mirror of
https://github.com/grafana/grafana.git
synced 2024-11-28 11:44:26 -06:00
5652bde447
* Use secrets service in pluginproxy
* Use secrets service in pluginxontext
* Use secrets service in pluginsettings
* Use secrets service in provisioning
* Use secrets service in authinfoservice
* Use secrets service in api
* Use secrets service in sqlstore
* Use secrets service in dashboardshapshots
* Use secrets service in tsdb
* Use secrets service in datasources
* Use secrets service in alerting
* Use secrets service in ngalert
* Break cyclic dependancy
* Refactor service
* Break cyclic dependancy
* Add FakeSecretsStore
* Setup Secrets Service in sqlstore
* Fix
* Continue secrets service refactoring
* Fix cyclic dependancy in sqlstore tests
* Fix secrets service references
* Fix linter errors
* Add fake secrets service for tests
* Refactor SetupTestSecretsService
* Update setting up secret service in tests
* Fix missing secrets service in multiorg_alertmanager_test
* Use fake db in tests and sort imports
* Use fake db in datasources tests
* Fix more tests
* Fix linter issues
* Attempt to fix plugin proxy tests
* Pass secrets service to getPluginProxiedRequest in pluginproxy tests
* Fix pluginproxy tests
* Revert using secrets service in alerting and provisioning
* Update decryptFn in alerting migration
* Rename defaultProvider to currentProvider
* Use fake secrets service in alert channels tests
* Refactor secrets service test helper
* Update setting up secrets service in tests
* Revert alerting changes in api
* Add comments
* Remove secrets service from background services
* Convert global encryption functions into vars
* Revert "Convert global encryption functions into vars"
This reverts commit 498eb19859.
* Add feature toggle for envelope encryption
* Rename toggle
Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
Co-authored-by: Joan López de la Franca Beltran <joanjan14@gmail.com>
68 lines
2.0 KiB
Go
68 lines
2.0 KiB
Go
package api
|
|
|
|
import (
|
|
"crypto/tls"
|
|
"net"
|
|
"net/http"
|
|
"strings"
|
|
"time"
|
|
|
|
"github.com/grafana/grafana/pkg/api/pluginproxy"
|
|
"github.com/grafana/grafana/pkg/infra/log"
|
|
"github.com/grafana/grafana/pkg/middleware"
|
|
"github.com/grafana/grafana/pkg/models"
|
|
"github.com/grafana/grafana/pkg/plugins"
|
|
"github.com/grafana/grafana/pkg/util"
|
|
"github.com/grafana/grafana/pkg/web"
|
|
)
|
|
|
|
var pluginProxyTransport *http.Transport
|
|
|
|
func (hs *HTTPServer) initAppPluginRoutes(r *web.Mux) {
|
|
pluginProxyTransport = &http.Transport{
|
|
TLSClientConfig: &tls.Config{
|
|
InsecureSkipVerify: hs.Cfg.PluginsAppsSkipVerifyTLS,
|
|
Renegotiation: tls.RenegotiateFreelyAsClient,
|
|
},
|
|
Proxy: http.ProxyFromEnvironment,
|
|
Dial: (&net.Dialer{
|
|
Timeout: 30 * time.Second,
|
|
KeepAlive: 30 * time.Second,
|
|
}).Dial,
|
|
TLSHandshakeTimeout: 10 * time.Second,
|
|
}
|
|
|
|
for _, plugin := range hs.pluginStore.Plugins(plugins.App) {
|
|
for _, route := range plugin.Routes {
|
|
url := util.JoinURLFragments("/api/plugin-proxy/"+plugin.ID, route.Path)
|
|
handlers := make([]web.Handler, 0)
|
|
handlers = append(handlers, middleware.Auth(&middleware.AuthOptions{
|
|
ReqSignedIn: true,
|
|
}))
|
|
|
|
if route.ReqRole != "" {
|
|
if route.ReqRole == models.ROLE_ADMIN {
|
|
handlers = append(handlers, middleware.RoleAuth(models.ROLE_ADMIN))
|
|
} else if route.ReqRole == models.ROLE_EDITOR {
|
|
handlers = append(handlers, middleware.RoleAuth(models.ROLE_EDITOR, models.ROLE_ADMIN))
|
|
}
|
|
}
|
|
handlers = append(handlers, AppPluginRoute(route, plugin.ID, hs))
|
|
for _, method := range strings.Split(route.Method, ",") {
|
|
r.Handle(strings.TrimSpace(method), url, handlers)
|
|
}
|
|
log.Debug("Plugins: Adding proxy route", "url", url)
|
|
}
|
|
}
|
|
}
|
|
|
|
func AppPluginRoute(route *plugins.Route, appID string, hs *HTTPServer) web.Handler {
|
|
return func(c *models.ReqContext) {
|
|
path := web.Params(c.Req)["*"]
|
|
|
|
proxy := pluginproxy.NewApiPluginProxy(c, path, route, appID, hs.Cfg, hs.SecretsService)
|
|
proxy.Transport = pluginProxyTransport
|
|
proxy.ServeHTTP(c.Resp, c.Req)
|
|
}
|
|
}
|