IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-20 11:48:34 -06:00
Code Issues Packages Projects Releases Wiki Activity
6ed60c0bec
grafana/pkg/models/datasource_cache.go

293 lines
7.7 KiB
Go
Raw Normal View History

Use cache for http.client in tsdb package. (#6833) * datasource: move caching closer to datasource struct * tsdb: use cached version of datasource http transport closes #6825
2016-12-07 04:10:42 -06:00
package models
import (
"crypto/tls"
Datasource: Add custom headers on alerting queries (#19508) * Add custom headers on alerting queries Reference issue #15381 Signed-off-by: Martin Schneppenheim <martin.schneppenheim@rewe-digital.com> * Fix datasource transport tests * Migrate decrypting header test to models pkg * Check correct header * Add HTTP transport test Fixes #15381
2019-10-11 07:28:52 -05:00
"fmt"
Use cache for http.client in tsdb package. (#6833) * datasource: move caching closer to datasource struct * tsdb: use cached version of datasource http transport closes #6825
2016-12-07 04:10:42 -06:00
"net/http"
Datasource: Fix storing timeout option as numeric (#35441) #31871 introduced support for configuring timeout in seconds for HTTP data sources. That had a bug where backend expected a numeric timeout value where it was actually stored as a string. This should resolve this by requiring input to be numbers, storing input as numeric and falling back to string value if there's no numeric value. Ref #31871
2021-06-10 03:27:14 -05:00
"strconv"
Use cache for http.client in tsdb package. (#6833) * datasource: move caching closer to datasource struct * tsdb: use cached version of datasource http transport closes #6825
2016-12-07 04:10:42 -06:00
"sync"
"time"
revert ds_proxy timeout and implement dataproxy timeout correctly
2019-02-11 06:42:05 -06:00
Datasource: Shared HTTP client provider for core backend data sources and any data source using the data source proxy (#33439) Uses new httpclient package from grafana-plugin-sdk-go introduced via grafana/grafana-plugin-sdk-go#328. Replaces the GetHTTPClient, GetTransport, GetTLSConfig methods defined on DataSource model. Longer-term the goal is to migrate core HTTP backend data sources to use the SDK contracts and using httpclient.Provider for creating HTTP clients and such. Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-05-19 16:53:41 -05:00
sdkhttpclient "github.com/grafana/grafana-plugin-sdk-go/backend/httpclient"
"github.com/grafana/grafana/pkg/components/simplejson"
"github.com/grafana/grafana/pkg/infra/httpclient"
fix with global config state (#37293)
2021-08-17 05:16:34 -05:00
"github.com/grafana/grafana/pkg/setting"
Infra: Azure authentication in HttpClientProvider (#36932) * Azure middleware in HttpClientProxy * Azure authentication under feature flag * Minor fixes * Add prefixes to not clash with JsonData * Return error if JsonData cannot be parsed * Return original string if URL invalid * Tests for datasource_cache
2021-07-22 15:43:10 -05:00
"github.com/grafana/grafana/pkg/tsdb/azuremonitor/azcredentials"
Instrumentation: Adds instrumentation for outgoing datasource requests (#27427)
2020-09-09 00:47:05 -05:00
)
Add timeout option to datasource config (#31871)
2021-04-07 09:46:19 -05:00
func (ds *DataSource) getTimeout() time.Duration {
timeout := 0
if ds.JsonData != nil {
timeout = ds.JsonData.Get("timeout").MustInt()
Datasource: Fix storing timeout option as numeric (#35441) #31871 introduced support for configuring timeout in seconds for HTTP data sources. That had a bug where backend expected a numeric timeout value where it was actually stored as a string. This should resolve this by requiring input to be numbers, storing input as numeric and falling back to string value if there's no numeric value. Ref #31871
2021-06-10 03:27:14 -05:00
if timeout <= 0 {
if timeoutStr := ds.JsonData.Get("timeout").MustString(); timeoutStr != "" {
if t, err := strconv.Atoi(timeoutStr); err == nil {
timeout = t
}
}
}
Add timeout option to datasource config (#31871)
2021-04-07 09:46:19 -05:00
}
Datasource: Fix storing timeout option as numeric (#35441) #31871 introduced support for configuring timeout in seconds for HTTP data sources. That had a bug where backend expected a numeric timeout value where it was actually stored as a string. This should resolve this by requiring input to be numbers, storing input as numeric and falling back to string value if there's no numeric value. Ref #31871
2021-06-10 03:27:14 -05:00
if timeout <= 0 {
Datasource: Improve default timeout settings for HTTP client provider (#36621) Make sure that default timeout settings are based on configuration parameters. This now applies for core data sources using old TSDB contracts and new SDK contracts. Before it was only applied for old TSDB contracts. Also moves global setting variables to non-global (setting.Cfg).
