Chore: Use SigV4 middleware from aws-sdk (#84462)

2025-02-25 18:55:37 -06:00 · 2024-03-18 09:33:22 +01:00
parent 39b32524e2
commit 6204f1e847
10 changed files with 27 additions and 174 deletions
--- a/pkg/infra/httpclient/httpclientprovider/http_client_provider.go
+++ b/pkg/infra/httpclient/httpclientprovider/http_client_provider.go
@@ -4,6 +4,7 @@ import (
 	"net/http"
 	"time"

+	awssdk "github.com/grafana/grafana-aws-sdk/pkg/sigv4"
 	sdkhttpclient "github.com/grafana/grafana-plugin-sdk-go/backend/httpclient"
 	"github.com/mwitkow/go-conntrack"

@@ -32,7 +33,7 @@ func New(cfg *setting.Cfg, validator validations.PluginRequestValidator, tracer
 	}

 	if cfg.SigV4AuthEnabled {
-		middlewares = append(middlewares, SigV4Middleware(cfg.SigV4VerboseLogging))
+		middlewares = append(middlewares, awssdk.SigV4Middleware(cfg.SigV4VerboseLogging))
 	}

 	if httpLoggingEnabled(cfg.PluginSettings) {
--- a/pkg/infra/httpclient/httpclientprovider/http_client_provider_test.go
+++ b/pkg/infra/httpclient/httpclientprovider/http_client_provider_test.go
@@ -5,6 +5,7 @@ import (

 	"github.com/grafana/grafana/pkg/services/validations"

+	awssdk "github.com/grafana/grafana-aws-sdk/pkg/sigv4"
 	sdkhttpclient "github.com/grafana/grafana-plugin-sdk-go/backend/httpclient"
 	"github.com/grafana/grafana/pkg/infra/tracing"
 	"github.com/grafana/grafana/pkg/setting"
@@ -58,7 +59,7 @@ func TestHTTPClientProvider(t *testing.T) {
 		require.Equal(t, sdkhttpclient.BasicAuthenticationMiddlewareName, o.Middlewares[4].(sdkhttpclient.MiddlewareName).MiddlewareName())
 		require.Equal(t, sdkhttpclient.CustomHeadersMiddlewareName, o.Middlewares[5].(sdkhttpclient.MiddlewareName).MiddlewareName())
 		require.Equal(t, sdkhttpclient.ResponseLimitMiddlewareName, o.Middlewares[6].(sdkhttpclient.MiddlewareName).MiddlewareName())
-		require.Equal(t, SigV4MiddlewareName, o.Middlewares[8].(sdkhttpclient.MiddlewareName).MiddlewareName())
+		require.Equal(t, awssdk.SigV4MiddlewareName, o.Middlewares[8].(sdkhttpclient.MiddlewareName).MiddlewareName())
 	})

