011726c80f
Plugins: Update DefaultSignature function signature in PluginSource interface ( #100519 )
...
* Plugins CDN: Add support for signature type and signature org
* Fall-back to valid signature if the config is not supported
* Move CDN signature code to DefaultSignature
* fix tests
2025-02-19 12:19:45 +01:00
0db65d229e
Plugins: Add Subresource Integrity checks ( #93024 )
...
* Plugins: Pass hashes for SRI to frontend
* Add SRI hashes to frontendsettings DTOs
* Add docstring
* TestSriHashes
* Fix typo
* Changed SriHashes to ModuleHash
* update loader_test compareOpts
* update ModuleHash error message
* Add TestModuleHash/no_module.js
* Add omitEmpty to moduleHash
* Add ModuleHash to api/plugins/${pluginId}/settings
* moved ModuleHash field
* feat(plugins): add moduleHash to bootData and plugin types
* feat(plugins): if moduleHash is available apply it to systemjs importmap
* Calculate ModuleHash for CDN provisioned plugins
* Add ModuleHash tests for TestCalculate
* adjust test case name
* removed .envrc
* Fix signature verification failing for internal plugins
* fix tests
* Add pluginsFilesystemSriChecks feature togglemk
* renamed FilesystemSriChecksEnabled
* refactor(plugin_loader): prefer extending type declaration over ts-error
* added a couple more tests
* Removed unused features
* Removed unused argument from signature.DefaultCalculator call
* Removed unused argument from bootstrap.DefaultConstructFunc
* Moved ModuleHash to pluginassets service
* update docstring
* lint
* Removed cdn dependency from manifest.Signature
* add tests
* fix extra parameters in tests
* "fix" tests
* removed outdated test
* removed unused cdn dependency in signature.DefaultCalculator
* reduce diff
* Cache returned values
* Add support for deeply nested plugins (more than 1 hierarchy level)
* simplify cache usage
* refactor TestService_ModuleHash_Cache
* removed unused testdata
* re-generate feature toggles
* use version for module hash cache
* Renamed feature toggle to pluginsSriChecks and use it for both cdn and filesystem
* Removed app/types/system-integrity.d.ts
* re-generate feature toggles
* re-generate feature toggles
* feat(plugins): put systemjs integrity hash behind feature flag
---------
Co-authored-by: Jack Westbrook <jack.westbrook@gmail.com>
2024-10-04 14:55:09 +02:00
ed89354eaa
Chore: Adding debug logging to signature checks ( #86915 )
...
Adding debug logging to signature checks
2024-04-25 11:53:10 +01:00
5edd96ae77
Plugins: Refactor plugin config into separate env var and request scoped services ( #83261 )
...
* seperate services for env + req
* merge with main
* fix tests
* undo changes to golden file
* fix linter
* remove unused fields
* split out new config struct
* provide config
* undo go mod changes
* more renaming
* fix tests
* undo bra.toml changes
* update go.work.sum
* undo changes
* trigger
* apply PR feedback
2024-02-27 12:38:02 +01:00
46c1c03183
Rendering: Fix Windows plugin signature check ( #76123 )
...
* Rendering: Fix Windows plugin signature check
* apply review feedback
2023-10-06 15:48:29 +02:00
c5e9a82ccb
Plugins: Do not fail bootstrap stage if single decorate step fails ( #73147 )
...
* don't fail all if decorate step fails
* fix casing
* include err too
* cover pluginsintegration too
2023-08-10 14:46:38 +02:00
ec6412bcca
Plugins: Use plugins config to source app URL ( #72490 )
...
* use plugins config for app URL
* merge with main
* add missing file
* add fg
* fix tests
2023-07-28 15:18:25 +02:00
758d9884bc
Plugins: Plugins loader pipeline ( #71438 )
...
* discovery
* flesh out
* add docs
* remove unused func
* bootstrap stage
* fix docs
* update docs
* undo unnecessary changes
* add end tag
* update doc
* fix linter
* fix
* tidy
* update docs
* add class to filter func
* apply PR feedback
* fix test
2023-07-27 15:29:13 +02:00
1274979f3f
Plugins: Remove unused config field from SignatureCalculator ( #71297 )
...
remove unused cfg field
2023-07-11 08:52:02 +02:00
a221e1d226
Plugins: Standardize Golang enum naming convention ( #69449 )
...
