mirror of
https://github.com/grafana/grafana.git
synced 2024-11-26 02:40:26 -06:00
c043a8818a
* Add protobuf config and generated code, and client wrapper * wire up loading of secretsmanager plugin, using renderer plugin as a model * update kvstore provider to check if we should use the grpc plugin. return false always in OSS * add OSS remote plugin check * refactor wire gen file * log which secrets manager is being used * Fix argument types for remote checker * Turns out if err != nil, then the result is always nil. Return empty values if there is an error. * remove duplicate import * ensure atomicity by adding secret management as a step to sql operations and rolling back if necessary * Update pkg/services/secrets/kvstore/kvstore.go Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com> * Update pkg/services/secrets/kvstore/kvstore.go Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com> * refactor RemotePluginCheck interface to just return the Plugin client directly * rename struct to something less silly * add special error handling for remote secrets management * switch to errors.as instead of type inference * remove unnecessary rollback call * just declare error once * refactor .proto file according to prior PR suggestions * re-generate protobuf files and fix compilation errors * only wrap (ergo display in the front end) errors that are user friendly from the plugin * rename error type to suggest user friendly only * rename plugin functions to be more descriptive * change delete message name * Revert "change delete message name" This reverts commit8ca978301e. * Revert "rename plugin functions to be more descriptive" This reverts commit4355c9b9ff. * fix pointer to pointer problem * change plugin user error to just hold a string * fix sequencing problem with datasource updates * clean up some return statements * need to wrap multiple transactions with the InTransaction() func in order to keep the lock * make linter happy * revert input var name Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
227 lines
6.9 KiB
Go
227 lines
6.9 KiB
Go
package models
|
|
|
|
import (
|
|
"errors"
|
|
"time"
|
|
|
|
"github.com/grafana/grafana/pkg/components/simplejson"
|
|
)
|
|
|
|
const (
|
|
DS_GRAPHITE = "graphite"
|
|
DS_INFLUXDB = "influxdb"
|
|
DS_INFLUXDB_08 = "influxdb_08"
|
|
DS_ES = "elasticsearch"
|
|
DS_PROMETHEUS = "prometheus"
|
|
DS_ALERTMANAGER = "alertmanager"
|
|
DS_JAEGER = "jaeger"
|
|
DS_LOKI = "loki"
|
|
DS_OPENTSDB = "opentsdb"
|
|
DS_TEMPO = "tempo"
|
|
DS_ZIPKIN = "zipkin"
|
|
DS_MYSQL = "mysql"
|
|
DS_POSTGRES = "postgres"
|
|
DS_MSSQL = "mssql"
|
|
DS_ACCESS_DIRECT = "direct"
|
|
DS_ACCESS_PROXY = "proxy"
|
|
DS_ES_OPEN_DISTRO = "grafana-es-open-distro-datasource"
|
|
DS_ES_OPENSEARCH = "grafana-opensearch-datasource"
|
|
)
|
|
|
|
var (
|
|
ErrDataSourceNotFound = errors.New("data source not found")
|
|
ErrDataSourceNameExists = errors.New("data source with the same name already exists")
|
|
ErrDataSourceUidExists = errors.New("data source with the same uid already exists")
|
|
ErrDataSourceUpdatingOldVersion = errors.New("trying to update old version of datasource")
|
|
ErrDatasourceIsReadOnly = errors.New("data source is readonly, can only be updated from configuration")
|
|
ErrDataSourceAccessDenied = errors.New("data source access denied")
|
|
ErrDataSourceFailedGenerateUniqueUid = errors.New("failed to generate unique datasource ID")
|
|
ErrDataSourceIdentifierNotSet = errors.New("unique identifier and org id are needed to be able to get or delete a datasource")
|
|
)
|
|
|
|
type DsAccess string
|
|
|
|
type DataSource struct {
|
|
Id int64 `json:"id"`
|
|
OrgId int64 `json:"orgId"`
|
|
Version int `json:"version"`
|
|
|
|
Name string `json:"name"`
|
|
Type string `json:"type"`
|
|
Access DsAccess `json:"access"`
|
|
Url string `json:"url"`
|
|
// swagger:ignore
|
|
Password string `json:"-"`
|
|
User string `json:"user"`
|
|
Database string `json:"database"`
|
|
BasicAuth bool `json:"basicAuth"`
|
|
BasicAuthUser string `json:"basicAuthUser"`
|
|
// swagger:ignore
|
|
BasicAuthPassword string `json:"-"`
|
|
WithCredentials bool `json:"withCredentials"`
|
|
IsDefault bool `json:"isDefault"`
|
|
JsonData *simplejson.Json `json:"jsonData"`
|
|
SecureJsonData map[string][]byte `json:"secureJsonData"`
|
|
ReadOnly bool `json:"readOnly"`
|
|
Uid string `json:"uid"`
|
|
|
|
Created time.Time `json:"created"`
|
|
Updated time.Time `json:"updated"`
|
|
}
|
|
|
|
// AllowedCookies parses the jsondata.keepCookies and returns a list of
|
|
// allowed cookies, otherwise an empty list.
