Team LBAC: Add teamHeaders for datasource proxy requests (#76339)

* Add teamHeaders for datasource proxy requests * adds validation for the teamHeaders * added tests for applying teamHeaders * remove previous implementation * validation for header values being set to authproxy * removed unnecessary checks * newline * Add middleware for injecting headers on the data source backend * renamed feature toggle * Get user teams from context * Fix feature toggle name * added test for validation of the auth headers and fixed evaluation to cover headers * renaming of teamHeaders to teamHTTPHeaders * use of header set for non-existing header and add for existing headers * moves types into datasources * fixed unchecked errors * Refactor * Add tests for data model * Update pkg/api/datasources.go Co-authored-by: Victor Cinaglia <victor@grafana.com> * Update pkg/api/datasources.go Co-authored-by: Victor Cinaglia <victor@grafana.com> --------- Co-authored-by: Alexander Zobnin <alexanderzobnin@gmail.com> Co-authored-by: Victor Cinaglia <victor@grafana.com>
2025-02-25 18:55:37 -06:00 · 2023-10-17 11:23:54 +01:00
parent 7d9b2c73c7
commit be5ba68132
14 changed files with 425 additions and 4 deletions
--- a/pkg/services/datasources/models.go
+++ b/pkg/services/datasources/models.go
@@ -1,6 +1,7 @@
 package datasources

 import (
+	"encoding/json"
 	"time"

 	"github.com/grafana/grafana/pkg/components/simplejson"
@@ -65,6 +66,33 @@ type DataSource struct {
 	Updated time.Time `json:"updated,omitempty"`
 }

+type TeamHTTPHeadersJSONData struct {
+	TeamHTTPHeaders TeamHTTPHeaders `json:"teamHttpHeaders"`
+}
+
+type TeamHTTPHeaders map[string][]TeamHTTPHeader
+
+type TeamHTTPHeader struct {
+	Header string `json:"header"`
+	Value  string `json:"value"`
+}
+
+func (ds DataSource) TeamHTTPHeaders() (TeamHTTPHeaders, error) {
+	teamHTTPHeadersJSON := TeamHTTPHeadersJSONData{}
+	if ds.JsonData != nil {
+		jsonData, err := ds.JsonData.MarshalJSON()
+		if err != nil {
+			return nil, err
+		}
+		err = json.Unmarshal(jsonData, &teamHTTPHeadersJSON)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	return teamHTTPHeadersJSON.TeamHTTPHeaders, nil
+}
+
 // AllowedCookies parses the jsondata.keepCookies and returns a list of
 // allowed cookies, otherwise an empty list.
 func (ds DataSource) AllowedCookies() []string {
--- a/pkg/services/datasources/models_test.go
+++ b/pkg/services/datasources/models_test.go
@@ -58,3 +58,45 @@ func TestAllowedCookies(t *testing.T) {
 		})
 	}
 }
+
+func TestTeamHTTPHeaders(t *testing.T) {
+	testCases := []struct {
+		desc  string
+		given string
+		want  TeamHTTPHeaders
+	}{
+		{
+			desc:  "Usual json data with teamHttpHeaders",
+			given: `{"teamHttpHeaders": {"101": [{"header": "X-CUSTOM-HEADER", "value": "foo"}]}}`,
+			want: TeamHTTPHeaders{
+				"101": {
+					{Header: "X-CUSTOM-HEADER", Value: "foo"},
+				},
+			},
+		},
+		{
+			desc:  "Json data without teamHttpHeaders",
+			given: `{"foo": "bar"}`,
+			want:  nil,
+		},
+	}
+
+	for _, test := range testCases {
+		t.Run(test.desc, func(t *testing.T) {
+			jsonDataBytes := []byte(test.given)
+			jsonData, err := simplejson.NewJson(jsonDataBytes)
+			require.NoError(t, err)
+
+			ds := DataSource{
+				ID:       1235,
+				JsonData: jsonData,
+				UID:      "test",
+			}
+
+			actual, err := ds.TeamHTTPHeaders()
+			assert.NoError(t, err)
+			assert.Equal(t, test.want, actual)
+			assert.EqualValues(t, test.want, actual)
+		})
+	}
+}