opensource/grafana
1
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-07-30 01:12:09 +08:00
Code Issues Packages Projects Releases Wiki Activity

AuthZ: add headers for IP range AC checks for cloud data sources (#80208)

Browse Source 
* add feature toggle

* add a middleware that appens headers for IP range AC

* sort imports

* sign IP range header and only append it if the request is going to allow listed data sources

* sign a random generated string instead of IP, also change the name of the middleware to make it more generic

* remove the DS IP range AC options from the config file; remove unwanted change

* add test

* sanitize the URLs when comparing

* cleanup and fixes

* check if X-Real-Ip is present, and set the internal request header if it is not present

* use split string function from the util package
This commit is contained in:
Ieva
2024-01-31 17:09:24 +00:00
committed by GitHub
parent e00aba0ce5
commit c310a20966
4 changed files with 284 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
pkg/services/pluginsintegration/pluginsintegration.go
View File

@ -181,6 +181,10 @@ func CreateMiddlewares(cfg *setting.Cfg, oAuthTokenService oauthtoken.OAuthToken
middlewares = append(middlewares, clientmiddleware.NewUserHeaderMiddleware())
}
if cfg.IPRangeACEnabled {
middlewares = append(middlewares, clientmiddleware.NewHostedGrafanaACHeaderMiddleware(cfg))
}
middlewares = append(middlewares, clientmiddleware.NewHTTPClientMiddleware())
if features.IsEnabledGlobally(featuremgmt.FlagPluginsInstrumentationStatusSource) {