upstream/grafana
1
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2026-06-10 17:11:31 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 164
grafana/pkg/api/pluginproxy/ds_proxy.go

464 lines
14 KiB
Go
Raw Permalink Normal View History

feat: data source proxy refactoring and route handling, #9078
2017-08-22 11:14:15 -04:00
package pluginproxy
import (
"bytes"
"errors"
"fmt"
Handle ioutil deprecations (#53526) * replace ioutil.ReadFile -> os.ReadFile * replace ioutil.ReadAll -> io.ReadAll * replace ioutil.TempFile -> os.CreateTemp * replace ioutil.NopCloser -> io.NopCloser * replace ioutil.WriteFile -> os.WriteFile * replace ioutil.TempDir -> os.MkdirTemp * replace ioutil.Discard -> io.Discard
2022-08-10 09:37:51 -04:00
"io"
feat: data source proxy refactoring and route handling, #9078
2017-08-22 11:14:15 -04:00
"net/http"
"net/url"
datasource-proxy: token exchange
2017-08-23 11:18:43 -04:00
"strconv"
feat: data source proxy refactoring and route handling, #9078
2017-08-22 11:14:15 -04:00
"strings"
"time"
backend/datasources: move datasources models into the datasources service package (#51267) * backend/datasources: move datasources models into the datasources service pkg
2022-06-27 12:23:15 -04:00
"go.opentelemetry.io/otel/attribute"
Tracing: Standardize on otel tracing (#75528)
2023-10-03 08:54:20 -04:00
"go.opentelemetry.io/otel/trace"
backend/datasources: move datasources models into the datasources service package (#51267) * backend/datasources: move datasources models into the datasources service pkg
2022-06-27 12:23:15 -04:00
DataSource/Proxy: decouple from DataSourceService from ds_proxy (#125752)
2026-06-08 06:28:30 -04:00
"github.com/grafana/grafana/pkg/api/datasource/validation"
"github.com/grafana/grafana/pkg/apimachinery/identity"
"github.com/grafana/grafana/pkg/apimachinery/utils"
DataSource/Proxy: Move OAuthPassThru settings to the datasource package (#125325)
2026-05-23 06:36:49 -04:00
datasourcesV0 "github.com/grafana/grafana/pkg/apis/datasource/v0alpha1"
Datasource: Shared HTTP client provider for core backend data sources and any data source using the data source proxy (#33439) Uses new httpclient package from grafana-plugin-sdk-go introduced via grafana/grafana-plugin-sdk-go#328. Replaces the GetHTTPClient, GetTransport, GetTLSConfig methods defined on DataSource model. Longer-term the goal is to migrate core HTTP backend data sources to use the SDK contracts and using httpclient.Provider for creating HTTP clients and such. Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-05-19 17:53:41 -04:00
"github.com/grafana/grafana/pkg/infra/httpclient"
Data proxy: Log proxy errors using Grafana logger (#22174) Now any errors logged by http.ReverseProxy are forwarded to Grafana's logger and includes more contextual information like level (error), user id, org id, username, proxy path, referer and IP address. Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
2020-02-18 07:26:01 -05:00
glog "github.com/grafana/grafana/pkg/infra/log"
Chore: Implement OpenTelemtry in Grafana (#42674) * Separate Tracer interface to TracerService and Tracer * Fix lint * Fix:Make it possible to start spans for both opentracing and opentelemetry in ds proxy * Add span methods, use span interface for rest of tracing * Fix logs in tracing * Fix tests that are related to tracing * Fix resourcepermissions test * Fix some tests * Fix more tests * Add TracingService to wire cli runner * Remove GlobalTracer from bus * Renaming test function * Remove GlobalTracer from TSDB * Replace GlobalTracer in api * Adjust tests to the InitializeForTests func * Remove GlobalTracer from services * Remove GlobalTracer * Remove bus.NewTest * Remove Tracer interface * Add InitializeForBus * Simplify tests * Clean up tests * Rename TracerService to Tracer * Update pkg/middleware/request_tracing.go Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com> * Initialize tracer before passing it to SQLStore initialization in commands * Remove tests for opentracing * Set span attributes correctly, remove unnecessary trace initiliazation form test * Add tracer instance to newSQLStore * Fix changes due to rebase * Add modified tracing middleware test * Fix opentracing implementation tags Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
2022-01-20 05:10:12 -05:00
"github.com/grafana/grafana/pkg/infra/tracing"
DataSource/Proxy: decouple from DataSourceService from ds_proxy (#125752)
2026-06-08 06:28:30 -04:00
"github.com/grafana/grafana/pkg/models/usertoken"
feat: data source proxy refactoring and route handling, #9078
2017-08-22 11:14:15 -04:00
"github.com/grafana/grafana/pkg/plugins"
Encryption: Refactor securejsondata.SecureJsonData to stop relying on global functions (#38865) * Encryption: Add support to encrypt/decrypt sjd * Add datasources.Service as a proxy to datasources db operations * Encrypt ds.SecureJsonData before calling SQLStore * Move ds cache code into ds service * Fix tlsmanager tests * Fix pluginproxy tests * Remove some securejsondata.GetEncryptedJsonData usages * Add pluginsettings.Service as a proxy for plugin settings db operations * Add AlertNotificationService as a proxy for alert notification db operations * Remove some securejsondata.GetEncryptedJsonData usages * Remove more securejsondata.GetEncryptedJsonData usages * Fix lint errors * Minor fixes * Remove encryption global functions usages from ngalert * Fix lint errors * Minor fixes * Minor fixes * Remove securejsondata.DecryptedValue usage * Refactor the refactor * Remove securejsondata.DecryptedValue usage * Move securejsondata to migrations package * Move securejsondata to migrations package * Minor fix * Fix integration test * Fix integration tests * Undo undesired changes * Fix tests * Add context.Context into encryption methods * Fix tests * Fix tests * Fix tests * Trigger CI * Fix test * Add names to params of encryption service interface * Remove bus from CacheServiceImpl * Add logging * Add keys to logger Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> * Add missing key to logger Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> * Undo changes in markdown files * Fix formatting * Add context to secrets service * Rename decryptSecureJsonData to decryptSecureJsonDataFn * Name args in GetDecryptedValueFn * Add template back to NewAlertmanagerNotifier * Copy GetDecryptedValueFn to ngalert * Add logging to pluginsettings * Fix pluginsettings test Co-authored-by: Tania B <yalyna.ts@gmail.com> Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
2021-10-07 10:33:50 -04:00
"github.com/grafana/grafana/pkg/services/datasources"
IDforwarding: forward signed id to plugins (#75651) * Plugins: Add client middlware that forwards the signed grafana id token if present * DsProxy: Set grafana id header if id token exists * Add util function to apply id token to header * Only add id forwarding middleware if feature toggle is enabled * Add feature toggles to ds proxy and check if id forwarding is enabled * Clean up test setup * Change to use backend.ForwardHTTPHeaders interface * PluginProxy: Forward signed identity when feature toggle is enabled * PluginProxy: forrward signed id header
2023-10-02 03:14:10 -04:00
"github.com/grafana/grafana/pkg/services/featuremgmt"
OAuth: Support Forward OAuth Identity for backend data source plugins (#27055) Adds support for the Forward OAuth Identity feature in backend data source plugins. Earlier this feature has only been supported for non-backend data source plugins. Fixes #26023 Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
2020-10-23 19:34:38 -04:00
"github.com/grafana/grafana/pkg/services/oauthtoken"
RBAC: Allow plugins to use scoped actions (#90946) Co-authored-by: gamab <gabriel.mabille@grafana.com>
2024-07-25 10:22:42 -04:00
pluginac "github.com/grafana/grafana/pkg/services/pluginsintegration/pluginaccesscontrol"
feat: data source proxy refactoring and route handling, #9078
2017-08-22 11:14:15 -04:00
"github.com/grafana/grafana/pkg/util"
Backend plugins: Prepare and clean request headers before resource calls (#22321) Moves common request proxy utilities to proxyutil package with support for removing X-Forwarded-Host, X-Forwarded-Port, X-Forwarded-Proto headers, setting X-Forwarded-For header and cleaning Cookie header. Using the proxyutil package to prepare and clean request headers before resource calls. Closes #21512
2020-03-03 05:45:16 -05:00
"github.com/grafana/grafana/pkg/util/proxyutil"
feat: data source proxy refactoring and route handling, #9078
2017-08-22 11:14:15 -04:00
)
var (
Data proxy: Log proxy errors using Grafana logger (#22174) Now any errors logged by http.ReverseProxy are forwarded to Grafana's logger and includes more contextual information like level (error), user id, org id, username, proxy path, referer and IP address. Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
2020-02-18 07:26:01 -05:00
logger = glog.New("data-proxy-log")
dsproxy: implements support for plugin routes with jwt file Google Cloud service accounts use a JWT token to get an oauth access token. This adds support for that.
2018-09-06 09:50:16 -04:00
client = newHTTPClient()
Data Source: Proxy fallback routes must match all inputs (#116274)
2026-01-14 15:12:18 -05:00
errPluginProxyRouteAccessDenied = errors.New("plugin proxy route access denied")
feat: data source proxy refactoring and route handling, #9078
2017-08-22 11:14:15 -04:00
)
Data Source: Cap forwarded User-Agent length (#124704)
2026-05-13 04:17:20 -04:00
// maxForwardedUserAgentLen is the maximum byte length of the client User-Agent
// appended to the data proxy User-Agent when forward_user_agent is enabled.
const maxForwardedUserAgentLen = 255
DataSource/Proxy: decouple from DataSourceService from ds_proxy (#125752)
2026-06-08 06:28:30 -04:00
type HTTPContext struct {
Req *http.Request
Resp http.ResponseWriter
// TODO? eventually this should come from the user in the request context
UserToken *usertoken.UserToken
}
feat: data source proxy refactoring and route handling, #9078
2017-08-22 11:14:15 -04:00
type DataSourceProxy struct {
DataSource/Proxy: decouple from DataSourceService from ds_proxy (#125752)
2026-06-08 06:28:30 -04:00
ds *datasourcesV0.DataSource
requester identity.Requester
dataSource DataSourceLoader
ctx HTTPContext
targetUrl *url.URL
proxyPath string
matchedRoute *plugins.Route
pluginRoutes []*plugins.Route
settings *DataSourceProxySettings
clientProvider httpclient.Provider
oAuthTokenService oauthtoken.OAuthTokenService
tracer tracing.Tracer
features featuremgmt.FeatureToggles
dsproxy: allow multiple access tokens per datasource Changes the cache key for tokens to cache on datasource id + route path + http method instead of just datasource id.
2018-06-12 11:39:38 -04:00
}
dsproxy: move http client variable back After refactoring to be able to mock the client in a test, the client wasn't a global variable anymore. This change moves the client back to being a package- level variable.
2018-06-14 07:39:46 -04:00
type httpClient interface {
dsproxy: allow multiple access tokens per datasource Changes the cache key for tokens to cache on datasource id + route path + http method instead of just datasource id.
2018-06-12 11:39:38 -04:00
Do(req *http.Request) (*http.Response, error)
feat: data source proxy refactoring and route handling, #9078
2017-08-22 11:14:15 -04:00
}
Data proxy: Log proxy errors using Grafana logger (#22174) Now any errors logged by http.ReverseProxy are forwarded to Grafana's logger and includes more contextual information like level (error), user id, org id, username, proxy path, referer and IP address. Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
2020-02-18 07:26:01 -05:00
// NewDataSourceProxy creates a new Datasource proxy
DataSource/Proxy: decouple from DataSourceService from ds_proxy (#125752)
2026-06-08 06:28:30 -04:00
func NewDataSourceProxy(dataSource DataSourceLoader,
pluginRoutes []*plugins.Route, ctx HTTPContext,
Datasource Proxy: Restrict full access to setting.Cfg (#125180) Plugin Proxy: Narrow data source config to DataSourceProxySettings The data source proxy only needs a handful of fields from setting.Cfg. Introduce a focused DataSourceProxySettings struct that exposes only those fields, load Azure settings lazily via a resolver callback so the proxy avoids touching Azure configuration unless an Azure-authenticated route is matched, and pass the new struct through the datasource proxy service in place of *setting.Cfg.
