apitech
/
grafana
mirror of https://github.com/grafana/grafana
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many more.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
29994 Commits
2186 Branches
608 Tags
1.9 GiB
Tag: Branch: Tree: 36c997a625
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '36c997a625'
${ noResults }
grafana/pkg/api/pluginproxy/token_provider_jwt.go

98 lines
2.4 KiB
Raw Normal View History Unescape

PluginProxy: Split implementations of token providers (#32820) * Split implementations of token providers * Fix imports * Fix code racing in unit tests
4 years ago
package pluginproxy
import (
"context"
"fmt"
"sync"
"time"
"github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/plugins"
"golang.org/x/oauth2"
"golang.org/x/oauth2/jwt"
)
var (
oauthJwtTokenCache = oauthJwtTokenCacheType{
cache: map[string]*oauth2.Token{},
}
)
type oauthJwtTokenCacheType struct {
cache map[string]*oauth2.Token
sync.Mutex
}
type jwtAccessTokenProvider struct {
datasourceId int64
datasourceVersion int
ctx context.Context
route *plugins.AppPluginRoute
Plugins: AuthType in route configuration and params interpolation (#33674) * AuthType in route configuration * Pass interpolated auth parameters to token provider * Unit tests * Update after review Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com> Fixes #33669 Closed #33732
4 years ago
authParams *plugins.JwtTokenAuth
PluginProxy: Split implementations of token providers (#32820) * Split implementations of token providers * Fix imports * Fix code racing in unit tests
4 years ago
}
func newJwtAccessTokenProvider(ctx context.Context, ds *models.DataSource, pluginRoute *plugins.AppPluginRoute,
Plugins: AuthType in route configuration and params interpolation (#33674) * AuthType in route configuration * Pass interpolated auth parameters to token provider * Unit tests * Update after review Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com> Fixes #33669 Closed #33732
4 years ago
authParams *plugins.JwtTokenAuth) *jwtAccessTokenProvider {
PluginProxy: Split implementations of token providers (#32820) * Split implementations of token providers * Fix imports * Fix code racing in unit tests
4 years ago
return &jwtAccessTokenProvider{
datasourceId: ds.Id,
datasourceVersion: ds.Version,
ctx: ctx,
route: pluginRoute,
Plugins: AuthType in route configuration and params interpolation (#33674) * AuthType in route configuration * Pass interpolated auth parameters to token provider * Unit tests * Update after review Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com> Fixes #33669 Closed #33732
4 years ago
authParams: authParams,
PluginProxy: Split implementations of token providers (#32820) * Split implementations of token providers * Fix imports * Fix code racing in unit tests
4 years ago
}
}
func (provider *jwtAccessTokenProvider) getAccessToken() (string, error) {
oauthJwtTokenCache.Lock()
defer oauthJwtTokenCache.Unlock()
if cachedToken, found := oauthJwtTokenCache.cache[provider.getAccessTokenCacheKey()]; found {
if cachedToken.Expiry.After(timeNow().Add(time.Second * 10)) {
logger.Debug("Using token from cache")
return cachedToken.AccessToken, nil
}
}
conf := &jwt.Config{}
Plugins: AuthType in route configuration and params interpolation (#33674) * AuthType in route configuration * Pass interpolated auth parameters to token provider * Unit tests * Update after review Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com> Fixes #33669 Closed #33732
4 years ago
if val, ok := provider.authParams.Params["client_email"]; ok {
conf.Email = val
PluginProxy: Split implementations of token providers (#32820) * Split implementations of token providers * Fix imports * Fix code racing in unit tests
4 years ago
}
Plugins: AuthType in route configuration and params interpolation (#33674) * AuthType in route configuration * Pass interpolated auth parameters to token provider * Unit tests * Update after review Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com> Fixes #33669 Closed #33732
4 years ago
if val, ok := provider.authParams.Params["private_key"]; ok {
conf.PrivateKey = []byte(val)
PluginProxy: Split implementations of token providers (#32820) * Split implementations of token providers * Fix imports * Fix code racing in unit tests
4 years ago
}
Plugins: AuthType in route configuration and params interpolation (#33674) * AuthType in route configuration * Pass interpolated auth parameters to token provider * Unit tests * Update after review Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com> Fixes #33669 Closed #33732
4 years ago
if val, ok := provider.authParams.Params["token_uri"]; ok {
conf.TokenURL = val
PluginProxy: Split implementations of token providers (#32820) * Split implementations of token providers * Fix imports * Fix code racing in unit tests
4 years ago
}
Plugins: AuthType in route configuration and params interpolation (#33674) * AuthType in route configuration * Pass interpolated auth parameters to token provider * Unit tests * Update after review Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com> Fixes #33669 Closed #33732
4 years ago
conf.Scopes = provider.authParams.Scopes
PluginProxy: Split implementations of token providers (#32820) * Split implementations of token providers * Fix imports * Fix code racing in unit tests
4 years ago
token, err := getTokenSource(conf, provider.ctx)
if err != nil {
return "", err
}
oauthJwtTokenCache.cache[provider.getAccessTokenCacheKey()] = token
logger.Info("Got new access token", "ExpiresOn", token.Expiry)
return token.AccessToken, nil
}
// getTokenSource gets a token source.
// Stubbable by tests.
var getTokenSource = func(conf *jwt.Config, ctx context.Context) (*oauth2.Token, error) {
tokenSrc := conf.TokenSource(ctx)
token, err := tokenSrc.Token()
if err != nil {
return nil, err
}
return token, nil
}
func (provider *jwtAccessTokenProvider) getAccessTokenCacheKey() string {
return fmt.Sprintf("%v_%v_%v_%v", provider.datasourceId, provider.datasourceVersion, provider.route.Path, provider.route.Method)
}