apitech
/
grafana
mirror of https://github.com/grafana/grafana
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many more.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
48378 Commits
2186 Branches
608 Tags
1.9 GiB
Tag: Branch: Tree: ea243b536c
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'ea243b536c'
${ noResults }
grafana/pkg/api/pluginproxy/pluginproxy.go

224 lines
6.2 KiB
Raw Normal View History Unescape

feat(app routes): worked on app routes, added unit test, changed Grafana-Context header to start with X to be standard compliant, got cloud saas queries to work via app route feature and header template
10 years ago
package pluginproxy
import (
Instrumentation: Proxy status code correction and various improvements (#47473) For a proxied request, e.g. Grafana's datasource or plugin proxy: If the request is cancelled, e.g. from the browser, the HTTP status code is now 499 Client closed request instead of 502 Bad gateway. If the request times out, e.g. takes longer time than allowed, the HTTP status code is now 504 Gateway timeout instead of 502 Bad gateway. This also means that request metrics and logs will get their status codes adjusted according to above. Fixes #46337 Fixes #46338
3 years ago
"bytes"
feat(app routes): worked on app routes, added unit test, changed Grafana-Context header to start with X to be standard compliant, got cloud saas queries to work via app route feature and header template
10 years ago
"encoding/json"
Handle ioutil deprecations (#53526) * replace ioutil.ReadFile -> os.ReadFile * replace ioutil.ReadAll -> io.ReadAll * replace ioutil.TempFile -> os.CreateTemp * replace ioutil.NopCloser -> io.NopCloser * replace ioutil.WriteFile -> os.WriteFile * replace ioutil.TempDir -> os.MkdirTemp * replace ioutil.Discard -> io.Discard
3 years ago
"io"
feat(app routes): worked on app routes, added unit test, changed Grafana-Context header to start with X to be standard compliant, got cloud saas queries to work via app route feature and header template
10 years ago
"net/http"
"net/url"
FeatureToggles: Add context and and an explicit global check (#78081)
2 years ago
"go.opentelemetry.io/otel/attribute"
Plugins: Handle app plugin proxy routes per request (#51835) Fixes #47530
3 years ago
"github.com/grafana/grafana/pkg/infra/tracing"
feat(app routes): worked on app routes, added unit test, changed Grafana-Context header to start with X to be standard compliant, got cloud saas queries to work via app route feature and header template
10 years ago
"github.com/grafana/grafana/pkg/plugins"
RBAC: Cover plugin routes (#80578) * RBAC: Cover plugin routes * Action instead of ReqAction * Fix test initializations * Fix NewPluginProxy call * Duplicate test to add RBAC checks * Cover legacy access control as well * Fix typo * action -> reqAction * Add example Co-authored-by: Andres Martinez Gotor <andres.martinez@grafana.com> --------- Co-authored-by: Andres Martinez Gotor <andres.martinez@grafana.com>
1 year ago
ac "github.com/grafana/grafana/pkg/services/accesscontrol"
Chore: Move ReqContext to contexthandler service (#62102) * Chore: Move ReqContext to contexthandler service * Rename package to contextmodel * Generate ngalert files * Remove unused imports
2 years ago
contextmodel "github.com/grafana/grafana/pkg/services/contexthandler/model"
IDforwarding: forward signed id to plugins (#75651) * Plugins: Add client middlware that forwards the signed grafana id token if present * DsProxy: Set grafana id header if id token exists * Add util function to apply id token to header * Only add id forwarding middleware if feature toggle is enabled * Add feature toggles to ds proxy and check if id forwarding is enabled * Clean up test setup * Change to use backend.ForwardHTTPHeaders interface * PluginProxy: Forward signed identity when feature toggle is enabled * PluginProxy: forrward signed id header
2 years ago
"github.com/grafana/grafana/pkg/services/featuremgmt"
Plugins: Migrate `plugincontext`, `adapters` and `pluginsettings` to pkg/services/pluginsintegration package (#64154) * migrate plugincontext, adapter and pluginsettings * add to CODEOWNERS * fix imports * fix CODEOWNERS * take pluginsettings * migrate wire stuff
2 years ago
"github.com/grafana/grafana/pkg/services/pluginsintegration/pluginsettings"
Encryption: Use secrets service (#40251) * Use secrets service in pluginproxy * Use secrets service in pluginxontext * Use secrets service in pluginsettings * Use secrets service in provisioning * Use secrets service in authinfoservice * Use secrets service in api * Use secrets service in sqlstore * Use secrets service in dashboardshapshots * Use secrets service in tsdb * Use secrets service in datasources * Use secrets service in alerting * Use secrets service in ngalert * Break cyclic dependancy * Refactor service * Break cyclic dependancy * Add FakeSecretsStore * Setup Secrets Service in sqlstore * Fix * Continue secrets service refactoring * Fix cyclic dependancy in sqlstore tests * Fix secrets service references * Fix linter errors * Add fake secrets service for tests * Refactor SetupTestSecretsService * Update setting up secret service in tests * Fix missing secrets service in multiorg_alertmanager_test * Use fake db in tests and sort imports * Use fake db in datasources tests * Fix more tests * Fix linter issues * Attempt to fix plugin proxy tests * Pass secrets service to getPluginProxiedRequest in pluginproxy tests * Fix pluginproxy tests * Revert using secrets service in alerting and provisioning * Update decryptFn in alerting migration * Rename defaultProvider to currentProvider * Use fake secrets service in alert channels tests * Refactor secrets service test helper * Update setting up secrets service in tests * Revert alerting changes in api * Add comments * Remove secrets service from background services * Convert global encryption functions into vars * Revert "Convert global encryption functions into vars" This reverts commit 498eb19859eba364a2400a6d7e73236b1c9a5b37. * Add feature toggle for envelope encryption * Rename toggle Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> Co-authored-by: Joan López de la Franca Beltran <joanjan14@gmail.com>