2026-05-21 05:09:14 -04:00
proxyPath string, settings *DataSourceProxySettings, clientProvider httpclient.Provider,
DataSource/Proxy: decouple from DataSourceService from ds_proxy (#125752)
2026-06-08 06:28:30 -04:00
oAuthTokenService oauthtoken.OAuthTokenService,
OAuth: Use the attached external session data in OAuthToken and OAuthTokenSync (#96655) * wip * wip + tests * wip * wip opt2 * Use authn.Identity struct's SessionToken * Merge fixes * Handle disabling the feature flag correctly * Fix test * Cleanup * Remove HasOAuthEntry from the OAuthTokenService interface * Remove unused function
2024-11-27 05:06:39 -05:00
tracer tracing.Tracer, features featuremgmt.FeatureToggles,
) (*DataSourceProxy, error) {
DataSource/Proxy: decouple from DataSourceService from ds_proxy (#125752)
2026-06-08 06:28:30 -04:00
ds, err := dataSource.DataSource(ctx.Req.Context())
if err != nil {
return nil, fmt.Errorf("failed to load datasource: %w", err)
}
targetURL, err := validation.ValidateURL(dataSource.PluginType(), ds.Spec.URL())
DataSourceProxy: Handle URL parsing error (#23731) * pluginproxy: Handle URL parsing error * pkg/api: Validate data source URLs * pkg/api: Return 400 for URL validation error
2020-04-22 04:30:06 -04:00
if err != nil {
Data sources: Don't fail if URL doesn't specify protocol (#24497)
2020-05-12 07:04:18 -04:00
return nil, err
DataSourceProxy: Handle URL parsing error (#23731) * pluginproxy: Handle URL parsing error * pkg/api: Validate data source URLs * pkg/api: Return 400 for URL validation error
2020-04-22 04:30:06 -04:00
}
dataproxy: refactoring data source proxy to support route templates and wrote more tests for data proxy code, #9078
2017-08-23 04:52:31 -04:00
DataSource/Proxy: decouple from DataSourceService from ds_proxy (#125752)
2026-06-08 06:28:30 -04:00
requester, err := identity.GetRequester(ctx.Req.Context())
if err != nil {
return nil, fmt.Errorf("failed to get requester from context: %w", err)
}
feat: data source proxy refactoring and route handling, #9078
2017-08-22 11:14:15 -04:00
return &DataSourceProxy{
DataSource/Proxy: decouple from DataSourceService from ds_proxy (#125752)
2026-06-08 06:28:30 -04:00
ds: ds,
requester: requester,
dataSource: dataSource,
pluginRoutes: pluginRoutes,
ctx: ctx,
proxyPath: proxyPath,
targetUrl: targetURL,
settings: settings,
clientProvider: clientProvider,
oAuthTokenService: oAuthTokenService,
tracer: tracer,
features: features,
DataSourceProxy: Handle URL parsing error (#23731) * pluginproxy: Handle URL parsing error * pkg/api: Validate data source URLs * pkg/api: Return 400 for URL validation error
2020-04-22 04:30:06 -04:00
}, nil
dsproxy: move http client variable back After refactoring to be able to mock the client in a test, the client wasn't a global variable anymore. This change moves the client back to being a package- level variable.
2018-06-14 07:39:46 -04:00
}
func newHTTPClient() httpClient {
return &http.Client{
revert ds_proxy timeout and implement dataproxy timeout correctly
2019-02-11 07:42:05 -05:00
Timeout: 30 * time.Second,
dsproxy: move http client variable back After refactoring to be able to mock the client in a test, the client wasn't a global variable anymore. This change moves the client back to being a package- level variable.
2018-06-14 07:39:46 -04:00
Transport: &http.Transport{Proxy: http.ProxyFromEnvironment},
feat: data source proxy refactoring and route handling, #9078
2017-08-22 11:14:15 -04:00
}
}
func (proxy *DataSourceProxy) HandleRequest() {
if err := proxy.validateRequest(); err != nil {
DataSource/Proxy: decouple from DataSourceService from ds_proxy (#125752)
2026-06-08 06:28:30 -04:00
writeJSONErr(proxy.ctx.Resp, proxy.ctx.Req, 403, err.Error(), nil)
feat: data source proxy refactoring and route handling, #9078
2017-08-22 11:14:15 -04:00
return
}
DataSource/Proxy: decouple from DataSourceService from ds_proxy (#125752)
2026-06-08 06:28:30 -04:00
userid, _ := proxy.requester.GetInternalID()
Instrumentation: Proxy status code correction and various improvements (#47473) For a proxied request, e.g. Grafana's datasource or plugin proxy: If the request is cancelled, e.g. from the browser, the HTTP status code is now 499 Client closed request instead of 502 Bad gateway. If the request times out, e.g. takes longer time than allowed, the HTTP status code is now 504 Gateway timeout instead of 502 Bad gateway. This also means that request metrics and logs will get their status codes adjusted according to above. Fixes #46337 Fixes #46338
2022-04-11 07:17:08 -04:00
proxyErrorLogger := logger.New(
DataSource/Proxy: decouple from DataSourceService from ds_proxy (#125752)
2026-06-08 06:28:30 -04:00
"userId", userid,
"orgId", proxy.requester.GetOrgID(),
"uname", proxy.requester.GetLogin(),
Instrumentation: Proxy status code correction and various improvements (#47473) For a proxied request, e.g. Grafana's datasource or plugin proxy: If the request is cancelled, e.g. from the browser, the HTTP status code is now 499 Client closed request instead of 502 Bad gateway. If the request times out, e.g. takes longer time than allowed, the HTTP status code is now 504 Gateway timeout instead of 502 Bad gateway. This also means that request metrics and logs will get their status codes adjusted according to above. Fixes #46337 Fixes #46338
2022-04-11 07:17:08 -04:00
"path", proxy.ctx.Req.URL.Path,
DataSource/Proxy: decouple from DataSourceService from ds_proxy (#125752)
2026-06-08 06:28:30 -04:00
"remote_addr", proxy.ctx.Req.RemoteAddr,
Instrumentation: Proxy status code correction and various improvements (#47473) For a proxied request, e.g. Grafana's datasource or plugin proxy: If the request is cancelled, e.g. from the browser, the HTTP status code is now 499 Client closed request instead of 502 Bad gateway. If the request times out, e.g. takes longer time than allowed, the HTTP status code is now 504 Gateway timeout instead of 502 Bad gateway. This also means that request metrics and logs will get their status codes adjusted according to above. Fixes #46337 Fixes #46338
2022-04-11 07:17:08 -04:00
"referer", proxy.ctx.Req.Referer(),
)
feat: data source proxy refactoring and route handling, #9078
2017-08-22 11:14:15 -04:00
DataSource/Proxy: decouple from DataSourceService from ds_proxy (#125752)
2026-06-08 06:28:30 -04:00
transport, err := proxy.dataSource.GetHTTPTransport(proxy.ctx.Req.Context(), proxy.clientProvider)
feat: data source proxy refactoring and route handling, #9078
2017-08-22 11:14:15 -04:00
if err != nil {
DataSource/Proxy: decouple from DataSourceService from ds_proxy (#125752)
2026-06-08 06:28:30 -04:00
writeJSONErr(proxy.ctx.Resp, proxy.ctx.Req, 400, "Unable to load TLS certificate", err)
feat: data source proxy refactoring and route handling, #9078
2017-08-22 11:14:15 -04:00
return
}
Instrumentation: Proxy status code correction and various improvements (#47473) For a proxied request, e.g. Grafana's datasource or plugin proxy: If the request is cancelled, e.g. from the browser, the HTTP status code is now 499 Client closed request instead of 502 Bad gateway. If the request times out, e.g. takes longer time than allowed, the HTTP status code is now 504 Gateway timeout instead of 502 Bad gateway. This also means that request metrics and logs will get their status codes adjusted according to above. Fixes #46337 Fixes #46338
2022-04-11 07:17:08 -04:00
modifyResponse := func(resp *http.Response) error {
if resp.StatusCode == 401 {
// The data source rejected the request as unauthorized, convert to 400 (bad request)
Handle ioutil deprecations (#53526) * replace ioutil.ReadFile -> os.ReadFile * replace ioutil.ReadAll -> io.ReadAll * replace ioutil.TempFile -> os.CreateTemp * replace ioutil.NopCloser -> io.NopCloser * replace ioutil.WriteFile -> os.WriteFile * replace ioutil.TempDir -> os.MkdirTemp * replace ioutil.Discard -> io.Discard
2022-08-10 09:37:51 -04:00
body, err := io.ReadAll(resp.Body)
Instrumentation: Proxy status code correction and various improvements (#47473) For a proxied request, e.g. Grafana's datasource or plugin proxy: If the request is cancelled, e.g. from the browser, the HTTP status code is now 499 Client closed request instead of 502 Bad gateway. If the request times out, e.g. takes longer time than allowed, the HTTP status code is now 504 Gateway timeout instead of 502 Bad gateway. This also means that request metrics and logs will get their status codes adjusted according to above. Fixes #46337 Fixes #46338
2022-04-11 07:17:08 -04:00
if err != nil {
return fmt.Errorf("failed to read data source response body: %w", err)
}
_ = resp.Body.Close()
Logging: Introduce API for contextual logging (#55198) Introduces a FromContext method on the log.Logger interface that allows contextual key/value pairs to be attached, e.g. per request, so that any logger using this API will automatically get the per request context attached. The proposal makes the traceID available for contextual logger , if available, and would allow logs originating from a certain HTTP request to be correlated with traceID. In addition, when tracing not enabled, skip adding traceID=00000000000000000000000000000000 to logs.