* standardize enum pattern
* fix up
2023-06-08 12:21:19 +02:00
b7ca2d89b1
Chore: Update ProtonMail/go-crypto ( #68641 )
2023-05-18 09:52:31 +02:00
ea7e5e2d82
Chore: Improve error message in case of a revoked key ( #67413 )
2023-04-28 14:28:00 +02:00
aa9838bd25
Chore: Refactor manifest verifier ( #67218 )
2023-04-27 17:54:28 +02:00
bfe1b68800
Plugins: Fs: Add option to access unallowed files in dev mode ( #66492 )
...
* Plugins: Fs: Add option to access unallowed files in dev mode
* Plugins: Fs: allow accessing unallowed files only when in dev mode
* Plugins: Fs: Add ProvideLocalFinder
* Plugins: FS: Pass whole config in NewLocalFinder()
* Plugins: FS: Add AllowListLocalFS
* Plugins: FS: Fix some tests
* Plugins: FS: Update tests
* Plugins: FS: Removed dead code
* Plugins: FS: Add tests for AllowListFS
* Plugins: FS: Update comments
* Plugins: FS: Use variadic arguments for allow list rather than map
* Plugins: FS: Remove unnecessary log
* Plugins: FS: Do not escape plugin root dir
* Fix merge conflict
* Plugins: FS: Update comments
* Plugins: FS: PR review changes
* Fix merge conflict
* Fix tests
* Cleanup
* Fix flaky test
* Changes from PR review
* Lint
* Add comment to LocalFS.Remove
* Fix Windows
* Renamed devMode to production
2023-04-27 10:26:15 +02:00
9d7c3a101d
Chore: Use KVStore for the manifest public key ( #66839 )
2023-04-25 13:01:49 +02:00
98c695c68f
Chore: Use Grafana API to retrieve the public key to validate plugins ( #66439 )
2023-04-18 16:12:05 +02:00
48de17945f
Chore: Use maintained crypto library ( #66304 )
2023-04-12 11:18:38 +02:00
facd4eca7e
Plugins: Fix plugin signature calculation not working on Windows ( #66273 )
...
* Plugins: Fix plugin signature calculation not working on Windows
* Plugins: Added test for NTFS path separators in signature verification
* Use filepath.ToSlash and replace its implementation in tests
* Fix typo
2023-04-11 17:15:34 +02:00
ee2dd62a1f
Plugins: Refactor loader + finder to support multiple sourcing methods ( #64735 )
...
* it's cdn time
* tidy body closing
* auto signed
* fix close
* update log name
* remove comments
2023-03-20 14:35:49 +01:00
68df83c86d
Plugins: Add Plugin FS abstraction ( #63734 )
...
* unexport pluginDir from dto
* first pass
* tidy
* naming + add mutex
* add dupe checking
* fix func typo
* interface + move logic from renderer
* remote finder
* remote signing
* fix tests
* tidy up
* tidy markdown logic
* split changes
* fix tests
* slim interface down
* fix status code
* tidy exec path func
* fixup
* undo changes
* remove unused func
* remove unused func
* fix goimports
* fetch remotely
* simultaneous support
* fix linter
* use var
* add exception for gosec warning
* fixup
* fix tests
* tidy
* rework cfg pattern
* simplify
* PR feedback
* fix dupe field
* remove g304 nolint
* apply PR feedback
* remove unnecessary gosec nolint
* fix finder loop and update comment
* fix map alloc
* fix test
* remove commented code
2023-03-07 16:47:02 +01:00
ec82719372
Plugins: Introduce plugin package specific logger ( #62204 )
...
* refactor
* implement with infra log for now
* undo moving
* update package name
* update name
* fix tests
* update pretty signature
* update naming
* simplify
* fix typo
* delete comment
* fix import
* retrigger
2023-02-28 16:10:27 +01:00
59ef144e9e
Plugins: Add file permission error check when attempting to verify plugin signature ( #61860 )
...
add permission err check
2023-01-23 12:01:10 +01:00
48b33ab521
Plugins: Unsigned chromium file should not invalidate signature for Renderer plugin ( #59104 )
...
