mirror of
https://github.com/grafana/grafana.git
synced 2025-07-30 15:02:33 +08:00
6478d0a5ef
Grafana would forward the X-Grafana-User header to backend plugin request when dataproxy.send_user_header is enabled. In addition, X-Grafana-User will be automatically forwarded in outgoing HTTP requests for core/builtin HTTP datasources. Use grafana-plugin-sdk-go v0.147.0. Fixes #47734 Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
255 lines
10 KiB
Go
255 lines
10 KiB
Go
package clientmiddleware
|
|
|
|
import (
|
|
"net/http"
|
|
"testing"
|
|
|
|
"github.com/grafana/grafana-plugin-sdk-go/backend"
|
|
"github.com/grafana/grafana-plugin-sdk-go/backend/httpclient"
|
|
"github.com/grafana/grafana/pkg/infra/httpclient/httpclientprovider"
|
|
"github.com/grafana/grafana/pkg/plugins/manager/client/clienttest"
|
|
"github.com/grafana/grafana/pkg/services/user"
|
|
"github.com/grafana/grafana/pkg/util/proxyutil"
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
func TestUserHeaderMiddleware(t *testing.T) {
|
|
t.Run("When anononymous user in reqContext", func(t *testing.T) {
|
|
req, err := http.NewRequest(http.MethodGet, "/some/thing", nil)
|
|
require.NoError(t, err)
|
|
|
|
t.Run("And requests are for a datasource", func(t *testing.T) {
|
|
cdt := clienttest.NewClientDecoratorTest(t,
|
|
clienttest.WithReqContext(req, &user.SignedInUser{
|
|
IsAnonymous: true,
|
|
Login: "anonymous"},
|
|
),
|
|
clienttest.WithMiddlewares(NewUserHeaderMiddleware()),
|
|
)
|
|
|
|
pluginCtx := backend.PluginContext{
|
|
DataSourceInstanceSettings: &backend.DataSourceInstanceSettings{},
|
|
}
|
|
|
|
t.Run("Should not forward user header when calling QueryData", func(t *testing.T) {
|
|
_, err = cdt.Decorator.QueryData(req.Context(), &backend.QueryDataRequest{
|
|
PluginContext: pluginCtx,
|
|
Headers: map[string]string{},
|
|
})
|
|
require.NoError(t, err)
|
|
require.NotNil(t, cdt.QueryDataReq)
|
|
require.Empty(t, cdt.QueryDataReq.Headers)
|
|
|
|
middlewares := httpclient.ContextualMiddlewareFromContext(cdt.QueryDataCtx)
|
|
require.Len(t, middlewares, 1)
|
|
require.Equal(t, httpclientprovider.DeleteHeadersMiddlewareName, middlewares[0].(httpclient.MiddlewareName).MiddlewareName())
|
|
})
|
|
|
|
t.Run("Should not forward user header when calling CallResource", func(t *testing.T) {
|
|
err = cdt.Decorator.CallResource(req.Context(), &backend.CallResourceRequest{
|
|
PluginContext: pluginCtx,
|
|
Headers: map[string][]string{},
|
|
}, nopCallResourceSender)
|
|
require.NoError(t, err)
|
|
require.NotNil(t, cdt.CallResourceReq)
|
|
require.Empty(t, cdt.CallResourceReq.Headers)
|
|
|
|
middlewares := httpclient.ContextualMiddlewareFromContext(cdt.CallResourceCtx)
|
|
require.Len(t, middlewares, 1)
|
|
require.Equal(t, httpclientprovider.DeleteHeadersMiddlewareName, middlewares[0].(httpclient.MiddlewareName).MiddlewareName())
|
|
})
|
|
|
|
t.Run("Should not forward user header when calling CheckHealth", func(t *testing.T) {
|
|
_, err = cdt.Decorator.CheckHealth(req.Context(), &backend.CheckHealthRequest{
|
|
PluginContext: pluginCtx,
|
|
Headers: map[string]string{},
|
|
})
|
|
require.NoError(t, err)
|
|
require.NotNil(t, cdt.CheckHealthReq)
|
|
require.Empty(t, cdt.CheckHealthReq.Headers)
|
|
|
|
middlewares := httpclient.ContextualMiddlewareFromContext(cdt.CheckHealthCtx)
|
|
require.Len(t, middlewares, 1)
|
|
require.Equal(t, httpclientprovider.DeleteHeadersMiddlewareName, middlewares[0].(httpclient.MiddlewareName).MiddlewareName())
|
|
})
|
|
})
|
|
|
|
t.Run("And requests are for an app", func(t *testing.T) {
|
|
cdt := clienttest.NewClientDecoratorTest(t,
|
|
clienttest.WithReqContext(req, &user.SignedInUser{
|
|
