Prometheus: Promote Azure auth flag to configuration (#53447)

2025-02-25 18:55:37 -06:00 · 2022-08-11 16:12:57 +02:00
parent 806fb8ab7a
commit a31d96d20a
16 changed files with 50 additions and 32 deletions
--- a/pkg/api/frontendsettings.go
+++ b/pkg/api/frontendsettings.go
@@ -110,6 +110,7 @@ func (hs *HTTPServer) getFrontendSettingsMap(c *models.ReqContext) (map[string]i
 		"autoAssignOrg":                       setting.AutoAssignOrg,
 		"verifyEmailEnabled":                  setting.VerifyEmailEnabled,
 		"sigV4AuthEnabled":                    setting.SigV4AuthEnabled,
+		"azureAuthEnabled":                    setting.AzureAuthEnabled,
 		"rbacEnabled":                         hs.Cfg.RBACEnabled,
 		"rbacBuiltInRoleAssignmentEnabled":    hs.Cfg.RBACBuiltInRoleAssignmentEnabled,
 		"exploreEnabled":                      setting.ExploreEnabled,
--- a/pkg/services/featuremgmt/registry.go
+++ b/pkg/services/featuremgmt/registry.go
@@ -68,11 +68,6 @@ var (
 			State:        FeatureStateAlpha,
 			FrontendOnly: true,
 		},
-		{
-			Name:        "prometheus_azure_auth",
-			Description: "Experimental. Azure authentication for Prometheus datasource",
-			State:       FeatureStateBeta,
-		},
 		{
 			Name:        "prometheusAzureOverrideAudience",
 			Description: "Experimental. Allow override default AAD audience for Azure Prometheus endpoint",
--- a/pkg/services/featuremgmt/toggles_gen.go
+++ b/pkg/services/featuremgmt/toggles_gen.go
@@ -51,10 +51,6 @@ const (
 	// Show APM table
 	FlagTempoApmTable = "tempoApmTable"

-	// FlagPrometheusAzureAuth
-	// Experimental. Azure authentication for Prometheus datasource
-	FlagPrometheusAzureAuth = "prometheus_azure_auth"
-
 	// FlagPrometheusAzureOverrideAudience
 	// Experimental. Allow override default AAD audience for Azure Prometheus endpoint
 	FlagPrometheusAzureOverrideAudience = "prometheusAzureOverrideAudience"
--- a/pkg/services/featuremgmt/toggles_gen_test.go
+++ b/pkg/services/featuremgmt/toggles_gen_test.go
@@ -23,7 +23,6 @@ func TestFeatureToggleFiles(t *testing.T) {
 		"live-config":                   true,
 		"live-pipeline":                 true,
 		"live-service-web-worker":       true,
-		"prometheus_azure_auth":         true,
 	}

 	t.Run("verify files", func(t *testing.T) {
--- a/pkg/services/featuremgmt/usage_stats_test.go
+++ b/pkg/services/featuremgmt/usage_stats_test.go
@@ -10,7 +10,6 @@ import (
 func TestFeatureUsageStats(t *testing.T) {
 	featureManagerWithAllFeatures := WithFeatures(
 		"trimDefaults",
-		"httpclientprovider_azure_auth",
 		"database_metrics",
 		"dashboardPreviews",
 		"live-config",
@@ -20,13 +19,12 @@ func TestFeatureUsageStats(t *testing.T) {
 	)

 	require.Equal(t, map[string]interface{}{
-		"stats.features.trim_defaults.count":                 1,
-		"stats.features.httpclientprovider_azure_auth.count": 1,
-		"stats.features.database_metrics.count":              1,
-		"stats.features.dashboard_previews.count":            1,
-		"stats.features.live_config.count":                   1,
-		"stats.features.show_feature_flags_in_ui.count":      1,
-		"stats.features.upper_snake_case.count":              1,
-		"stats.features.feature_with_a_dot.count":            1,
+		"stats.features.trim_defaults.count":            1,
+		"stats.features.database_metrics.count":         1,
+		"stats.features.dashboard_previews.count":       1,
+		"stats.features.live_config.count":              1,
+		"stats.features.show_feature_flags_in_ui.count": 1,
+		"stats.features.upper_snake_case.count":         1,
+		"stats.features.feature_with_a_dot.count":       1,
 	}, featureManagerWithAllFeatures.GetUsageStats(context.Background()))
 }
--- a/pkg/setting/setting.go
+++ b/pkg/setting/setting.go
@@ -115,6 +115,7 @@ var (

