Auth: Use SigV4 lib from grafana-aws-sdk (#30713)

* replace with lib * remove test + apply feedback
2025-02-25 18:55:37 -06:00 · 2021-02-01 16:07:27 +01:00
parent 08eee87148
commit 3b7b49a4aa
5 changed files with 32 additions and 202 deletions
--- a/pkg/models/datasource_cache.go
+++ b/pkg/models/datasource_cache.go
@@ -10,6 +10,8 @@ import (
 	"sync"
 	"time"

+	"github.com/grafana/grafana-aws-sdk/pkg/sigv4"
+
 	"github.com/grafana/grafana/pkg/infra/metrics/metricutil"
 	"github.com/grafana/grafana/pkg/setting"
 	"github.com/prometheus/client_golang/prometheus"
@@ -191,19 +193,19 @@ func (ds *DataSource) GetHttpTransport() (*dataSourceTransport, error) {
 func (ds *DataSource) sigV4Middleware(next http.RoundTripper) http.RoundTripper {
 	decrypted := ds.DecryptedValues()

-	return &SigV4Middleware{
-		Config: &Config{
-			DatasourceType: ds.Type,
-			AccessKey:      decrypted["sigV4AccessKey"],
-			SecretKey:      decrypted["sigV4SecretKey"],
-			Region:         ds.JsonData.Get("sigV4Region").MustString(),
-			AssumeRoleARN:  ds.JsonData.Get("sigV4AssumeRoleArn").MustString(),
-			AuthType:       ds.JsonData.Get("sigV4AuthType").MustString(),
-			ExternalID:     ds.JsonData.Get("sigV4ExternalId").MustString(),
-			Profile:        ds.JsonData.Get("sigV4Profile").MustString(),
+	return sigv4.New(
+		&sigv4.Config{
+			Service:       awsServiceNamespace(ds.Type),
+			AccessKey:     decrypted["sigV4AccessKey"],
+			SecretKey:     decrypted["sigV4SecretKey"],
+			Region:        ds.JsonData.Get("sigV4Region").MustString(),
+			AssumeRoleARN: ds.JsonData.Get("sigV4AssumeRoleArn").MustString(),
+			AuthType:      ds.JsonData.Get("sigV4AuthType").MustString(),
+			ExternalID:    ds.JsonData.Get("sigV4ExternalId").MustString(),
+			Profile:       ds.JsonData.Get("sigV4Profile").MustString(),
 		},
-		Next: next,
-	}
+		next,
+	)
 }

 func (ds *DataSource) GetTLSConfig() (*tls.Config, error) {
@@ -319,3 +321,14 @@ func ClearDSDecryptionCache() {

 	dsDecryptionCache.cache = make(map[int64]cachedDecryptedJSON)
 }
+
+func awsServiceNamespace(dsType string) string {
+	switch dsType {
+	case DS_ES, DS_ES_OPEN_DISTRO:
+		return "es"
+	case DS_PROMETHEUS:
+		return "aps"
+	default:
+		panic(fmt.Sprintf("Unsupported datasource %q", dsType))
+	}
+}