mirror of
https://github.com/grafana/grafana.git
synced 2024-11-29 20:24:18 -06:00
b80fbe03f0
* add core plugin flow * add instrumentation * move func * remove cruft * support external backend plugins * refactor + clean up * remove comments * refactor loader * simplify core plugin path arg * cleanup loggers * move signature validator to plugins package * fix sig packaging * cleanup plugin model * remove unnecessary plugin field * add start+stop for pm * fix failures * add decommissioned state * export fields just to get things flowing * fix comments * set static routes * make image loading idempotent * merge with backend plugin manager * re-use funcs * reorder imports + remove unnecessary interface * add some TODOs + remove unused func * remove unused instrumentation func * simplify client usage * remove import alias * re-use backendplugin.Plugin interface * re order funcs * improve var name * fix log statements * refactor data model * add logic for dupe check during loading * cleanup state setting * refactor loader * cleanup manager interface * add rendering flow * refactor loading + init * add renderer support * fix renderer plugin * reformat imports * track errors * fix plugin signature inheritance * name param in interface * update func comment * fix func arg name * introduce class concept * remove func * fix external plugin check * apply changes from pm-experiment * fix core plugins * fix imports * rename interface * comment API interface * add support for testdata plugin * enable alerting + use correct core plugin contracts * slim manager API * fix param name * fix filter * support static routes * fix rendering * tidy rendering * get tests compiling * fix install+uninstall * start finder test * add finder test coverage * start loader tests * add test for core plugins * load core + bundled test * add test for nested plugin loading * add test files * clean interface + fix registering some core plugins * refactoring * reformat and create sub packages * simplify core plugin init * fix ctx cancel scenario * migrate initializer * remove Init() funcs * add test starter * new logger * flesh out initializer tests * refactoring * remove unused svc * refactor rendering flow * fixup loader tests * add enabled helper func * fix logger name * fix data fetchers * fix case where plugin dir doesn't exist * improve coverage + move dupe checking to loader * remove noisy debug logs * register core plugins automagically * add support for renderer in catalog * make private func + fix req validation * use interface * re-add check for renderer in catalog * tidy up from moving to auto reg core plugins * core plugin registrar * guards * copy over core plugins for test infra * all tests green * renames * propagate new interfaces * kill old manager * get compiling * tidy up * update naming * refactor manager test + cleanup * add more cases to finder test * migrate validator to field * more coverage * refactor dupe checking * add test for plugin class * add coverage for initializer * split out rendering * move * fixup tests * fix uss test * fix frontend settings * fix grafanads test * add check when checking sig errors * fix enabled map * fixup * allow manual setup of CM * rename to cloud-monitoring * remove TODO * add installer interface for testing * loader interface returns * tests passing * refactor + add more coverage * support 'stackdriver' * fix frontend settings loading * improve naming based on package name * small tidy * refactor test * fix renderer start * make cloud-monitoring plugin ID clearer * add plugin update test * add integration tests * don't break all if sig can't be calculated * add root URL check test * add more signature verification tests * update DTO name * update enabled plugins comment * update comments * fix linter * revert fe naming change * fix errors endpoint * reset error code field name * re-order test to help verify * assert -> require * pm check * add missing entry + re-order * re-check * dump icon log * verify manager contents first * reformat * apply PR feedback * apply style changes * fix one vs all loading err * improve log output * only start when no signature error * move log * rework plugin update check * fix test * fix multi loading from cfg.PluginSettings * improve log output #2 * add error abstraction to capture errors without registering a plugin * add debug log * add unsigned warning * e2e test attempt * fix logger * set home path * prevent panic * alternate * ugh.. fix home path * return renderer even if not started * make renderer plugin managed * add fallback renderer icon, update renderer badge + prevent changes when renderer is installed * fix icon loading * rollback renderer changes * use correct field * remove unneccessary block * remove newline * remove unused func * fix bundled plugins base + module fields * remove unused field since refactor * add authorizer abstraction * loader only returns plugins expected to run * fix multi log output
162 lines
4.5 KiB
Go
162 lines
4.5 KiB
Go
package pluginproxy
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"net/http"
|
|
"net/url"
|
|
"strings"
|
|
"time"
|
|
|
|
"github.com/grafana/grafana/pkg/plugins"
|
|
"github.com/grafana/grafana/pkg/setting"
|
|
"github.com/grafana/grafana/pkg/util"
|
|
)
|
|
|
|
type DSInfo struct {
|
|
ID int64
|
|
Updated time.Time
|
|
JSONData map[string]interface{}
|
|
DecryptedSecureJSONData map[string]string
|
|
}
|
|
|
|
// ApplyRoute should use the plugin route data to set auth headers and custom headers.
