <52059945+oddlittlebird@users.noreply.github.com> Co-Authored-By: Arve Knudsen <arve.knudsen@gmail.com> * pluginproxy: rename struct Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com> 2020-04-24 03:32:13 -05:00			`func addQueryString(req http.Request, route plugins.AppPluginRoute, data templateData) error {`
			`q := req.URL.Query()`
			`for _, param := range route.URLParams {`
			`interpolatedName, err := InterpolateString(param.Name, data)`
			`if err != nil {`
			`return err`
			`}`

			`interpolatedContent, err := InterpolateString(param.Content, data)`
			`if err != nil {`
			`return err`
			`}`

			`q.Add(interpolatedName, interpolatedContent)`
			`}`
			`req.URL.RawQuery = q.Encode()`

			`return nil`
			`}`

Stackdriver: Add new file 2018-09-10 09:59:29 -05:00			`func addHeaders(reqHeaders http.Header, route plugins.AppPluginRoute, data templateData) error {`
			`for _, header := range route.Headers {`
Plugins: Support templated urls in routes (#16599) This adds support for using templated/dynamic urls in routes. * refactor interpolateString into utils and add interpolation support for app plugin routes. * cleanup and add error check for url parse failure * add docs for interpolated route urls Closes #16835 2019-05-07 11:55:39 -05:00			`interpolated, err := InterpolateString(header.Content, data)`
Stackdriver: Add new file 2018-09-10 09:59:29 -05:00			`if err != nil {`
			`return err`
			`}`
			`reqHeaders.Add(header.Name, interpolated)`
			`}`

			`return nil`
			`}`