mirror of
https://github.com/grafana/grafana.git
synced 2025-07-31 23:22:17 +08:00
6bb7ab261a
* Stub out frontend user auth * Stub out backend user auth * Add context * Reorganise files * Refactor app registration form * Alert for user auth service principal credentials * AzureMonitor: Add flag for enabling/disabling fallback credentials for current user authentication (#82332) * Rename field * Add fallback setting * Update tests and mock * Remove duplicate setting line * Update name of property * Update frontend settings * Update docs and default config files * Update azure-sdk * Fix lint * Update test * Bump dependency * Update configuration * Update docs/sources/setup-grafana/configure-grafana/_index.md Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> * Docs review * AzureMonitor: User authentication frontend updates (#83107) * Rename field * Add fallback setting * Update tests and mock * Remove duplicate setting line * Update name of property * Update frontend settings * Update docs and default config files * Add alerts to query editor - Add authenticatedBy property to grafana/data - Update mocks - Update query editor to disable it under certain circumstances - Update tests * Add separate FallbackCredentials component - Reset AppRegistrationCredentials component to only handle clientsecret credentials - Update AzureCredentialsForm - Update selectors - Update tests - Update credentials utility functions logic * Alert when fallback credentials disabled * Update condition * Update azure-sdk * Fix lint * Update test * Remove unneeded conditions * Set auth type correctly * Legacy cloud options * Fix client secret * Remove accidental import * Bump dependency * Add tests * Don't use VerticalGroup component * Remove unused import * Fix lint * Appropriately set oAuthPassThru and disableGrafanaCache properties * Clear azureCredentials on authType change * Correctly retrieve secret * Fix bug in authTypeOptions * Update public/app/plugins/datasource/azuremonitor/components/ConfigEditor/CurrentUserFallbackCredentials.tsx Co-authored-by: Andrew Hackmann <5140848+bossinc@users.noreply.github.com> * Update public/app/plugins/datasource/azuremonitor/components/QueryEditor/QueryEditor.tsx Co-authored-by: Andrew Hackmann <5140848+bossinc@users.noreply.github.com> * Update public/app/plugins/datasource/azuremonitor/components/ConfigEditor/CurrentUserFallbackCredentials.tsx Co-authored-by: Andrew Hackmann <5140848+bossinc@users.noreply.github.com> * Add documentation links * Fix broken link --------- Co-authored-by: Andrew Hackmann <5140848+bossinc@users.noreply.github.com> * AzureMonitor: Update docs for current user authentication (#83440) * Rename field * Add fallback setting * Update tests and mock * Remove duplicate setting line * Update name of property * Update frontend settings * Update docs and default config files * Add alerts to query editor - Add authenticatedBy property to grafana/data - Update mocks - Update query editor to disable it under certain circumstances - Update tests * Add separate FallbackCredentials component - Reset AppRegistrationCredentials component to only handle clientsecret credentials - Update AzureCredentialsForm - Update selectors - Update tests - Update credentials utility functions logic * Alert when fallback credentials disabled * Update condition * Update azure-sdk * Fix lint * Update test * Remove unneeded conditions * Set auth type correctly * Legacy cloud options * Fix client secret * Remove accidental import * Bump dependency * Add tests * Don't use VerticalGroup component * Remove unused import * Update docs * Fix lint * Appropriately set oAuthPassThru and disableGrafanaCache