2022-09-20 12:32:06 -04:00
ctxLogger := proxyErrorLogger.FromContext(resp.Request.Context())
ctxLogger.Info("Authentication to data source failed", "body", string(body), "statusCode",
Instrumentation: Proxy status code correction and various improvements (#47473) For a proxied request, e.g. Grafana's datasource or plugin proxy: If the request is cancelled, e.g. from the browser, the HTTP status code is now 499 Client closed request instead of 502 Bad gateway. If the request times out, e.g. takes longer time than allowed, the HTTP status code is now 504 Gateway timeout instead of 502 Bad gateway. This also means that request metrics and logs will get their status codes adjusted according to above. Fixes #46337 Fixes #46338
2022-04-11 07:17:08 -04:00
resp.StatusCode)
msg := "Authentication to data source failed"
*resp = http.Response{
StatusCode: 400,
Status: "Bad Request",
Handle ioutil deprecations (#53526) * replace ioutil.ReadFile -> os.ReadFile * replace ioutil.ReadAll -> io.ReadAll * replace ioutil.TempFile -> os.CreateTemp * replace ioutil.NopCloser -> io.NopCloser * replace ioutil.WriteFile -> os.WriteFile * replace ioutil.TempDir -> os.MkdirTemp * replace ioutil.Discard -> io.Discard
2022-08-10 09:37:51 -04:00
Body: io.NopCloser(strings.NewReader(msg)),
Instrumentation: Proxy status code correction and various improvements (#47473) For a proxied request, e.g. Grafana's datasource or plugin proxy: If the request is cancelled, e.g. from the browser, the HTTP status code is now 499 Client closed request instead of 502 Bad gateway. If the request times out, e.g. takes longer time than allowed, the HTTP status code is now 504 Gateway timeout instead of 502 Bad gateway. This also means that request metrics and logs will get their status codes adjusted according to above. Fixes #46337 Fixes #46338
2022-04-11 07:17:08 -04:00
ContentLength: int64(len(msg)),
Header: http.Header{},
Instrumentation: Add status_source label to request metrics/logs (#74114) Ref #68480 Co-authored-by: Giuseppe Guerra <giuseppe.guerra@grafana.com>
2023-09-11 06:13:13 -04:00
Request: resp.Request,
Data source proxy: Convert 401 from data source to 400 (#28962) * Data source proxy: Convert 401 from data source to 400 Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-11-13 07:21:43 -05:00
}
Instrumentation: Proxy status code correction and various improvements (#47473) For a proxied request, e.g. Grafana's datasource or plugin proxy: If the request is cancelled, e.g. from the browser, the HTTP status code is now 499 Client closed request instead of 502 Bad gateway. If the request times out, e.g. takes longer time than allowed, the HTTP status code is now 504 Gateway timeout instead of 502 Bad gateway. This also means that request metrics and logs will get their status codes adjusted according to above. Fixes #46337 Fixes #46338
2022-04-11 07:17:08 -04:00
}
return nil
Auth: Rotate auth tokens at the end of requests (#21347) By rotating the auth tokens at the end of the request we ensure that there is minimum delay between a new token being generated and the client receiving it. Adds auth token slow load test which uses random latency for all tsdb queries.. Cleans up datasource proxy response handling. DefaultHandler in middleware tests should write a response, the responseWriter BeforeFuncs wont get executed unless a response is written. Fixes #18644 Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
2020-01-15 07:03:12 -05:00
}
Instrumentation: Proxy status code correction and various improvements (#47473) For a proxied request, e.g. Grafana's datasource or plugin proxy: If the request is cancelled, e.g. from the browser, the HTTP status code is now 499 Client closed request instead of 502 Bad gateway. If the request times out, e.g. takes longer time than allowed, the HTTP status code is now 504 Gateway timeout instead of 502 Bad gateway. This also means that request metrics and logs will get their status codes adjusted according to above. Fixes #46337 Fixes #46338
2022-04-11 07:17:08 -04:00
reverseProxy := proxyutil.NewReverseProxy(
proxyErrorLogger,
proxy.director,
proxyutil.WithTransport(transport),
proxyutil.WithModifyResponse(modifyResponse),
)
feat: data source proxy refactoring and route handling, #9078
2017-08-22 11:14:15 -04:00
proxy.logRequest()
Chore: Implement OpenTelemtry in Grafana (#42674) * Separate Tracer interface to TracerService and Tracer * Fix lint * Fix:Make it possible to start spans for both opentracing and opentelemetry in ds proxy * Add span methods, use span interface for rest of tracing * Fix logs in tracing * Fix tests that are related to tracing * Fix resourcepermissions test * Fix some tests * Fix more tests * Add TracingService to wire cli runner * Remove GlobalTracer from bus * Renaming test function * Remove GlobalTracer from TSDB * Replace GlobalTracer in api * Adjust tests to the InitializeForTests func * Remove GlobalTracer from services * Remove GlobalTracer * Remove bus.NewTest * Remove Tracer interface * Add InitializeForBus * Simplify tests * Clean up tests * Rename TracerService to Tracer * Update pkg/middleware/request_tracing.go Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com> * Initialize tracer before passing it to SQLStore initialization in commands * Remove tests for opentracing * Set span attributes correctly, remove unnecessary trace initiliazation form test * Add tracer instance to newSQLStore * Fix changes due to rebase * Add modified tracing middleware test * Fix opentracing implementation tags Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
2022-01-20 05:10:12 -05:00
ctx, span := proxy.tracer.Start(proxy.ctx.Req.Context(), "datasource reverse proxy")
defer span.End()
Data source proxy: Convert 401 from data source to 400 (#28962) * Data source proxy: Convert 401 from data source to 400 Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-11-13 07:21:43 -05:00
Macaron: remove custom Request type (#37874) * remove macaron.Request, use http.Request instead * remove com dependency from bindings module * fix another c.Req.Request
2021-09-01 05:18:30 -04:00
proxy.ctx.Req = proxy.ctx.Req.WithContext(ctx)
add traces for datasource reverse proxy requests
2017-09-12 04:25:40 -04:00
Tracing: Standardize on otel tracing (#75528)
2023-10-03 08:54:20 -04:00
span.SetAttributes(
DataSource/Proxy: decouple from DataSourceService from ds_proxy (#125752)
2026-06-08 06:28:30 -04:00
attribute.String("datasource_name", proxy.ds.Spec.Title()),
attribute.String("datasource_type", proxy.dataSource.PluginType()),
attribute.String("user", proxy.requester.GetLogin()),
attribute.Int64("org_id", proxy.requester.GetOrgID()),
Tracing: Standardize on otel tracing (#75528)
2023-10-03 08:54:20 -04:00
)
add traces for datasource reverse proxy requests
2017-09-12 04:25:40 -04:00
dataproxy: adds dashboardid and panelid as tags closes #11315
2018-03-20 17:21:24 -04:00
proxy.addTraceFromHeaderValue(span, "X-Panel-Id", "panel_id")
proxy.addTraceFromHeaderValue(span, "X-Dashboard-Id", "dashboard_id")
Chore: Implement OpenTelemtry in Grafana (#42674) * Separate Tracer interface to TracerService and Tracer * Fix lint * Fix:Make it possible to start spans for both opentracing and opentelemetry in ds proxy * Add span methods, use span interface for rest of tracing * Fix logs in tracing * Fix tests that are related to tracing * Fix resourcepermissions test * Fix some tests * Fix more tests * Add TracingService to wire cli runner * Remove GlobalTracer from bus * Renaming test function * Remove GlobalTracer from TSDB * Replace GlobalTracer in api * Adjust tests to the InitializeForTests func * Remove GlobalTracer from services * Remove GlobalTracer * Remove bus.NewTest * Remove Tracer interface * Add InitializeForBus * Simplify tests * Clean up tests * Rename TracerService to Tracer * Update pkg/middleware/request_tracing.go Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com> * Initialize tracer before passing it to SQLStore initialization in commands * Remove tests for opentracing * Set span attributes correctly, remove unnecessary trace initiliazation form test * Add tracer instance to newSQLStore * Fix changes due to rebase * Add modified tracing middleware test * Fix opentracing implementation tags Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
2022-01-20 05:10:12 -05:00
proxy.tracer.Inject(ctx, proxy.ctx.Req.Header, span)
add trace headers for outgoing requests
2017-09-12 05:06:37 -04:00
Macaron: remove custom Request type (#37874) * remove macaron.Request, use http.Request instead * remove com dependency from bindings module * fix another c.Req.Request
2021-09-01 05:18:30 -04:00
reverseProxy.ServeHTTP(proxy.ctx.Resp, proxy.ctx.Req)
feat: data source proxy refactoring and route handling, #9078
2017-08-22 11:14:15 -04:00
}
Tracing: Standardize on otel tracing (#75528)
2023-10-03 08:54:20 -04:00
func (proxy *DataSourceProxy) addTraceFromHeaderValue(span trace.Span, headerName string, tagName string) {
dataproxy: adds dashboardid and panelid as tags closes #11315
2018-03-20 17:21:24 -04:00
panelId := proxy.ctx.Req.Header.Get(headerName)
dashId, err := strconv.Atoi(panelId)
if err == nil {
Tracing: Standardize on otel tracing (#75528)
2023-10-03 08:54:20 -04:00
span.SetAttributes(attribute.Int(tagName, dashId))
dataproxy: adds dashboardid and panelid as tags closes #11315
2018-03-20 17:21:24 -04:00
}
}
Data source proxy: Convert 401 from data source to 400 (#28962) * Data source proxy: Convert 401 from data source to 400 Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-11-13 07:21:43 -05:00
func (proxy *DataSourceProxy) director(req *http.Request) {
req.URL.Scheme = proxy.targetUrl.Scheme
req.URL.Host = proxy.targetUrl.Host
req.Host = proxy.targetUrl.Host
reqQueryVals := req.URL.Query()
Logging: Introduce API for contextual logging (#55198) Introduces a FromContext method on the log.Logger interface that allows contextual key/value pairs to be attached, e.g. per request, so that any logger using this API will automatically get the per request context attached. The proposal makes the traceID available for contextual logger , if available, and would allow logs originating from a certain HTTP request to be correlated with traceID. In addition, when tracing not enabled, skip adding traceID=00000000000000000000000000000000 to logs.
2022-09-20 12:32:06 -04:00
ctxLogger := logger.FromContext(req.Context())
DataSource/Proxy: decouple from DataSourceService from ds_proxy (#125752)
2026-06-08 06:28:30 -04:00
ds := proxy.ds
Logging: Introduce API for contextual logging (#55198) Introduces a FromContext method on the log.Logger interface that allows contextual key/value pairs to be attached, e.g. per request, so that any logger using this API will automatically get the per request context attached. The proposal makes the traceID available for contextual logger , if available, and would allow logs originating from a certain HTTP request to be correlated with traceID. In addition, when tracing not enabled, skip adding traceID=00000000000000000000000000000000 to logs.
2022-09-20 12:32:06 -04:00
DataSource/Proxy: decouple from DataSourceService from ds_proxy (#125752)
2026-06-08 06:28:30 -04:00
switch proxy.dataSource.PluginType() {
backend/datasources: move datasources models into the datasources service package (#51267) * backend/datasources: move datasources models into the datasources service pkg
2022-06-27 12:23:15 -04:00
case datasources.DS_INFLUXDB_08:
DataSource/Proxy: decouple from DataSourceService from ds_proxy (#125752)
2026-06-08 06:28:30 -04:00
password, err := proxy.dataSource.DecryptedPassword(req.Context())
Secrets: Implement basic unified secret store service (#45804) * wip: Implement kvstore for secrets * wip: Refactor kvstore for secrets * wip: Add format key function to secrets kvstore sql * wip: Add migration for secrets kvstore * Remove unused Key field from secrets kvstore * Remove secret values from debug logs * Integrate unified secrets with datasources * Fix minor issues and tests for kvstore * Create test service helper for secret store * Remove encryption tests from datasources * Move secret operations after datasources * Fix datasource proxy tests * Fix legacy data tests * Add Name to all delete data source commands * Implement decryption cache on sql secret store * Fix minor issue with cache and tests * Use secret type on secret store datasource operations * Add comments to make create and update clear * Rename itemFound variable to isFound * Improve secret deletion and cache management * Add base64 encoding to sql secret store * Move secret retrieval to decrypted values function * Refactor decrypt secure json data functions * Fix expr tests * Fix datasource tests * Fix plugin proxy tests * Fix query tests * Fix metrics api tests * Remove unused fake secrets service from query tests * Add rename function to secret store * Add check for error renaming secret * Remove bus from tests to fix merge conflicts * Add background secrets migration to datasources * Get datasource secure json fields from secrets * Move migration to secret store * Revert "Move migration to secret store" This reverts commit 7c3f872072e9aff601fb9d639127d468c03f97ef. * Add secret service to datasource service on tests * Fix datasource tests * Remove merge conflict on wire * Add ctx to data source http transport on prometheus stats collector * Add ctx to data source http transport on stats collector test
2022-04-25 12:57:45 -04:00
if err != nil {
Logging: Introduce API for contextual logging (#55198) Introduces a FromContext method on the log.Logger interface that allows contextual key/value pairs to be attached, e.g. per request, so that any logger using this API will automatically get the per request context attached. The proposal makes the traceID available for contextual logger , if available, and would allow logs originating from a certain HTTP request to be correlated with traceID. In addition, when tracing not enabled, skip adding traceID=00000000000000000000000000000000 to logs.
2022-09-20 12:32:06 -04:00
ctxLogger.Error("Error interpolating proxy url", "error", err)
Secrets: Implement basic unified secret store service (#45804) * wip: Implement kvstore for secrets * wip: Refactor kvstore for secrets * wip: Add format key function to secrets kvstore sql * wip: Add migration for secrets kvstore * Remove unused Key field from secrets kvstore * Remove secret values from debug logs * Integrate unified secrets with datasources * Fix minor issues and tests for kvstore * Create test service helper for secret store * Remove encryption tests from datasources * Move secret operations after datasources * Fix datasource proxy tests * Fix legacy data tests * Add Name to all delete data source commands * Implement decryption cache on sql secret store * Fix minor issue with cache and tests * Use secret type on secret store datasource operations * Add comments to make create and update clear * Rename itemFound variable to isFound * Improve secret deletion and cache management * Add base64 encoding to sql secret store * Move secret retrieval to decrypted values function * Refactor decrypt secure json data functions * Fix expr tests * Fix datasource tests * Fix plugin proxy tests * Fix query tests * Fix metrics api tests * Remove unused fake secrets service from query tests * Add rename function to secret store * Add check for error renaming secret * Remove bus from tests to fix merge conflicts * Add background secrets migration to datasources * Get datasource secure json fields from secrets * Move migration to secret store * Revert "Move migration to secret store" This reverts commit 7c3f872072e9aff601fb9d639127d468c03f97ef. * Add secret service to datasource service on tests * Fix datasource tests * Remove merge conflict on wire * Add ctx to data source http transport on prometheus stats collector * Add ctx to data source http transport on stats collector test
2022-04-25 12:57:45 -04:00
return
}
DataSource/Proxy: decouple from DataSourceService from ds_proxy (#125752)
2026-06-08 06:28:30 -04:00
req.URL.RawPath = util.JoinURLFragments(proxy.targetUrl.Path, "db/"+ds.Spec.Database()+"/"+proxy.proxyPath)
reqQueryVals.Add("u", ds.Spec.User())
Secrets: Implement basic unified secret store service (#45804) * wip: Implement kvstore for secrets * wip: Refactor kvstore for secrets * wip: Add format key function to secrets kvstore sql * wip: Add migration for secrets kvstore * Remove unused Key field from secrets kvstore * Remove secret values from debug logs * Integrate unified secrets with datasources * Fix minor issues and tests for kvstore * Create test service helper for secret store * Remove encryption tests from datasources * Move secret operations after datasources * Fix datasource proxy tests * Fix legacy data tests * Add Name to all delete data source commands * Implement decryption cache on sql secret store * Fix minor issue with cache and tests * Use secret type on secret store datasource operations * Add comments to make create and update clear * Rename itemFound variable to isFound * Improve secret deletion and cache management * Add base64 encoding to sql secret store * Move secret retrieval to decrypted values function * Refactor decrypt secure json data functions * Fix expr tests * Fix datasource tests * Fix plugin proxy tests * Fix query tests * Fix metrics api tests * Remove unused fake secrets service from query tests * Add rename function to secret store * Add check for error renaming secret * Remove bus from tests to fix merge conflicts * Add background secrets migration to datasources * Get datasource secure json fields from secrets * Move migration to secret store * Revert "Move migration to secret store" This reverts commit 7c3f872072e9aff601fb9d639127d468c03f97ef. * Add secret service to datasource service on tests * Fix datasource tests * Remove merge conflict on wire * Add ctx to data source http transport on prometheus stats collector * Add ctx to data source http transport on stats collector test
2022-04-25 12:57:45 -04:00
reqQueryVals.Add("p", password)
Data source proxy: Convert 401 from data source to 400 (#28962) * Data source proxy: Convert 401 from data source to 400 Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-11-13 07:21:43 -05:00
req.URL.RawQuery = reqQueryVals.Encode()
backend/datasources: move datasources models into the datasources service package (#51267) * backend/datasources: move datasources models into the datasources service pkg
2022-06-27 12:23:15 -04:00
case datasources.DS_INFLUXDB:
DataSource/Proxy: decouple from DataSourceService from ds_proxy (#125752)
2026-06-08 06:28:30 -04:00
password, err := proxy.dataSource.DecryptedPassword(req.Context())
Secrets: Implement basic unified secret store service (#45804) * wip: Implement kvstore for secrets * wip: Refactor kvstore for secrets * wip: Add format key function to secrets kvstore sql * wip: Add migration for secrets kvstore * Remove unused Key field from secrets kvstore * Remove secret values from debug logs * Integrate unified secrets with datasources * Fix minor issues and tests for kvstore * Create test service helper for secret store * Remove encryption tests from datasources * Move secret operations after datasources * Fix datasource proxy tests * Fix legacy data tests * Add Name to all delete data source commands * Implement decryption cache on sql secret store * Fix minor issue with cache and tests * Use secret type on secret store datasource operations * Add comments to make create and update clear * Rename itemFound variable to isFound * Improve secret deletion and cache management * Add base64 encoding to sql secret store * Move secret retrieval to decrypted values function * Refactor decrypt secure json data functions * Fix expr tests * Fix datasource tests * Fix plugin proxy tests * Fix query tests * Fix metrics api tests * Remove unused fake secrets service from query tests * Add rename function to secret store * Add check for error renaming secret * Remove bus from tests to fix merge conflicts * Add background secrets migration to datasources * Get datasource secure json fields from secrets * Move migration to secret store * Revert "Move migration to secret store" This reverts commit 7c3f872072e9aff601fb9d639127d468c03f97ef. * Add secret service to datasource service on tests * Fix datasource tests * Remove merge conflict on wire * Add ctx to data source http transport on prometheus stats collector * Add ctx to data source http transport on stats collector test
2022-04-25 12:57:45 -04:00
if err != nil {
Logging: Introduce API for contextual logging (#55198) Introduces a FromContext method on the log.Logger interface that allows contextual key/value pairs to be attached, e.g. per request, so that any logger using this API will automatically get the per request context attached. The proposal makes the traceID available for contextual logger , if available, and would allow logs originating from a certain HTTP request to be correlated with traceID. In addition, when tracing not enabled, skip adding traceID=00000000000000000000000000000000 to logs.
