IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity
Files
e31bd2df2f8e6bf5c6056adcb1cc7e6329e2959c
grafana/public/app/plugins/datasource/prometheus/configuration/AzureCredentialsConfig.ts
Sergey Kostrukov 4664cba935 Prometheus: Azure authentication in configuration UI (#35860) 
* Azure authentication settings

* Persisting credentials

* Azure settings

* Prometheus-specific settings component

* Azure Prometheus Resource ID configuration

* DataSourceHttpSettings with extensibility for Azure

* Feature toggle for Azure auth

* Fix snapshot

* Update format of persisted credentials

* AzureSettings renamed to AzureAuthSettings
2021-07-22 19:53:49 +01:00

108 lines
3.3 KiB
TypeScript
Raw Blame History

import { DataSourceSettings } from '@grafana/data';
import { config } from '@grafana/runtime';
import { AzureCloud, AzureCredentials, ConcealedSecret } from './AzureCredentials';
const concealed: ConcealedSecret = Symbol('Concealed client secret');
function getDefaultAzureCloud(): string {
return config.azure.cloud || AzureCloud.Public;
}
function getSecret(options: DataSourceSettings<any, any>): undefined | string | ConcealedSecret {
if (options.secureJsonFields.azureClientSecret) {
// The secret is concealed on server
return concealed;
} else {
const secret = options.secureJsonData?.azureClientSecret;
return typeof secret === 'string' && secret.length > 0 ? secret : undefined;
}
}
export function getCredentials(options: DataSourceSettings<any, any>): AzureCredentials {
const credentials = options.jsonData.azureCredentials as AzureCredentials | undefined;
// If no credentials saved, then return empty credentials
// of type based on whether the managed identity enabled
if (!credentials) {
return {
authType: config.azure.managedIdentityEnabled ? 'msi' : 'clientsecret',
azureCloud: getDefaultAzureCloud(),
};
}
switch (credentials.authType) {
case 'msi':
if (config.azure.managedIdentityEnabled) {
return {
authType: 'msi',
};
} else {
// If authentication type is managed identity but managed identities were disabled in Grafana config,
// then we should fallback to an empty app registration (client secret) configuration
return {
authType: 'clientsecret',
azureCloud: getDefaultAzureCloud(),
};
}
case 'clientsecret':
return {
authType: 'clientsecret',
azureCloud: credentials.azureCloud || getDefaultAzureCloud(),
tenantId: credentials.tenantId,
clientId: credentials.clientId,
clientSecret: getSecret(options),
};
}
}
export function updateCredentials(
options: DataSourceSettings<any, any>,
credentials: AzureCredentials
): DataSourceSettings<any, any> {
switch (credentials.authType) {
case 'msi':
if (!config.azure.managedIdentityEnabled) {
throw new Error('Managed Identity authentication is not enabled in Grafana config.');
}
options = {
...options,
jsonData: {
...options.jsonData,
azureCredentials: {
authType: 'msi',
},
},
};
return options;
case 'clientsecret':
options = {
...options,
jsonData: {
...options.jsonData,
azureCredentials: {
authType: 'clientsecret',
azureCloud: credentials.azureCloud || getDefaultAzureCloud(),
tenantId: credentials.tenantId,
clientId: credentials.clientId,
},
},
secureJsonData: {
...options.secureJsonData,
azureClientSecret:
typeof credentials.clientSecret === 'string' && credentials.clientSecret.length > 0
? credentials.clientSecret
: undefined,
},
secureJsonFields: {
...options.secureJsonFields,
azureClientSecret: typeof credentials.clientSecret === 'symbol',
},
};
return options;
}
}
Reference in New Issue View Git Blame Copy Permalink