CloudWatch: Remove dependencies on grafana/pkg/setting (#81208)

2025-02-25 18:55:37 -06:00 · 2024-02-05 13:59:32 -05:00
parent 2ab7d3c725
commit 81da3ff753
28 changed files with 440 additions and 214 deletions
--- a/pkg/plugins/config/config.go
+++ b/pkg/plugins/config/config.go
@@ -21,9 +21,12 @@ type Cfg struct {
 	ForwardHostEnvVars   []string

 	// AWS Plugin Auth
-	AWSAllowedAuthProviders []string
-	AWSAssumeRoleEnabled    bool
-	AWSExternalId           string
+	AWSAllowedAuthProviders   []string
+	AWSAssumeRoleEnabled      bool
+	AWSExternalId             string
+	AWSSessionDuration        string
+	AWSListMetricsPageLimit   string
+	AWSForwardSettingsPlugins []string

 	// Azure Cloud settings
 	Azure            *azsettings.AzureSettings
@@ -54,33 +57,36 @@ type Cfg struct {
 }

 func NewCfg(devMode bool, pluginsPath string, pluginSettings setting.PluginSettings, pluginsAllowUnsigned []string,
-	awsAllowedAuthProviders []string, awsAssumeRoleEnabled bool, awsExternalId string, azure *azsettings.AzureSettings, secureSocksDSProxy setting.SecureSocksDSProxySettings,
+	awsAllowedAuthProviders []string, awsAssumeRoleEnabled bool, awsExternalId string, awsSessionDuration string, awsListMetricsPageLimit string, AWSForwardSettingsPlugins []string, azure *azsettings.AzureSettings, secureSocksDSProxy setting.SecureSocksDSProxySettings,
 	grafanaVersion string, logDatasourceRequests bool, pluginsCDNURLTemplate string, appURL string, appSubURL string, tracing Tracing, features featuremgmt.FeatureToggles, angularSupportEnabled bool,
 	grafanaComURL string, disablePlugins []string, hideAngularDeprecation []string, forwardHostEnvVars []string, concurrentQueryCount int, azureAuthEnabled bool) *Cfg {
 	return &Cfg{
-		log:                     log.New("plugin.cfg"),
-		PluginsPath:             pluginsPath,
-		BuildVersion:            grafanaVersion,
-		DevMode:                 devMode,
-		PluginSettings:          pluginSettings,
-		PluginsAllowUnsigned:    pluginsAllowUnsigned,
-		DisablePlugins:          disablePlugins,
-		AWSAllowedAuthProviders: awsAllowedAuthProviders,
-		AWSAssumeRoleEnabled:    awsAssumeRoleEnabled,
-		AWSExternalId:           awsExternalId,
-		Azure:                   azure,
-		ProxySettings:           secureSocksDSProxy,
-		LogDatasourceRequests:   logDatasourceRequests,
-		PluginsCDNURLTemplate:   pluginsCDNURLTemplate,
-		Tracing:                 tracing,
-		GrafanaComURL:           grafanaComURL,
-		GrafanaAppURL:           appURL,
-		GrafanaAppSubURL:        appSubURL,
-		Features:                features,
-		AngularSupportEnabled:   angularSupportEnabled,
-		HideAngularDeprecation:  hideAngularDeprecation,
-		ForwardHostEnvVars:      forwardHostEnvVars,
-		ConcurrentQueryCount:    concurrentQueryCount,
-		AzureAuthEnabled:        azureAuthEnabled,