2022-09-20 12:32:06 -04:00
ctxLogger.Error("Error interpolating proxy url", "error", err)
Secrets: Implement basic unified secret store service (#45804) * wip: Implement kvstore for secrets * wip: Refactor kvstore for secrets * wip: Add format key function to secrets kvstore sql * wip: Add migration for secrets kvstore * Remove unused Key field from secrets kvstore * Remove secret values from debug logs * Integrate unified secrets with datasources * Fix minor issues and tests for kvstore * Create test service helper for secret store * Remove encryption tests from datasources * Move secret operations after datasources * Fix datasource proxy tests * Fix legacy data tests * Add Name to all delete data source commands * Implement decryption cache on sql secret store * Fix minor issue with cache and tests * Use secret type on secret store datasource operations * Add comments to make create and update clear * Rename itemFound variable to isFound * Improve secret deletion and cache management * Add base64 encoding to sql secret store * Move secret retrieval to decrypted values function * Refactor decrypt secure json data functions * Fix expr tests * Fix datasource tests * Fix plugin proxy tests * Fix query tests * Fix metrics api tests * Remove unused fake secrets service from query tests * Add rename function to secret store * Add check for error renaming secret * Remove bus from tests to fix merge conflicts * Add background secrets migration to datasources * Get datasource secure json fields from secrets * Move migration to secret store * Revert "Move migration to secret store" This reverts commit 7c3f872072e9aff601fb9d639127d468c03f97ef. * Add secret service to datasource service on tests * Fix datasource tests * Remove merge conflict on wire * Add ctx to data source http transport on prometheus stats collector * Add ctx to data source http transport on stats collector test
2022-04-25 12:57:45 -04:00
return
}
Data proxy: Fix encoded characters in URL path should be proxied encoded (#30597) Fix encoded characters in URL path should be proxied as encoded in the data proxy. Fixes #26870 Fixes #31438 Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-03-17 07:17:41 -04:00
req.URL.RawPath = util.JoinURLFragments(proxy.targetUrl.Path, proxy.proxyPath)
Data source proxy: Convert 401 from data source to 400 (#28962) * Data source proxy: Convert 401 from data source to 400 Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-11-13 07:21:43 -05:00
req.URL.RawQuery = reqQueryVals.Encode()
DataSource/Proxy: decouple from DataSourceService from ds_proxy (#125752)
2026-06-08 06:28:30 -04:00
if !ds.Spec.BasicAuth() {
Encryption: Refactor securejsondata.SecureJsonData to stop relying on global functions (#38865) * Encryption: Add support to encrypt/decrypt sjd * Add datasources.Service as a proxy to datasources db operations * Encrypt ds.SecureJsonData before calling SQLStore * Move ds cache code into ds service * Fix tlsmanager tests * Fix pluginproxy tests * Remove some securejsondata.GetEncryptedJsonData usages * Add pluginsettings.Service as a proxy for plugin settings db operations * Add AlertNotificationService as a proxy for alert notification db operations * Remove some securejsondata.GetEncryptedJsonData usages * Remove more securejsondata.GetEncryptedJsonData usages * Fix lint errors * Minor fixes * Remove encryption global functions usages from ngalert * Fix lint errors * Minor fixes * Minor fixes * Remove securejsondata.DecryptedValue usage * Refactor the refactor * Remove securejsondata.DecryptedValue usage * Move securejsondata to migrations package * Move securejsondata to migrations package * Minor fix * Fix integration test * Fix integration tests * Undo undesired changes * Fix tests * Add context.Context into encryption methods * Fix tests * Fix tests * Fix tests * Trigger CI * Fix test * Add names to params of encryption service interface * Remove bus from CacheServiceImpl * Add logging * Add keys to logger Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> * Add missing key to logger Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> * Undo changes in markdown files * Fix formatting * Add context to secrets service * Rename decryptSecureJsonData to decryptSecureJsonDataFn * Name args in GetDecryptedValueFn * Add template back to NewAlertmanagerNotifier * Copy GetDecryptedValueFn to ngalert * Add logging to pluginsettings * Fix pluginsettings test Co-authored-by: Tania B <yalyna.ts@gmail.com> Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
2021-10-07 10:33:50 -04:00
req.Header.Set(
"Authorization",
DataSource/Proxy: decouple from DataSourceService from ds_proxy (#125752)
2026-06-08 06:28:30 -04:00
util.GetBasicAuthHeader(ds.Spec.User(), password),
Encryption: Refactor securejsondata.SecureJsonData to stop relying on global functions (#38865) * Encryption: Add support to encrypt/decrypt sjd * Add datasources.Service as a proxy to datasources db operations * Encrypt ds.SecureJsonData before calling SQLStore * Move ds cache code into ds service * Fix tlsmanager tests * Fix pluginproxy tests * Remove some securejsondata.GetEncryptedJsonData usages * Add pluginsettings.Service as a proxy for plugin settings db operations * Add AlertNotificationService as a proxy for alert notification db operations * Remove some securejsondata.GetEncryptedJsonData usages * Remove more securejsondata.GetEncryptedJsonData usages * Fix lint errors * Minor fixes * Remove encryption global functions usages from ngalert * Fix lint errors * Minor fixes * Minor fixes * Remove securejsondata.DecryptedValue usage * Refactor the refactor * Remove securejsondata.DecryptedValue usage * Move securejsondata to migrations package * Move securejsondata to migrations package * Minor fix * Fix integration test * Fix integration tests * Undo undesired changes * Fix tests * Add context.Context into encryption methods * Fix tests * Fix tests * Fix tests * Trigger CI * Fix test * Add names to params of encryption service interface * Remove bus from CacheServiceImpl * Add logging * Add keys to logger Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> * Add missing key to logger Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> * Undo changes in markdown files * Fix formatting * Add context to secrets service * Rename decryptSecureJsonData to decryptSecureJsonDataFn * Name args in GetDecryptedValueFn * Add template back to NewAlertmanagerNotifier * Copy GetDecryptedValueFn to ngalert * Add logging to pluginsettings * Fix pluginsettings test Co-authored-by: Tania B <yalyna.ts@gmail.com> Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
2021-10-07 10:33:50 -04:00
)
feat: data source proxy refactoring and route handling, #9078
2017-08-22 11:14:15 -04:00
}
Data source proxy: Convert 401 from data source to 400 (#28962) * Data source proxy: Convert 401 from data source to 400 Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-11-13 07:21:43 -05:00
default:
Data proxy: Fix encoded characters in URL path should be proxied encoded (#30597) Fix encoded characters in URL path should be proxied as encoded in the data proxy. Fixes #26870 Fixes #31438 Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-03-17 07:17:41 -04:00
req.URL.RawPath = util.JoinURLFragments(proxy.targetUrl.Path, proxy.proxyPath)
Data source proxy: Convert 401 from data source to 400 (#28962) * Data source proxy: Convert 401 from data source to 400 Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-11-13 07:21:43 -05:00
}
dsproxy: adds support for url params for plugin routes (#23503) * dsproxy: adds support for url params for plugin routes * docs: fixes after review * pluginproxy: rename Params to URLParams * Update pkg/plugins/app_plugin.go Co-Authored-By: Arve Knudsen <arve.knudsen@gmail.com> * Apply suggestions from code review Co-Authored-By: Diana Payton <52059945+oddlittlebird@users.noreply.github.com> Co-Authored-By: Arve Knudsen <arve.knudsen@gmail.com> * pluginproxy: rename struct Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com> Co-authored-by: Diana Payton <52059945+oddlittlebird@users.noreply.github.com>
2020-04-24 04:32:13 -04:00
Data proxy: Fix encoded characters in URL path should be proxied encoded (#30597) Fix encoded characters in URL path should be proxied as encoded in the data proxy. Fixes #26870 Fixes #31438 Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-03-17 07:17:41 -04:00
unescapedPath, err := url.PathUnescape(req.URL.RawPath)
if err != nil {
Logging: Introduce API for contextual logging (#55198) Introduces a FromContext method on the log.Logger interface that allows contextual key/value pairs to be attached, e.g. per request, so that any logger using this API will automatically get the per request context attached. The proposal makes the traceID available for contextual logger , if available, and would allow logs originating from a certain HTTP request to be correlated with traceID. In addition, when tracing not enabled, skip adding traceID=00000000000000000000000000000000 to logs.
2022-09-20 12:32:06 -04:00
ctxLogger.Error("Failed to unescape raw path", "rawPath", req.URL.RawPath, "error", err)
Data proxy: Fix encoded characters in URL path should be proxied encoded (#30597) Fix encoded characters in URL path should be proxied as encoded in the data proxy. Fixes #26870 Fixes #31438 Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
2021-03-17 07:17:41 -04:00
return
}
req.URL.Path = unescapedPath
DataSource/Proxy: decouple from DataSourceService from ds_proxy (#125752)
2026-06-08 06:28:30 -04:00
if ds.Spec.BasicAuth() {
password, err := proxy.dataSource.DecryptedBasicAuthPassword(req.Context())
Secrets: Implement basic unified secret store service (#45804) * wip: Implement kvstore for secrets * wip: Refactor kvstore for secrets * wip: Add format key function to secrets kvstore sql * wip: Add migration for secrets kvstore * Remove unused Key field from secrets kvstore * Remove secret values from debug logs * Integrate unified secrets with datasources * Fix minor issues and tests for kvstore * Create test service helper for secret store * Remove encryption tests from datasources * Move secret operations after datasources * Fix datasource proxy tests * Fix legacy data tests * Add Name to all delete data source commands * Implement decryption cache on sql secret store * Fix minor issue with cache and tests * Use secret type on secret store datasource operations * Add comments to make create and update clear * Rename itemFound variable to isFound * Improve secret deletion and cache management * Add base64 encoding to sql secret store * Move secret retrieval to decrypted values function * Refactor decrypt secure json data functions * Fix expr tests * Fix datasource tests * Fix plugin proxy tests * Fix query tests * Fix metrics api tests * Remove unused fake secrets service from query tests * Add rename function to secret store * Add check for error renaming secret * Remove bus from tests to fix merge conflicts * Add background secrets migration to datasources * Get datasource secure json fields from secrets * Move migration to secret store * Revert "Move migration to secret store" This reverts commit 7c3f872072e9aff601fb9d639127d468c03f97ef. * Add secret service to datasource service on tests * Fix datasource tests * Remove merge conflict on wire * Add ctx to data source http transport on prometheus stats collector * Add ctx to data source http transport on stats collector test
2022-04-25 12:57:45 -04:00
if err != nil {
Logging: Introduce API for contextual logging (#55198) Introduces a FromContext method on the log.Logger interface that allows contextual key/value pairs to be attached, e.g. per request, so that any logger using this API will automatically get the per request context attached. The proposal makes the traceID available for contextual logger , if available, and would allow logs originating from a certain HTTP request to be correlated with traceID. In addition, when tracing not enabled, skip adding traceID=00000000000000000000000000000000 to logs.
