Plugins: Forward user header (X-Grafana-User) in backend plugin requests (#58646)

Grafana would forward the X-Grafana-User header to backend plugin request when dataproxy.send_user_header is enabled. In addition, X-Grafana-User will be automatically forwarded in outgoing HTTP requests for core/builtin HTTP datasources. Use grafana-plugin-sdk-go v0.147.0. Fixes #47734 Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2025-09-25 21:23:48 +08:00 · 2022-12-15 15:28:25 +01:00
parent ecf83a6df9
commit 6478d0a5ef
12 changed files with 459 additions and 27 deletions
--- a/pkg/util/proxyutil/proxyutil_test.go
+++ b/pkg/util/proxyutil/proxyutil_test.go
@ -4,6 +4,7 @@ import (
 	"net/http"
 	"testing"

+	"github.com/grafana/grafana/pkg/services/user"
 	"github.com/stretchr/testify/require"
 )

@ -109,3 +110,39 @@ func TestClearCookieHeader(t *testing.T) {
 		require.Equal(t, "cookie1=", req.Header.Get("Cookie"))
 	})
 }
+
+func TestApplyUserHeader(t *testing.T) {
+	t.Run("Should not apply user header when not enabled, should remove the existing", func(t *testing.T) {
+		req, err := http.NewRequest(http.MethodGet, "/", nil)
+		require.NoError(t, err)
+		req.Header.Set("X-Grafana-User", "admin")
+
+		ApplyUserHeader(false, req, &user.SignedInUser{Login: "admin"})
+		require.NotContains(t, req.Header, "X-Grafana-User")
+	})
+
+	t.Run("Should not apply user header when user is nil, should remove the existing", func(t *testing.T) {
+		req, err := http.NewRequest(http.MethodGet, "/", nil)
+		require.NoError(t, err)
+		req.Header.Set("X-Grafana-User", "admin")
+
+		ApplyUserHeader(false, req, nil)
+		require.NotContains(t, req.Header, "X-Grafana-User")
+	})
+
+	t.Run("Should not apply user header for anonomous user", func(t *testing.T) {
+		req, err := http.NewRequest(http.MethodGet, "/", nil)
+		require.NoError(t, err)
+
+		ApplyUserHeader(true, req, &user.SignedInUser{IsAnonymous: true})
+		require.NotContains(t, req.Header, "X-Grafana-User")
+	})
+
+	t.Run("Should apply user header for non-anonomous user", func(t *testing.T) {
+		req, err := http.NewRequest(http.MethodGet, "/", nil)
+		require.NoError(t, err)
+
+		ApplyUserHeader(true, req, &user.SignedInUser{Login: "admin"})
+		require.Equal(t, "admin", req.Header.Get("X-Grafana-User"))
+	})
+}