2021-07-15 07:30:06 -05:00
return sdkhttpclient.DefaultTimeoutOptions.Timeout
Add timeout option to datasource config (#31871)
2021-04-07 09:46:19 -05:00
}
Datasource: Improve default timeout settings for HTTP client provider (#36621) Make sure that default timeout settings are based on configuration parameters. This now applies for core data sources using old TSDB contracts and new SDK contracts. Before it was only applied for old TSDB contracts. Also moves global setting variables to non-global (setting.Cfg).
2021-07-15 07:30:06 -05:00
Add timeout option to datasource config (#31871)
2021-04-07 09:46:19 -05:00
return time.Duration(timeout) * time.Second
}
Datasource: Shared HTTP client provider for core backend data sources and any data source using the data source proxy (#33439) Uses new httpclient package from grafana-plugin-sdk-go introduced via grafana/grafana-plugin-sdk-go#328. Replaces the GetHTTPClient, GetTransport, GetTLSConfig methods defined on DataSource model. Longer-term the goal is to migrate core HTTP backend data sources to use the SDK contracts and using httpclient.Provider for creating HTTP clients and such. Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-05-19 16:53:41 -05:00
type proxyTransportCache struct {
cache map[int64]cachedRoundTripper
sync.Mutex
}
type cachedRoundTripper struct {
updated time.Time
roundTripper http.RoundTripper
}
var ptc = proxyTransportCache{
cache: make(map[int64]cachedRoundTripper),
}
func (ds *DataSource) GetHTTPClient(provider httpclient.Provider) (*http.Client, error) {
transport, err := ds.GetHTTPTransport(provider)
Use cache for http.client in tsdb package. (#6833) * datasource: move caching closer to datasource struct * tsdb: use cached version of datasource http transport closes #6825
2016-12-07 04:10:42 -06:00
if err != nil {
return nil, err
}
return &http.Client{
Add timeout option to datasource config (#31871)
2021-04-07 09:46:19 -05:00
Timeout: ds.getTimeout(),
Use cache for http.client in tsdb package. (#6833) * datasource: move caching closer to datasource struct * tsdb: use cached version of datasource http transport closes #6825
2016-12-07 04:10:42 -06:00
Transport: transport,
}, nil
}
Chore: Refactor Prometheus HTTP client middleware (#34473) Following #33439 this refactors the Prometheus HTTP transport which is replaced by HTTP client middleware.
2021-05-27 05:43:21 -05:00
func (ds *DataSource) GetHTTPTransport(provider httpclient.Provider, customMiddlewares ...sdkhttpclient.Middleware) (http.RoundTripper, error) {
Use cache for http.client in tsdb package. (#6833) * datasource: move caching closer to datasource struct * tsdb: use cached version of datasource http transport closes #6825
2016-12-07 04:10:42 -06:00
ptc.Lock()
defer ptc.Unlock()
if t, present := ptc.cache[ds.Id]; present && ds.Updated.Equal(t.updated) {
Datasource: Shared HTTP client provider for core backend data sources and any data source using the data source proxy (#33439) Uses new httpclient package from grafana-plugin-sdk-go introduced via grafana/grafana-plugin-sdk-go#328. Replaces the GetHTTPClient, GetTransport, GetTLSConfig methods defined on DataSource model. Longer-term the goal is to migrate core HTTP backend data sources to use the SDK contracts and using httpclient.Provider for creating HTTP clients and such. Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-05-19 16:53:41 -05:00
return t.roundTripper, nil
Use cache for http.client in tsdb package. (#6833) * datasource: move caching closer to datasource struct * tsdb: use cached version of datasource http transport closes #6825
2016-12-07 04:10:42 -06:00
}
Infra: Azure authentication in HttpClientProvider (#36932) * Azure middleware in HttpClientProxy * Azure authentication under feature flag * Minor fixes * Add prefixes to not clash with JsonData * Return error if JsonData cannot be parsed * Return original string if URL invalid * Tests for datasource_cache
2021-07-22 15:43:10 -05:00
opts, err := ds.HTTPClientOptions()
if err != nil {
return nil, err
}
Chore: Refactor Prometheus HTTP client middleware (#34473) Following #33439 this refactors the Prometheus HTTP transport which is replaced by HTTP client middleware.
2021-05-27 05:43:21 -05:00
opts.Middlewares = customMiddlewares
Infra: Azure authentication in HttpClientProvider (#36932) * Azure middleware in HttpClientProxy * Azure authentication under feature flag * Minor fixes * Add prefixes to not clash with JsonData * Return error if JsonData cannot be parsed * Return original string if URL invalid * Tests for datasource_cache
2021-07-22 15:43:10 -05:00
rt, err := provider.GetTransport(*opts)
extract parsing of datasource tls config to method
2019-01-28 12:38:56 -06:00
if err != nil {
return nil, err
Datasource HTTP settings: Add TLS skip verify In c04d95f35 I changed the default for datasource HTTP requests so that TLS is always verified. This commit adds a checkbox to allow an admin to explicitly skip TLS verification, for testing purposes.