2022-09-20 12:32:06 -04:00
ctxLogger.Error("Error interpolating proxy url", "error", err)
Secrets: Implement basic unified secret store service (#45804) * wip: Implement kvstore for secrets * wip: Refactor kvstore for secrets * wip: Add format key function to secrets kvstore sql * wip: Add migration for secrets kvstore * Remove unused Key field from secrets kvstore * Remove secret values from debug logs * Integrate unified secrets with datasources * Fix minor issues and tests for kvstore * Create test service helper for secret store * Remove encryption tests from datasources * Move secret operations after datasources * Fix datasource proxy tests * Fix legacy data tests * Add Name to all delete data source commands * Implement decryption cache on sql secret store * Fix minor issue with cache and tests * Use secret type on secret store datasource operations * Add comments to make create and update clear * Rename itemFound variable to isFound * Improve secret deletion and cache management * Add base64 encoding to sql secret store * Move secret retrieval to decrypted values function * Refactor decrypt secure json data functions * Fix expr tests * Fix datasource tests * Fix plugin proxy tests * Fix query tests * Fix metrics api tests * Remove unused fake secrets service from query tests * Add rename function to secret store * Add check for error renaming secret * Remove bus from tests to fix merge conflicts * Add background secrets migration to datasources * Get datasource secure json fields from secrets * Move migration to secret store * Revert "Move migration to secret store" This reverts commit 7c3f872072e9aff601fb9d639127d468c03f97ef. * Add secret service to datasource service on tests * Fix datasource tests * Remove merge conflict on wire * Add ctx to data source http transport on prometheus stats collector * Add ctx to data source http transport on stats collector test
2022-04-25 12:57:45 -04:00
return
}
DataSource/Proxy: decouple from DataSourceService from ds_proxy (#125752)
2026-06-08 06:28:30 -04:00
req.Header.Set("Authorization", util.GetBasicAuthHeader(ds.Spec.BasicAuthUser(),
Secrets: Implement basic unified secret store service (#45804) * wip: Implement kvstore for secrets * wip: Refactor kvstore for secrets * wip: Add format key function to secrets kvstore sql * wip: Add migration for secrets kvstore * Remove unused Key field from secrets kvstore * Remove secret values from debug logs * Integrate unified secrets with datasources * Fix minor issues and tests for kvstore * Create test service helper for secret store * Remove encryption tests from datasources * Move secret operations after datasources * Fix datasource proxy tests * Fix legacy data tests * Add Name to all delete data source commands * Implement decryption cache on sql secret store * Fix minor issue with cache and tests * Use secret type on secret store datasource operations * Add comments to make create and update clear * Rename itemFound variable to isFound * Improve secret deletion and cache management * Add base64 encoding to sql secret store * Move secret retrieval to decrypted values function * Refactor decrypt secure json data functions * Fix expr tests * Fix datasource tests * Fix plugin proxy tests * Fix query tests * Fix metrics api tests * Remove unused fake secrets service from query tests * Add rename function to secret store * Add check for error renaming secret * Remove bus from tests to fix merge conflicts * Add background secrets migration to datasources * Get datasource secure json fields from secrets * Move migration to secret store * Revert "Move migration to secret store" This reverts commit 7c3f872072e9aff601fb9d639127d468c03f97ef. * Add secret service to datasource service on tests * Fix datasource tests * Remove merge conflict on wire * Add ctx to data source http transport on prometheus stats collector * Add ctx to data source http transport on stats collector test
2022-04-25 12:57:45 -04:00
password))
Data source proxy: Convert 401 from data source to 400 (#28962) * Data source proxy: Convert 401 from data source to 400 Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-11-13 07:21:43 -05:00
}
feat: data source proxy refactoring and route handling, #9078
2017-08-22 11:14:15 -04:00
Data source proxy: Convert 401 from data source to 400 (#28962) * Data source proxy: Convert 401 from data source to 400 Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-11-13 07:21:43 -05:00
dsAuth := req.Header.Get("X-DS-Authorization")
if len(dsAuth) > 0 {
req.Header.Del("X-DS-Authorization")
req.Header.Set("Authorization", dsAuth)
}
feat: data source proxy refactoring and route handling, #9078
2017-08-22 11:14:15 -04:00
DataSource/Proxy: decouple from DataSourceService from ds_proxy (#125752)
2026-06-08 06:28:30 -04:00
proxyutil.ApplyUserHeader(proxy.settings.SendUserHeader, req, proxy.requester)
Add custom header with grafana user and a config switch for it
2019-03-14 08:04:47 -04:00
DataSource/Proxy: Move OAuthPassThru settings to the datasource package (#125325)
2026-05-23 06:36:49 -04:00
proxyutil.ClearCookieHeader(req, ds.Spec.KeepCookies(), []string{proxy.settings.LoginCookieName})
Datasource Proxy: Restrict full access to setting.Cfg (#125180) Plugin Proxy: Narrow data source config to DataSourceProxySettings The data source proxy only needs a handful of fields from setting.Cfg. Introduce a focused DataSourceProxySettings struct that exposes only those fields, load Azure settings lazily via a resolver callback so the proxy avoids touching Azure configuration unless an Azure-authenticated route is matched, and pass the new struct through the datasource proxy service in place of *setting.Cfg.
2026-05-21 05:09:14 -04:00
ua := proxy.settings.DataProxyUserAgent
if proxy.settings.DataProxyForwardUserAgent {
Data Source: Add forward_user_agent option to preserve client User-Agent (#124244) * Data Source: Add forward_user_agent option to preserve client User-Agent * Update pkg/api/pluginproxy/ds_proxy.go Co-authored-by: Will Browne <wbrowne@users.noreply.github.com> * Data Source: Fix gofmt and add test for empty DataProxyUserAgent --------- Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2026-05-06 06:15:38 -04:00
if originalUA := req.Header.Get("User-Agent"); originalUA != "" {
Data Source: Cap forwarded User-Agent length (#124704)
2026-05-13 04:17:20 -04:00
if len(originalUA) > maxForwardedUserAgentLen {
originalUA = originalUA[:maxForwardedUserAgentLen]
}
Data Source: Add forward_user_agent option to preserve client User-Agent (#124244) * Data Source: Add forward_user_agent option to preserve client User-Agent * Update pkg/api/pluginproxy/ds_proxy.go Co-authored-by: Will Browne <wbrowne@users.noreply.github.com> * Data Source: Fix gofmt and add test for empty DataProxyUserAgent --------- Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
2026-05-06 06:15:38 -04:00
if ua != "" {
ua = ua + " " + originalUA
} else {
ua = originalUA
}
}
}
req.Header.Set("User-Agent", ua)
feat: data source proxy refactoring and route handling, #9078
2017-08-22 11:14:15 -04:00
Plugins: Refactor Plugin Management (#40477) * add core plugin flow * add instrumentation * move func * remove cruft * support external backend plugins * refactor + clean up * remove comments * refactor loader * simplify core plugin path arg * cleanup loggers * move signature validator to plugins package * fix sig packaging * cleanup plugin model * remove unnecessary plugin field * add start+stop for pm * fix failures * add decommissioned state * export fields just to get things flowing * fix comments * set static routes * make image loading idempotent * merge with backend plugin manager * re-use funcs * reorder imports + remove unnecessary interface * add some TODOs + remove unused func * remove unused instrumentation func * simplify client usage * remove import alias * re-use backendplugin.Plugin interface * re order funcs * improve var name * fix log statements * refactor data model * add logic for dupe check during loading * cleanup state setting * refactor loader * cleanup manager interface * add rendering flow * refactor loading + init * add renderer support * fix renderer plugin * reformat imports * track errors * fix plugin signature inheritance * name param in interface * update func comment * fix func arg name * introduce class concept * remove func * fix external plugin check * apply changes from pm-experiment * fix core plugins * fix imports * rename interface * comment API interface * add support for testdata plugin * enable alerting + use correct core plugin contracts * slim manager API * fix param name * fix filter * support static routes * fix rendering * tidy rendering * get tests compiling * fix install+uninstall * start finder test * add finder test coverage * start loader tests * add test for core plugins * load core + bundled test * add test for nested plugin loading * add test files * clean interface + fix registering some core plugins * refactoring * reformat and create sub packages * simplify core plugin init * fix ctx cancel scenario * migrate initializer * remove Init() funcs * add test starter * new logger * flesh out initializer tests * refactoring * remove unused svc * refactor rendering flow * fixup loader tests * add enabled helper func * fix logger name * fix data fetchers * fix case where plugin dir doesn't exist * improve coverage + move dupe checking to loader * remove noisy debug logs * register core plugins automagically * add support for renderer in catalog * make private func + fix req validation * use interface * re-add check for renderer in catalog * tidy up from moving to auto reg core plugins * core plugin registrar * guards * copy over core plugins for test infra * all tests green * renames * propagate new interfaces * kill old manager * get compiling * tidy up * update naming * refactor manager test + cleanup * add more cases to finder test * migrate validator to field * more coverage * refactor dupe checking * add test for plugin class * add coverage for initializer * split out rendering * move * fixup tests * fix uss test * fix frontend settings * fix grafanads test * add check when checking sig errors * fix enabled map * fixup * allow manual setup of CM * rename to cloud-monitoring * remove TODO * add installer interface for testing * loader interface returns * tests passing * refactor + add more coverage * support 'stackdriver' * fix frontend settings loading * improve naming based on package name * small tidy * refactor test * fix renderer start * make cloud-monitoring plugin ID clearer * add plugin update test * add integration tests * don't break all if sig can't be calculated * add root URL check test * add more signature verification tests * update DTO name * update enabled plugins comment * update comments * fix linter * revert fe naming change * fix errors endpoint * reset error code field name * re-order test to help verify * assert -> require * pm check * add missing entry + re-order * re-check * dump icon log * verify manager contents first * reformat * apply PR feedback * apply style changes * fix one vs all loading err * improve log output * only start when no signature error * move log * rework plugin update check * fix test * fix multi loading from cfg.PluginSettings * improve log output #2 * add error abstraction to capture errors without registering a plugin * add debug log * add unsigned warning * e2e test attempt * fix logger * set home path * prevent panic * alternate * ugh.. fix home path * return renderer even if not started * make renderer plugin managed * add fallback renderer icon, update renderer badge + prevent changes when renderer is installed * fix icon loading * rollback renderer changes * use correct field * remove unneccessary block * remove newline * remove unused func * fix bundled plugins base + module fields * remove unused field since refactor * add authorizer abstraction * loader only returns plugins expected to run * fix multi log output
2021-11-01 05:53:33 -04:00
if proxy.matchedRoute != nil {
DataSource/Proxy: decouple from DataSourceService from ds_proxy (#125752)
2026-06-08 06:28:30 -04:00
decryptedValues, err := proxy.dataSource.DecryptedValues(req.Context())
Secrets: Implement basic unified secret store service (#45804) * wip: Implement kvstore for secrets * wip: Refactor kvstore for secrets * wip: Add format key function to secrets kvstore sql * wip: Add migration for secrets kvstore * Remove unused Key field from secrets kvstore * Remove secret values from debug logs * Integrate unified secrets with datasources * Fix minor issues and tests for kvstore * Create test service helper for secret store * Remove encryption tests from datasources * Move secret operations after datasources * Fix datasource proxy tests * Fix legacy data tests * Add Name to all delete data source commands * Implement decryption cache on sql secret store * Fix minor issue with cache and tests * Use secret type on secret store datasource operations * Add comments to make create and update clear * Rename itemFound variable to isFound * Improve secret deletion and cache management * Add base64 encoding to sql secret store * Move secret retrieval to decrypted values function * Refactor decrypt secure json data functions * Fix expr tests * Fix datasource tests * Fix plugin proxy tests * Fix query tests * Fix metrics api tests * Remove unused fake secrets service from query tests * Add rename function to secret store * Add check for error renaming secret * Remove bus from tests to fix merge conflicts * Add background secrets migration to datasources * Get datasource secure json fields from secrets * Move migration to secret store * Revert "Move migration to secret store" This reverts commit 7c3f872072e9aff601fb9d639127d468c03f97ef. * Add secret service to datasource service on tests * Fix datasource tests * Remove merge conflict on wire * Add ctx to data source http transport on prometheus stats collector * Add ctx to data source http transport on stats collector test
2022-04-25 12:57:45 -04:00
if err != nil {
Logging: Introduce API for contextual logging (#55198) Introduces a FromContext method on the log.Logger interface that allows contextual key/value pairs to be attached, e.g. per request, so that any logger using this API will automatically get the per request context attached. The proposal makes the traceID available for contextual logger , if available, and would allow logs originating from a certain HTTP request to be correlated with traceID. In addition, when tracing not enabled, skip adding traceID=00000000000000000000000000000000 to logs.