+		log:                       log.New("plugin.cfg"),
+		PluginsPath:               pluginsPath,
+		BuildVersion:              grafanaVersion,
+		DevMode:                   devMode,
+		PluginSettings:            pluginSettings,
+		PluginsAllowUnsigned:      pluginsAllowUnsigned,
+		DisablePlugins:            disablePlugins,
+		AWSAllowedAuthProviders:   awsAllowedAuthProviders,
+		AWSAssumeRoleEnabled:      awsAssumeRoleEnabled,
+		AWSExternalId:             awsExternalId,
+		AWSSessionDuration:        awsSessionDuration,
+		AWSListMetricsPageLimit:   awsListMetricsPageLimit,
+		AWSForwardSettingsPlugins: AWSForwardSettingsPlugins,
+		Azure:                     azure,
+		ProxySettings:             secureSocksDSProxy,
+		LogDatasourceRequests:     logDatasourceRequests,
+		PluginsCDNURLTemplate:     pluginsCDNURLTemplate,
+		Tracing:                   tracing,
+		GrafanaComURL:             grafanaComURL,
+		GrafanaAppURL:             appURL,
+		GrafanaAppSubURL:          appSubURL,
+		Features:                  features,
+		AngularSupportEnabled:     angularSupportEnabled,
+		HideAngularDeprecation:    hideAngularDeprecation,
+		ForwardHostEnvVars:        forwardHostEnvVars,
+		ConcurrentQueryCount:      concurrentQueryCount,
+		AzureAuthEnabled:          azureAuthEnabled,
 	}
 }
--- a/pkg/plugins/envvars/envvars.go
+++ b/pkg/plugins/envvars/envvars.go
@@ -129,16 +129,24 @@ func (s *Service) GetConfigMap(ctx context.Context, pluginID string, _ *auth.Ext
 			m[featuretoggles.EnabledFeatures] = strings.Join(features, ",")
 		}
 	}
-	// TODO add support via plugin SDK
-	// if s.cfg.AWSAssumeRoleEnabled {
-	//	m[awsds.AssumeRoleEnabledEnvVarKeyName] = "true"
-	// }
-	// if len(s.cfg.AWSAllowedAuthProviders) > 0 {
-	//	m[awsds.AllowedAuthProvidersEnvVarKeyName] = strings.Join(s.cfg.AWSAllowedAuthProviders, ",")
-	// }
-	// if s.cfg.AWSExternalId != "" {
-	//	m[awsds.GrafanaAssumeRoleExternalIdKeyName] = s.cfg.AWSExternalId
-	// }
+
+	if slices.Contains[[]string, string](s.cfg.AWSForwardSettingsPlugins, pluginID) {
+		if !s.cfg.AWSAssumeRoleEnabled {
+			m[awsds.AssumeRoleEnabledEnvVarKeyName] = "false"
+		}
+		if len(s.cfg.AWSAllowedAuthProviders) > 0 {
+			m[awsds.AllowedAuthProvidersEnvVarKeyName] = strings.Join(s.cfg.AWSAllowedAuthProviders, ",")
+		}
+		if s.cfg.AWSExternalId != "" {
+			m[awsds.GrafanaAssumeRoleExternalIdKeyName] = s.cfg.AWSExternalId
+		}
+		if s.cfg.AWSSessionDuration != "" {
+			m[awsds.SessionDurationEnvVarKeyName] = s.cfg.AWSSessionDuration
+		}
+		if s.cfg.AWSListMetricsPageLimit != "" {
+			m[awsds.ListMetricsPageLimitKeyName] = s.cfg.AWSListMetricsPageLimit
+		}
+	}

 	if s.cfg.ProxySettings.Enabled {
 		m[proxy.PluginSecureSocksProxyEnabled] = "true"
@@ -257,8 +265,8 @@ func (s *Service) featureToggleEnableVar(ctx context.Context) []string {

