opensource/grafana
1
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-07-29 00:25:30 +08:00
Code Issues Packages Projects Releases Wiki Activity

Secure Elasticsearch datasources a bit (#6031)

Browse Source 
Instead of allowing users to access the
entire cluster, apply some sane restrictions.

Change-Id: Ib2e93722bf2e39d700d4afa713ff49ec556f2fdf
This commit is contained in:
wvl
2016-09-13 15:04:21 +02:00
committed by Torkel Ödegaard
parent 6a723dff37
commit a73424d6af
1 changed files with 16 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
pkg/api/dataproxy.go
View File

@ -104,6 +104,22 @@ func ProxyDataSourceRequest(c *middleware.Context) {
} }
proxyPath := c.Params("*") proxyPath := c.Params("*")
if ds.Type == m.DS_ES {
if c.Req.Request.Method == "DELETE" {
c.JsonApiErr(403, "Deletes not allowed on proxied Elasticsearch datasource", nil)
return
}
if c.Req.Request.Method == "PUT" {
c.JsonApiErr(403, "Puts not allowed on proxied Elasticsearch datasource", nil)
return
}
if c.Req.Request.Method == "POST" && proxyPath != "_msearch" {
c.JsonApiErr(403, "Posts not allowed on proxied Elasticsearch datasource except on /_msearch", nil)
return
}
}
proxy := NewReverseProxy(ds, proxyPath, targetUrl) proxy := NewReverseProxy(ds, proxyPath, targetUrl)
proxy.Transport = dataProxyTransport proxy.Transport = dataProxyTransport
proxy.ServeHTTP(c.Resp, c.Req.Request) proxy.ServeHTTP(c.Resp, c.Req.Request)