mirror of
https://github.com/grafana/grafana.git
synced 2025-07-31 10:52:40 +08:00
Plugins: Backend: Skip host environment variables (#77858)
* Add pluginsSkipHostEnvVars feature flag * Set go-plugin's SkipHostEnvVar depending on feature flags * add missing file * Re-generate feature flags * Add allowedHostEnvVarNames * Fix feature toggles not being passed to plugin context service's plugin env vars * Fix tests * PR review feedback: Use cfg.Features * Fix tests * PR review feedback: removed DefaultProviderWithFeatures * merge with master * fix tests * use features.IsEnabledGlobally
This commit is contained in:
Giuseppe Guerra
@ -39,7 +39,7 @@ var pluginSet = map[int]goplugin.PluginSet{
|
||||
},
|
||||
}
|
||||
|
||||
func newClientConfig(executablePath string, args []string, env []string, logger log.Logger,
|
||||
func newClientConfig(executablePath string, args []string, env []string, skipHostEnvVars bool, logger log.Logger,
|
||||
versionedPlugins map[int]goplugin.PluginSet) *goplugin.ClientConfig {
|
||||
// We can ignore gosec G201 here, since the dynamic part of executablePath comes from the plugin definition
|
||||
// nolint:gosec
|
||||
@ -50,6 +50,7 @@ func newClientConfig(executablePath string, args []string, env []string, logger
|
||||
Cmd: cmd,
|
||||
HandshakeConfig: handshake,
|
||||
VersionedPlugins: versionedPlugins,
|
||||
SkipHostEnv: skipHostEnvVars,
|
||||
Logger: logWrapper{Logger: logger},
|
||||
AllowedProtocols: []goplugin.Protocol{goplugin.ProtocolGRPC},
|
||||
GRPCDialOptions: []grpc.DialOption{
|
||||
@ -75,6 +76,7 @@ type PluginDescriptor struct {
|
||||
pluginID string
|
||||
executablePath string
|
||||
executableArgs []string
|
||||
skipHostEnvVars bool
|
||||
managed bool
|
||||
versionedPlugins map[int]goplugin.PluginSet
|
||||
startRendererFn StartRendererFunc
|
||||
@ -82,21 +84,22 @@ type PluginDescriptor struct {
|
||||
}
|
||||
|
||||
// NewBackendPlugin creates a new backend plugin factory used for registering a backend plugin.
|
||||
func NewBackendPlugin(pluginID, executablePath string, executableArgs ...string) backendplugin.PluginFactoryFunc {
|
||||
return newBackendPlugin(pluginID, executablePath, true, executableArgs...)
|
||||
func NewBackendPlugin(pluginID, executablePath string, skipHostEnvVars bool, executableArgs ...string) backendplugin.PluginFactoryFunc {
|
||||
return newBackendPlugin(pluginID, executablePath, true, skipHostEnvVars, executableArgs...)
|
||||
}
|
||||
|
||||
// NewUnmanagedBackendPlugin creates a new backend plugin factory used for registering an unmanaged backend plugin.
|
||||
func NewUnmanagedBackendPlugin(pluginID, executablePath string, executableArgs ...string) backendplugin.PluginFactoryFunc {
|
||||
return newBackendPlugin(pluginID, executablePath, false, executableArgs...)
|
||||
func NewUnmanagedBackendPlugin(pluginID, executablePath string, skipHostEnvVars bool, executableArgs ...string) backendplugin.PluginFactoryFunc {
|
||||
return newBackendPlugin(pluginID, executablePath, false, skipHostEnvVars, executableArgs...)
|
||||
}
|
||||
|
||||
// NewBackendPlugin creates a new backend plugin factory used for registering a backend plugin.
