grafana/pkg/api/pluginproxy/ds_auth_provider.go

package pluginproxy

import (
	"context"
	"fmt"
	"net/http"
	"net/url"
	"strings"

	"github.com/grafana/grafana/pkg/models"
	"github.com/grafana/grafana/pkg/plugins"
	"github.com/grafana/grafana/pkg/util"
)

// ApplyRoute should use the plugin route data to set auth headers and custom headers.
func ApplyRoute(ctx context.Context, req *http.Request, proxyPath string, route *plugins.AppPluginRoute,
	ds *models.DataSource) {
	proxyPath = strings.TrimPrefix(proxyPath, route.Path)

	data := templateData{
		JsonData:       ds.JsonData.Interface().(map[string]interface{}),
		SecureJsonData: ds.SecureJsonData.Decrypt(),
	}

	if len(route.URL) > 0 {
		interpolatedURL, err := interpolateString(route.URL, data)
		if err != nil {
			logger.Error("Error interpolating proxy url", "error", err)
			return
		}

		routeURL, err := url.Parse(interpolatedURL)
		if err != nil {
			logger.Error("Error parsing plugin route url", "error", err)
			return
		}

		req.URL.Scheme = routeURL.Scheme
		req.URL.Host = routeURL.Host
		req.Host = routeURL.Host
		req.URL.Path = util.JoinURLFragments(routeURL.Path, proxyPath)
	}

	if err := addQueryString(req, route, data); err != nil {
		logger.Error("Failed to render plugin URL query string", "error", err)
	}

	if err := addHeaders(&req.Header, route, data); err != nil {
		logger.Error("Failed to render plugin headers", "error", err)
	}

	if err := setBodyContent(req, route, data); err != nil {
		logger.Error("Failed to set plugin route body content", "error", err)
	}

	if tokenProvider := getTokenProvider(ctx, ds, route, data); tokenProvider != nil {
		if token, err := tokenProvider.getAccessToken(); err != nil {
			logger.Error("Failed to get access token", "error", err)
		} else {
			req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token))
		}
	}

	logger.Info("Requesting", "url", req.URL.String())
}

func getTokenProvider(ctx context.Context, ds *models.DataSource, pluginRoute *plugins.AppPluginRoute,
	data templateData) accessTokenProvider {
	authenticationType := ds.JsonData.Get("authenticationType").MustString()

	switch authenticationType {
	case "gce":
		return newGceAccessTokenProvider(ctx, ds, pluginRoute)
	case "jwt":
		if pluginRoute.JwtTokenAuth != nil {
			return newJwtAccessTokenProvider(ctx, ds, pluginRoute, data)
		}
	default:
		// Fallback to authentication options when authentication type isn't explicitly configured
		if pluginRoute.TokenAuth != nil {
			return newGenericAccessTokenProvider(ds, pluginRoute, data)
		}
		if pluginRoute.JwtTokenAuth != nil {
			return newJwtAccessTokenProvider(ctx, ds, pluginRoute, data)
		}
	}

	return nil
}
Stackdriver: Add new file 2018-09-10 09:59:29 -05:00			`package pluginproxy`

			`import (`
			`"context"`
			`"fmt"`
			`"net/http"`
			`"net/url"`
			`"strings"`

Chore: Avoid aliasing importing models in api package (#22492) 2020-03-04 05:57:20 -06:00			`"github.com/grafana/grafana/pkg/models"`
Stackdriver: Add new file 2018-09-10 09:59:29 -05:00			`"github.com/grafana/grafana/pkg/plugins"`
			`"github.com/grafana/grafana/pkg/util"`
			`)`

Chore: Convert API tests to standard Go lib (#29009) * Chore: Convert tests to standard Go lib Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com> 2020-11-13 02:52:38 -06:00			`// ApplyRoute should use the plugin route data to set auth headers and custom headers.`
Introduce TSDB service (#31520) * Introduce TSDB service Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Erik Sundell <erik.sundell87@gmail.com> Co-authored-by: Will Browne <will.browne@grafana.com> Co-authored-by: Torkel Ödegaard <torkel@grafana.org> Co-authored-by: Will Browne <wbrowne@users.noreply.github.com> Co-authored-by: Zoltán Bedi <zoltan.bedi@gmail.com> 2021-03-08 00:02:49 -06:00			`func ApplyRoute(ctx context.Context, req http.Request, proxyPath string, route plugins.AppPluginRoute,`
			`ds *models.DataSource) {`
Stackdriver: Add new file 2018-09-10 09:59:29 -05:00			`proxyPath = strings.TrimPrefix(proxyPath, route.Path)`

			`data := templateData{`
			`JsonData: ds.JsonData.Interface().(map[string]interface{}),`
			`SecureJsonData: ds.SecureJsonData.Decrypt(),`
			`}`