 func (s *Service) awsEnvVars() []string {
 	var variables []string
-	if s.cfg.AWSAssumeRoleEnabled {
-		variables = append(variables, awsds.AssumeRoleEnabledEnvVarKeyName+"=true")
+	if !s.cfg.AWSAssumeRoleEnabled {
+		variables = append(variables, awsds.AssumeRoleEnabledEnvVarKeyName+"=false")
 	}
 	if len(s.cfg.AWSAllowedAuthProviders) > 0 {
 		variables = append(variables, awsds.AllowedAuthProvidersEnvVarKeyName+"="+strings.Join(s.cfg.AWSAllowedAuthProviders, ","))
@@ -266,6 +274,12 @@ func (s *Service) awsEnvVars() []string {
 	if s.cfg.AWSExternalId != "" {
 		variables = append(variables, awsds.GrafanaAssumeRoleExternalIdKeyName+"="+s.cfg.AWSExternalId)
 	}
+	if s.cfg.AWSSessionDuration != "" {
+		variables = append(variables, awsds.SessionDurationEnvVarKeyName+"="+s.cfg.AWSSessionDuration)
+	}
+	if s.cfg.AWSListMetricsPageLimit != "" {
+		variables = append(variables, awsds.ListMetricsPageLimitKeyName+"="+s.cfg.AWSListMetricsPageLimit)
+	}

 	return variables
 }
--- a/pkg/plugins/envvars/envvars_test.go
+++ b/pkg/plugins/envvars/envvars_test.go
@@ -40,6 +40,7 @@ func TestInitializer_envVars(t *testing.T) {
 					"custom_env_var": "customVal",
 				},
 			},
+			AWSAssumeRoleEnabled: true,
 		}, licensing)

 		envVars := envVarsProvider.Get(context.Background(), p)
@@ -203,7 +204,8 @@ func TestInitializer_tracingEnvironmentVariables(t *testing.T) {
 		{
 			name: "otel not configured",
 			cfg: &config.Cfg{
-				Tracing: config.Tracing{},
+				Tracing:              config.Tracing{},
+				AWSAssumeRoleEnabled: false,
 			},
 			plugin: defaultPlugin,
 			exp:    expNoTracing,
@@ -257,6 +259,7 @@ func TestInitializer_tracingEnvironmentVariables(t *testing.T) {
 				PluginSettings: map[string]map[string]string{
 					pluginID: {"tracing": "true"},
 				},
+				AWSAssumeRoleEnabled: true,
 			},
 			plugin: defaultPlugin,
 			exp: func(t *testing.T, envVars []string) {
@@ -288,6 +291,7 @@ func TestInitializer_tracingEnvironmentVariables(t *testing.T) {
 				PluginSettings: map[string]map[string]string{
 					pluginID: {"tracing": "true"},
 				},
+				AWSAssumeRoleEnabled: true,
 			},
 			plugin: defaultPlugin,
 			exp: func(t *testing.T, envVars []string) {
@@ -337,6 +341,7 @@ func TestInitializer_tracingEnvironmentVariables(t *testing.T) {
 				PluginSettings: map[string]map[string]string{
 					pluginID: {"some_other_option": "true"},
 				},
+				AWSAssumeRoleEnabled: true,
 			},
 			plugin: defaultPlugin,
 			exp:    expNoTracing,
@@ -581,12 +586,14 @@ func TestInitalizer_awsEnvVars(t *testing.T) {
 	t.Run("backend datasource with aws settings", func(t *testing.T) {
 		p := &plugins.Plugin{}
 		envVarsProvider := NewProvider(&config.Cfg{
-			AWSAssumeRoleEnabled:    true,
+			AWSAssumeRoleEnabled:    false,
 			AWSAllowedAuthProviders: []string{"grafana_assume_role", "keys"},
 			AWSExternalId:           "mock_external_id",
+			AWSSessionDuration:      "10m",
+			AWSListMetricsPageLimit: "100",
 		}, nil)
 		envVars := envVarsProvider.Get(context.Background(), p)
-		assert.ElementsMatch(t, []string{"GF_VERSION=", "AWS_AUTH_AssumeRoleEnabled=true", "AWS_AUTH_AllowedAuthProviders=grafana_assume_role,keys", "AWS_AUTH_EXTERNAL_ID=mock_external_id"}, envVars)
+		assert.ElementsMatch(t, []string{"GF_VERSION=", "AWS_AUTH_AssumeRoleEnabled=false", "AWS_AUTH_AllowedAuthProviders=grafana_assume_role,keys", "AWS_AUTH_EXTERNAL_ID=mock_external_id", "AWS_AUTH_SESSION_DURATION=10m", "AWS_CW_LIST_METRICS_PAGE_LIMIT=100"}, envVars)
 	})
 }