|
||||
func newBackendPlugin(pluginID, executablePath string, managed bool, executableArgs ...string) backendplugin.PluginFactoryFunc {
|
||||
func newBackendPlugin(pluginID, executablePath string, managed bool, skipHostEnvVars bool, executableArgs ...string) backendplugin.PluginFactoryFunc {
|
||||
return newPlugin(PluginDescriptor{
|
||||
pluginID: pluginID,
|
||||
executablePath: executablePath,
|
||||
executableArgs: executableArgs,
|
||||
skipHostEnvVars: skipHostEnvVars,
|
||||
managed: managed,
|
||||
versionedPlugins: pluginSet,
|
||||
})
|
||||
|
||||
@ -44,7 +44,7 @@ func newGrpcPlugin(descriptor PluginDescriptor, logger log.Logger, env func() []
|
||||
descriptor: descriptor,
|
||||
logger: logger,
|
||||
clientFactory: func() *plugin.Client {
|
||||
return plugin.NewClient(newClientConfig(descriptor.executablePath, descriptor.executableArgs, env(), logger, descriptor.versionedPlugins))
|
||||
return plugin.NewClient(newClientConfig(descriptor.executablePath, descriptor.executableArgs, env(), descriptor.skipHostEnvVars, logger, descriptor.versionedPlugins))
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
@ -10,6 +10,7 @@ import (
|
||||
"github.com/grafana/grafana/pkg/plugins/backendplugin/pluginextensionv2"
|
||||
"github.com/grafana/grafana/pkg/plugins/backendplugin/secretsmanagerplugin"
|
||||
"github.com/grafana/grafana/pkg/plugins/log"
|
||||
"github.com/grafana/grafana/pkg/services/featuremgmt"
|
||||
)
|
||||
|
||||
// PluginBackendProvider is a function type for initializing a Plugin backend.
|
||||
@ -17,19 +18,21 @@ type PluginBackendProvider func(_ context.Context, _ *plugins.Plugin) backendplu
|
||||
|
||||
type Service struct {
|
||||
providerChain []PluginBackendProvider
|
||||
features featuremgmt.FeatureToggles
|
||||
}
|
||||
|
||||
func New(providers ...PluginBackendProvider) *Service {
|
||||
func New(features featuremgmt.FeatureToggles, providers ...PluginBackendProvider) *Service {
|
||||
if len(providers) == 0 {
|
||||
return New(RendererProvider, SecretsManagerProvider, DefaultProvider)
|
||||
return New(features, RendererProvider, SecretsManagerProvider, DefaultProvider(features))
|
||||
}
|
||||
return &Service{
|
||||
providerChain: providers,
|
||||
features: features,
|
||||
}
|
||||
}
|
||||
|
||||
func ProvideService(coreRegistry *coreplugin.Registry) *Service {
|
||||
return New(coreRegistry.BackendFactoryProvider(), RendererProvider, SecretsManagerProvider, DefaultProvider)
|
||||
func ProvideService(features featuremgmt.FeatureToggles, coreRegistry *coreplugin.Registry) *Service {
|
||||
return New(features, coreRegistry.BackendFactoryProvider(), RendererProvider, SecretsManagerProvider, DefaultProvider(features))
|
||||
}
|
||||
|
||||
func (s *Service) BackendFactory(ctx context.Context, p *plugins.Plugin) backendplugin.PluginFactoryFunc {
|
||||
@ -65,6 +68,9 @@ var SecretsManagerProvider PluginBackendProvider = func(_ context.Context, p *pl
|
||||
)
|
||||
}
|
||||
|
||||
var DefaultProvider PluginBackendProvider = func(_ context.Context, p *plugins.Plugin) backendplugin.PluginFactoryFunc {
|
||||
return grpcplugin.NewBackendPlugin(p.ID, p.ExecutablePath())
|
||||
func DefaultProvider(features featuremgmt.FeatureToggles) PluginBackendProvider {
|
||||
return func(_ context.Context, p *plugins.Plugin) backendplugin.PluginFactoryFunc {
|
||||
skipEnvVars := features.IsEnabledGlobally(featuremgmt.FlagPluginsSkipHostEnvVars)
|
||||
return grpcplugin.NewBackendPlugin(p.ID, p.ExecutablePath(), skipEnvVars)
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user