2017-09-28 08:10:14 -05:00
}
Datasource: Shared HTTP client provider for core backend data sources and any data source using the data source proxy (#33439) Uses new httpclient package from grafana-plugin-sdk-go introduced via grafana/grafana-plugin-sdk-go#328. Replaces the GetHTTPClient, GetTransport, GetTLSConfig methods defined on DataSource model. Longer-term the goal is to migrate core HTTP backend data sources to use the SDK contracts and using httpclient.Provider for creating HTTP clients and such. Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-05-19 16:53:41 -05:00
ptc.cache[ds.Id] = cachedRoundTripper{
roundTripper: rt,
updated: ds.Updated,
Use cache for http.client in tsdb package. (#6833) * datasource: move caching closer to datasource struct * tsdb: use cached version of datasource http transport closes #6825
2016-12-07 04:10:42 -06:00
}
Datasource: Shared HTTP client provider for core backend data sources and any data source using the data source proxy (#33439) Uses new httpclient package from grafana-plugin-sdk-go introduced via grafana/grafana-plugin-sdk-go#328. Replaces the GetHTTPClient, GetTransport, GetTLSConfig methods defined on DataSource model. Longer-term the goal is to migrate core HTTP backend data sources to use the SDK contracts and using httpclient.Provider for creating HTTP clients and such. Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-05-19 16:53:41 -05:00
return rt, nil
}
Auth: Add Sigv4 auth option to datasources (#27552) * create transport chain * add frontend * remove log * inline field updates * allow ARN, Credentials + Keys auth in frontend * configure credentials * add tests and refactor * update frontend json field names * fix tests * fix comment * add app config flag * refactor tests * add return field for tests * add flag for UI display * update comment * move logic * fix config * pass config through props * update docs * pr feedback and add docs coverage * shorten settings filename * fix imports * revert docs changes * remove log line * wrap up next as round tripper * only propagate required config * remove unused import * remove ARN option and replace with default chain * make ARN role assume as supplemental * update docs * refactor flow * sign body when necessary * remove unnecessary wrapper * remove newline * Apply suggestions from code review * PR fixes Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-10-08 03:03:20 -05:00
Infra: Azure authentication in HttpClientProvider (#36932) * Azure middleware in HttpClientProxy * Azure authentication under feature flag * Minor fixes * Add prefixes to not clash with JsonData * Return error if JsonData cannot be parsed * Return original string if URL invalid * Tests for datasource_cache
2021-07-22 15:43:10 -05:00
func (ds *DataSource) HTTPClientOptions() (*sdkhttpclient.Options, error) {
Datasource: Shared HTTP client provider for core backend data sources and any data source using the data source proxy (#33439) Uses new httpclient package from grafana-plugin-sdk-go introduced via grafana/grafana-plugin-sdk-go#328. Replaces the GetHTTPClient, GetTransport, GetTLSConfig methods defined on DataSource model. Longer-term the goal is to migrate core HTTP backend data sources to use the SDK contracts and using httpclient.Provider for creating HTTP clients and such. Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-05-19 16:53:41 -05:00
tlsOptions := ds.TLSOptions()
HTTP Client: Introduce `dataproxy_max_idle_connections` config variable (#35864) * Introduce dataproxy_max_idle_connections config var * Fix according to reviewer's comments * Fix according to reviewer's comments - round 2 * Remove unused const * Bring back MaxIdleConnsPerHost * Fixes according to reviewer's comments
2021-07-07 05:13:53 -05:00
timeouts := &sdkhttpclient.TimeoutOptions{
Timeout: ds.getTimeout(),
Datasource: Improve default timeout settings for HTTP client provider (#36621) Make sure that default timeout settings are based on configuration parameters. This now applies for core data sources using old TSDB contracts and new SDK contracts. Before it was only applied for old TSDB contracts. Also moves global setting variables to non-global (setting.Cfg).