 	// HTTP auth
 	SigV4AuthEnabled bool
+	AzureAuthEnabled bool

 	AnonymousEnabled bool

@@ -287,6 +288,7 @@ type Cfg struct {
 	TokenRotationIntervalMinutes int
 	SigV4AuthEnabled             bool
 	SigV4VerboseLogging          bool
+	AzureAuthEnabled             bool
 	BasicAuthEnabled             bool
 	AdminUser                    string
 	AdminPassword                string
@@ -1291,6 +1293,10 @@ func readAuthSettings(iniFile *ini.File, cfg *Cfg) (err error) {
 	cfg.SigV4AuthEnabled = SigV4AuthEnabled
 	cfg.SigV4VerboseLogging = auth.Key("sigv4_verbose_logging").MustBool(false)

+	// Azure Auth
+	AzureAuthEnabled = auth.Key("azure_auth_enabled").MustBool(false)
+	cfg.AzureAuthEnabled = AzureAuthEnabled
+
 	// anonymous access
 	AnonymousEnabled = iniFile.Section("auth.anonymous").Key("enabled").MustBool(false)
 	cfg.AnonymousEnabled = AnonymousEnabled
--- a/pkg/tsdb/prometheus/buffered/client.go
+++ b/pkg/tsdb/prometheus/buffered/client.go
@@ -5,11 +5,10 @@ import (
 	"net/http"
 	"strings"

-	"github.com/grafana/grafana-azure-sdk-go/azsettings"
 	"github.com/grafana/grafana-plugin-sdk-go/backend"
 	sdkhttpclient "github.com/grafana/grafana-plugin-sdk-go/backend/httpclient"
 	"github.com/grafana/grafana/pkg/infra/log"
-	"github.com/grafana/grafana/pkg/services/featuremgmt"
+	"github.com/grafana/grafana/pkg/setting"
 	"github.com/grafana/grafana/pkg/tsdb/prometheus/buffered/azureauth"
 	"github.com/grafana/grafana/pkg/tsdb/prometheus/middleware"
 	"github.com/grafana/grafana/pkg/tsdb/prometheus/utils"
@@ -20,7 +19,7 @@ import (

 // CreateTransportOptions creates options for the http client. Probably should be shared and should not live in the
 // buffered package.
-func CreateTransportOptions(settings backend.DataSourceInstanceSettings, azureSettings *azsettings.AzureSettings, features featuremgmt.FeatureToggles, logger log.Logger) (*sdkhttpclient.Options, error) {
+func CreateTransportOptions(settings backend.DataSourceInstanceSettings, cfg *setting.Cfg, logger log.Logger) (*sdkhttpclient.Options, error) {
 	opts, err := settings.HTTPClientOptions()
 	if err != nil {
 		return nil, err
@@ -39,9 +38,9 @@ func CreateTransportOptions(settings backend.DataSourceInstanceSettings, azureSe
 		opts.SigV4.Service = "aps"
 	}

-	// Azure authentication is experimental (#35857)
-	if features.IsEnabled(featuremgmt.FlagPrometheusAzureAuth) {
-		err = azureauth.ConfigureAzureAuthentication(settings, azureSettings, &opts)
+	// Set Azure authentication
+	if cfg.AzureAuthEnabled {
+		err = azureauth.ConfigureAzureAuthentication(settings, cfg.Azure, &opts)
 		if err != nil {
 			return nil, fmt.Errorf("error configuring Azure auth: %v", err)
 		}
--- a/pkg/tsdb/prometheus/buffered/client_test.go
+++ b/pkg/tsdb/prometheus/buffered/client_test.go
@@ -6,7 +6,7 @@ import (
 	"github.com/grafana/grafana-azure-sdk-go/azsettings"
 	"github.com/grafana/grafana-plugin-sdk-go/backend"
 	"github.com/grafana/grafana/pkg/infra/log/logtest"
-	"github.com/grafana/grafana/pkg/services/featuremgmt"
+	"github.com/grafana/grafana/pkg/setting"
 	"github.com/stretchr/testify/require"
 )

