Azure Monitor: Early error if the client secret is not set (#53106)

2025-02-25 18:55:37 -06:00 · 2022-08-02 16:53:05 +02:00 · 2022-08-02 16:53:05 +02:00 · 43955bdebd
commit 43955bdebd
parent 245af46798
5 changed files with 21 additions and 5 deletions
--- a/pkg/tsdb/azuremonitor/azuremonitor.go
+++ b/pkg/tsdb/azuremonitor/azuremonitor.go
@ -266,7 +266,10 @@ func checkAzureMonitorResourceGraphHealth(dsInfo types.DatasourceInfo) (*http.Re
 func (s *Service) CheckHealth(ctx context.Context, req *backend.CheckHealthRequest) (*backend.CheckHealthResult, error) {
 	dsInfo, err := s.getDSInfo(req.PluginContext)
 	if err != nil {
-		return nil, err
+		return &backend.CheckHealthResult{
+			Status:  backend.HealthStatusError,
+			Message: err.Error(),
+		}, nil
 	}

 	status := backend.HealthStatusOk
--- a/pkg/tsdb/azuremonitor/credentials.go
+++ b/pkg/tsdb/azuremonitor/credentials.go
@ -109,6 +109,9 @@ func getAzureCredentials(cfg *setting.Cfg, jsonData *simplejson.Json, secureJson
 		if err != nil {
 			return nil, err
 		}
+		if secureJsonData["clientSecret"] == "" {
+			return nil, fmt.Errorf("unable to instantiate credentials, clientSecret must be set")
+		}
 		credentials := &azcredentials.AzureClientSecretCredentials{
 			AzureCloud:   cloud,
 			TenantId:     jsonData.Get("tenantId").MustString(),
--- a/pkg/tsdb/azuremonitor/credentials_test.go
+++ b/pkg/tsdb/azuremonitor/credentials_test.go
@ -197,5 +197,13 @@ func TestCredentials_getAzureCredentials(t *testing.T) {
 			// Azure Monitor datasource doesn't support custom IdP authorities (Authority is always empty)
 			assert.Equal(t, "", clientSecretCredentials.Authority)
 		})
+
+		t.Run("should error if no client secret is set", func(t *testing.T) {
+			cfg := &setting.Cfg{}
+			_, err := getAzureCredentials(cfg, jsonData, map[string]string{
+				"clientSecret": "",
+			})
+			require.ErrorContains(t, err, "clientSecret must be set")
+		})
 	})
 }
--- a/pkg/tsdb/azuremonitor/httpclient.go
+++ b/pkg/tsdb/azuremonitor/httpclient.go
@ -1,8 +1,10 @@
 package azuremonitor

 import (
+	"fmt"
 	"net/http"

+	"github.com/grafana/grafana-azure-sdk-go/azcredentials"
 	"github.com/grafana/grafana-azure-sdk-go/azhttpclient"
 	sdkhttpclient "github.com/grafana/grafana-plugin-sdk-go/backend/httpclient"

@ -18,6 +20,9 @@ func newHTTPClient(route types.AzRoute, model types.DatasourceInfo, cfg *setting

 	// Use Azure credentials if the route has OAuth scopes configured
 	if len(route.Scopes) > 0 {
+		if cred, ok := model.Credentials.(*azcredentials.AzureClientSecretCredentials); ok && cred.ClientSecret == "" {
+			return nil, fmt.Errorf("unable to initialize HTTP Client: clientSecret not found")
+		}
 		azhttpclient.AddAzureAuthentication(&opts, cfg.Azure, model.Credentials, route.Scopes)
 	}

--- a/public/app/plugins/datasource/grafana-azure-monitor-datasource/credentials.ts
+++ b/public/app/plugins/datasource/grafana-azure-monitor-datasource/credentials.ts
@ -152,10 +152,7 @@ export function updateCredentials(
        },
        secureJsonData: {
          ...options.secureJsonData,
-          clientSecret:
-            typeof credentials.clientSecret === 'string' && credentials.clientSecret.length > 0
-              ? credentials.clientSecret
-              : undefined,
+          clientSecret: typeof credentials.clientSecret === 'string' ? credentials.clientSecret : undefined,
        },
        secureJsonFields: {
          ...options.secureJsonFields,