2021-07-15 07:30:06 -05:00
DialTimeout: sdkhttpclient.DefaultTimeoutOptions.DialTimeout,
KeepAlive: sdkhttpclient.DefaultTimeoutOptions.KeepAlive,
TLSHandshakeTimeout: sdkhttpclient.DefaultTimeoutOptions.TLSHandshakeTimeout,
ExpectContinueTimeout: sdkhttpclient.DefaultTimeoutOptions.ExpectContinueTimeout,
MaxConnsPerHost: sdkhttpclient.DefaultTimeoutOptions.MaxConnsPerHost,
MaxIdleConns: sdkhttpclient.DefaultTimeoutOptions.MaxIdleConns,
MaxIdleConnsPerHost: sdkhttpclient.DefaultTimeoutOptions.MaxIdleConnsPerHost,
IdleConnTimeout: sdkhttpclient.DefaultTimeoutOptions.IdleConnTimeout,
HTTP Client: Introduce `dataproxy_max_idle_connections` config variable (#35864) * Introduce dataproxy_max_idle_connections config var * Fix according to reviewer's comments * Fix according to reviewer's comments - round 2 * Remove unused const * Bring back MaxIdleConnsPerHost * Fixes according to reviewer's comments
2021-07-07 05:13:53 -05:00
}
Infra: Azure authentication in HttpClientProvider (#36932) * Azure middleware in HttpClientProxy * Azure authentication under feature flag * Minor fixes * Add prefixes to not clash with JsonData * Return error if JsonData cannot be parsed * Return original string if URL invalid * Tests for datasource_cache
2021-07-22 15:43:10 -05:00
opts := &sdkhttpclient.Options{
HTTP Client: Introduce `dataproxy_max_idle_connections` config variable (#35864) * Introduce dataproxy_max_idle_connections config var * Fix according to reviewer's comments * Fix according to reviewer's comments - round 2 * Remove unused const * Bring back MaxIdleConnsPerHost * Fixes according to reviewer's comments
2021-07-07 05:13:53 -05:00
Timeouts: timeouts,
Headers: getCustomHeaders(ds.JsonData, ds.DecryptedValues()),
Datasource: Shared HTTP client provider for core backend data sources and any data source using the data source proxy (#33439) Uses new httpclient package from grafana-plugin-sdk-go introduced via grafana/grafana-plugin-sdk-go#328. Replaces the GetHTTPClient, GetTransport, GetTLSConfig methods defined on DataSource model. Longer-term the goal is to migrate core HTTP backend data sources to use the SDK contracts and using httpclient.Provider for creating HTTP clients and such. Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-05-19 16:53:41 -05:00
Labels: map[string]string{
"datasource_name": ds.Name,
"datasource_uid": ds.Uid,
},
TLS: &tlsOptions,
Auth: Add Sigv4 auth option to datasources (#27552) * create transport chain * add frontend * remove log * inline field updates * allow ARN, Credentials + Keys auth in frontend * configure credentials * add tests and refactor * update frontend json field names * fix tests * fix comment * add app config flag * refactor tests * add return field for tests * add flag for UI display * update comment * move logic * fix config * pass config through props * update docs * pr feedback and add docs coverage * shorten settings filename * fix imports * revert docs changes * remove log line * wrap up next as round tripper * only propagate required config * remove unused import * remove ARN option and replace with default chain * make ARN role assume as supplemental * update docs * refactor flow * sign body when necessary * remove unnecessary wrapper * remove newline * Apply suggestions from code review * PR fixes Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-10-08 03:03:20 -05:00
}
Datasource: Shared HTTP client provider for core backend data sources and any data source using the data source proxy (#33439) Uses new httpclient package from grafana-plugin-sdk-go introduced via grafana/grafana-plugin-sdk-go#328. Replaces the GetHTTPClient, GetTransport, GetTLSConfig methods defined on DataSource model. Longer-term the goal is to migrate core HTTP backend data sources to use the SDK contracts and using httpclient.Provider for creating HTTP clients and such. Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-05-19 16:53:41 -05:00
if ds.JsonData != nil {
opts.CustomOptions = ds.JsonData.MustMap()
Datasource: Add custom headers on alerting queries (#19508) * Add custom headers on alerting queries Reference issue #15381 Signed-off-by: Martin Schneppenheim <martin.schneppenheim@rewe-digital.com> * Fix datasource transport tests * Migrate decrypting header test to models pkg * Check correct header * Add HTTP transport test Fixes #15381
2019-10-11 07:28:52 -05:00
}
Datasource: Shared HTTP client provider for core backend data sources and any data source using the data source proxy (#33439) Uses new httpclient package from grafana-plugin-sdk-go introduced via grafana/grafana-plugin-sdk-go#328. Replaces the GetHTTPClient, GetTransport, GetTLSConfig methods defined on DataSource model. Longer-term the goal is to migrate core HTTP backend data sources to use the SDK contracts and using httpclient.Provider for creating HTTP clients and such. Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-05-19 16:53:41 -05:00
if ds.BasicAuth {
opts.BasicAuth = &sdkhttpclient.BasicAuthOptions{
User: ds.BasicAuthUser,
Password: ds.DecryptedBasicAuthPassword(),
}
} else if ds.User != "" {
opts.BasicAuth = &sdkhttpclient.BasicAuthOptions{
User: ds.User,
Password: ds.DecryptedPassword(),