|
|
func (ds DataSource) AllowedCookies() []string {
|
|
if ds.JsonData != nil {
|
|
if keepCookies := ds.JsonData.Get("keepCookies"); keepCookies != nil {
|
|
return keepCookies.MustStringArray()
|
|
}
|
|
}
|
|
|
|
return []string{}
|
|
}
|
|
|
|
// Specific error type for grpc secrets management so that we can show more detailed plugin errors to users
|
|
type ErrDatasourceSecretsPluginUserFriendly struct {
|
|
Err string
|
|
}
|
|
|
|
func (e ErrDatasourceSecretsPluginUserFriendly) Error() string {
|
|
return e.Err
|
|
}
|
|
|
|
// ----------------------
|
|
// COMMANDS
|
|
|
|
// Also acts as api DTO
|
|
type AddDataSourceCommand struct {
|
|
Name string `json:"name" binding:"Required"`
|
|
Type string `json:"type" binding:"Required"`
|
|
Access DsAccess `json:"access" binding:"Required"`
|
|
Url string `json:"url"`
|
|
Database string `json:"database"`
|
|
User string `json:"user"`
|
|
BasicAuth bool `json:"basicAuth"`
|
|
BasicAuthUser string `json:"basicAuthUser"`
|
|
WithCredentials bool `json:"withCredentials"`
|
|
IsDefault bool `json:"isDefault"`
|
|
JsonData *simplejson.Json `json:"jsonData"`
|
|
SecureJsonData map[string]string `json:"secureJsonData"`
|
|
Uid string `json:"uid"`
|
|
|
|
OrgId int64 `json:"-"`
|
|
UserId int64 `json:"-"`
|
|
ReadOnly bool `json:"-"`
|
|
EncryptedSecureJsonData map[string][]byte `json:"-"`
|
|
UpdateSecretFn UpdateSecretFn `json:"-"`
|
|
|
|
Result *DataSource `json:"-"`
|
|
}
|
|
|
|
// Also acts as api DTO
|
|
type UpdateDataSourceCommand struct {
|
|
Name string `json:"name" binding:"Required"`
|
|
Type string `json:"type" binding:"Required"`
|
|
Access DsAccess `json:"access" binding:"Required"`
|
|
Url string `json:"url"`
|
|
User string `json:"user"`
|
|
Database string `json:"database"`
|
|
BasicAuth bool `json:"basicAuth"`
|
|
BasicAuthUser string `json:"basicAuthUser"`
|
|
WithCredentials bool `json:"withCredentials"`
|
|
IsDefault bool `json:"isDefault"`
|
|
JsonData *simplejson.Json `json:"jsonData"`
|
|
SecureJsonData map[string]string `json:"secureJsonData"`
|
|
Version int `json:"version"`
|
|
Uid string `json:"uid"`
|
|
|
|
OrgId int64 `json:"-"`
|
|
Id int64 `json:"-"`
|
|
ReadOnly bool `json:"-"`
|
|
EncryptedSecureJsonData map[string][]byte `json:"-"`
|
|
UpdateSecretFn UpdateSecretFn `json:"-"`
|
|
|
|
Result *DataSource `json:"-"`
|
|
}
|
|
|
|
// DeleteDataSourceCommand will delete a DataSource based on OrgID as well as the UID (preferred), ID, or Name.
|
|
// At least one of the UID, ID, or Name properties must be set in addition to OrgID.
|
|
type DeleteDataSourceCommand struct {
|
|
ID int64
|
|
UID string
|
|
Name string
|
|
|
|
OrgID int64
|
|
|
|
DeletedDatasourcesCount int64
|
|
|
|
UpdateSecretFn UpdateSecretFn
|
|
}
|
|
|
|
// Function for updating secrets along with datasources, to ensure atomicity
|
|
type UpdateSecretFn func() error
|
|
|
|
// ---------------------
|
|
// QUERIES
|
|
|
|
type GetDataSourcesQuery struct {
|
|
OrgId int64
|
|
DataSourceLimit int
|
|
User *SignedInUser
|
|
Result []*DataSource
|
|
}
|
|
|
|
type GetDataSourcesByTypeQuery struct {
|
|
Type string
|
|
Result []*DataSource
|
|
}
|
|
|
|
type GetDefaultDataSourceQuery struct {
|
|
OrgId int64
|
|
User *SignedInUser
|
|
Result *DataSource
|
|
}
|
|
|
|
// GetDataSourceQuery will get a DataSource based on OrgID as well as the UID (preferred), ID, or Name.
|
|
// At least one of the UID, ID, or Name properties must be set in addition to OrgID.
|
|
type GetDataSourceQuery struct {
|
|
Id int64
|
|
Uid string
|
|
Name string
|
|
|
|
OrgId int64
|
|
|
|
Result *DataSource
|
|
}
|
|
|
|
// ---------------------
|
|
// Permissions
|
|
// ---------------------
|
|
|
|
// Datasource permission
|
|
// Description:
|
|
// * `0` - No Access
|
|
// * `1` - Query
|
|
// Enum: 0,1
|
|
// swagger:model
|
|
type DsPermissionType int
|
|
|
|
const (
|
|
DsPermissionNoAccess DsPermissionType = iota
|
|
DsPermissionQuery
|
|
)
|
|
|
|
func (p DsPermissionType) String() string {
|
|
names := map[int]string{
|
|
int(DsPermissionQuery): "Query",
|
|
int(DsPermissionNoAccess): "No Access",
|
|
}
|
|
return names[int(p)]
|
|
}
|
|
|
|
type DatasourcesPermissionFilterQuery struct {
|
|
User *SignedInUser
|
|
Datasources []*DataSource
|
|
Result []*DataSource
|
|
}
|