DataProxy: Ignore empty URL's in plugin routes (#27653) This adds a check to see if plugin route URL is empty, and in such case does not modify request schema and host of the request to be proxied. This behavior is now the same as in the plugin proxy. 2020-09-18 06:22:07 -05:00			`if len(route.URL) > 0 {`
Fix panic when using complex dynamic URLs in app plugin routes (#27977) * remove unused function to interpolate URLs * share function to add headers between ds/plugin proxies * stop performing unnecessary plugin setting lookup * fix bug causing runtime errors when using complex templated URLs * lower case util functions not used outside of pluginproxy package * change test URL to a (valid) dummy URL to make intent clearer Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> 2020-11-17 03:56:42 -06:00			`interpolatedURL, err := interpolateString(route.URL, data)`
DataProxy: Ignore empty URL's in plugin routes (#27653) This adds a check to see if plugin route URL is empty, and in such case does not modify request schema and host of the request to be proxied. This behavior is now the same as in the plugin proxy. 2020-09-18 06:22:07 -05:00			`if err != nil {`
			`logger.Error("Error interpolating proxy url", "error", err)`
			`return`
			`}`

			`routeURL, err := url.Parse(interpolatedURL)`
			`if err != nil {`
			`logger.Error("Error parsing plugin route url", "error", err)`
			`return`
			`}`

			`req.URL.Scheme = routeURL.Scheme`
			`req.URL.Host = routeURL.Host`
			`req.Host = routeURL.Host`
			`req.URL.Path = util.JoinURLFragments(routeURL.Path, proxyPath)`
Stackdriver: Add new file 2018-09-10 09:59:29 -05:00			`}`

dsproxy: adds support for url params for plugin routes (#23503) * dsproxy: adds support for url params for plugin routes * docs: fixes after review * pluginproxy: rename Params to URLParams * Update pkg/plugins/app_plugin.go Co-Authored-By: Arve Knudsen <arve.knudsen@gmail.com> * Apply suggestions from code review Co-Authored-By: Diana Payton <52059945+oddlittlebird@users.noreply.github.com> Co-Authored-By: Arve Knudsen <arve.knudsen@gmail.com> * pluginproxy: rename struct Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com> 2020-04-24 03:32:13 -05:00			`if err := addQueryString(req, route, data); err != nil {`
			`logger.Error("Failed to render plugin URL query string", "error", err)`
			`}`

Stackdriver: Add new file 2018-09-10 09:59:29 -05:00			`if err := addHeaders(&req.Header, route, data); err != nil {`
			`logger.Error("Failed to render plugin headers", "error", err)`
			`}`

Plugins: Support set body content in plugin routes (#32551) Adds support for overriding the body and length in plugin routes. 2021-03-31 09:38:35 -05:00			`if err := setBodyContent(req, route, data); err != nil {`
			`logger.Error("Failed to set plugin route body content", "error", err)`
			`}`

PluginProxy: Split implementations of token providers (#32820) * Split implementations of token providers * Fix imports * Fix code racing in unit tests 2021-05-03 07:46:32 -05:00			`if tokenProvider := getTokenProvider(ctx, ds, route, data); tokenProvider != nil {`
			`if token, err := tokenProvider.getAccessToken(); err != nil {`
Stackdriver: Add new file 2018-09-10 09:59:29 -05:00			`logger.Error("Failed to get access token", "error", err)`
			`} else {`
dataproxy: Override incoming Authorization header 2018-11-30 13:12:55 -06:00			`req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token))`
Stackdriver: Add new file 2018-09-10 09:59:29 -05:00			`}`
			`}`

PluginProxy: Split implementations of token providers (#32820) * Split implementations of token providers * Fix imports * Fix code racing in unit tests 2021-05-03 07:46:32 -05:00			`logger.Info("Requesting", "url", req.URL.String())`
			`}`
stackdriver: wip - add logic for retrieving token from gce metadata server in the auth provider 2018-10-08 06:49:27 -05:00
PluginProxy: Split implementations of token providers (#32820) * Split implementations of token providers * Fix imports * Fix code racing in unit tests 2021-05-03 07:46:32 -05:00			`func getTokenProvider(ctx context.Context, ds models.DataSource, pluginRoute plugins.AppPluginRoute,`
			`data templateData) accessTokenProvider {`
			`authenticationType := ds.JsonData.Get("authenticationType").MustString()`

			`switch authenticationType {`
			`case "gce":`
			`return newGceAccessTokenProvider(ctx, ds, pluginRoute)`
			`case "jwt":`
			`if pluginRoute.JwtTokenAuth != nil {`
			`return newJwtAccessTokenProvider(ctx, ds, pluginRoute, data)`
			`}`
			`default:`
			`// Fallback to authentication options when authentication type isn't explicitly configured`
			`if pluginRoute.TokenAuth != nil {`
			`return newGenericAccessTokenProvider(ds, pluginRoute, data)`
			`}`
			`if pluginRoute.JwtTokenAuth != nil {`
			`return newJwtAccessTokenProvider(ctx, ds, pluginRoute, data)`
stackdriver: WIP - test retrieving project id from gce metadata 2018-10-03 10:08:13 -05:00			`}`
			`}`

PluginProxy: Split implementations of token providers (#32820) * Split implementations of token providers * Fix imports * Fix code racing in unit tests 2021-05-03 07:46:32 -05:00			`return nil`
Stackdriver: Add new file 2018-09-10 09:59:29 -05:00			`}`