}
extract parsing of datasource tls config to method
2019-01-28 12:38:56 -06:00
}
Infra: Azure authentication in HttpClientProvider (#36932) * Azure middleware in HttpClientProxy * Azure authentication under feature flag * Minor fixes * Add prefixes to not clash with JsonData * Return error if JsonData cannot be parsed * Return original string if URL invalid * Tests for datasource_cache
2021-07-22 15:43:10 -05:00
if ds.JsonData != nil && ds.JsonData.Get("azureAuth").MustBool() {
credentials, err := azcredentials.FromDatasourceData(ds.JsonData.MustMap(), ds.DecryptedValues())
if err != nil {
err = fmt.Errorf("invalid Azure credentials: %s", err)
return nil, err
}
opts.CustomOptions["_azureAuth"] = true
if credentials != nil {
opts.CustomOptions["_azureCredentials"] = credentials
}
}
fix with global config state (#37293)
2021-08-17 05:16:34 -05:00
if ds.JsonData != nil && ds.JsonData.Get("sigV4Auth").MustBool(false) && setting.SigV4AuthEnabled {
Datasource: Shared HTTP client provider for core backend data sources and any data source using the data source proxy (#33439) Uses new httpclient package from grafana-plugin-sdk-go introduced via grafana/grafana-plugin-sdk-go#328. Replaces the GetHTTPClient, GetTransport, GetTLSConfig methods defined on DataSource model. Longer-term the goal is to migrate core HTTP backend data sources to use the SDK contracts and using httpclient.Provider for creating HTTP clients and such. Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-05-19 16:53:41 -05:00
opts.SigV4 = &sdkhttpclient.SigV4Config{
Auth: Use SigV4 lib from grafana-aws-sdk (#30713) * replace with lib * remove test + apply feedback
2021-02-01 09:07:27 -06:00
Service: awsServiceNamespace(ds.Type),
Region: ds.JsonData.Get("sigV4Region").MustString(),
AssumeRoleARN: ds.JsonData.Get("sigV4AssumeRoleArn").MustString(),
AuthType: ds.JsonData.Get("sigV4AuthType").MustString(),
ExternalID: ds.JsonData.Get("sigV4ExternalId").MustString(),
Profile: ds.JsonData.Get("sigV4Profile").MustString(),
Datasource: Shared HTTP client provider for core backend data sources and any data source using the data source proxy (#33439) Uses new httpclient package from grafana-plugin-sdk-go introduced via grafana/grafana-plugin-sdk-go#328. Replaces the GetHTTPClient, GetTransport, GetTLSConfig methods defined on DataSource model. Longer-term the goal is to migrate core HTTP backend data sources to use the SDK contracts and using httpclient.Provider for creating HTTP clients and such. Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-05-19 16:53:41 -05:00
}
if val, exists := ds.DecryptedValue("sigV4AccessKey"); exists {
opts.SigV4.AccessKey = val
}
if val, exists := ds.DecryptedValue("sigV4SecretKey"); exists {
opts.SigV4.SecretKey = val
}
}
Infra: Azure authentication in HttpClientProvider (#36932) * Azure middleware in HttpClientProxy * Azure authentication under feature flag * Minor fixes * Add prefixes to not clash with JsonData * Return error if JsonData cannot be parsed * Return original string if URL invalid * Tests for datasource_cache
2021-07-22 15:43:10 -05:00
return opts, nil
Auth: Add Sigv4 auth option to datasources (#27552) * create transport chain * add frontend * remove log * inline field updates * allow ARN, Credentials + Keys auth in frontend * configure credentials * add tests and refactor * update frontend json field names * fix tests * fix comment * add app config flag * refactor tests * add return field for tests * add flag for UI display * update comment * move logic * fix config * pass config through props * update docs * pr feedback and add docs coverage * shorten settings filename * fix imports * revert docs changes * remove log line * wrap up next as round tripper * only propagate required config * remove unused import * remove ARN option and replace with default chain * make ARN role assume as supplemental * update docs * refactor flow * sign body when necessary * remove unnecessary wrapper * remove newline * Apply suggestions from code review * PR fixes Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-10-08 03:03:20 -05:00
}
Datasource: Shared HTTP client provider for core backend data sources and any data source using the data source proxy (#33439) Uses new httpclient package from grafana-plugin-sdk-go introduced via grafana/grafana-plugin-sdk-go#328. Replaces the GetHTTPClient, GetTransport, GetTLSConfig methods defined on DataSource model. Longer-term the goal is to migrate core HTTP backend data sources to use the SDK contracts and using httpclient.Provider for creating HTTP clients and such. Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-05-19 16:53:41 -05:00
func (ds *DataSource) TLSOptions() sdkhttpclient.TLSOptions {
extract parsing of datasource tls config to method
2019-01-28 12:38:56 -06:00
var tlsSkipVerify, tlsClientAuth, tlsAuthWithCACert bool