IsAnonymous: true,
|
|
Login: "anonymous"},
|
|
),
|
|
clienttest.WithMiddlewares(NewUserHeaderMiddleware()),
|
|
)
|
|
|
|
pluginCtx := backend.PluginContext{
|
|
AppInstanceSettings: &backend.AppInstanceSettings{},
|
|
}
|
|
|
|
t.Run("Should not forward user header when calling QueryData", func(t *testing.T) {
|
|
_, err = cdt.Decorator.QueryData(req.Context(), &backend.QueryDataRequest{
|
|
PluginContext: pluginCtx,
|
|
Headers: map[string]string{},
|
|
})
|
|
require.NoError(t, err)
|
|
require.NotNil(t, cdt.QueryDataReq)
|
|
require.Empty(t, cdt.QueryDataReq.Headers)
|
|
|
|
middlewares := httpclient.ContextualMiddlewareFromContext(cdt.QueryDataCtx)
|
|
require.Len(t, middlewares, 1)
|
|
require.Equal(t, httpclientprovider.DeleteHeadersMiddlewareName, middlewares[0].(httpclient.MiddlewareName).MiddlewareName())
|
|
})
|
|
|
|
t.Run("Should not forward user header when calling CallResource", func(t *testing.T) {
|
|
err = cdt.Decorator.CallResource(req.Context(), &backend.CallResourceRequest{
|
|
PluginContext: pluginCtx,
|
|
Headers: map[string][]string{},
|
|
}, nopCallResourceSender)
|
|
require.NoError(t, err)
|
|
require.NotNil(t, cdt.CallResourceReq)
|
|
require.Empty(t, cdt.CallResourceReq.Headers)
|
|
|
|
middlewares := httpclient.ContextualMiddlewareFromContext(cdt.CallResourceCtx)
|
|
require.Len(t, middlewares, 1)
|
|
require.Equal(t, httpclientprovider.DeleteHeadersMiddlewareName, middlewares[0].(httpclient.MiddlewareName).MiddlewareName())
|
|
})
|
|
|
|
t.Run("Should not forward user header when calling CheckHealth", func(t *testing.T) {
|
|
_, err = cdt.Decorator.CheckHealth(req.Context(), &backend.CheckHealthRequest{
|
|
PluginContext: pluginCtx,
|
|
Headers: map[string]string{},
|
|
})
|
|
require.NoError(t, err)
|
|
require.NotNil(t, cdt.CheckHealthReq)
|
|
require.Empty(t, cdt.CheckHealthReq.Headers)
|
|
|
|
middlewares := httpclient.ContextualMiddlewareFromContext(cdt.CheckHealthCtx)
|
|
require.Len(t, middlewares, 1)
|
|
require.Equal(t, httpclientprovider.DeleteHeadersMiddlewareName, middlewares[0].(httpclient.MiddlewareName).MiddlewareName())
|
|
})
|
|
})
|
|
})
|
|
|
|
t.Run("When real user in reqContext", func(t *testing.T) {
|
|
req, err := http.NewRequest(http.MethodGet, "/some/thing", nil)
|
|
require.NoError(t, err)
|
|
|
|
t.Run("And requests are for a datasource", func(t *testing.T) {
|
|
cdt := clienttest.NewClientDecoratorTest(t,
|
|
clienttest.WithReqContext(req, &user.SignedInUser{
|
|
Login: "admin",
|
|
}),
|
|
clienttest.WithMiddlewares(NewUserHeaderMiddleware()),
|
|
)
|
|
|
|
pluginCtx := backend.PluginContext{
|
|
DataSourceInstanceSettings: &backend.DataSourceInstanceSettings{},
|
|
}
|
|
|
|
t.Run("Should forward user header when calling QueryData", func(t *testing.T) {
|
|
_, err = cdt.Decorator.QueryData(req.Context(), &backend.QueryDataRequest{
|
|
PluginContext: pluginCtx,
|
|
Headers: map[string]string{},
|
|
})
|
|
require.NoError(t, err)
|
|
require.NotNil(t, cdt.QueryDataReq)
|
|
require.Len(t, cdt.QueryDataReq.Headers, 1)
|
|
require.Equal(t, "admin", cdt.QueryDataReq.GetHTTPHeader(proxyutil.UserHeaderName))
|
|
|
|
middlewares := httpclient.ContextualMiddlewareFromContext(cdt.QueryDataCtx)
|
|
require.Len(t, middlewares, 1)
|
|
require.Equal(t, httpclientprovider.SetHeadersMiddlewareName, middlewares[0].(httpclient.MiddlewareName).MiddlewareName())
|
|
})
|
|
|
|
t.Run("Should forward user header when calling CallResource", func(t *testing.T) {
|
|
err = cdt.Decorator.CallResource(req.Context(), &backend.CallResourceRequest{
|
|
PluginContext: pluginCtx,
|
|
Headers: map[string][]string{},
|
|
}, nopCallResourceSender)
|
|
require.NoError(t, err)
|
|
