mirror of
https://github.com/grafana/grafana.git
synced 2024-11-29 12:14:08 -06:00
b80fbe03f0
* add core plugin flow * add instrumentation * move func * remove cruft * support external backend plugins * refactor + clean up * remove comments * refactor loader * simplify core plugin path arg * cleanup loggers * move signature validator to plugins package * fix sig packaging * cleanup plugin model * remove unnecessary plugin field * add start+stop for pm * fix failures * add decommissioned state * export fields just to get things flowing * fix comments * set static routes * make image loading idempotent * merge with backend plugin manager * re-use funcs * reorder imports + remove unnecessary interface * add some TODOs + remove unused func * remove unused instrumentation func * simplify client usage * remove import alias * re-use backendplugin.Plugin interface * re order funcs * improve var name * fix log statements * refactor data model * add logic for dupe check during loading * cleanup state setting * refactor loader * cleanup manager interface * add rendering flow * refactor loading + init * add renderer support * fix renderer plugin * reformat imports * track errors * fix plugin signature inheritance * name param in interface * update func comment * fix func arg name * introduce class concept * remove func * fix external plugin check * apply changes from pm-experiment * fix core plugins * fix imports * rename interface * comment API interface * add support for testdata plugin * enable alerting + use correct core plugin contracts * slim manager API * fix param name * fix filter * support static routes * fix rendering * tidy rendering * get tests compiling * fix install+uninstall * start finder test * add finder test coverage * start loader tests * add test for core plugins * load core + bundled test * add test for nested plugin loading * add test files * clean interface + fix registering some core plugins * refactoring * reformat and create sub packages * simplify core plugin init * fix ctx cancel scenario * migrate initializer * remove Init() funcs * add test starter * new logger * flesh out initializer tests * refactoring * remove unused svc * refactor rendering flow * fixup loader tests * add enabled helper func * fix logger name * fix data fetchers * fix case where plugin dir doesn't exist * improve coverage + move dupe checking to loader * remove noisy debug logs * register core plugins automagically * add support for renderer in catalog * make private func + fix req validation * use interface * re-add check for renderer in catalog * tidy up from moving to auto reg core plugins * core plugin registrar * guards * copy over core plugins for test infra * all tests green * renames * propagate new interfaces * kill old manager * get compiling * tidy up * update naming * refactor manager test + cleanup * add more cases to finder test * migrate validator to field * more coverage * refactor dupe checking * add test for plugin class * add coverage for initializer * split out rendering * move * fixup tests * fix uss test * fix frontend settings * fix grafanads test * add check when checking sig errors * fix enabled map * fixup * allow manual setup of CM * rename to cloud-monitoring * remove TODO * add installer interface for testing * loader interface returns * tests passing * refactor + add more coverage * support 'stackdriver' * fix frontend settings loading * improve naming based on package name * small tidy * refactor test * fix renderer start * make cloud-monitoring plugin ID clearer * add plugin update test * add integration tests * don't break all if sig can't be calculated * add root URL check test * add more signature verification tests * update DTO name * update enabled plugins comment * update comments * fix linter * revert fe naming change * fix errors endpoint * reset error code field name * re-order test to help verify * assert -> require * pm check * add missing entry + re-order * re-check * dump icon log * verify manager contents first * reformat * apply PR feedback * apply style changes * fix one vs all loading err * improve log output * only start when no signature error * move log * rework plugin update check * fix test * fix multi loading from cfg.PluginSettings * improve log output #2 * add error abstraction to capture errors without registering a plugin * add debug log * add unsigned warning * e2e test attempt * fix logger * set home path * prevent panic * alternate * ugh.. fix home path * return renderer even if not started * make renderer plugin managed * add fallback renderer icon, update renderer badge + prevent changes when renderer is installed * fix icon loading * rollback renderer changes * use correct field * remove unneccessary block * remove newline * remove unused func * fix bundled plugins base + module fields * remove unused field since refactor * add authorizer abstraction * loader only returns plugins expected to run * fix multi log output
196 lines
5.2 KiB
Go
196 lines
5.2 KiB
Go
package pluginproxy
|
|
|
|
import (
|
|
"encoding/json"
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"strconv"
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
|
|
"github.com/grafana/grafana/pkg/plugins"
