mirror of
https://github.com/grafana/grafana.git
synced 2025-07-30 14:42:16 +08:00
e822c8a24d
* Use SDK contracts for cloudmonitoring * Get build running, tests passing and do some refactoring (#38754) * fix build+tests and refactor * remove alerting stuff * remove unused field * fix plugin fetch * end to end * resp rename * tidy annotations * reformatting * update refID * reformat imports * fix styling * clean up unmarshalling * uncomment + fix tests * appease linter * remove spaces * remove old cruft * add check for empty queries * update tests * remove pm as dep * adjust proxy route contract * fix service loading * use UNIX val * fix endpoint + resp * h@ckz for frontend * fix resp * fix interval * always set custom meta * remove unused param * fix labels fetch * fix linter * fix test + remove unused field * apply pr feedback * fix grafana-auto intervals * fix tests * resolve conflicts * fix bad merge * fix conflicts * remove bad logger import Co-authored-by: Will Browne <wbrowne@users.noreply.github.com> Co-authored-by: Will Browne <will.browne@grafana.com>
97 lines
2.3 KiB
Go
97 lines
2.3 KiB
Go
package pluginproxy
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"sync"
|
|
"time"
|
|
|
|
"github.com/grafana/grafana/pkg/plugins"
|
|
"golang.org/x/oauth2"
|
|
"golang.org/x/oauth2/jwt"
|
|
)
|
|
|
|
var (
|
|
oauthJwtTokenCache = oauthJwtTokenCacheType{
|
|
cache: map[string]*oauth2.Token{},
|
|
}
|
|
)
|
|
|
|
type oauthJwtTokenCacheType struct {
|
|
cache map[string]*oauth2.Token
|
|
sync.Mutex
|
|
}
|
|
|
|
type jwtAccessTokenProvider struct {
|
|
datasourceId int64
|
|
datasourceUpdated time.Time
|
|
ctx context.Context
|
|
route *plugins.AppPluginRoute
|
|
authParams *plugins.JwtTokenAuth
|
|
}
|
|
|
|
func newJwtAccessTokenProvider(ctx context.Context, ds DSInfo, pluginRoute *plugins.AppPluginRoute,
|
|
authParams *plugins.JwtTokenAuth) *jwtAccessTokenProvider {
|
|
return &jwtAccessTokenProvider{
|
|
datasourceId: ds.ID,
|
|
datasourceUpdated: ds.Updated,
|
|
ctx: ctx,
|
|
route: pluginRoute,
|
|
authParams: authParams,
|
|
}
|
|
}
|
|
|
|
func (provider *jwtAccessTokenProvider) GetAccessToken() (string, error) {
|
|
oauthJwtTokenCache.Lock()
|
|
defer oauthJwtTokenCache.Unlock()
|
|
if cachedToken, found := oauthJwtTokenCache.cache[provider.getAccessTokenCacheKey()]; found {
|
|
if cachedToken.Expiry.After(timeNow().Add(time.Second * 10)) {
|
|
logger.Debug("Using token from cache")
|
|
return cachedToken.AccessToken, nil
|
|
}
|
|
}
|
|
|
|
conf := &jwt.Config{}
|
|
|
|
if val, ok := provider.authParams.Params["client_email"]; ok {
|
|
conf.Email = val
|
|
}
|
|
|
|
if val, ok := provider.authParams.Params["private_key"]; ok {
|
|
conf.PrivateKey = []byte(val)
|
|
}
|
|
|
|
if val, ok := provider.authParams.Params["token_uri"]; ok {
|
|
conf.TokenURL = val
|
|
}
|
|
|
|
conf.Scopes = provider.authParams.Scopes
|
|
|
|
token, err := getTokenSource(conf, provider.ctx)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
|
|
oauthJwtTokenCache.cache[provider.getAccessTokenCacheKey()] = token
|
|
|
|
logger.Info("Got new access token", "ExpiresOn", token.Expiry)
|
|
|
|
return token.AccessToken, nil
|
|
}
|
|
|
|
// getTokenSource gets a token source.
|
|
// Stubbable by tests.
|
|
var getTokenSource = func(conf *jwt.Config, ctx context.Context) (*oauth2.Token, error) {
|
|
tokenSrc := conf.TokenSource(ctx)
|
|
token, err := tokenSrc.Token()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return token, nil
|
|
}
|
|
|
|
func (provider *jwtAccessTokenProvider) getAccessTokenCacheKey() string {
|
|
return fmt.Sprintf("%v_%v_%v_%v", provider.datasourceId, provider.datasourceUpdated.Unix(), provider.route.Path, provider.route.Method)
|
|
}
|