@@ -604,7 +611,7 @@ func TestInitializer_featureToggleEnvVar(t *testing.T) {
 		}, nil)
 		envVars := envVarsProvider.Get(context.Background(), p)

-		assert.Equal(t, 2, len(envVars))
+		assert.Equal(t, 3, len(envVars))

 		toggleExpression := strings.Split(envVars[1], "=")
 		assert.Equal(t, 2, len(toggleExpression))
@@ -628,6 +635,7 @@ func TestInitalizer_azureEnvVars(t *testing.T) {
 	t.Run("backend datasource with azure settings", func(t *testing.T) {
 		p := &plugins.Plugin{}
 		envVarsProvider := NewProvider(&config.Cfg{
+			AWSAssumeRoleEnabled: true,
 			Azure: &azsettings.AzureSettings{
 				Cloud:                   azsettings.AzurePublic,
 				ManagedIdentityEnabled:  true,
@@ -925,3 +933,48 @@ func TestService_GetConfigMap_azure(t *testing.T) {
 		}, s.GetConfigMap(context.Background(), "test-datasource", nil))
 	})
 }
+
+func TestService_GetConfigMap_aws(t *testing.T) {
+	cfg := &config.Cfg{
+		AWSAssumeRoleEnabled:      false,
+		AWSAllowedAuthProviders:   []string{"grafana_assume_role", "keys"},
+		AWSExternalId:             "mock_external_id",
+		AWSSessionDuration:        "10m",
+		AWSListMetricsPageLimit:   "100",
+		AWSForwardSettingsPlugins: []string{"cloudwatch", "prometheus", "elasticsearch"},
+	}
+
+	t.Run("uses the aws settings for an AWS plugin", func(t *testing.T) {
+		s := &Service{
+			cfg: cfg,
+		}
+		require.Equal(t, map[string]string{
+			"AWS_AUTH_AssumeRoleEnabled":     "false",
+			"AWS_AUTH_AllowedAuthProviders":  "grafana_assume_role,keys",
+			"AWS_AUTH_EXTERNAL_ID":           "mock_external_id",
+			"AWS_AUTH_SESSION_DURATION":      "10m",
+			"AWS_CW_LIST_METRICS_PAGE_LIMIT": "100",
+		}, s.GetConfigMap(context.Background(), "cloudwatch", nil))
+	})
+
+	t.Run("does not use the aws settings for a non-aws plugin", func(t *testing.T) {
+		s := &Service{
+			cfg: cfg,
+		}
+		require.Equal(t, map[string]string{}, s.GetConfigMap(context.Background(), "", nil))
+	})
+
+	t.Run("uses the aws settings for a non-aws user-specified plugin", func(t *testing.T) {
+		cfg.AWSForwardSettingsPlugins = append(cfg.AWSForwardSettingsPlugins, "test-datasource")
+		s := &Service{
+			cfg: cfg,
+		}
+		require.Equal(t, map[string]string{
+			"AWS_AUTH_AssumeRoleEnabled":     "false",
+			"AWS_AUTH_AllowedAuthProviders":  "grafana_assume_role,keys",
+			"AWS_AUTH_EXTERNAL_ID":           "mock_external_id",
+			"AWS_AUTH_SESSION_DURATION":      "10m",
+			"AWS_CW_LIST_METRICS_PAGE_LIMIT": "100",
+		}, s.GetConfigMap(context.Background(), "test-datasource", nil))
+	})
+}