grafana/pkg/api/pluginproxy/ds_auth_provider.go

package pluginproxy

import (
	"context"
	"fmt"
	"net/http"
	"net/url"
	"strings"

	m "github.com/grafana/grafana/pkg/models"
	"github.com/grafana/grafana/pkg/plugins"
	"github.com/grafana/grafana/pkg/util"
	"golang.org/x/oauth2/google"
)

//ApplyRoute should use the plugin route data to set auth headers and custom headers
func ApplyRoute(ctx context.Context, req *http.Request, proxyPath string, route *plugins.AppPluginRoute, ds *m.DataSource) {
	proxyPath = strings.TrimPrefix(proxyPath, route.Path)

	data := templateData{
		JsonData:       ds.JsonData.Interface().(map[string]interface{}),
		SecureJsonData: ds.SecureJsonData.Decrypt(),
	}

	interpolatedURL, err := InterpolateString(route.Url, data)
	if err != nil {
		logger.Error("Error interpolating proxy url", "error", err)
		return
	}

	routeURL, err := url.Parse(interpolatedURL)
	if err != nil {
		logger.Error("Error parsing plugin route url", "error", err)
		return
	}

	req.URL.Scheme = routeURL.Scheme
	req.URL.Host = routeURL.Host
	req.Host = routeURL.Host
	req.URL.Path = util.JoinURLFragments(routeURL.Path, proxyPath)

	if err := addHeaders(&req.Header, route, data); err != nil {
		logger.Error("Failed to render plugin headers", "error", err)
	}

	tokenProvider := newAccessTokenProvider(ds, route)

	if route.TokenAuth != nil {
		if token, err := tokenProvider.getAccessToken(data); err != nil {
			logger.Error("Failed to get access token", "error", err)
		} else {
			req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token))
		}
	}

	authenticationType := ds.JsonData.Get("authenticationType").MustString("jwt")
	if route.JwtTokenAuth != nil && authenticationType == "jwt" {
		if token, err := tokenProvider.getJwtAccessToken(ctx, data); err != nil {
			logger.Error("Failed to get access token", "error", err)
		} else {
			req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token))
		}
	}

	if authenticationType == "gce" {
		tokenSrc, err := google.DefaultTokenSource(ctx, route.JwtTokenAuth.Scopes...)
		if err != nil {
			logger.Error("Failed to get default token from meta data server", "error", err)
		} else {
			token, err := tokenSrc.Token()
			if err != nil {
				logger.Error("Failed to get default access token from meta data server", "error", err)
			} else {
				req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token.AccessToken))
			}
		}
	}

	logger.Info("Requesting", "url", req.URL.String())
}

func addHeaders(reqHeaders *http.Header, route *plugins.AppPluginRoute, data templateData) error {
	for _, header := range route.Headers {
		interpolated, err := InterpolateString(header.Content, data)
		if err != nil {
			return err
		}
		reqHeaders.Add(header.Name, interpolated)
	}

	return nil
}
Stackdriver: Add new file 2018-09-10 09:59:29 -05:00			`package pluginproxy`

			`import (`
			`"context"`
			`"fmt"`
			`"net/http"`
			`"net/url"`
			`"strings"`

			`m "github.com/grafana/grafana/pkg/models"`
			`"github.com/grafana/grafana/pkg/plugins"`
			`"github.com/grafana/grafana/pkg/util"`
stackdriver: only get default token from metadata server when applying route 2018-10-09 08:23:13 -05:00			`"golang.org/x/oauth2/google"`
Stackdriver: Add new file 2018-09-10 09:59:29 -05:00			`)`

Stackdriver: Use ds_auth_provider in stackdriver. This will make sure the token is renewed when it has exporired 2018-09-10 10:49:13 -05:00			`//ApplyRoute should use the plugin route data to set auth headers and custom headers`
			`func ApplyRoute(ctx context.Context, req http.Request, proxyPath string, route plugins.AppPluginRoute, ds *m.DataSource) {`
Stackdriver: Add new file 2018-09-10 09:59:29 -05:00			`proxyPath = strings.TrimPrefix(proxyPath, route.Path)`

			`data := templateData{`
			`JsonData: ds.JsonData.Interface().(map[string]interface{}),`
			`SecureJsonData: ds.SecureJsonData.Decrypt(),`
			`}`

Plugins: Support templated urls in routes (#16599) This adds support for using templated/dynamic urls in routes. * refactor interpolateString into utils and add interpolation support for app plugin routes. * cleanup and add error check for url parse failure * add docs for interpolated route urls Closes #16835 2019-05-07 11:55:39 -05:00			`interpolatedURL, err := InterpolateString(route.Url, data)`
Stackdriver: Add new file 2018-09-10 09:59:29 -05:00			`if err != nil {`
			`logger.Error("Error interpolating proxy url", "error", err)`
			`return`
			`}`

			`routeURL, err := url.Parse(interpolatedURL)`
			`if err != nil {`
			`logger.Error("Error parsing plugin route url", "error", err)`
			`return`
			`}`