DataSourceSettings: Add servername field to DataSource TLS config (#29279) * DataSourceSettings: Add servername field to DataSource TLS config A DNS lookup URL can be provided in the DataSource URL field in order to dynamically load balance between multiple instances of a DataSource. When using mutual TLS, Golang's TLS config implementation checks that the certificate's common name (< 1.15) or subject alternative name (>= 1.15) has the same value as the domain being accessed. If the DNS entry is dynamically generated for a specific environment, the certificate cannot be generated with a name matching the dynamic DNS URL. As such, Golang offers a servername field that can be set to overwrite what value is used when checking against the certificate's common name (or subject alternative name). Without this change, Skip TLS Verify must be set to true in order for the DataSource to work, removing some of the benefits gained by using mutual TLS. This commit adds the ability to set Grafana's internal Golang TLS config servername field from the UI or a provisioned DataSource. The servername field is optional and the existing behavior is retained if the field is not set. Co-authored-by: Dana Pruitt <dpruitt@vmware.com> Co-authored-by: Jeremy Alvis <jalvis@pivotal.io> * Update docs with PR review changes Co-authored-by: Jeremy Alvis <jalvis@pivotal.io> Co-authored-by: Dana Pruitt <dpruitt@vmware.com> * Update with additional PR requested changes * Minor updates based on PR change requests Co-authored-by: Dana Pruitt <dpruitt@vmware.com>
2020-12-10 09:07:05 -06:00
var serverName string
extract parsing of datasource tls config to method
2019-01-28 12:38:56 -06:00
if ds.JsonData != nil {
tlsClientAuth = ds.JsonData.Get("tlsAuth").MustBool(false)
tlsAuthWithCACert = ds.JsonData.Get("tlsAuthWithCACert").MustBool(false)
tlsSkipVerify = ds.JsonData.Get("tlsSkipVerify").MustBool(false)
DataSourceSettings: Add servername field to DataSource TLS config (#29279) * DataSourceSettings: Add servername field to DataSource TLS config A DNS lookup URL can be provided in the DataSource URL field in order to dynamically load balance between multiple instances of a DataSource. When using mutual TLS, Golang's TLS config implementation checks that the certificate's common name (< 1.15) or subject alternative name (>= 1.15) has the same value as the domain being accessed. If the DNS entry is dynamically generated for a specific environment, the certificate cannot be generated with a name matching the dynamic DNS URL. As such, Golang offers a servername field that can be set to overwrite what value is used when checking against the certificate's common name (or subject alternative name). Without this change, Skip TLS Verify must be set to true in order for the DataSource to work, removing some of the benefits gained by using mutual TLS. This commit adds the ability to set Grafana's internal Golang TLS config servername field from the UI or a provisioned DataSource. The servername field is optional and the existing behavior is retained if the field is not set. Co-authored-by: Dana Pruitt <dpruitt@vmware.com> Co-authored-by: Jeremy Alvis <jalvis@pivotal.io> * Update docs with PR review changes Co-authored-by: Jeremy Alvis <jalvis@pivotal.io> Co-authored-by: Dana Pruitt <dpruitt@vmware.com> * Update with additional PR requested changes * Minor updates based on PR change requests Co-authored-by: Dana Pruitt <dpruitt@vmware.com>
2020-12-10 09:07:05 -06:00
serverName = ds.JsonData.Get("serverName").MustString()
extract parsing of datasource tls config to method
2019-01-28 12:38:56 -06:00
}
Datasource: Shared HTTP client provider for core backend data sources and any data source using the data source proxy (#33439) Uses new httpclient package from grafana-plugin-sdk-go introduced via grafana/grafana-plugin-sdk-go#328. Replaces the GetHTTPClient, GetTransport, GetTLSConfig methods defined on DataSource model. Longer-term the goal is to migrate core HTTP backend data sources to use the SDK contracts and using httpclient.Provider for creating HTTP clients and such. Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-05-19 16:53:41 -05:00
opts := sdkhttpclient.TLSOptions{
extract parsing of datasource tls config to method
2019-01-28 12:38:56 -06:00
InsecureSkipVerify: tlsSkipVerify,
DataSourceSettings: Add servername field to DataSource TLS config (#29279) * DataSourceSettings: Add servername field to DataSource TLS config A DNS lookup URL can be provided in the DataSource URL field in order to dynamically load balance between multiple instances of a DataSource. When using mutual TLS, Golang's TLS config implementation checks that the certificate's common name (< 1.15) or subject alternative name (>= 1.15) has the same value as the domain being accessed. If the DNS entry is dynamically generated for a specific environment, the certificate cannot be generated with a name matching the dynamic DNS URL. As such, Golang offers a servername field that can be set to overwrite what value is used when checking against the certificate's common name (or subject alternative name). Without this change, Skip TLS Verify must be set to true in order for the DataSource to work, removing some of the benefits gained by using mutual TLS. This commit adds the ability to set Grafana's internal Golang TLS config servername field from the UI or a provisioned DataSource. The servername field is optional and the existing behavior is retained if the field is not set. Co-authored-by: Dana Pruitt <dpruitt@vmware.com> Co-authored-by: Jeremy Alvis <jalvis@pivotal.io> * Update docs with PR review changes Co-authored-by: Jeremy Alvis <jalvis@pivotal.io> Co-authored-by: Dana Pruitt <dpruitt@vmware.com> * Update with additional PR requested changes * Minor updates based on PR change requests Co-authored-by: Dana Pruitt <dpruitt@vmware.com>
