From f23b9930149ef4821112b05c651c86aa1881786b Mon Sep 17 00:00:00 2001 From: "lean.dev" <34773040+leandro-deveikis@users.noreply.github.com> Date: Fri, 2 Feb 2024 15:45:57 -0300 Subject: [PATCH] CloudWatch: Only override contextDialer when using PDC (#80992) --- pkg/tsdb/cloudwatch/cloudwatch.go | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/pkg/tsdb/cloudwatch/cloudwatch.go b/pkg/tsdb/cloudwatch/cloudwatch.go index 6976ee29cec..c53d2dd77a6 100644 --- a/pkg/tsdb/cloudwatch/cloudwatch.go +++ b/pkg/tsdb/cloudwatch/cloudwatch.go @@ -3,6 +3,7 @@ package cloudwatch import ( "context" "encoding/json" + "errors" "fmt" "net/http" "sync" @@ -20,6 +21,7 @@ import ( "github.com/grafana/grafana-plugin-sdk-go/backend/datasource" "github.com/grafana/grafana-plugin-sdk-go/backend/httpclient" "github.com/grafana/grafana-plugin-sdk-go/backend/instancemgmt" + "github.com/grafana/grafana-plugin-sdk-go/backend/proxy" "github.com/grafana/grafana-plugin-sdk-go/backend/resource/httpadapter" "github.com/grafana/grafana/pkg/infra/log" "github.com/grafana/grafana/pkg/setting" @@ -48,6 +50,7 @@ type DataSource struct { Settings models.CloudWatchSettings HTTPClient *http.Client tagValueCache *cache.Cache + ProxyOpts *proxy.Options } const ( @@ -113,6 +116,8 @@ func NewInstanceSettings(httpClientProvider *httpclient.Provider) datasource.Ins Settings: instanceSettings, HTTPClient: httpClient, tagValueCache: cache.New(tagValueCacheExpiration, tagValueCacheExpiration*5), + // this is used to build a custom dialer when secure socks proxy is enabled + ProxyOpts: opts.ProxyOptions, }, nil } } @@ -282,9 +287,22 @@ func (e *cloudWatchExecutor) newSession(ctx context.Context, pluginCtx backend.P // work around until https://github.com/grafana/grafana/issues/39089 is implemented if e.cfg.SecureSocksDSProxy.Enabled && instance.Settings.SecureSocksProxyEnabled { // only update the transport to try to avoid the issue mentioned here https://github.com/grafana/grafana/issues/46365 - sess.Config.HTTPClient.Transport = instance.HTTPClient.Transport + // also, 'sess' is cached and reused, so the first time it might have the transport not set, the following uses it will + if sess.Config.HTTPClient.Transport == nil { + // following go standard library logic (https://pkg.go.dev/net/http#Client), if no Transport is provided, + // then we use http.DefaultTransport + defTransport, ok := http.DefaultTransport.(*http.Transport) + if !ok { + // this should not happen but validating just in case + return nil, errors.New("default http client transport is not of type http.Transport") + } + sess.Config.HTTPClient.Transport = defTransport.Clone() + } + err = proxy.New(instance.ProxyOpts).ConfigureSecureSocksHTTPProxy(sess.Config.HTTPClient.Transport.(*http.Transport)) + if err != nil { + return nil, fmt.Errorf("error configuring Secure Socks proxy for Transport: %w", err) + } } - return sess, nil }