			`req.URL.Scheme = routeURL.Scheme`
			`req.URL.Host = routeURL.Host`
			`req.Host = routeURL.Host`
pkg/util/{ip.go,url.go}: Fix some golint issues See, $ gometalinter --vendor --deadline 10m --disable-all --enable=golint ./... ip.go:8:6:warning: func SplitIpPort should be SplitIPPort (golint) url.go:14:6:warning: func NewUrlQueryReader should be NewURLQueryReader (golint) url.go:9:6:warning: type UrlQueryReader should be URLQueryReader (golint) url.go:37:6:warning: func JoinUrlFragments should be JoinURLFragments (golint) 2019-01-28 15:18:48 -06:00			`req.URL.Path = util.JoinURLFragments(routeURL.Path, proxyPath)`
Stackdriver: Add new file 2018-09-10 09:59:29 -05:00
			`if err := addHeaders(&req.Header, route, data); err != nil {`
			`logger.Error("Failed to render plugin headers", "error", err)`
			`}`

invalidate access token cache after datasource is updated 2018-09-21 07:24:44 -05:00			`tokenProvider := newAccessTokenProvider(ds, route)`
Stackdriver: Add new file 2018-09-10 09:59:29 -05:00
			`if route.TokenAuth != nil {`
			`if token, err := tokenProvider.getAccessToken(data); err != nil {`
			`logger.Error("Failed to get access token", "error", err)`
			`} else {`
dataproxy: Override incoming Authorization header 2018-11-30 13:12:55 -06:00			`req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token))`
Stackdriver: Add new file 2018-09-10 09:59:29 -05:00			`}`
			`}`

stackdriver: add default value for authentication type 2018-10-09 09:36:45 -05:00			`authenticationType := ds.JsonData.Get("authenticationType").MustString("jwt")`
stackdriver: wip - remove debug code 2018-10-09 09:28:04 -05:00			`if route.JwtTokenAuth != nil && authenticationType == "jwt" {`
stackdriver: wip - add logic for retrieving token from gce metadata server in the auth provider 2018-10-08 06:49:27 -05:00			`if token, err := tokenProvider.getJwtAccessToken(ctx, data); err != nil {`
			`logger.Error("Failed to get access token", "error", err)`
			`} else {`
dataproxy: Override incoming Authorization header 2018-11-30 13:12:55 -06:00			`req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token))`
stackdriver: wip - add logic for retrieving token from gce metadata server in the auth provider 2018-10-08 06:49:27 -05:00			`}`
			`}`

stackdriver: wip - remove debug code 2018-10-09 09:28:04 -05:00			`if authenticationType == "gce" {`
stackdriver: only get default token from metadata server when applying route 2018-10-09 08:23:13 -05:00			`tokenSrc, err := google.DefaultTokenSource(ctx, route.JwtTokenAuth.Scopes...)`
stackdriver: WIP - test retrieving project id from gce metadata 2018-10-03 10:08:13 -05:00			`if err != nil {`
stackdriver: only get default token from metadata server when applying route 2018-10-09 08:23:13 -05:00			`logger.Error("Failed to get default token from meta data server", "error", err)`
stackdriver: WIP - test retrieving project id from gce metadata 2018-10-03 10:08:13 -05:00			`} else {`
stackdriver: only get default token from metadata server when applying route 2018-10-09 08:23:13 -05:00			`token, err := tokenSrc.Token()`
stackdriver: WIP - test retrieving project id from gce metadata 2018-10-03 10:08:13 -05:00			`if err != nil {`
stackdriver: only get default token from metadata server when applying route 2018-10-09 08:23:13 -05:00			`logger.Error("Failed to get default access token from meta data server", "error", err)`
stackdriver: WIP - test retrieving project id from gce metadata 2018-10-03 10:08:13 -05:00			`} else {`
dataproxy: Override incoming Authorization header 2018-11-30 13:12:55 -06:00			`req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token.AccessToken))`
stackdriver: WIP - test retrieving project id from gce metadata 2018-10-03 10:08:13 -05:00			`}`
			`}`
			`}`

Stackdriver: Add new file 2018-09-10 09:59:29 -05:00			`logger.Info("Requesting", "url", req.URL.String())`
			`}`

			`func addHeaders(reqHeaders http.Header, route plugins.AppPluginRoute, data templateData) error {`
			`for _, header := range route.Headers {`
Plugins: Support templated urls in routes (#16599) This adds support for using templated/dynamic urls in routes. * refactor interpolateString into utils and add interpolation support for app plugin routes. * cleanup and add error check for url parse failure * add docs for interpolated route urls Closes #16835 2019-05-07 11:55:39 -05:00			`interpolated, err := InterpolateString(header.Content, data)`
Stackdriver: Add new file 2018-09-10 09:59:29 -05:00			`if err != nil {`
			`return err`
			`}`
			`reqHeaders.Add(header.Name, interpolated)`
			`}`

			`return nil`
			`}`