opensource/grafana
1
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-07-28 18:32:19 +08:00
Code Issues Packages Projects Releases Wiki Activity

refactor(dataproxy): TLS Client Auth

Browse Source 
Use a SecureJsonData field for TLS
Client Auth instead of 3 new db
fields. Same model as used for
PluginSettings.

Saves and encrypts the pem file
content rather than just saving
the paths to the cert and key.
This allows for uploading from
the Edit Datasource page in
Grafana.
This commit is contained in:
Daniel Lee
2016-11-16 09:54:26 +01:00
parent af07adb146
commit c9b2c694f1
7 changed files with 149 additions and 79 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
pkg/api/dataproxy.go
View File

@ -17,7 +17,7 @@ import (
"github.com/grafana/grafana/pkg/util"
)
func dataProxyTransport(ds *m.DataSource) (*http.Transport, error) {
func DataProxyTransport(ds *m.DataSource) (*http.Transport, error) {
transport := &http.Transport{
TLSClientConfig: &tls.Config{
InsecureSkipVerify: true,
@ -30,8 +30,17 @@ func dataProxyTransport(ds *m.DataSource) (*http.Transport, error) {
TLSHandshakeTimeout: 10 * time.Second,
}
if ds.TlsAuth {
cert, err := tls.LoadX509KeyPair(ds.TlsClientCert, ds.TlsClientKey)
var tlsAuth bool
var err error
if ds.JsonData != nil {
tlsAuth, err = ds.JsonData.Get("tlsAuth").Bool()
}
if err == nil && tlsAuth {
transport.TLSClientConfig.InsecureSkipVerify = false
decrypted := ds.SecureJsonData.Decrypt()
cert, err := tls.X509KeyPair([]byte(decrypted["tlsClientCert"]), []byte(decrypted["tlsClientKey"]))
if err != nil {
return nil, err
}
@ -141,7 +150,7 @@ func ProxyDataSourceRequest(c *middleware.Context) {
}
proxy := NewReverseProxy(ds, proxyPath, targetUrl)
proxy.Transport, err = dataProxyTransport(ds)
proxy.Transport, err = DataProxyTransport(ds)
if err != nil {
c.JsonApiErr(400, "Unable to load TLS certificate", err)
return