|
|
func ApplyRoute(ctx context.Context, req *http.Request, proxyPath string, route *plugins.Route,
|
|
ds DSInfo, cfg *setting.Cfg) {
|
|
proxyPath = strings.TrimPrefix(proxyPath, route.Path)
|
|
|
|
data := templateData{
|
|
JsonData: ds.JSONData,
|
|
SecureJsonData: ds.DecryptedSecureJSONData,
|
|
}
|
|
|
|
if len(route.URL) > 0 {
|
|
interpolatedURL, err := interpolateString(route.URL, data)
|
|
if err != nil {
|
|
logger.Error("Error interpolating proxy url", "error", err)
|
|
return
|
|
}
|
|
|
|
routeURL, err := url.Parse(interpolatedURL)
|
|
if err != nil {
|
|
logger.Error("Error parsing plugin route url", "error", err)
|
|
return
|
|
}
|
|
|
|
req.URL.Scheme = routeURL.Scheme
|
|
req.URL.Host = routeURL.Host
|
|
req.Host = routeURL.Host
|
|
req.URL.Path = util.JoinURLFragments(routeURL.Path, proxyPath)
|
|
}
|
|
|
|
if err := addQueryString(req, route, data); err != nil {
|
|
logger.Error("Failed to render plugin URL query string", "error", err)
|
|
}
|
|
|
|
if err := addHeaders(&req.Header, route, data); err != nil {
|
|
logger.Error("Failed to render plugin headers", "error", err)
|
|
}
|
|
|
|
if err := setBodyContent(req, route, data); err != nil {
|
|
logger.Error("Failed to set plugin route body content", "error", err)
|
|
}
|
|
|
|
if tokenProvider, err := getTokenProvider(ctx, cfg, ds, route, data); err != nil {
|
|
logger.Error("Failed to resolve auth token provider", "error", err)
|
|
} else if tokenProvider != nil {
|
|
if token, err := tokenProvider.GetAccessToken(); err != nil {
|
|
logger.Error("Failed to get access token", "error", err)
|
|
} else {
|
|
req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", token))
|
|
}
|
|
}
|
|
|
|
if cfg.DataProxyLogging {
|
|
logger.Debug("Requesting", "url", req.URL.String())
|
|
}
|
|
}
|
|
|
|
func getTokenProvider(ctx context.Context, cfg *setting.Cfg, ds DSInfo, pluginRoute *plugins.Route,
|
|
data templateData) (accessTokenProvider, error) {
|
|
authType := pluginRoute.AuthType
|
|
|
|
// Plugin can override authentication type specified in route configuration
|
|
if authTypeOverride, ok := ds.JSONData["authenticationType"].(string); ok && authTypeOverride != "" {
|
|
authType = authTypeOverride
|
|
}
|
|
|
|
tokenAuth, err := interpolateAuthParams(pluginRoute.TokenAuth, data)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
jwtTokenAuth, err := interpolateAuthParams(pluginRoute.JwtTokenAuth, data)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
switch authType {
|
|
case "azure":
|
|
if tokenAuth == nil {
|
|
return nil, fmt.Errorf("'tokenAuth' not configured for authentication type '%s'", authType)
|
|
}
|
|
return newAzureAccessTokenProvider(ctx, cfg, tokenAuth)
|
|
|
|
case "gce":
|
|
if jwtTokenAuth == nil {
|
|
return nil, fmt.Errorf("'jwtTokenAuth' not configured for authentication type '%s'", authType)
|
|
}
|
|
return newGceAccessTokenProvider(ctx, ds, pluginRoute, jwtTokenAuth), nil
|
|
|
|
case "jwt":
|
|
if jwtTokenAuth == nil {
|
|
return nil, fmt.Errorf("'jwtTokenAuth' not configured for authentication type '%s'", authType)
|
|
}
|
|
provider := newJwtAccessTokenProvider(ctx, ds, pluginRoute, jwtTokenAuth)
|
|
return provider, nil
|
|
|
|
case "":
|
|
// Fallback to authentication methods when authentication type isn't explicitly configured
|
|
if tokenAuth != nil {
|
|
provider := newGenericAccessTokenProvider(ds, pluginRoute, tokenAuth)
|
|
return provider, nil
|
|
}
|
|
if jwtTokenAuth != nil {
|
|
provider := newJwtAccessTokenProvider(ctx, ds, pluginRoute, jwtTokenAuth)
|
|
return provider, nil
|
|
}
|
|
|
|
// No authentication
|
|
return nil, nil
|
|
|
|
default:
|
|
return nil, fmt.Errorf("authentication type '%s' not supported", authType)
|
|
}
|
|
}
|
|
|
|
func interpolateAuthParams(tokenAuth *plugins.JWTTokenAuth, data templateData) (*plugins.JWTTokenAuth, error) {
|
|
if tokenAuth == nil {
|
|
// Nothing to interpolate
|
|
return nil, nil
|
|
}
|
|
|
|
interpolatedUrl, err := interpolateString(tokenAuth.Url, data)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
interpolatedParams := make(map[string]string)
|
|
for key, value := range tokenAuth.Params {
|
|
interpolatedParam, err := interpolateString(value, data)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
interpolatedParams[key] = interpolatedParam
|
|
}
|
|
|
|
return &plugins.JWTTokenAuth{
|
|
Url: interpolatedUrl,
|
|
Scopes: tokenAuth.Scopes,
|
|
Params: interpolatedParams,
|
|
}, nil
|
|
}
|