2022-09-20 12:32:06 -04:00
ctxLogger.Error("Error interpolating proxy url", "error", err)
Secrets: Implement basic unified secret store service (#45804) * wip: Implement kvstore for secrets * wip: Refactor kvstore for secrets * wip: Add format key function to secrets kvstore sql * wip: Add migration for secrets kvstore * Remove unused Key field from secrets kvstore * Remove secret values from debug logs * Integrate unified secrets with datasources * Fix minor issues and tests for kvstore * Create test service helper for secret store * Remove encryption tests from datasources * Move secret operations after datasources * Fix datasource proxy tests * Fix legacy data tests * Add Name to all delete data source commands * Implement decryption cache on sql secret store * Fix minor issue with cache and tests * Use secret type on secret store datasource operations * Add comments to make create and update clear * Rename itemFound variable to isFound * Improve secret deletion and cache management * Add base64 encoding to sql secret store * Move secret retrieval to decrypted values function * Refactor decrypt secure json data functions * Fix expr tests * Fix datasource tests * Fix plugin proxy tests * Fix query tests * Fix metrics api tests * Remove unused fake secrets service from query tests * Add rename function to secret store * Add check for error renaming secret * Remove bus from tests to fix merge conflicts * Add background secrets migration to datasources * Get datasource secure json fields from secrets * Move migration to secret store * Revert "Move migration to secret store" This reverts commit 7c3f872072e9aff601fb9d639127d468c03f97ef. * Add secret service to datasource service on tests * Fix datasource tests * Remove merge conflict on wire * Add ctx to data source http transport on prometheus stats collector * Add ctx to data source http transport on stats collector test
2022-04-25 12:57:45 -04:00
return
}
DataSource/Proxy: decouple from DataSourceService from ds_proxy (#125752)
2026-06-08 06:28:30 -04:00
ApplyRoute(req.Context(), req, proxy.proxyPath, proxy.matchedRoute, dsInfo(ds, decryptedValues), proxy.settings)
Data source proxy: Convert 401 from data source to 400 (#28962) * Data source proxy: Convert 401 from data source to 400 Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-11-13 07:21:43 -05:00
}
Add oauth pass-thru option for datasources
2019-02-01 19:40:57 -05:00
DataSource/Proxy: Move OAuthPassThru settings to the datasource package (#125325)
2026-05-23 06:36:49 -04:00
if ds.Spec.IsOAuthPassThruEnabled() {
DataSource/Proxy: decouple from DataSourceService from ds_proxy (#125752)
2026-06-08 06:28:30 -04:00
if token := proxy.oAuthTokenService.GetCurrentOAuthToken(req.Context(), proxy.requester, proxy.ctx.UserToken); token != nil {
Data source proxy: Convert 401 from data source to 400 (#28962) * Data source proxy: Convert 401 from data source to 400 Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-11-13 07:21:43 -05:00
req.Header.Set("Authorization", fmt.Sprintf("%s %s", token.Type(), token.AccessToken))
OAuth: Forward id token to the data source (#42422) * OAuth: Forward id token to the data source * Add tests * Forward id token in legacy API * Check if id_token is string or not
2021-11-29 09:40:05 -05:00
idToken, ok := token.Extra("id_token").(string)
if ok && idToken != "" {
req.Header.Set("X-ID-Token", idToken)
}
Add oauth pass-thru option for datasources
2019-02-01 19:40:57 -05:00
}
feat: data source proxy refactoring and route handling, #9078
2017-08-22 11:14:15 -04:00
}
IDforwarding: forward signed id to plugins (#75651) * Plugins: Add client middlware that forwards the signed grafana id token if present * DsProxy: Set grafana id header if id token exists * Add util function to apply id token to header * Only add id forwarding middleware if feature toggle is enabled * Add feature toggles to ds proxy and check if id forwarding is enabled * Clean up test setup * Change to use backend.ForwardHTTPHeaders interface * PluginProxy: Forward signed identity when feature toggle is enabled * PluginProxy: forrward signed id header
2023-10-02 03:14:10 -04:00
DataSource/Proxy: decouple from DataSourceService from ds_proxy (#125752)
2026-06-08 06:28:30 -04:00
proxyutil.ApplyForwardIDHeader(req, proxy.requester)
}
// dsInfo builds the DSInfo that ApplyRoute needs from a v0 datasource.
func dsInfo(ds *datasourcesV0.DataSource, decryptedValues map[string]string) DSInfo {
// JSONData may be absent or stored as a non-map value; ApplyRoute requires a non-nil map, so fall back to empty.
jsonData, ok := ds.Spec.JSONData().(map[string]any)
if !ok {
jsonData = make(map[string]any)
}
meta, _ := utils.MetaAccessor(ds)
updated := ds.CreationTimestamp.Time
if ts, _ := meta.GetUpdatedTimestamp(); ts != nil {
updated = *ts
}
return DSInfo{
ID: meta.GetDeprecatedInternalID(), // nolint:staticcheck
URL: ds.Spec.URL(),
Updated: updated,
JSONData: jsonData,
DecryptedSecureJSONData: decryptedValues,
}
feat: data source proxy refactoring and route handling, #9078
2017-08-22 11:14:15 -04:00
}
func (proxy *DataSourceProxy) validateRequest() error {
Chore: Remove public vars in setting package (#81018) Removes the public variable setting.SecretKey plus some other ones. Introduces some new functions for creating setting.Cfg.
2024-01-23 06:36:22 -05:00
if !proxy.checkWhiteList() {
Chore: Fix staticcheck issues (#28860) * Chore: Fix issues reported by staticcheck Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * Undo changes Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * Chore: Fix issues reported by staticcheck Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * Fix test Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * Fix test Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-11-05 07:07:06 -05:00
return errors.New("target URL is not a valid target")
feat: data source proxy refactoring and route handling, #9078
2017-08-22 11:14:15 -04:00
}
DataSource/Proxy: decouple from DataSourceService from ds_proxy (#125752)
2026-06-08 06:28:30 -04:00
if proxy.dataSource.PluginType() == datasources.DS_ES {
Macaron: remove custom Request type (#37874) * remove macaron.Request, use http.Request instead * remove com dependency from bindings module * fix another c.Req.Request
2021-09-01 05:18:30 -04:00
if proxy.ctx.Req.Method == "DELETE" {
Chore: Fix staticcheck issues (#28860) * Chore: Fix issues reported by staticcheck Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * Undo changes Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * Chore: Fix issues reported by staticcheck Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * Fix test Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * Fix test Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-11-05 07:07:06 -05:00
return errors.New("deletes not allowed on proxied Elasticsearch datasource")
feat: data source proxy refactoring and route handling, #9078
2017-08-22 11:14:15 -04:00
}
Macaron: remove custom Request type (#37874) * remove macaron.Request, use http.Request instead * remove com dependency from bindings module * fix another c.Req.Request
2021-09-01 05:18:30 -04:00
if proxy.ctx.Req.Method == "PUT" {
Chore: Fix staticcheck issues (#28860) * Chore: Fix issues reported by staticcheck Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * Undo changes Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * Chore: Fix issues reported by staticcheck Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * Fix test Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * Fix test Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-11-05 07:07:06 -05:00
return errors.New("puts not allowed on proxied Elasticsearch datasource")
feat: data source proxy refactoring and route handling, #9078
2017-08-22 11:14:15 -04:00
}
Macaron: remove custom Request type (#37874) * remove macaron.Request, use http.Request instead * remove com dependency from bindings module * fix another c.Req.Request
2021-09-01 05:18:30 -04:00
if proxy.ctx.Req.Method == "POST" && proxy.proxyPath != "_msearch" {
Chore: Fix staticcheck issues (#28860) * Chore: Fix issues reported by staticcheck Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * Undo changes Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * Chore: Fix issues reported by staticcheck Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * Fix test Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * Fix test Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
2020-11-05 07:07:06 -05:00
return errors.New("posts not allowed on proxied Elasticsearch datasource except on /_msearch")
feat: data source proxy refactoring and route handling, #9078
2017-08-22 11:14:15 -04:00
}
}
// found route if there are any
Plugins: Refactor Plugin Management (#40477) * add core plugin flow * add instrumentation * move func * remove cruft * support external backend plugins * refactor + clean up * remove comments * refactor loader * simplify core plugin path arg * cleanup loggers * move signature validator to plugins package * fix sig packaging * cleanup plugin model * remove unnecessary plugin field * add start+stop for pm * fix failures * add decommissioned state * export fields just to get things flowing * fix comments * set static routes * make image loading idempotent * merge with backend plugin manager * re-use funcs * reorder imports + remove unnecessary interface * add some TODOs + remove unused func * remove unused instrumentation func * simplify client usage * remove import alias * re-use backendplugin.Plugin interface * re order funcs * improve var name * fix log statements * refactor data model * add logic for dupe check during loading * cleanup state setting * refactor loader * cleanup manager interface * add rendering flow * refactor loading + init * add renderer support * fix renderer plugin * reformat imports * track errors * fix plugin signature inheritance * name param in interface * update func comment * fix func arg name * introduce class concept * remove func * fix external plugin check * apply changes from pm-experiment * fix core plugins * fix imports * rename interface * comment API interface * add support for testdata plugin * enable alerting + use correct core plugin contracts * slim manager API * fix param name * fix filter * support static routes * fix rendering * tidy rendering * get tests compiling * fix install+uninstall * start finder test * add finder test coverage * start loader tests * add test for core plugins * load core + bundled test * add test for nested plugin loading * add test files * clean interface + fix registering some core plugins * refactoring * reformat and create sub packages * simplify core plugin init * fix ctx cancel scenario * migrate initializer * remove Init() funcs * add test starter * new logger * flesh out initializer tests * refactoring * remove unused svc * refactor rendering flow * fixup loader tests * add enabled helper func * fix logger name * fix data fetchers * fix case where plugin dir doesn't exist * improve coverage + move dupe checking to loader * remove noisy debug logs * register core plugins automagically * add support for renderer in catalog * make private func + fix req validation * use interface * re-add check for renderer in catalog * tidy up from moving to auto reg core plugins * core plugin registrar * guards * copy over core plugins for test infra * all tests green * renames * propagate new interfaces * kill old manager * get compiling * tidy up * update naming * refactor manager test + cleanup * add more cases to finder test * migrate validator to field * more coverage * refactor dupe checking * add test for plugin class * add coverage for initializer * split out rendering * move * fixup tests * fix uss test * fix frontend settings * fix grafanads test * add check when checking sig errors * fix enabled map * fixup * allow manual setup of CM * rename to cloud-monitoring * remove TODO * add installer interface for testing * loader interface returns * tests passing * refactor + add more coverage * support 'stackdriver' * fix frontend settings loading * improve naming based on package name * small tidy * refactor test * fix renderer start * make cloud-monitoring plugin ID clearer * add plugin update test * add integration tests * don't break all if sig can't be calculated * add root URL check test * add more signature verification tests * update DTO name * update enabled plugins comment * update comments * fix linter * revert fe naming change * fix errors endpoint * reset error code field name * re-order test to help verify * assert -> require * pm check * add missing entry + re-order * re-check * dump icon log * verify manager contents first * reformat * apply PR feedback * apply style changes * fix one vs all loading err * improve log output * only start when no signature error * move log * rework plugin update check * fix test * fix multi loading from cfg.PluginSettings * improve log output #2 * add error abstraction to capture errors without registering a plugin * add debug log * add unsigned warning * e2e test attempt * fix logger * set home path * prevent panic * alternate * ugh.. fix home path * return renderer even if not started * make renderer plugin managed * add fallback renderer icon, update renderer badge + prevent changes when renderer is installed * fix icon loading * rollback renderer changes * use correct field * remove unneccessary block * remove newline * remove unused func * fix bundled plugins base + module fields * remove unused field since refactor * add authorizer abstraction * loader only returns plugins expected to run * fix multi log output
2021-11-01 05:53:33 -04:00