@@ -20,8 +20,25 @@ func TestCreateTransportOptions(t *testing.T) {
 				"httpHeaderValue1": "bar",
 			},
 		}
-		opts, err := CreateTransportOptions(settings, &azsettings.AzureSettings{}, featuremgmt.WithFeatures(), &logtest.Fake{})
+		opts, err := CreateTransportOptions(settings, &setting.Cfg{}, &logtest.Fake{})
 		require.NoError(t, err)
 		require.Equal(t, map[string]string{"foo": "bar"}, opts.Headers)
+		require.Equal(t, 2, len(opts.Middlewares))
+	})
+
+	t.Run("add azure credentials if configured", func(t *testing.T) {
+		settings := backend.DataSourceInstanceSettings{
+			BasicAuthEnabled: false,
+			BasicAuthUser:    "",
+			JSONData: []byte(`{
+				"azureCredentials": {
+					"authType": "msi"
+				}
+			}`),
+			DecryptedSecureJSONData: map[string]string{},
+		}
+		opts, err := CreateTransportOptions(settings, &setting.Cfg{AzureAuthEnabled: true, Azure: &azsettings.AzureSettings{}}, &logtest.Fake{})
+		require.NoError(t, err)
+		require.Equal(t, 3, len(opts.Middlewares))
 	})
 }
--- a/pkg/tsdb/prometheus/prometheus.go
+++ b/pkg/tsdb/prometheus/prometheus.go
@@ -48,7 +48,7 @@ func ProvideService(httpClientProvider httpclient.Provider, cfg *setting.Cfg, fe
 func newInstanceSettings(httpClientProvider httpclient.Provider, cfg *setting.Cfg, features featuremgmt.FeatureToggles, tracer tracing.Tracer) datasource.InstanceFactoryFunc {
 	return func(settings backend.DataSourceInstanceSettings) (instancemgmt.Instance, error) {
 		// Creates a http roundTripper. Probably should be used for both buffered and streaming/querydata instances.
-		opts, err := buffered.CreateTransportOptions(settings, cfg.Azure, features, plog)
+		opts, err := buffered.CreateTransportOptions(settings, cfg, plog)
 		if err != nil {
 			return nil, fmt.Errorf("error creating transport options: %v", err)
 		}
--- a/pkg/tsdb/prometheus/querydata/request_test.go
+++ b/pkg/tsdb/prometheus/querydata/request_test.go
@@ -10,12 +10,12 @@ import (
 	"testing"
 	"time"

-	"github.com/grafana/grafana-azure-sdk-go/azsettings"
 	"github.com/grafana/grafana-plugin-sdk-go/backend"
 	sdkhttpclient "github.com/grafana/grafana-plugin-sdk-go/backend/httpclient"
 	"github.com/grafana/grafana-plugin-sdk-go/data"
 	"github.com/grafana/grafana/pkg/infra/httpclient"
 	"github.com/grafana/grafana/pkg/infra/tracing"
+	"github.com/grafana/grafana/pkg/setting"
 	"github.com/grafana/grafana/pkg/tsdb/prometheus/buffered"
 	"github.com/grafana/grafana/pkg/tsdb/prometheus/models"
 	"github.com/grafana/grafana/pkg/tsdb/prometheus/querydata"
@@ -415,7 +415,7 @@ func setup(wideFrames bool) (*testContext, error) {

 	features := &fakeFeatureToggles{flags: map[string]bool{"prometheusStreamingJSONParser": true, "prometheusWideSeries": wideFrames}}

-	opts, err := buffered.CreateTransportOptions(settings, &azsettings.AzureSettings{}, features, &fakeLogger{})
+	opts, err := buffered.CreateTransportOptions(settings, &setting.Cfg{}, &fakeLogger{})
 	if err != nil {
 		return nil, err
 	}