IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

Secure socks proxy: use Grafana Plugin SDK (#71616)

Browse Source
This commit is contained in:
Stephanie Hingtgen
2023-07-18 16:23:02 -05:00
committed by GitHub
parent 600f623610
commit 4ece133fce
18 changed files with 101 additions and 226 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
pkg/tsdb/postgres/postgres.go
View File

@@ -11,12 +11,14 @@ import (
"github.com/grafana/grafana-plugin-sdk-go/backend"
"github.com/grafana/grafana-plugin-sdk-go/backend/datasource"
"github.com/grafana/grafana-plugin-sdk-go/backend/instancemgmt"
sdkproxy "github.com/grafana/grafana-plugin-sdk-go/backend/proxy"
"github.com/grafana/grafana-plugin-sdk-go/data"
"github.com/grafana/grafana-plugin-sdk-go/data/sqlutil"
"github.com/grafana/grafana/pkg/infra/log"
"github.com/grafana/grafana/pkg/setting"
"github.com/grafana/grafana/pkg/tsdb/sqleng"
"github.com/grafana/grafana/pkg/tsdb/sqleng/proxyutil"
)
var logger = log.New("tsdb.postgres")
@@ -95,8 +97,9 @@ func (s *Service) newInstanceSettings(cfg *setting.Cfg) datasource.InstanceFacto
driverName := "postgres"
// register a proxy driver if the secure socks proxy is enabled
if cfg.SecureSocksDSProxy.Enabled && jsonData.SecureDSProxy {
driverName, err = createPostgresProxyDriver(&cfg.SecureSocksDSProxy, cnnstr)
proxyOpts := proxyutil.GetSQLProxyOptions(dsInfo)
if sdkproxy.Cli.SecureSocksProxyEnabled(proxyOpts) {
driverName, err = createPostgresProxyDriver(cnnstr, proxyOpts)
if err != nil {
return "", nil
}

11
pkg/tsdb/postgres/proxy.go
View File

@@ -7,8 +7,7 @@ import (
"net"
"time"
iproxy "github.com/grafana/grafana/pkg/infra/proxy"
"github.com/grafana/grafana/pkg/setting"
sdkproxy "github.com/grafana/grafana-plugin-sdk-go/backend/proxy"
"github.com/grafana/grafana/pkg/tsdb/sqleng"
"github.com/grafana/grafana/pkg/util"
"github.com/lib/pq"
@@ -18,7 +17,7 @@ import (
// createPostgresProxyDriver creates and registers a new sql driver that uses a postgres connector and updates the dialer to
// route connections through the secure socks proxy
func createPostgresProxyDriver(settings *setting.SecureSocksDSProxySettings, cnnstr string) (string, error) {
func createPostgresProxyDriver(cnnstr string, opts *sdkproxy.Options) (string, error) {
sqleng.XormDriverMu.Lock()
defer sqleng.XormDriverMu.Unlock()
@@ -36,7 +35,7 @@ func createPostgresProxyDriver(settings *setting.SecureSocksDSProxySettings, cnn
return "", err
}
driver, err := newPostgresProxyDriver(settings, connector)
driver, err := newPostgresProxyDriver(connector, opts)
if err != nil {
return "", err
}
@@ -58,8 +57,8 @@ var _ core.Driver = (*postgresProxyDriver)(nil)
// newPostgresProxyDriver updates the dialer for a postgres connector with a dialer that proxys connections through the secure socks proxy
// and returns a new postgres driver to register
func newPostgresProxyDriver(cfg *setting.SecureSocksDSProxySettings, connector *pq.Connector) (*postgresProxyDriver, error) {
dialer, err := iproxy.NewSecureSocksProxyContextDialer(cfg)
func newPostgresProxyDriver(connector *pq.Connector, opts *sdkproxy.Options) (*postgresProxyDriver, error) {
dialer, err := sdkproxy.Cli.NewSecureSocksProxyContextDialer(opts)
if err != nil {
return nil, err
}

14
pkg/tsdb/postgres/proxy_test.go
View File

@@ -5,7 +5,8 @@ import (
"fmt"
"testing"
"github.com/grafana/grafana/pkg/infra/proxy/proxyutil"
"github.com/grafana/grafana/pkg/tsdb/sqleng"
"github.com/grafana/grafana/pkg/tsdb/sqleng/proxyutil"
"github.com/lib/pq"
"github.com/stretchr/testify/require"
"xorm.io/core"
@@ -13,20 +14,21 @@ import (
func TestPostgresProxyDriver(t *testing.T) {
dialect := "postgres"
opts := proxyutil.GetSQLProxyOptions(sqleng.DataSourceInfo{UID: "1", JsonData: sqleng.JsonData{SecureDSProxy: true}})
settings := proxyutil.SetupTestSecureSocksProxySettings(t)
dbURL := "localhost:5432"
cnnstr := fmt.Sprintf("postgres://auser:password@%s/db?sslmode=disable", dbURL)
driverName, err := createPostgresProxyDriver(settings, cnnstr)
driverName, err := createPostgresProxyDriver(cnnstr, opts)
require.NoError(t, err)
t.Run("Driver should not be registered more than once", func(t *testing.T) {
testDriver, err := createPostgresProxyDriver(settings, cnnstr)
testDriver, err := createPostgresProxyDriver(cnnstr, opts)
require.NoError(t, err)
require.Equal(t, driverName, testDriver)
})
t.Run("A new driver should be created for a new connection string", func(t *testing.T) {
testDriver, err := createPostgresProxyDriver(settings, "server=localhost;user id=sa;password=yourStrong(!)Password;database=db2")
testDriver, err := createPostgresProxyDriver("server=localhost;user id=sa;password=yourStrong(!)Password;database=db2", opts)
require.NoError(t, err)
require.NotEqual(t, driverName, testDriver)
})
@@ -45,7 +47,7 @@ func TestPostgresProxyDriver(t *testing.T) {
t.Run("Connector should use dialer context that routes through the socks proxy to db", func(t *testing.T) {
connector, err := pq.NewConnector(cnnstr)
require.NoError(t, err)
driver, err := newPostgresProxyDriver(settings, connector)
driver, err := newPostgresProxyDriver(connector, opts)
require.NoError(t, err)
conn, err := driver.OpenConnector(cnnstr)
@@ -58,7 +60,7 @@ func TestPostgresProxyDriver(t *testing.T) {
t.Run("Connector should use dialer context that routes through the socks proxy to db", func(t *testing.T) {
connector, err := pq.NewConnector(cnnstr)
require.NoError(t, err)
driver, err := newPostgresProxyDriver(settings, connector)
driver, err := newPostgresProxyDriver(connector, opts)
require.NoError(t, err)
conn, err := driver.OpenConnector(cnnstr)