mirror of
https://github.com/grafana/grafana.git
synced 2025-08-02 04:19:25 +08:00
db1191f3ef
* Determine Azure cloud based on authentication type * Route resolution for clouds * Fix tests * Constants for cloud names * move arg cloud route logic to routes.go Co-authored-by: Erik Sundell <erik.sundell87@gmail.com>
79 lines
2.3 KiB
Go
79 lines
2.3 KiB
Go
package azuremonitor
|
|
|
|
import (
|
|
"fmt"
|
|
|
|
"github.com/grafana/grafana/pkg/components/simplejson"
|
|
"github.com/grafana/grafana/pkg/setting"
|
|
)
|
|
|
|
const (
|
|
AzureAuthManagedIdentity = "msi"
|
|
AzureAuthClientSecret = "clientsecret"
|
|
)
|
|
|
|
// Azure cloud names specific to Azure Monitor
|
|
const (
|
|
azureMonitorPublic = "azuremonitor"
|
|
azureMonitorChina = "chinaazuremonitor"
|
|
azureMonitorUSGovernment = "govazuremonitor"
|
|
azureMonitorGermany = "germanyazuremonitor"
|
|
)
|
|
|
|
func getAuthType(cfg *setting.Cfg, pluginData *simplejson.Json) string {
|
|
if authType := pluginData.Get("azureAuthType").MustString(); authType != "" {
|
|
return authType
|
|
} else {
|
|
tenantId := pluginData.Get("tenantId").MustString()
|
|
clientId := pluginData.Get("clientId").MustString()
|
|
|
|
// If authentication type isn't explicitly specified and datasource has client credentials,
|
|
// then this is existing datasource which is configured for app registration (client secret)
|
|
if tenantId != "" && clientId != "" {
|
|
return AzureAuthClientSecret
|
|
}
|
|
|
|
// For newly created datasource with no configuration, managed identity is the default authentication type
|
|
// if they are enabled in Grafana config
|
|
if cfg.Azure.ManagedIdentityEnabled {
|
|
return AzureAuthManagedIdentity
|
|
} else {
|
|
return AzureAuthClientSecret
|
|
}
|
|
}
|
|
}
|
|
|
|
func getDefaultAzureCloud(cfg *setting.Cfg) (string, error) {
|
|
switch cfg.Azure.Cloud {
|
|
case setting.AzurePublic:
|
|
return azureMonitorPublic, nil
|
|
case setting.AzureChina:
|
|
return azureMonitorChina, nil
|
|
case setting.AzureUSGovernment:
|
|
return azureMonitorUSGovernment, nil
|
|
case setting.AzureGermany:
|
|
return azureMonitorGermany, nil
|
|
default:
|
|
err := fmt.Errorf("the cloud '%s' not supported", cfg.Azure.Cloud)
|
|
return "", err
|
|
}
|
|
}
|
|
|
|
func getAzureCloud(cfg *setting.Cfg, pluginData *simplejson.Json) (string, error) {
|
|
authType := getAuthType(cfg, pluginData)
|
|
switch authType {
|
|
case AzureAuthManagedIdentity:
|
|
// In case of managed identity, the cloud is always same as where Grafana is hosted
|
|
return getDefaultAzureCloud(cfg)
|
|
case AzureAuthClientSecret:
|
|
if cloud := pluginData.Get("cloudName").MustString(); cloud != "" {
|
|
return cloud, nil
|
|
} else {
|
|
return getDefaultAzureCloud(cfg)
|
|
}
|
|
default:
|
|
err := fmt.Errorf("the authentication type '%s' not supported", authType)
|
|
return "", err
|
|
}
|
|
}
|