for _, route := range proxy.pluginRoutes {
// method match
if route.Method != "" && route.Method != "*" && route.Method != proxy.ctx.Req.Method {
continue
}
feat: data source proxy refactoring and route handling, #9078
2017-08-22 11:14:15 -04:00
Plugins: Refactor Plugin Management (#40477) * add core plugin flow * add instrumentation * move func * remove cruft * support external backend plugins * refactor + clean up * remove comments * refactor loader * simplify core plugin path arg * cleanup loggers * move signature validator to plugins package * fix sig packaging * cleanup plugin model * remove unnecessary plugin field * add start+stop for pm * fix failures * add decommissioned state * export fields just to get things flowing * fix comments * set static routes * make image loading idempotent * merge with backend plugin manager * re-use funcs * reorder imports + remove unnecessary interface * add some TODOs + remove unused func * remove unused instrumentation func * simplify client usage * remove import alias * re-use backendplugin.Plugin interface * re order funcs * improve var name * fix log statements * refactor data model * add logic for dupe check during loading * cleanup state setting * refactor loader * cleanup manager interface * add rendering flow * refactor loading + init * add renderer support * fix renderer plugin * reformat imports * track errors * fix plugin signature inheritance * name param in interface * update func comment * fix func arg name * introduce class concept * remove func * fix external plugin check * apply changes from pm-experiment * fix core plugins * fix imports * rename interface * comment API interface * add support for testdata plugin * enable alerting + use correct core plugin contracts * slim manager API * fix param name * fix filter * support static routes * fix rendering * tidy rendering * get tests compiling * fix install+uninstall * start finder test * add finder test coverage * start loader tests * add test for core plugins * load core + bundled test * add test for nested plugin loading * add test files * clean interface + fix registering some core plugins * refactoring * reformat and create sub packages * simplify core plugin init * fix ctx cancel scenario * migrate initializer * remove Init() funcs * add test starter * new logger * flesh out initializer tests * refactoring * remove unused svc * refactor rendering flow * fixup loader tests * add enabled helper func * fix logger name * fix data fetchers * fix case where plugin dir doesn't exist * improve coverage + move dupe checking to loader * remove noisy debug logs * register core plugins automagically * add support for renderer in catalog * make private func + fix req validation * use interface * re-add check for renderer in catalog * tidy up from moving to auto reg core plugins * core plugin registrar * guards * copy over core plugins for test infra * all tests green * renames * propagate new interfaces * kill old manager * get compiling * tidy up * update naming * refactor manager test + cleanup * add more cases to finder test * migrate validator to field * more coverage * refactor dupe checking * add test for plugin class * add coverage for initializer * split out rendering * move * fixup tests * fix uss test * fix frontend settings * fix grafanads test * add check when checking sig errors * fix enabled map * fixup * allow manual setup of CM * rename to cloud-monitoring * remove TODO * add installer interface for testing * loader interface returns * tests passing * refactor + add more coverage * support 'stackdriver' * fix frontend settings loading * improve naming based on package name * small tidy * refactor test * fix renderer start * make cloud-monitoring plugin ID clearer * add plugin update test * add integration tests * don't break all if sig can't be calculated * add root URL check test * add more signature verification tests * update DTO name * update enabled plugins comment * update comments * fix linter * revert fe naming change * fix errors endpoint * reset error code field name * re-order test to help verify * assert -> require * pm check * add missing entry + re-order * re-check * dump icon log * verify manager contents first * reformat * apply PR feedback * apply style changes * fix one vs all loading err * improve log output * only start when no signature error * move log * rework plugin update check * fix test * fix multi loading from cfg.PluginSettings * improve log output #2 * add error abstraction to capture errors without registering a plugin * add debug log * add unsigned warning * e2e test attempt * fix logger * set home path * prevent panic * alternate * ugh.. fix home path * return renderer even if not started * make renderer plugin managed * add fallback renderer icon, update renderer badge + prevent changes when renderer is installed * fix icon loading * rollback renderer changes * use correct field * remove unneccessary block * remove newline * remove unused func * fix bundled plugins base + module fields * remove unused field since refactor * add authorizer abstraction * loader only returns plugins expected to run * fix multi log output
2021-11-01 05:53:33 -04:00
// route match
Plugins: Remove `pkg/infra/fs`, `pkg/infra/tracing` and `pkg/infra/process` dependencies from pkg/plugins (#115798) * remove dependency on packages * update tests * trigger
2026-01-05 06:12:31 -05:00
r1, err := plugins.CleanRelativePath(proxy.proxyPath)
Apply security patch 357-202503311017.patch (#104490) * Sanitize paths before evaluating access to route * use util.CleanRelativePath --------- Co-authored-by: Andres Martinez Gotor <andres.martinez@grafana.com>
2025-04-24 15:15:17 -04:00
if err != nil {
return err
}
Plugins: Remove `pkg/infra/fs`, `pkg/infra/tracing` and `pkg/infra/process` dependencies from pkg/plugins (#115798) * remove dependency on packages * update tests * trigger
2026-01-05 06:12:31 -05:00
r2, err := plugins.CleanRelativePath(route.Path)
Apply security patch 357-202503311017.patch (#104490) * Sanitize paths before evaluating access to route * use util.CleanRelativePath --------- Co-authored-by: Andres Martinez Gotor <andres.martinez@grafana.com>
2025-04-24 15:15:17 -04:00
if err != nil {
return err
}
Data Source: Proxy fallback routes must match all inputs (#116274)
2026-01-14 15:12:18 -05:00
// issues/116273: When we have an empty input route (or input that becomes relative to "."), we do not want it
// to be ".". This is because the `CleanRelativePath` function will never return "./" prefixes, and as such,
// the common prefix we need is an empty string.
if r1 == "." && proxy.proxyPath != "." {
r1 = ""
}
if r2 == "." && route.Path != "." {
r2 = ""
}
Apply security patch 357-202503311017.patch (#104490) * Sanitize paths before evaluating access to route * use util.CleanRelativePath --------- Co-authored-by: Andres Martinez Gotor <andres.martinez@grafana.com>
2025-04-24 15:15:17 -04:00
if !strings.HasPrefix(r1, r2) {
Plugins: Refactor Plugin Management (#40477) * add core plugin flow * add instrumentation * move func * remove cruft * support external backend plugins * refactor + clean up * remove comments * refactor loader * simplify core plugin path arg * cleanup loggers * move signature validator to plugins package * fix sig packaging * cleanup plugin model * remove unnecessary plugin field * add start+stop for pm * fix failures * add decommissioned state * export fields just to get things flowing * fix comments * set static routes * make image loading idempotent * merge with backend plugin manager * re-use funcs * reorder imports + remove unnecessary interface * add some TODOs + remove unused func * remove unused instrumentation func * simplify client usage * remove import alias * re-use backendplugin.Plugin interface * re order funcs * improve var name * fix log statements * refactor data model * add logic for dupe check during loading * cleanup state setting * refactor loader * cleanup manager interface * add rendering flow * refactor loading + init * add renderer support * fix renderer plugin * reformat imports * track errors * fix plugin signature inheritance * name param in interface * update func comment * fix func arg name * introduce class concept * remove func * fix external plugin check * apply changes from pm-experiment * fix core plugins * fix imports * rename interface * comment API interface * add support for testdata plugin * enable alerting + use correct core plugin contracts * slim manager API * fix param name * fix filter * support static routes * fix rendering * tidy rendering * get tests compiling * fix install+uninstall * start finder test * add finder test coverage * start loader tests * add test for core plugins * load core + bundled test * add test for nested plugin loading * add test files * clean interface + fix registering some core plugins * refactoring * reformat and create sub packages * simplify core plugin init * fix ctx cancel scenario * migrate initializer * remove Init() funcs * add test starter * new logger * flesh out initializer tests * refactoring * remove unused svc * refactor rendering flow * fixup loader tests * add enabled helper func * fix logger name * fix data fetchers * fix case where plugin dir doesn't exist * improve coverage + move dupe checking to loader * remove noisy debug logs * register core plugins automagically * add support for renderer in catalog * make private func + fix req validation * use interface * re-add check for renderer in catalog * tidy up from moving to auto reg core plugins * core plugin registrar * guards * copy over core plugins for test infra * all tests green * renames * propagate new interfaces * kill old manager * get compiling * tidy up * update naming * refactor manager test + cleanup * add more cases to finder test * migrate validator to field * more coverage * refactor dupe checking * add test for plugin class * add coverage for initializer * split out rendering * move * fixup tests * fix uss test * fix frontend settings * fix grafanads test * add check when checking sig errors * fix enabled map * fixup * allow manual setup of CM * rename to cloud-monitoring * remove TODO * add installer interface for testing * loader interface returns * tests passing * refactor + add more coverage * support 'stackdriver' * fix frontend settings loading * improve naming based on package name * small tidy * refactor test * fix renderer start * make cloud-monitoring plugin ID clearer * add plugin update test * add integration tests * don't break all if sig can't be calculated * add root URL check test * add more signature verification tests * update DTO name * update enabled plugins comment * update comments * fix linter * revert fe naming change * fix errors endpoint * reset error code field name * re-order test to help verify * assert -> require * pm check * add missing entry + re-order * re-check * dump icon log * verify manager contents first * reformat * apply PR feedback * apply style changes * fix one vs all loading err * improve log output * only start when no signature error * move log * rework plugin update check * fix test * fix multi loading from cfg.PluginSettings * improve log output #2 * add error abstraction to capture errors without registering a plugin * add debug log * add unsigned warning * e2e test attempt * fix logger * set home path * prevent panic * alternate * ugh.. fix home path * return renderer even if not started * make renderer plugin managed * add fallback renderer icon, update renderer badge + prevent changes when renderer is installed * fix icon loading * rollback renderer changes * use correct field * remove unneccessary block * remove newline * remove unused func * fix bundled plugins base + module fields * remove unused field since refactor * add authorizer abstraction * loader only returns plugins expected to run * fix multi log output
2021-11-01 05:53:33 -04:00
continue
}
Allows posting to prom rules endpoints via ds_proxy (#32946) * allows posting to prom rules endpoints via ds_proxy * prom proxy routes via plugin and fix proxy route matching bug * bump ci
2021-04-14 13:06:20 -04:00
DS proxy: Remove ft `datasourceProxyDisableRBAC` and logic (#101239) delete ft datasourceproxy
2025-02-25 12:30:58 -05:00
if !proxy.hasAccessToRoute(route) {
Data Source: Proxy fallback routes must match all inputs (#116274)
2026-01-14 15:12:18 -05:00
return errPluginProxyRouteAccessDenied
Allows posting to prom rules endpoints via ds_proxy (#32946) * allows posting to prom rules endpoints via ds_proxy * prom proxy routes via plugin and fix proxy route matching bug * bump ci
2021-04-14 13:06:20 -04:00
}