require.NotNil(t, cdt.CallResourceReq)
|
|
require.Len(t, cdt.CallResourceReq.Headers, 1)
|
|
require.Equal(t, "admin", cdt.CallResourceReq.GetHTTPHeader(proxyutil.UserHeaderName))
|
|
|
|
middlewares := httpclient.ContextualMiddlewareFromContext(cdt.CallResourceCtx)
|
|
require.Len(t, middlewares, 1)
|
|
require.Equal(t, httpclientprovider.SetHeadersMiddlewareName, middlewares[0].(httpclient.MiddlewareName).MiddlewareName())
|
|
})
|
|
|
|
t.Run("Should forward user header when calling CheckHealth", func(t *testing.T) {
|
|
_, err = cdt.Decorator.CheckHealth(req.Context(), &backend.CheckHealthRequest{
|
|
PluginContext: pluginCtx,
|
|
Headers: map[string]string{},
|
|
})
|
|
require.NoError(t, err)
|
|
require.NotNil(t, cdt.CheckHealthReq)
|
|
require.Len(t, cdt.CheckHealthReq.Headers, 1)
|
|
require.Equal(t, "admin", cdt.CheckHealthReq.GetHTTPHeader(proxyutil.UserHeaderName))
|
|
|
|
middlewares := httpclient.ContextualMiddlewareFromContext(cdt.CheckHealthCtx)
|
|
require.Len(t, middlewares, 1)
|
|
require.Equal(t, httpclientprovider.SetHeadersMiddlewareName, middlewares[0].(httpclient.MiddlewareName).MiddlewareName())
|
|
})
|
|
})
|
|
|
|
t.Run("And requests are for an app", func(t *testing.T) {
|
|
cdt := clienttest.NewClientDecoratorTest(t,
|
|
clienttest.WithReqContext(req, &user.SignedInUser{
|
|
Login: "admin",
|
|
}),
|
|
clienttest.WithMiddlewares(NewUserHeaderMiddleware()),
|
|
)
|
|
|
|
pluginCtx := backend.PluginContext{
|
|
AppInstanceSettings: &backend.AppInstanceSettings{},
|
|
}
|
|
|
|
t.Run("Should forward user header when calling QueryData", func(t *testing.T) {
|
|
_, err = cdt.Decorator.QueryData(req.Context(), &backend.QueryDataRequest{
|
|
PluginContext: pluginCtx,
|
|
Headers: map[string]string{},
|
|
})
|
|
require.NoError(t, err)
|
|
require.NotNil(t, cdt.QueryDataReq)
|
|
require.Len(t, cdt.QueryDataReq.Headers, 1)
|
|
require.Equal(t, "admin", cdt.QueryDataReq.GetHTTPHeader(proxyutil.UserHeaderName))
|
|
|
|
middlewares := httpclient.ContextualMiddlewareFromContext(cdt.QueryDataCtx)
|
|
require.Len(t, middlewares, 1)
|
|
require.Equal(t, httpclientprovider.SetHeadersMiddlewareName, middlewares[0].(httpclient.MiddlewareName).MiddlewareName())
|
|
})
|
|
|
|
t.Run("Should forward user header when calling CallResource", func(t *testing.T) {
|
|
err = cdt.Decorator.CallResource(req.Context(), &backend.CallResourceRequest{
|
|
PluginContext: pluginCtx,
|
|
Headers: map[string][]string{},
|
|
}, nopCallResourceSender)
|
|
require.NoError(t, err)
|
|
require.NotNil(t, cdt.CallResourceReq)
|
|
require.Len(t, cdt.CallResourceReq.Headers, 1)
|
|
require.Equal(t, "admin", cdt.CallResourceReq.GetHTTPHeader(proxyutil.UserHeaderName))
|
|
|
|
middlewares := httpclient.ContextualMiddlewareFromContext(cdt.CallResourceCtx)
|
|
require.Len(t, middlewares, 1)
|
|
require.Equal(t, httpclientprovider.SetHeadersMiddlewareName, middlewares[0].(httpclient.MiddlewareName).MiddlewareName())
|
|
})
|
|
|
|
t.Run("Should forward user header when calling CheckHealth", func(t *testing.T) {
|
|
_, err = cdt.Decorator.CheckHealth(req.Context(), &backend.CheckHealthRequest{
|
|
PluginContext: pluginCtx,
|
|
Headers: map[string]string{},
|
|
})
|
|
require.NoError(t, err)
|
|
require.NotNil(t, cdt.CheckHealthReq)
|
|
require.Len(t, cdt.CheckHealthReq.Headers, 1)
|
|
require.Equal(t, "admin", cdt.CheckHealthReq.GetHTTPHeader(proxyutil.UserHeaderName))
|
|
|
|
middlewares := httpclient.ContextualMiddlewareFromContext(cdt.CheckHealthCtx)
|
|
require.Len(t, middlewares, 1)
|
|
require.Equal(t, httpclientprovider.SetHeadersMiddlewareName, middlewares[0].(httpclient.MiddlewareName).MiddlewareName())
|
|
})
|
|
})
|
|
})
|
|
}
|