|
|
)
|
|
|
|
var (
|
|
token map[string]interface{}
|
|
)
|
|
|
|
func TestAccessToken_pluginWithTokenAuthRoute(t *testing.T) {
|
|
apiHandler := http.NewServeMux()
|
|
server := httptest.NewServer(apiHandler)
|
|
defer server.Close()
|
|
|
|
pluginRoute := &plugins.Route{
|
|
Path: "pathwithtokenauth1",
|
|
URL: "",
|
|
Method: "GET",
|
|
TokenAuth: &plugins.JWTTokenAuth{
|
|
Url: server.URL + "/oauth/token",
|
|
Scopes: []string{
|
|
"https://www.testapi.com/auth/monitoring.read",
|
|
"https://www.testapi.com/auth/cloudplatformprojects.readonly",
|
|
},
|
|
Params: map[string]string{
|
|
"grant_type": "client_credentials",
|
|
"client_id": "{{.JsonData.client_id}}",
|
|
"client_secret": "{{.SecureJsonData.client_secret}}",
|
|
"audience": "{{.JsonData.audience}}",
|
|
"client_name": "datasource_plugin",
|
|
},
|
|
},
|
|
}
|
|
|
|
authParams := &plugins.JWTTokenAuth{
|
|
Url: server.URL + "/oauth/token",
|
|
Scopes: []string{
|
|
"https://www.testapi.com/auth/monitoring.read",
|
|
"https://www.testapi.com/auth/cloudplatformprojects.readonly",
|
|
},
|
|
Params: map[string]string{
|
|
"grant_type": "client_credentials",
|
|
"client_id": "my_client_id",
|
|
"client_secret": "my_secret",
|
|
"audience": "www.example.com",
|
|
"client_name": "datasource_plugin",
|
|
},
|
|
}
|
|
|
|
var authCalls int
|
|
apiHandler.HandleFunc("/oauth/token", func(w http.ResponseWriter, req *http.Request) {
|
|
err := json.NewEncoder(w).Encode(token)
|
|
require.NoError(t, err)
|
|
authCalls++
|
|
})
|
|
|
|
t.Run("Should parse token, with different fields and types", func(t *testing.T) {
|
|
type tokenTestDescription struct {
|
|
desc string
|
|
expiresIn interface{}
|
|
expiresOn interface{}
|
|
expectedExpiresOn int64
|
|
}
|
|
|
|
mockTimeNow(time.Now())
|
|
defer resetTimeNow()
|
|
provider := newGenericAccessTokenProvider(DSInfo{}, pluginRoute, authParams)
|
|
|
|
testCases := []tokenTestDescription{
|
|
{
|
|
desc: "token with expires_in in string format",
|
|
expiresIn: "3600",
|
|
expiresOn: nil,
|
|
expectedExpiresOn: timeNow().Unix() + 3600,
|
|
},
|
|
{
|
|
desc: "token with expires_in in int format",
|
|
expiresIn: 3600,
|
|
expiresOn: nil,
|
|
expectedExpiresOn: timeNow().Unix() + 3600,
|
|
},
|
|
{
|
|
desc: "token with expires_on in string format",
|
|
expiresOn: strconv.FormatInt(timeNow().Add(86*time.Minute).Unix(), 10),
|
|
expiresIn: nil,
|
|
expectedExpiresOn: timeNow().Add(86 * time.Minute).Unix(),
|
|
},
|
|
{
|
|
desc: "token with expires_on in int format",
|
|
expiresOn: timeNow().Add(86 * time.Minute).Unix(),
|
|
expiresIn: nil,
|
|
expectedExpiresOn: timeNow().Add(86 * time.Minute).Unix(),
|
|
},
|
|
{
|
|
desc: "token with both expires_on and expires_in, should prioritize expiresOn",
|
|
expiresIn: 5200,
|
|
expiresOn: timeNow().Add(1 * time.Hour).Unix(),
|
|
expectedExpiresOn: timeNow().Add(1 * time.Hour).Unix(),
|
|
},
|
|
}
|
|
for _, testCase := range testCases {
|
|
t.Run(testCase.desc, func(t *testing.T) {
|
|
clearTokenCache()
|
|
// reset the httphandler counter
|
|
authCalls = 0
|
|
|
|
token = map[string]interface{}{
|
|
"access_token": "2YotnFZFEjr1zCsicMWpAA",
|
|
"token_type": "example",
|
|
"refresh_token": "tGzv3JOkF0XG5Qx2TlKWIA",
|
|
}
|
|
|
|
if testCase.expiresIn != nil {
|
|
token["expires_in"] = testCase.expiresIn
|
|
}
|
|
|
|
if testCase.expiresOn != nil {
|
|
token["expires_on"] = testCase.expiresOn
|
|
}
|
|
|
|
accessToken, err := provider.GetAccessToken()
|
|
require.NoError(t, err)
|
|
assert.Equal(t, token["access_token"], accessToken)
|
|
|
|
// GetAccessToken should use internal cache
|
|
accessToken, err = provider.GetAccessToken()
|
|
require.NoError(t, err)
|
|
assert.Equal(t, token["access_token"], accessToken)
|
|
assert.Equal(t, 1, authCalls)
|
|
|
|
tokenCache.Lock()
|
|
v, ok := tokenCache.cache[provider.getAccessTokenCacheKey()]
|
|
tokenCache.Unlock()
|
|
|
|
assert.True(t, ok)
|
|
assert.Equal(t, testCase.expectedExpiresOn, v.ExpiresOn.Unix())
|
|
assert.Equal(t, token["access_token"], v.AccessToken)
|
|
})
|
|
}
|
|
})
|
|
|
|
t.Run("Should refetch token on expire", func(t *testing.T) {
|
|
clearTokenCache()
|
|
// reset the httphandler counter
|
|
authCalls = 0
|
|
|
|
mockTimeNow(time.Now())
|
|
defer resetTimeNow()
|
|
provider := newGenericAccessTokenProvider(DSInfo{}, pluginRoute, authParams)
|
|
|
|
token = map[string]interface{}{
|
|
"access_token": "2YotnFZFEjr1zCsicMWpAA",
|
|
"token_type": "3600",
|
|
"refresh_token": "tGzv3JOkF0XG5Qx2TlKWIA",
|
|
}
|
|
accessToken, err := provider.GetAccessToken()
|
|
require.NoError(t, err)
|
|
assert.Equal(t, token["access_token"], accessToken)
|
|
|
|
mockTimeNow(timeNow().Add(3601 * time.Second))
|
|
|
|
accessToken, err = provider.GetAccessToken()
|
|
require.NoError(t, err)
|
|
assert.Equal(t, token["access_token"], accessToken)
|
|
assert.Equal(t, 2, authCalls)
|
|
})
|
|
}
|
|
|
|
func clearTokenCache() {
|
|
tokenCache.Lock()
|
|
defer tokenCache.Unlock()
|
|
tokenCache.cache = map[string]*jwtToken{}
|
|
token = map[string]interface{}{}
|
|
}
|
|
|
|
func mockTimeNow(timeSeed time.Time) {
|
|
timeNow = func() time.Time {
|
|
return timeSeed
|
|
}
|
|
}
|
|
|
|
func resetTimeNow() {
|
|
timeNow = time.Now
|
|
}
|