Plugins: Refactor Plugin Management (#40477) * add core plugin flow * add instrumentation * move func * remove cruft * support external backend plugins * refactor + clean up * remove comments * refactor loader * simplify core plugin path arg * cleanup loggers * move signature validator to plugins package * fix sig packaging * cleanup plugin model * remove unnecessary plugin field * add start+stop for pm * fix failures * add decommissioned state * export fields just to get things flowing * fix comments * set static routes * make image loading idempotent * merge with backend plugin manager * re-use funcs * reorder imports + remove unnecessary interface * add some TODOs + remove unused func * remove unused instrumentation func * simplify client usage * remove import alias * re-use backendplugin.Plugin interface * re order funcs * improve var name * fix log statements * refactor data model * add logic for dupe check during loading * cleanup state setting * refactor loader * cleanup manager interface * add rendering flow * refactor loading + init * add renderer support * fix renderer plugin * reformat imports * track errors * fix plugin signature inheritance * name param in interface * update func comment * fix func arg name * introduce class concept * remove func * fix external plugin check * apply changes from pm-experiment * fix core plugins * fix imports * rename interface * comment API interface * add support for testdata plugin * enable alerting + use correct core plugin contracts * slim manager API * fix param name * fix filter * support static routes * fix rendering * tidy rendering * get tests compiling * fix install+uninstall * start finder test * add finder test coverage * start loader tests * add test for core plugins * load core + bundled test * add test for nested plugin loading * add test files * clean interface + fix registering some core plugins * refactoring * reformat and create sub packages * simplify core plugin init * fix ctx cancel scenario * migrate initializer * remove Init() funcs * add test starter * new logger * flesh out initializer tests * refactoring * remove unused svc * refactor rendering flow * fixup loader tests * add enabled helper func * fix logger name * fix data fetchers * fix case where plugin dir doesn't exist * improve coverage + move dupe checking to loader * remove noisy debug logs * register core plugins automagically * add support for renderer in catalog * make private func + fix req validation * use interface * re-add check for renderer in catalog * tidy up from moving to auto reg core plugins * core plugin registrar * guards * copy over core plugins for test infra * all tests green * renames * propagate new interfaces * kill old manager * get compiling * tidy up * update naming * refactor manager test + cleanup * add more cases to finder test * migrate validator to field * more coverage * refactor dupe checking * add test for plugin class * add coverage for initializer * split out rendering * move * fixup tests * fix uss test * fix frontend settings * fix grafanads test * add check when checking sig errors * fix enabled map * fixup * allow manual setup of CM * rename to cloud-monitoring * remove TODO * add installer interface for testing * loader interface returns * tests passing * refactor + add more coverage * support 'stackdriver' * fix frontend settings loading * improve naming based on package name * small tidy * refactor test * fix renderer start * make cloud-monitoring plugin ID clearer * add plugin update test * add integration tests * don't break all if sig can't be calculated * add root URL check test * add more signature verification tests * update DTO name * update enabled plugins comment * update comments * fix linter * revert fe naming change * fix errors endpoint * reset error code field name * re-order test to help verify * assert -> require * pm check * add missing entry + re-order * re-check * dump icon log * verify manager contents first * reformat * apply PR feedback * apply style changes * fix one vs all loading err * improve log output * only start when no signature error * move log * rework plugin update check * fix test * fix multi loading from cfg.PluginSettings * improve log output #2 * add error abstraction to capture errors without registering a plugin * add debug log * add unsigned warning * e2e test attempt * fix logger * set home path * prevent panic * alternate * ugh.. fix home path * return renderer even if not started * make renderer plugin managed * add fallback renderer icon, update renderer badge + prevent changes when renderer is installed * fix icon loading * rollback renderer changes * use correct field * remove unneccessary block * remove newline * remove unused func * fix bundled plugins base + module fields * remove unused field since refactor * add authorizer abstraction * loader only returns plugins expected to run * fix multi log output
2021-11-01 05:53:33 -04:00
proxy.matchedRoute = route
return nil
Allows posting to prom rules endpoints via ds_proxy (#32946) * allows posting to prom rules endpoints via ds_proxy * prom proxy routes via plugin and fix proxy route matching bug * bump ci
2021-04-14 13:06:20 -04:00
}
// Trailing validation below this point for routes that were not matched
DataSource/Proxy: decouple from DataSourceService from ds_proxy (#125752)
2026-06-08 06:28:30 -04:00
switch proxy.dataSource.PluginType() {
case datasources.DS_PROMETHEUS,
datasources.DS_AMAZON_PROMETHEUS,
datasources.DS_AZURE_PROMETHEUS,
datasources.DS_LOKI:
switch proxy.ctx.Req.Method {
case "DELETE", "PUT", "POST":
return fmt.Errorf("non allow-listed %ss not allowed on proxied %s datasource", proxy.ctx.Req.Method, proxy.dataSource.PluginType())
Fix deleting prom rules endpoints via ds_proxy (#33491)
2021-04-29 03:20:51 -04:00
}
feat: data source proxy refactoring and route handling, #9078
2017-08-22 11:14:15 -04:00
}
return nil
}
Update DS Proxy to use RBAC action (#87517) iam-team: Update DS Proxy to use RBAC action
2024-05-21 09:05:16 -04:00
func (proxy *DataSourceProxy) hasAccessToRoute(route *plugins.Route) bool {
ctxLogger := logger.FromContext(proxy.ctx.Req.Context())
RBAC: Remove accessControlOnCall feature toggle (#101222) * RBAC: Remove accessControlOnCall feature toggle * Leave the other one in place * Tests * frontend * Readd empty ft to frontend test * Remove legacy RBAC check * Fix test * no need for context * Remove unused variable * Remove unecessary param * remove unecessary param from tests * More tests :D
2025-02-25 07:44:40 -05:00
if route.ReqAction != "" {
DataSource/Proxy: decouple from DataSourceService from ds_proxy (#125752)
2026-06-08 06:28:30 -04:00
routeEval := pluginac.GetDataSourceRouteEvaluator(proxy.ds.Name, route.ReqAction)
hasAccess := routeEval.Evaluate(proxy.requester.GetPermissions())
RBAC: Allow plugins to use scoped actions (#90946) Co-authored-by: gamab <gabriel.mabille@grafana.com>
2024-07-25 10:22:42 -04:00
if !hasAccess {
Update DS Proxy to use RBAC action (#87517) iam-team: Update DS Proxy to use RBAC action
2024-05-21 09:05:16 -04:00
ctxLogger.Debug("plugin route is covered by RBAC, user doesn't have access", "route", proxy.ctx.Req.URL.Path, "action", route.ReqAction, "path", route.Path, "method", route.Method)
}
RBAC: Allow plugins to use scoped actions (#90946) Co-authored-by: gamab <gabriel.mabille@grafana.com>
2024-07-25 10:22:42 -04:00
return hasAccess
Update DS Proxy to use RBAC action (#87517) iam-team: Update DS Proxy to use RBAC action
2024-05-21 09:05:16 -04:00
}
if route.ReqRole.IsValid() {
DataSource/Proxy: decouple from DataSourceService from ds_proxy (#125752)
2026-06-08 06:28:30 -04:00
if hasUserRole := proxy.requester.GetOrgRole().Includes(route.ReqRole); !hasUserRole {
Update DS Proxy to use RBAC action (#87517) iam-team: Update DS Proxy to use RBAC action
2024-05-21 09:05:16 -04:00
ctxLogger.Debug("plugin route is covered by org role, user doesn't have access", "route", proxy.ctx.Req.URL.Path, "role", route.ReqRole, "path", route.Path, "method", route.Method)
return false
}
}
return true
}
feat: data source proxy refactoring and route handling, #9078
2017-08-22 11:14:15 -04:00
func (proxy *DataSourceProxy) logRequest() {
Datasource Proxy: Restrict full access to setting.Cfg (#125180) Plugin Proxy: Narrow data source config to DataSourceProxySettings The data source proxy only needs a handful of fields from setting.Cfg. Introduce a focused DataSourceProxySettings struct that exposes only those fields, load Azure settings lazily via a resolver callback so the proxy avoids touching Azure configuration unless an Azure-authenticated route is matched, and pass the new struct through the datasource proxy service in place of *setting.Cfg.
2026-05-21 05:09:14 -04:00
if !proxy.settings.DataProxyLogging {
feat: data source proxy refactoring and route handling, #9078
2017-08-22 11:14:15 -04:00
return
}
var body string
Macaron: remove custom Request type (#37874) * remove macaron.Request, use http.Request instead * remove com dependency from bindings module * fix another c.Req.Request
2021-09-01 05:18:30 -04:00
if proxy.ctx.Req.Body != nil {
Handle ioutil deprecations (#53526) * replace ioutil.ReadFile -> os.ReadFile * replace ioutil.ReadAll -> io.ReadAll * replace ioutil.TempFile -> os.CreateTemp * replace ioutil.NopCloser -> io.NopCloser * replace ioutil.WriteFile -> os.WriteFile * replace ioutil.TempDir -> os.MkdirTemp * replace ioutil.Discard -> io.Discard
2022-08-10 09:37:51 -04:00
buffer, err := io.ReadAll(proxy.ctx.Req.Body)
feat: data source proxy refactoring and route handling, #9078
2017-08-22 11:14:15 -04:00
if err == nil {
Handle ioutil deprecations (#53526) * replace ioutil.ReadFile -> os.ReadFile * replace ioutil.ReadAll -> io.ReadAll * replace ioutil.TempFile -> os.CreateTemp * replace ioutil.NopCloser -> io.NopCloser * replace ioutil.WriteFile -> os.WriteFile * replace ioutil.TempDir -> os.MkdirTemp * replace ioutil.Discard -> io.Discard
2022-08-10 09:37:51 -04:00
proxy.ctx.Req.Body = io.NopCloser(bytes.NewBuffer(buffer))
feat: data source proxy refactoring and route handling, #9078
2017-08-22 11:14:15 -04:00
body = string(buffer)
}
}
DataSource/Proxy: decouple from DataSourceService from ds_proxy (#125752)
2026-06-08 06:28:30 -04:00
ctxLogger := logger.FromContext(proxy.ctx.Req.Context())
DataQuery: Track panel plugin id not type (#83091)
2024-02-21 03:38:42 -05:00
panelPluginId := proxy.ctx.Req.Header.Get("X-Panel-Plugin-Id")
Data query: Allow logging panel plugin id when executing queries (#81164) * Data query: Allo logging panel plugin id when executing queries * Update tracing header middleware * Test fix * Add panelPluginType to query analytics * Cleanup
2024-01-30 03:06:31 -05:00
Chore: Remove sensitive information from presigned URLs prior to logging (#87035) Co-authored-by: Will Browne <wbrowne@users.noreply.github.com> Co-authored-by: Dan Cech <dcech@grafana.com> Co-authored-by: Andres Martinez Gotor <andres.martinez@grafana.com>
2024-06-24 08:53:42 -04:00
uri, err := util.SanitizeURI(proxy.ctx.Req.RequestURI)
Alert: unexpected error log occur (#95491)
2024-10-28 10:34:07 -04:00
if err != nil {
DataSource/Proxy: decouple from DataSourceService from ds_proxy (#125752)
2026-06-08 06:28:30 -04:00
ctxLogger.Error("Could not sanitize RequestURI", "error", err)
Chore: Remove sensitive information from presigned URLs prior to logging (#87035) Co-authored-by: Will Browne <wbrowne@users.noreply.github.com> Co-authored-by: Dan Cech <dcech@grafana.com> Co-authored-by: Andres Martinez Gotor <andres.martinez@grafana.com>
2024-06-24 08:53:42 -04:00
}
DataSource/Proxy: decouple from DataSourceService from ds_proxy (#125752)
2026-06-08 06:28:30 -04:00
userid, _ := proxy.requester.GetInternalID()
Logging: Introduce API for contextual logging (#55198) Introduces a FromContext method on the log.Logger interface that allows contextual key/value pairs to be attached, e.g. per request, so that any logger using this API will automatically get the per request context attached. The proposal makes the traceID available for contextual logger , if available, and would allow logs originating from a certain HTTP request to be correlated with traceID. In addition, when tracing not enabled, skip adding traceID=00000000000000000000000000000000 to logs.
2022-09-20 12:32:06 -04:00
ctxLogger.Info("Proxying incoming request",
DataSource/Proxy: decouple from DataSourceService from ds_proxy (#125752)
2026-06-08 06:28:30 -04:00
"userid", userid,
"orgid", proxy.requester.GetOrgID(),
"username", proxy.requester.GetLogin(),
"datasource", proxy.dataSource.PluginType(),
Chore: Remove sensitive information from presigned URLs prior to logging (#87035) Co-authored-by: Will Browne <wbrowne@users.noreply.github.com> Co-authored-by: Dan Cech <dcech@grafana.com> Co-authored-by: Andres Martinez Gotor <andres.martinez@grafana.com>
2024-06-24 08:53:42 -04:00
"uri", uri,
Macaron: remove custom Request type (#37874) * remove macaron.Request, use http.Request instead * remove com dependency from bindings module * fix another c.Req.Request
2021-09-01 05:18:30 -04:00
"method", proxy.ctx.Req.Method,
DataQuery: Track panel plugin id not type (#83091)
2024-02-21 03:38:42 -05:00
"panelPluginId", panelPluginId,
feat: data source proxy refactoring and route handling, #9078
2017-08-22 11:14:15 -04:00
"body", body)
}
Chore: Remove public vars in setting package (#81018) Removes the public variable setting.SecretKey plus some other ones. Introduces some new functions for creating setting.Cfg.
2024-01-23 06:36:22 -05:00
func (proxy *DataSourceProxy) checkWhiteList() bool {
Datasource Proxy: Restrict full access to setting.Cfg (#125180) Plugin Proxy: Narrow data source config to DataSourceProxySettings The data source proxy only needs a handful of fields from setting.Cfg. Introduce a focused DataSourceProxySettings struct that exposes only those fields, load Azure settings lazily via a resolver callback so the proxy avoids touching Azure configuration unless an Azure-authenticated route is matched, and pass the new struct through the datasource proxy service in place of *setting.Cfg.
2026-05-21 05:09:14 -04:00
if proxy.targetUrl.Host != "" && len(proxy.settings.DataProxyWhiteList) > 0 {
if _, exists := proxy.settings.DataProxyWhiteList[proxy.targetUrl.Host]; !exists {
DataSource/Proxy: decouple from DataSourceService from ds_proxy (#125752)
2026-06-08 06:28:30 -04:00
writeJSONErr(proxy.ctx.Resp, proxy.ctx.Req, 403, "Data proxy hostname and ip are not included in whitelist", nil)
feat: data source proxy refactoring and route handling, #9078
2017-08-22 11:14:15 -04:00
return false
}
}
return true
}
Reference in a new issue Copy permalink