properties * Clear azureCredentials on authType change * Correctly retrieve secret * Feedback * Spelling * Update docs/sources/datasources/azure-monitor/_index.md Co-authored-by: Larissa Wandzura <126723338+lwandz13@users.noreply.github.com> * Update docs/sources/datasources/azure-monitor/_index.md Co-authored-by: Larissa Wandzura <126723338+lwandz13@users.noreply.github.com> * Update docs/sources/datasources/azure-monitor/_index.md Co-authored-by: Larissa Wandzura <126723338+lwandz13@users.noreply.github.com> * Update docs/sources/datasources/azure-monitor/_index.md Co-authored-by: Larissa Wandzura <126723338+lwandz13@users.noreply.github.com> --------- Co-authored-by: Larissa Wandzura <126723338+lwandz13@users.noreply.github.com> * Docs review * Update docs with additional configuration information * Fix to appropriately hide the query editor * Typo * Update isCredentialsComplete * Update test --------- Co-authored-by: Christopher Moyer <35463610+chri2547@users.noreply.github.com> Co-authored-by: Andrew Hackmann <5140848+bossinc@users.noreply.github.com> Co-authored-by: Larissa Wandzura <126723338+lwandz13@users.noreply.github.com>
162 lines
5.6 KiB
Go
162 lines
5.6 KiB
Go
package pluginconfig
|
|
|
|
import (
|
|
"context"
|
|
"slices"
|
|
"sort"
|
|
"strconv"
|
|
"strings"
|
|
|
|
"github.com/grafana/grafana-aws-sdk/pkg/awsds"
|
|
"github.com/grafana/grafana-azure-sdk-go/v2/azsettings"
|
|
|
|
"github.com/grafana/grafana-plugin-sdk-go/backend"
|
|
"github.com/grafana/grafana-plugin-sdk-go/backend/proxy"
|
|
"github.com/grafana/grafana-plugin-sdk-go/experimental/featuretoggles"
|
|
)
|
|
|
|
var _ PluginRequestConfigProvider = (*RequestConfigProvider)(nil)
|
|
|
|
type PluginRequestConfigProvider interface {
|
|
PluginRequestConfig(ctx context.Context, pluginID string) map[string]string
|
|
}
|
|
|
|
type RequestConfigProvider struct {
|
|
cfg *PluginInstanceCfg
|
|
}
|
|
|
|
func NewRequestConfigProvider(cfg *PluginInstanceCfg) *RequestConfigProvider {
|
|
return &RequestConfigProvider{
|
|
cfg: cfg,
|
|
}
|
|
}
|
|
|
|
// PluginRequestConfig returns a map of configuration that should be passed in a plugin request.
|
|
// nolint:gocyclo
|
|
func (s *RequestConfigProvider) PluginRequestConfig(ctx context.Context, pluginID string) map[string]string {
|
|
m := make(map[string]string)
|
|
|
|
if s.cfg.GrafanaAppURL != "" {
|
|
m[backend.AppURL] = s.cfg.GrafanaAppURL
|
|
}
|
|
if s.cfg.ConcurrentQueryCount != 0 {
|
|
m[backend.ConcurrentQueryCount] = strconv.Itoa(s.cfg.ConcurrentQueryCount)
|
|
}
|
|
|
|
enabledFeatures := s.cfg.Features.GetEnabled(ctx)
|
|
if len(enabledFeatures) > 0 {
|
|
features := make([]string, 0, len(enabledFeatures))
|
|
for feat := range enabledFeatures {
|
|
features = append(features, feat)
|
|
}
|
|
sort.Strings(features)
|
|
m[featuretoggles.EnabledFeatures] = strings.Join(features, ",")
|
|
}
|
|
|
|
if slices.Contains[[]string, string](s.cfg.AWSForwardSettingsPlugins, pluginID) {
|
|
if !s.cfg.AWSAssumeRoleEnabled {
|
|
m[awsds.AssumeRoleEnabledEnvVarKeyName] = "false"
|
|
}
|
|
if len(s.cfg.AWSAllowedAuthProviders) > 0 {
|
|
m[awsds.AllowedAuthProvidersEnvVarKeyName] = strings.Join(s.cfg.AWSAllowedAuthProviders, ",")
|
|
}
|
|
if s.cfg.AWSExternalId != "" {
|
|
m[awsds.GrafanaAssumeRoleExternalIdKeyName] = s.cfg.AWSExternalId
|
|
}
|
|
if s.cfg.AWSSessionDuration != "" {
|
|
m[awsds.SessionDurationEnvVarKeyName] = s.cfg.AWSSessionDuration
|
|
}
|
|
if s.cfg.AWSListMetricsPageLimit != "" {
|
|
m[awsds.ListMetricsPageLimitKeyName] = s.cfg.AWSListMetricsPageLimit
|
|
}
|
|
}
|
|
|
|
if s.cfg.ProxySettings.Enabled {
|
|
m[proxy.PluginSecureSocksProxyEnabled] = "true"
|
|
