Cloudwatch: use shared library for aws auth (#29550)

* use sdk for handling auth * fix broken test * lint fixes Co-authored-by: Erik Sundell <erik.sundell87@gmail.com>
2025-02-25 18:55:37 -06:00 · 2021-03-12 05:30:21 -08:00
parent 8404d54277
commit 9dd1d5f553
16 changed files with 151 additions and 489 deletions
--- a/pkg/plugins/backendplugin/manager/manager.go
+++ b/pkg/plugins/backendplugin/manager/manager.go
@@ -9,9 +9,11 @@ import (
 	"io/ioutil"
 	"net/http"
 	"net/url"
+	"strings"
 	"sync"
 	"time"

+	"github.com/grafana/grafana-aws-sdk/pkg/awsds"
 	"github.com/grafana/grafana-plugin-sdk-go/backend"
 	"github.com/grafana/grafana/pkg/infra/log"
 	"github.com/grafana/grafana/pkg/models"
@@ -86,6 +88,8 @@ func (m *manager) Register(pluginID string, factory backendplugin.PluginFactoryF
 		}
 	}

+	hostEnv = append(hostEnv, m.getAWSEnvironmentVariables()...)
+
 	env := pluginSettings.ToEnv("GF_PLUGIN", hostEnv)

 	pluginLogger := m.logger.New("pluginId", pluginID)
@@ -99,6 +103,18 @@ func (m *manager) Register(pluginID string, factory backendplugin.PluginFactoryF
 	return nil
 }

+func (m *manager) getAWSEnvironmentVariables() []string {
+	variables := []string{}
+	if m.Cfg.AWSAssumeRoleEnabled {
+		variables = append(variables, awsds.AssumeRoleEnabledEnvVarKeyName+"=true")
+	}
+	if len(m.Cfg.AWSAllowedAuthProviders) > 0 {
+		variables = append(variables, awsds.AllowedAuthProvidersEnvVarKeyName+"="+strings.Join(m.Cfg.AWSAllowedAuthProviders, ","))
+	}
+
+	return variables
+}
+
 func (m *manager) GetDataPlugin(pluginID string) interface{} {
 	plugin := m.plugins[pluginID]
 	if plugin == nil || !plugin.CanHandleDataQueries() {
--- a/pkg/plugins/backendplugin/manager/manager_test.go
+++ b/pkg/plugins/backendplugin/manager/manager_test.go
@@ -3,12 +3,14 @@ package manager
 import (
 	"bytes"
 	"context"
+	"fmt"
 	"net/http"
 	"net/http/httptest"
 	"sync"
 	"testing"
 	"time"

+	"github.com/grafana/grafana-aws-sdk/pkg/awsds"
 	"github.com/grafana/grafana-plugin-sdk-go/backend"
 	"github.com/grafana/grafana/pkg/infra/log"
 	"github.com/grafana/grafana/pkg/models"
@@ -58,8 +60,8 @@ func TestManager(t *testing.T) {
 				})

 				t.Run("Should provide expected host environment variables", func(t *testing.T) {
-					require.Len(t, ctx.env, 2)
-					require.EqualValues(t, []string{"GF_VERSION=7.0.0", "GF_EDITION=Open Source"}, ctx.env)
+					require.Len(t, ctx.env, 4)
+					require.EqualValues(t, []string{"GF_VERSION=7.0.0", "GF_EDITION=Open Source", fmt.Sprintf("%s=true", awsds.AssumeRoleEnabledEnvVarKeyName), fmt.Sprintf("%s=keys,credentials", awsds.AllowedAuthProvidersEnvVarKeyName)}, ctx.env)
 				})

 				t.Run("When manager runs should start and stop plugin", func(t *testing.T) {
@@ -261,8 +263,8 @@ func TestManager(t *testing.T) {
 			require.NoError(t, err)

 			t.Run("Should provide expected host environment variables", func(t *testing.T) {
-				require.Len(t, ctx.env, 4)
-				require.EqualValues(t, []string{"GF_VERSION=7.0.0", "GF_EDITION=Enterprise", "GF_ENTERPRISE_LICENSE_PATH=/license.txt", "GF_ENTERPRISE_LICENSE_TEXT=testtoken"}, ctx.env)
+				require.Len(t, ctx.env, 6)
+				require.EqualValues(t, []string{"GF_VERSION=7.0.0", "GF_EDITION=Enterprise", "GF_ENTERPRISE_LICENSE_PATH=/license.txt", "GF_ENTERPRISE_LICENSE_TEXT=testtoken", fmt.Sprintf("%s=true", awsds.AssumeRoleEnabledEnvVarKeyName), fmt.Sprintf("%s=keys,credentials", awsds.AllowedAuthProvidersEnvVarKeyName)}, ctx.env)
 			})
 		})
 	})
@@ -280,6 +282,9 @@ type managerScenarioCtx struct {
 func newManagerScenario(t *testing.T, managed bool, fn func(t *testing.T, ctx *managerScenarioCtx)) {
 	t.Helper()
 	cfg := setting.NewCfg()
+	cfg.AWSAllowedAuthProviders = []string{"keys", "credentials"}
+	cfg.AWSAssumeRoleEnabled = true
+
 	license := &testLicensingService{}
 	validator := &testPluginRequestValidator{}
 	ctx := &managerScenarioCtx{