* Plugins: Unsigned chromium file should not invalidate signature for Renderer plugin
* fix test
* re-work solution
2022-12-19 12:46:27 +01:00
76233f9997
Plugins: Unexport PluginDir field from PluginDTO ( #59190 )
...
* unexport pluginDir from dto
* more err checks
* tidy
* fix tests
* fix dboard file tests
* fix import
* fix tests
* apply PR feedback
* combine interfaces
* fix logs and clean up test
* filepath clean
* use fs.File
* rm explicit type
2022-12-02 13:46:55 +01:00
6f8fcae01b
[main] Plugin fixes ( #57399 )
...
* Plugins: Remove support for V1 manifests
* Plugins: Make proxy endpoints not leak sensitive HTTP headers
* Security: Fix do not forward login cookie in outgoing requests
(cherry picked from commit 4539c33fce5ef23badb08ebcbc09cb0cecb1f539)
Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2022-10-21 13:54:55 +02:00
062d255124
Handle ioutil deprecations ( #53526 )
...
* replace ioutil.ReadFile -> os.ReadFile
* replace ioutil.ReadAll -> io.ReadAll
* replace ioutil.TempFile -> os.CreateTemp
* replace ioutil.NopCloser -> io.NopCloser
* replace ioutil.WriteFile -> os.WriteFile
* replace ioutil.TempDir -> os.MkdirTemp
* replace ioutil.Discard -> io.Discard
2022-08-10 15:37:51 +02:00
6d066a7aa8
Plugins: Add validation for plugin manifest ( #52787 )
...
* add validation for plugin manifest
* no more semver checking
* undo go.mod changes
* undo go.mod changes
* only validate v2 fields where necessary
* remove manifest version field check
2022-07-27 12:56:52 +02:00
843ff932b7
Plugins: Add signature wildcard globbing for dedicated private plugin type ( #52163 )
...
* it's glob time
* add more tests
* fix warn log
* support new sig type
2022-07-22 10:48:16 +02:00
5d052be6ff
Plugins: Always validate root URL if specified in signature manfiest ( #52332 )
...
* always validate root URL if specified in signature
* tidy imports
2022-07-15 17:42:20 +02:00
04df634ef5
Plugins: Improved handling of symlinks ( #51324 )
...
Improves how we handle symlinks in plugin management.
2022-06-27 12:24:02 +02:00
3c3039f5b3
Chore: Remove Wrap ( #50048 )
...
* Chore: Remove Wrap and Wrapf
* Fix: Add error check
2022-06-03 09:24:24 +02:00
0bf889e058
Fix unmaarshal of double pointer ( #47586 )
...
* Fix unmaarshal of double pointer
* update sdk version
2022-04-12 09:30:34 +02:00
a8b90d9a25
FileStore: add basic file storage API ( #46051 )
...
* #45498 : fs API alpha
* #45498 : remove grafanaDS changes for filestorage.go
* #45498 : fix lint
* #45498 : fix lint
* #45498 : remove db file storage migration
* #45498 : linting
* #45498 : linting
* #45498 : linting
* #45498 : fix imports
* #45498 : add comment
* remove StorageName abstractions
* FileStore: add dummy implementation (#46071 )
* #45498 : bring back grafanaDs changes, add dummy filestorage
* #45498 : rename grafanaDs to public
* #45498 : modify join
* #45498 : review fix
* #45498 : unnecessary leading newline (whitespace) IMPORTANT FIX
* #45498 : fix belongsToStorage
* #45498 : fix removeStoragePrefix so that it works with abs paths
Co-authored-by: Ryan McKinley <ryantxu@gmail.com>
2022-03-03 10:53:26 +04:00
54de1078c8
remove the global log error/warn etc functions ( #41404 )
...
* remove the global log error/warn etc functions and use request context logger whenever possible
2021-11-08 17:56:56 +01:00
b80fbe03f0
Plugins: Refactor Plugin Management ( #40477 )
...