m[proxy.PluginSecureSocksProxyClientCert] = s.cfg.ProxySettings.ClientCert
|
|
m[proxy.PluginSecureSocksProxyClientKey] = s.cfg.ProxySettings.ClientKey
|
|
m[proxy.PluginSecureSocksProxyRootCACert] = s.cfg.ProxySettings.RootCA
|
|
m[proxy.PluginSecureSocksProxyProxyAddress] = s.cfg.ProxySettings.ProxyAddress
|
|
m[proxy.PluginSecureSocksProxyServerName] = s.cfg.ProxySettings.ServerName
|
|
m[proxy.PluginSecureSocksProxyAllowInsecure] = strconv.FormatBool(s.cfg.ProxySettings.AllowInsecure)
|
|
}
|
|
|
|
// Settings here will be extracted by grafana-azure-sdk-go from the plugin context
|
|
if s.cfg.AzureAuthEnabled {
|
|
m[azsettings.AzureAuthEnabled] = strconv.FormatBool(s.cfg.AzureAuthEnabled)
|
|
}
|
|
azureSettings := s.cfg.Azure
|
|
if azureSettings != nil && slices.Contains[[]string, string](azureSettings.ForwardSettingsPlugins, pluginID) {
|
|
if azureSettings.Cloud != "" {
|
|
m[azsettings.AzureCloud] = azureSettings.Cloud
|
|
}
|
|
|
|
if azureSettings.ManagedIdentityEnabled {
|
|
m[azsettings.ManagedIdentityEnabled] = "true"
|
|
|
|
if azureSettings.ManagedIdentityClientId != "" {
|
|
m[azsettings.ManagedIdentityClientID] = azureSettings.ManagedIdentityClientId
|
|
}
|
|
}
|
|
|
|
if azureSettings.UserIdentityEnabled {
|
|
m[azsettings.UserIdentityEnabled] = "true"
|
|
m[azsettings.UserIdentityFallbackCredentialsEnabled] = strconv.FormatBool(azureSettings.UserIdentityFallbackCredentialsEnabled)
|
|
|
|
if azureSettings.UserIdentityTokenEndpoint != nil {
|
|
if azureSettings.UserIdentityTokenEndpoint.TokenUrl != "" {
|
|
m[azsettings.UserIdentityTokenURL] = azureSettings.UserIdentityTokenEndpoint.TokenUrl
|
|
}
|
|
if azureSettings.UserIdentityTokenEndpoint.ClientId != "" {
|
|
m[azsettings.UserIdentityClientID] = azureSettings.UserIdentityTokenEndpoint.ClientId
|
|
}
|
|
if azureSettings.UserIdentityTokenEndpoint.ClientSecret != "" {
|
|
m[azsettings.UserIdentityClientSecret] = azureSettings.UserIdentityTokenEndpoint.ClientSecret
|
|
}
|
|
if azureSettings.UserIdentityTokenEndpoint.UsernameAssertion {
|
|
m[azsettings.UserIdentityAssertion] = "username"
|
|
}
|
|
}
|
|
}
|
|
|
|
if azureSettings.WorkloadIdentityEnabled {
|
|
m[azsettings.WorkloadIdentityEnabled] = "true"
|
|
|
|
if azureSettings.WorkloadIdentitySettings != nil {
|
|
if azureSettings.WorkloadIdentitySettings.ClientId != "" {
|
|
m[azsettings.WorkloadIdentityClientID] = azureSettings.WorkloadIdentitySettings.ClientId
|
|
}
|
|
if azureSettings.WorkloadIdentitySettings.TenantId != "" {
|
|
m[azsettings.WorkloadIdentityTenantID] = azureSettings.WorkloadIdentitySettings.TenantId
|
|
}
|
|
if azureSettings.WorkloadIdentitySettings.TokenFile != "" {
|
|
m[azsettings.WorkloadIdentityTokenFile] = azureSettings.WorkloadIdentitySettings.TokenFile
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
if s.cfg.UserFacingDefaultError != "" {
|
|
m[backend.UserFacingDefaultError] = s.cfg.UserFacingDefaultError
|
|
}
|
|
|
|
if s.cfg.DataProxyRowLimit != 0 {
|
|
m[backend.SQLRowLimit] = strconv.FormatInt(s.cfg.DataProxyRowLimit, 10)
|
|
}
|
|
|
|
m[backend.SQLMaxOpenConnsDefault] = strconv.Itoa(s.cfg.SQLDatasourceMaxOpenConnsDefault)
|
|
m[backend.SQLMaxIdleConnsDefault] = strconv.Itoa(s.cfg.SQLDatasourceMaxIdleConnsDefault)
|
|
m[backend.SQLMaxConnLifetimeSecondsDefault] = strconv.Itoa(s.cfg.SQLDatasourceMaxConnLifetimeDefault)
|
|
|
|
if s.cfg.ResponseLimit > 0 {
|
|
m[backend.ResponseLimit] = strconv.FormatInt(s.cfg.ResponseLimit, 10)
|
|
}
|
|
|
|
if s.cfg.SigV4AuthEnabled {
|
|
m[awsds.SigV4AuthEnabledEnvVarKeyName] = "true"
|
|
m[awsds.SigV4VerboseLoggingEnvVarKeyName] = strconv.FormatBool(s.cfg.SigV4VerboseLogging)
|
|
}
|
|
|
|
return m
|
|
}
|