Plugins: Update plugin signing copy + docs (#34716)

* update plugin signing copy + docs * rewording * remove grafana sig note * update unsigned plugin wording * remove org admin reference in catalog docs * add whitespace to message * apply pr suggestion Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com> * apply pr feedback Co-authored-by: Ursula Kallio <73951760+osg-grafana@users.noreply.github.com>
2025-02-09 23:16:16 -06:00 · 2021-05-31 21:54:53 +02:00 · 2021-05-31 21:54:53 +02:00 · 8d51c2ae97
commit 8d51c2ae97
parent f432fbd793
6 changed files with 16 additions and 47 deletions
--- a/docs/sources/plugins/catalog.md
+++ b/docs/sources/plugins/catalog.md
@ -6,7 +6,7 @@ weight = 1

 # Plugin catalog

-The Plugin catalog allows users to browse and manage plugins from within Grafana. Only Organization Admins who are also Grafana Server Admins can access and use the catalog.
+The plugin catalog allows you to browse and manage plugins from within Grafana. Only a Grafana server administrator can access and use the catalog.

 <div class="medium-6 columns">
  <video width="700" height="600" controls>
--- a/docs/sources/plugins/plugin-signatures.md
+++ b/docs/sources/plugins/plugin-signatures.md
@ -8,9 +8,15 @@ aliases = ["/docs/grafana/latest/plugins/plugin-signature-verification"]

 Plugin signature verification (signing) is a security measure to make sure plugins haven't been tampered with. Upon loading, Grafana checks to see if a plugin is signed or unsigned when inspecting and verifying its digital signature.

-At startup, Grafana verifies the signatures of every plugin in the plugin directory. You can see the result of this verification for each plugin by navigating to **Configuration** -> **Plugins**.
+At startup, Grafana verifies the signatures of every plugin in the plugin directory. If a plugin is unsigned, then Grafana does not load nor start it. To see the result of this verification for each plugin, navigate to **Configuration** -> **Plugins**.

-> **Note:** If you're a plugin developer and want to know how to sign your plugin, refer to [Sign a plugin]({{< relref "../developers/plugins/sign-a-plugin.md" >}}).
+Grafana also writes an error message to the server log:
+
+```bash
+WARN[05-26|12:00:00] Some plugin scanning errors were found   errors="plugin '<plugin id>' is unsigned, plugin '<plugin id>' has an invalid signature"
+```
+
+If you are a plugin developer and want to know how to sign your plugin, refer to [Sign a plugin]({{< relref "../developers/plugins/sign-a-plugin.md" >}}).

 | Signature status | Description |
 | ---------------- | ----------- |
@ -30,24 +36,14 @@ All plugins is signed under a _signature level_. The signature level determines
 |Community|<p>Community plugins have dependent technologies that are open source and not for profit.</p><p>Community plugins are published in the official Grafana catalog, and are available to the Grafana community.</p>|
 |Commercial|<p>Commercial plugins have dependent technologies that are closed source or commercially backed.</p><p>Commercial Plugins are published on the official Grafana catalog, and are available to the Grafana community.</p>|

-## Backend plugins
-
-If a [backend plugin]({{< relref "../developers/plugins/backend/_index.md" >}}) is unsigned, then Grafana won't load or start it. If you try to load a backend plugin with an missing or invalid signature, then Grafana writes an error message to the server log:
-
-```bash
-EROR[06-01|16:45:59] Failed to load plugin   error=plugin <plugin id> is unsigned
-```
-
-> **Note:** All Grafana Labs authored backend plugins, including Enterprise plugins, are signed.
-
 ## Allow unsigned plugins

 We strongly recommend that you don't run unsigned plugins in your Grafana installation. If you're aware of the risks and you still want to load an unsigned plugin, refer to [Configuration]({{< relref "../administration/configuration.md#allow_loading_unsigned_plugins" >}}).

-If you've allowed loading of an unsigned backend plugin, then Grafana writes a warning message to the server log:
+If you've allowed loading of an unsigned plugin, then Grafana writes a warning message to the server log:

 ```bash
-WARN[06-01|16:45:59] Running an unsigned backend plugin   pluginID=<plugin id>
+WARN[06-01|16:45:59] Running an unsigned plugin   pluginID=<plugin id>
 ```

 > **Note:** If you're developing a plugin, then you can enable development mode to allow all unsigned plugins.
--- a/public/app/features/datasources/NewDataSourcePage.tsx
+++ b/public/app/features/datasources/NewDataSourcePage.tsx
@ -100,17 +100,7 @@ class NewDataSourcePage extends PureComponent<Props> {
              Cancel
            </LinkButton>
          </div>
-          {!searchQuery && (
-            <PluginsErrorsInfo>
-              <>
-                <br />
-                <p>
-                  Note that unsigned front-end data source plugins are still usable, but this is subject to change in
-                  the upcoming releases of Grafana.
-                </p>
-              </>
-            </PluginsErrorsInfo>
-          )}
+          {!searchQuery && <PluginsErrorsInfo />}
          <div>
            {searchQuery && this.renderPlugins(plugins)}
            {!searchQuery && this.renderCategories()}
--- a/public/app/features/plugins/PluginListPage.tsx
+++ b/public/app/features/plugins/PluginListPage.tsx
@ -64,16 +64,7 @@ export const PluginListPage: React.FC<Props> = ({
            placeholder="Search by name, author, description or type"
            target={actionTarget}
          />
-
-          <PluginsErrorsInfo>
-            <>
-              <br />
-              <p>
-                Note that <strong>unsigned front-end datasource and panel plugins</strong> are still usable, but this is
-                subject to change in the upcoming releases of Grafana
-              </p>
-            </>
-          </PluginsErrorsInfo>
+          <PluginsErrorsInfo />
          {hasFetched && plugins && <PluginList plugins={plugins} />}
        </>
      </Page.Contents>
--- a/public/app/features/plugins/PluginPage.tsx
+++ b/public/app/features/plugins/PluginPage.tsx
@ -311,7 +311,7 @@ class PluginPage extends PureComponent<Props, State> {
        <br />
        <p>
          Grafana Labs checks each plugin to verify that it has a valid digital signature. Plugin signature verification
-          is part of our security measures to ensure plugins are safe and trustworthy.
+          is part of our security measures to ensure plugins are safe and trustworthy.{' '}
          {!isSignatureValid &&
            'Grafana Labs can’t guarantee the integrity of this unsigned plugin. Ask the plugin author to request it to be signed.'}
        </p>
--- a/public/app/features/plugins/PluginsErrorsInfo.tsx
+++ b/public/app/features/plugins/PluginsErrorsInfo.tsx
@ -47,16 +47,8 @@ export const PluginsErrorsInfoUnconnected: React.FC<PluginsErrorsInfoProps> = ({
    >
      <div>
        <p>
-          We have encountered{' '}
-          <a
-            href="https://grafana.com/docs/grafana/latest/developers/plugins/backend/"
-            target="_blank"
-            rel="noreferrer"
-          >
-            data source backend plugins
-          </a>{' '}
-          that are unsigned. Grafana Labs cannot guarantee the integrity of unsigned plugins and recommends using signed
-          plugins only.
+          Unsigned plugins were found during plugin initialization. Grafana Labs cannot guarantee the integrity of these
+          plugins. We recommend only using signed plugins.
        </p>
        The following plugins are disabled and not shown in the list below:
        <List