2020-12-10 09:07:05 -06:00
ServerName: serverName,
extract parsing of datasource tls config to method
2019-01-28 12:38:56 -06:00
}
Verify datasource TLS and split client auth and CA
2017-09-28 05:04:01 -05:00
if tlsClientAuth || tlsAuthWithCACert {
Datasource: Shared HTTP client provider for core backend data sources and any data source using the data source proxy (#33439) Uses new httpclient package from grafana-plugin-sdk-go introduced via grafana/grafana-plugin-sdk-go#328. Replaces the GetHTTPClient, GetTransport, GetTLSConfig methods defined on DataSource model. Longer-term the goal is to migrate core HTTP backend data sources to use the SDK contracts and using httpclient.Provider for creating HTTP clients and such. Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-05-19 16:53:41 -05:00
if tlsAuthWithCACert {
if val, exists := ds.DecryptedValue("tlsCACert"); exists && len(val) > 0 {
opts.CACertificate = val
Use cache for http.client in tsdb package. (#6833) * datasource: move caching closer to datasource struct * tsdb: use cached version of datasource http transport closes #6825
2016-12-07 04:10:42 -06:00
}
}
Verify datasource TLS and split client auth and CA
2017-09-28 05:04:01 -05:00
if tlsClientAuth {
Datasource: Shared HTTP client provider for core backend data sources and any data source using the data source proxy (#33439) Uses new httpclient package from grafana-plugin-sdk-go introduced via grafana/grafana-plugin-sdk-go#328. Replaces the GetHTTPClient, GetTransport, GetTLSConfig methods defined on DataSource model. Longer-term the goal is to migrate core HTTP backend data sources to use the SDK contracts and using httpclient.Provider for creating HTTP clients and such. Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-05-19 16:53:41 -05:00
if val, exists := ds.DecryptedValue("tlsClientCert"); exists && len(val) > 0 {
opts.ClientCertificate = val
}
if val, exists := ds.DecryptedValue("tlsClientKey"); exists && len(val) > 0 {
opts.ClientKey = val
Verify datasource TLS and split client auth and CA
2017-09-28 05:04:01 -05:00
}
Use cache for http.client in tsdb package. (#6833) * datasource: move caching closer to datasource struct * tsdb: use cached version of datasource http transport closes #6825
2016-12-07 04:10:42 -06:00
}
}
Datasource: Shared HTTP client provider for core backend data sources and any data source using the data source proxy (#33439) Uses new httpclient package from grafana-plugin-sdk-go introduced via grafana/grafana-plugin-sdk-go#328. Replaces the GetHTTPClient, GetTransport, GetTLSConfig methods defined on DataSource model. Longer-term the goal is to migrate core HTTP backend data sources to use the SDK contracts and using httpclient.Provider for creating HTTP clients and such. Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-05-19 16:53:41 -05:00
return opts
}
func (ds *DataSource) GetTLSConfig(httpClientProvider httpclient.Provider) (*tls.Config, error) {
Infra: Azure authentication in HttpClientProvider (#36932) * Azure middleware in HttpClientProxy * Azure authentication under feature flag * Minor fixes * Add prefixes to not clash with JsonData * Return error if JsonData cannot be parsed * Return original string if URL invalid * Tests for datasource_cache
2021-07-22 15:43:10 -05:00
opts, err := ds.HTTPClientOptions()
if err != nil {
return nil, err
}
return httpClientProvider.GetTLSConfig(*opts)
Use cache for http.client in tsdb package. (#6833) * datasource: move caching closer to datasource struct * tsdb: use cached version of datasource http transport closes #6825
2016-12-07 04:10:42 -06:00
}
Datasource: Add custom headers on alerting queries (#19508) * Add custom headers on alerting queries Reference issue #15381 Signed-off-by: Martin Schneppenheim <martin.schneppenheim@rewe-digital.com> * Fix datasource transport tests * Migrate decrypting header test to models pkg * Check correct header * Add HTTP transport test Fixes #15381
2019-10-11 07:28:52 -05:00
// getCustomHeaders returns a map with all the to be set headers
// The map key represents the HeaderName and the value represents this header's value
Datasource: Shared HTTP client provider for core backend data sources and any data source using the data source proxy (#33439) Uses new httpclient package from grafana-plugin-sdk-go introduced via grafana/grafana-plugin-sdk-go#328. Replaces the GetHTTPClient, GetTransport, GetTLSConfig methods defined on DataSource model. Longer-term the goal is to migrate core HTTP backend data sources to use the SDK contracts and using httpclient.Provider for creating HTTP clients and such. Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-05-19 16:53:41 -05:00
func getCustomHeaders(jsonData *simplejson.Json, decryptedValues map[string]string) map[string]string {