* add core plugin flow
* add instrumentation
* move func
* remove cruft
* support external backend plugins
* refactor + clean up
* remove comments
* refactor loader
* simplify core plugin path arg
* cleanup loggers
* move signature validator to plugins package
* fix sig packaging
* cleanup plugin model
* remove unnecessary plugin field
* add start+stop for pm
* fix failures
* add decommissioned state
* export fields just to get things flowing
* fix comments
* set static routes
* make image loading idempotent
* merge with backend plugin manager
* re-use funcs
* reorder imports + remove unnecessary interface
* add some TODOs + remove unused func
* remove unused instrumentation func
* simplify client usage
* remove import alias
* re-use backendplugin.Plugin interface
* re order funcs
* improve var name
* fix log statements
* refactor data model
* add logic for dupe check during loading
* cleanup state setting
* refactor loader
* cleanup manager interface
* add rendering flow
* refactor loading + init
* add renderer support
* fix renderer plugin
* reformat imports
* track errors
* fix plugin signature inheritance
* name param in interface
* update func comment
* fix func arg name
* introduce class concept
* remove func
* fix external plugin check
* apply changes from pm-experiment
* fix core plugins
* fix imports
* rename interface
* comment API interface
* add support for testdata plugin
* enable alerting + use correct core plugin contracts
* slim manager API
* fix param name
* fix filter
* support static routes
* fix rendering
* tidy rendering
* get tests compiling
* fix install+uninstall
* start finder test
* add finder test coverage
* start loader tests
* add test for core plugins
* load core + bundled test
* add test for nested plugin loading
* add test files
* clean interface + fix registering some core plugins
* refactoring
* reformat and create sub packages
* simplify core plugin init
* fix ctx cancel scenario
* migrate initializer
* remove Init() funcs
* add test starter
* new logger
* flesh out initializer tests
* refactoring
* remove unused svc
* refactor rendering flow
* fixup loader tests
* add enabled helper func
* fix logger name
* fix data fetchers
* fix case where plugin dir doesn't exist
* improve coverage + move dupe checking to loader
* remove noisy debug logs
* register core plugins automagically
* add support for renderer in catalog
* make private func + fix req validation
* use interface
* re-add check for renderer in catalog
* tidy up from moving to auto reg core plugins
* core plugin registrar
* guards
* copy over core plugins for test infra
* all tests green
* renames
* propagate new interfaces
* kill old manager
* get compiling
* tidy up
* update naming
* refactor manager test + cleanup
* add more cases to finder test
* migrate validator to field
* more coverage
* refactor dupe checking
* add test for plugin class
* add coverage for initializer
* split out rendering
* move
* fixup tests
* fix uss test
* fix frontend settings
* fix grafanads test
* add check when checking sig errors
* fix enabled map
* fixup
* allow manual setup of CM
* rename to cloud-monitoring
* remove TODO
* add installer interface for testing
* loader interface returns
* tests passing
* refactor + add more coverage
* support 'stackdriver'
* fix frontend settings loading
* improve naming based on package name
* small tidy
* refactor test
* fix renderer start
* make cloud-monitoring plugin ID clearer
* add plugin update test
* add integration tests
* don't break all if sig can't be calculated
* add root URL check test
* add more signature verification tests
* update DTO name
* update enabled plugins comment
* update comments
* fix linter
* revert fe naming change
* fix errors endpoint
* reset error code field name
* re-order test to help verify
* assert -> require
* pm check
* add missing entry + re-order
* re-check
* dump icon log
* verify manager contents first
* reformat
* apply PR feedback
* apply style changes
* fix one vs all loading err
* improve log output
* only start when no signature error
* move log
* rework plugin update check
* fix test
* fix multi loading from cfg.PluginSettings
* improve log output #2
* add error abstraction to capture errors without registering a plugin
* add debug log
* add unsigned warning
* e2e test attempt
* fix logger
* set home path
* prevent panic
* alternate
* ugh.. fix home path
* return renderer even if not started
* make renderer plugin managed
* add fallback renderer icon, update renderer badge + prevent changes when renderer is installed
* fix icon loading
* rollback renderer changes
* use correct field
* remove unneccessary block
* remove newline
* remove unused func
* fix bundled plugins base + module fields
* remove unused field since refactor
* add authorizer abstraction
* loader only returns plugins expected to run
* fix multi log output
2021-11-01 10:53:33 +01:00