 	t.Run("When creating new provider and http logging is enabled for one plugin, it should apply expected middleware", func(t *testing.T) {
--- a/pkg/infra/httpclient/httpclientprovider/sigv4_middleware.go
+++ b/pkg/infra/httpclient/httpclientprovider/sigv4_middleware.go
@@ -1,47 +0,0 @@
-package httpclientprovider
-
-import (
-	"fmt"
-	"net/http"
-
-	"github.com/grafana/grafana-aws-sdk/pkg/sigv4"
-	"github.com/grafana/grafana-plugin-sdk-go/backend/httpclient"
-)
-
-// SigV4MiddlewareName the middleware name used by SigV4Middleware.
-const SigV4MiddlewareName = "sigv4"
-
-var newSigV4Func = sigv4.New
-
-// SigV4Middleware applies AWS Signature Version 4 request signing for the outgoing request.
-func SigV4Middleware(verboseLogging bool) httpclient.Middleware {
-	return httpclient.NamedMiddlewareFunc(SigV4MiddlewareName, func(opts httpclient.Options, next http.RoundTripper) http.RoundTripper {
-		if opts.SigV4 == nil {
-			return next
-		}
-
-		conf := &sigv4.Config{
-			Service:       opts.SigV4.Service,
-			AccessKey:     opts.SigV4.AccessKey,
-			SecretKey:     opts.SigV4.SecretKey,
-			Region:        opts.SigV4.Region,
-			AssumeRoleARN: opts.SigV4.AssumeRoleARN,
-			AuthType:      opts.SigV4.AuthType,
-			ExternalID:    opts.SigV4.ExternalID,
-			Profile:       opts.SigV4.Profile,
-		}
-
-		rt, err := newSigV4Func(conf, next, sigv4.Opts{VerboseMode: verboseLogging})
-		if err != nil {
-			return invalidSigV4Config(err)
-		}
-
-		return rt
-	})
-}
-
-func invalidSigV4Config(err error) http.RoundTripper {
-	return httpclient.RoundTripperFunc(func(req *http.Request) (*http.Response, error) {
-		return nil, fmt.Errorf("invalid SigV4 configuration: %w", err)
-	})
-}
--- a/pkg/infra/httpclient/httpclientprovider/sigv4_middleware_test.go
+++ b/pkg/infra/httpclient/httpclientprovider/sigv4_middleware_test.go
@@ -1,118 +0,0 @@
-package httpclientprovider
-
-import (
-	"fmt"
-	"net/http"
-	"testing"
-
-	"github.com/grafana/grafana-aws-sdk/pkg/sigv4"
-	"github.com/grafana/grafana-plugin-sdk-go/backend/httpclient"
-	"github.com/stretchr/testify/require"
-)
-
-func TestSigV4Middleware(t *testing.T) {
-	t.Run("Without sigv4 options set should return next http.RoundTripper", func(t *testing.T) {
-		origSigV4Func := newSigV4Func
-		newSigV4Called := false
-		middlewareCalled := false
-		newSigV4Func = func(config *sigv4.Config, next http.RoundTripper, opts ...sigv4.Opts) (http.RoundTripper, error) {
-			newSigV4Called = true
-			return httpclient.RoundTripperFunc(func(r *http.Request) (*http.Response, error) {
-				middlewareCalled = true
-				return next.RoundTrip(r)
-			}), nil
-		}
-		t.Cleanup(func() {
-			newSigV4Func = origSigV4Func
-		})
-
-		ctx := &testContext{}
-		finalRoundTripper := ctx.createRoundTripper("finalrt")
-		mw := SigV4Middleware(false)
-		rt := mw.CreateMiddleware(httpclient.Options{}, finalRoundTripper)
-		require.NotNil(t, rt)
-		middlewareName, ok := mw.(httpclient.MiddlewareName)
-		require.True(t, ok)
-		require.Equal(t, SigV4MiddlewareName, middlewareName.MiddlewareName())
-
-		req, err := http.NewRequest(http.MethodGet, "http://", nil)
-		require.NoError(t, err)
-		res, err := rt.RoundTrip(req)
-		require.NoError(t, err)
-		require.NotNil(t, res)
-		if res.Body != nil {
-			require.NoError(t, res.Body.Close())
-		}
-		require.Len(t, ctx.callChain, 1)
-		require.ElementsMatch(t, []string{"finalrt"}, ctx.callChain)
-		require.False(t, newSigV4Called)
-		require.False(t, middlewareCalled)
-	})
-
-	t.Run("With sigv4 options set should call sigv4 http.RoundTripper", func(t *testing.T) {
-		origSigV4Func := newSigV4Func
-		newSigV4Called := false
-		middlewareCalled := false
-		newSigV4Func = func(config *sigv4.Config, next http.RoundTripper, opts ...sigv4.Opts) (http.RoundTripper, error) {
-			newSigV4Called = true
-			return httpclient.RoundTripperFunc(func(r *http.Request) (*http.Response, error) {
-				middlewareCalled = true
-				return next.RoundTrip(r)
-			}), nil
-		}
-		t.Cleanup(func() {
-			newSigV4Func = origSigV4Func
-		})
-
-		ctx := &testContext{}
-		finalRoundTripper := ctx.createRoundTripper("final")
-		mw := SigV4Middleware(false)
-		rt := mw.CreateMiddleware(httpclient.Options{SigV4: &httpclient.SigV4Config{}}, finalRoundTripper)
-		require.NotNil(t, rt)
-		middlewareName, ok := mw.(httpclient.MiddlewareName)
-		require.True(t, ok)
-		require.Equal(t, SigV4MiddlewareName, middlewareName.MiddlewareName())
-
-		req, err := http.NewRequest(http.MethodGet, "http://", nil)
-		require.NoError(t, err)
-		res, err := rt.RoundTrip(req)
-		require.NoError(t, err)
-		require.NotNil(t, res)
-		if res.Body != nil {
-			require.NoError(t, res.Body.Close())
-		}
-		require.Len(t, ctx.callChain, 1)
-		require.ElementsMatch(t, []string{"final"}, ctx.callChain)
-
-		require.True(t, newSigV4Called)
-		require.True(t, middlewareCalled)
-	})
-
-	t.Run("With sigv4 error returned", func(t *testing.T) {
-		origSigV4Func := newSigV4Func
-		newSigV4Func = func(config *sigv4.Config, next http.RoundTripper, opts ...sigv4.Opts) (http.RoundTripper, error) {
-			return nil, fmt.Errorf("problem")
-		}
-		t.Cleanup(func() {
-			newSigV4Func = origSigV4Func
-		})
-
-		ctx := &testContext{}
-		finalRoundTripper := ctx.createRoundTripper("final")
-		mw := SigV4Middleware(false)
-		rt := mw.CreateMiddleware(httpclient.Options{SigV4: &httpclient.SigV4Config{}}, finalRoundTripper)
-		require.NotNil(t, rt)
-		middlewareName, ok := mw.(httpclient.MiddlewareName)
-		require.True(t, ok)
-		require.Equal(t, SigV4MiddlewareName, middlewareName.MiddlewareName())
-
-		req, err := http.NewRequest(http.MethodGet, "http://", nil)
-		require.NoError(t, err)
-		// response is nil
-		// nolint:bodyclose
-		res, err := rt.RoundTrip(req)
-		require.Error(t, err)
-		require.Nil(t, res)
-		require.Empty(t, ctx.callChain)
-	})
-}