Datasource: Add custom headers on alerting queries (#19508) * Add custom headers on alerting queries Reference issue #15381 Signed-off-by: Martin Schneppenheim <martin.schneppenheim@rewe-digital.com> * Fix datasource transport tests * Migrate decrypting header test to models pkg * Check correct header * Add HTTP transport test Fixes #15381
2019-10-11 07:28:52 -05:00
headers := make(map[string]string)
Datasource: Shared HTTP client provider for core backend data sources and any data source using the data source proxy (#33439) Uses new httpclient package from grafana-plugin-sdk-go introduced via grafana/grafana-plugin-sdk-go#328. Replaces the GetHTTPClient, GetTransport, GetTLSConfig methods defined on DataSource model. Longer-term the goal is to migrate core HTTP backend data sources to use the SDK contracts and using httpclient.Provider for creating HTTP clients and such. Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-05-19 16:53:41 -05:00
if jsonData == nil {
Datasource: Add custom headers on alerting queries (#19508) * Add custom headers on alerting queries Reference issue #15381 Signed-off-by: Martin Schneppenheim <martin.schneppenheim@rewe-digital.com> * Fix datasource transport tests * Migrate decrypting header test to models pkg * Check correct header * Add HTTP transport test Fixes #15381
2019-10-11 07:28:52 -05:00
return headers
}
index := 1
for {
headerNameSuffix := fmt.Sprintf("httpHeaderName%d", index)
headerValueSuffix := fmt.Sprintf("httpHeaderValue%d", index)
Datasource: Shared HTTP client provider for core backend data sources and any data source using the data source proxy (#33439) Uses new httpclient package from grafana-plugin-sdk-go introduced via grafana/grafana-plugin-sdk-go#328. Replaces the GetHTTPClient, GetTransport, GetTLSConfig methods defined on DataSource model. Longer-term the goal is to migrate core HTTP backend data sources to use the SDK contracts and using httpclient.Provider for creating HTTP clients and such. Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-05-19 16:53:41 -05:00
key := jsonData.Get(headerNameSuffix).MustString()
Datasource: Add custom headers on alerting queries (#19508) * Add custom headers on alerting queries Reference issue #15381 Signed-off-by: Martin Schneppenheim <martin.schneppenheim@rewe-digital.com> * Fix datasource transport tests * Migrate decrypting header test to models pkg * Check correct header * Add HTTP transport test Fixes #15381
2019-10-11 07:28:52 -05:00
if key == "" {
// No (more) header values are available
break
}
Datasource: Shared HTTP client provider for core backend data sources and any data source using the data source proxy (#33439) Uses new httpclient package from grafana-plugin-sdk-go introduced via grafana/grafana-plugin-sdk-go#328. Replaces the GetHTTPClient, GetTransport, GetTLSConfig methods defined on DataSource model. Longer-term the goal is to migrate core HTTP backend data sources to use the SDK contracts and using httpclient.Provider for creating HTTP clients and such. Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-05-19 16:53:41 -05:00
if val, ok := decryptedValues[headerValueSuffix]; ok {
Datasource: Add custom headers on alerting queries (#19508) * Add custom headers on alerting queries Reference issue #15381 Signed-off-by: Martin Schneppenheim <martin.schneppenheim@rewe-digital.com> * Fix datasource transport tests * Migrate decrypting header test to models pkg * Check correct header * Add HTTP transport test Fixes #15381
2019-10-11 07:28:52 -05:00
headers[key] = val
}
index++
}
return headers
}
CloudWatch: Fix high CPU load (#20579) * Cache decrypted securejsondata * Models: Add datasource cache tests
2019-11-22 07:21:23 -06:00
type cachedDecryptedJSON struct {
updated time.Time
json map[string]string
}
type secureJSONDecryptionCache struct {
cache map[int64]cachedDecryptedJSON
sync.Mutex
}
var dsDecryptionCache = secureJSONDecryptionCache{
cache: make(map[int64]cachedDecryptedJSON),
}
// DecryptedValues returns cached decrypted values from secureJsonData.
func (ds *DataSource) DecryptedValues() map[string]string {
dsDecryptionCache.Lock()
defer dsDecryptionCache.Unlock()
if item, present := dsDecryptionCache.cache[ds.Id]; present && ds.Updated.Equal(item.updated) {
return item.json
}
json := ds.SecureJsonData.Decrypt()
dsDecryptionCache.cache[ds.Id] = cachedDecryptedJSON{
updated: ds.Updated,
json: json,
}
return json
}
// DecryptedValue returns cached decrypted value from cached secureJsonData.
func (ds *DataSource) DecryptedValue(key string) (string, bool) {
value, exists := ds.DecryptedValues()[key]
return value, exists
}
// ClearDSDecryptionCache clears the datasource decryption cache.
func ClearDSDecryptionCache() {
dsDecryptionCache.Lock()
defer dsDecryptionCache.Unlock()
dsDecryptionCache.cache = make(map[int64]cachedDecryptedJSON)
}
Auth: Use SigV4 lib from grafana-aws-sdk (#30713) * replace with lib * remove test + apply feedback
2021-02-01 09:07:27 -06:00
func awsServiceNamespace(dsType string) string {
switch dsType {
case DS_ES, DS_ES_OPEN_DISTRO:
return "es"
case DS_PROMETHEUS:
return "aps"
default:
panic(fmt.Sprintf("Unsupported datasource %q", dsType))
}
}
Reference in New Issue Copy Permalink