4 years ago
"github.com/grafana/grafana/pkg/services/secrets"
Backend plugins: Prepare and clean request headers before resource calls (#22321) Moves common request proxy utilities to proxyutil package with support for removing X-Forwarded-Host, X-Forwarded-Port, X-Forwarded-Proto headers, setting X-Forwarded-For header and cleaning Cookie header. Using the proxyutil package to prepare and clean request headers before resource calls. Closes #21512
5 years ago
"github.com/grafana/grafana/pkg/setting"
feat(app routes): worked on app routes, added unit test, changed Grafana-Context header to start with X to be standard compliant, got cloud saas queries to work via app route feature and header template
10 years ago
"github.com/grafana/grafana/pkg/util"
Backend plugins: Prepare and clean request headers before resource calls (#22321) Moves common request proxy utilities to proxyutil package with support for removing X-Forwarded-Host, X-Forwarded-Port, X-Forwarded-Proto headers, setting X-Forwarded-For header and cleaning Cookie header. Using the proxyutil package to prepare and clean request headers before resource calls. Closes #21512
5 years ago
"github.com/grafana/grafana/pkg/util/proxyutil"
Plugins: Handle app plugin proxy routes per request (#51835) Fixes #47530
3 years ago
"github.com/grafana/grafana/pkg/web"
feat(app routes): worked on app routes, added unit test, changed Grafana-Context header to start with X to be standard compliant, got cloud saas queries to work via app route feature and header template
10 years ago
)
Plugins: Handle app plugin proxy routes per request (#51835) Fixes #47530
3 years ago
type PluginProxy struct {
RBAC: Cover plugin routes (#80578) * RBAC: Cover plugin routes * Action instead of ReqAction * Fix test initializations * Fix NewPluginProxy call * Duplicate test to add RBAC checks * Cover legacy access control as well * Fix typo * action -> reqAction * Add example Co-authored-by: Andres Martinez Gotor <andres.martinez@grafana.com> --------- Co-authored-by: Andres Martinez Gotor <andres.martinez@grafana.com>
1 year ago
accessControl ac.AccessControl
Plugins: Handle app plugin proxy routes per request (#51835) Fixes #47530
3 years ago
ps *pluginsettings.DTO
pluginRoutes []*plugins.Route
Chore: Move ReqContext to contexthandler service (#62102) * Chore: Move ReqContext to contexthandler service * Rename package to contextmodel * Generate ngalert files * Remove unused imports
2 years ago
ctx *contextmodel.ReqContext
Plugins: Handle app plugin proxy routes per request (#51835) Fixes #47530
3 years ago
proxyPath string
matchedRoute *plugins.Route
cfg *setting.Cfg
secretsService secrets.Service
tracer tracing.Tracer
transport *http.Transport
IDforwarding: forward signed id to plugins (#75651) * Plugins: Add client middlware that forwards the signed grafana id token if present * DsProxy: Set grafana id header if id token exists * Add util function to apply id token to header * Only add id forwarding middleware if feature toggle is enabled * Add feature toggles to ds proxy and check if id forwarding is enabled * Clean up test setup * Change to use backend.ForwardHTTPHeaders interface * PluginProxy: Forward signed identity when feature toggle is enabled * PluginProxy: forrward signed id header
2 years ago
features featuremgmt.FeatureToggles
feat(app routes): worked on app routes, added unit test, changed Grafana-Context header to start with X to be standard compliant, got cloud saas queries to work via app route feature and header template
10 years ago
}
Plugins: Handle app plugin proxy routes per request (#51835) Fixes #47530
3 years ago
// NewPluginProxy creates a plugin proxy.
Chore: Move ReqContext to contexthandler service (#62102) * Chore: Move ReqContext to contexthandler service * Rename package to contextmodel * Generate ngalert files * Remove unused imports
2 years ago
func NewPluginProxy(ps *pluginsettings.DTO, routes []*plugins.Route, ctx *contextmodel.ReqContext,
Plugins: Handle app plugin proxy routes per request (#51835) Fixes #47530
3 years ago
proxyPath string, cfg *setting.Cfg, secretsService secrets.Service, tracer tracing.Tracer,
RBAC: Cover plugin routes (#80578) * RBAC: Cover plugin routes * Action instead of ReqAction * Fix test initializations * Fix NewPluginProxy call * Duplicate test to add RBAC checks * Cover legacy access control as well * Fix typo * action -> reqAction * Add example Co-authored-by: Andres Martinez Gotor <andres.martinez@grafana.com> --------- Co-authored-by: Andres Martinez Gotor <andres.martinez@grafana.com>
1 year ago
transport *http.Transport, accessControl ac.AccessControl, features featuremgmt.FeatureToggles) (*PluginProxy, error) {
Plugins: Handle app plugin proxy routes per request (#51835) Fixes #47530
3 years ago
return &PluginProxy{
RBAC: Cover plugin routes (#80578) * RBAC: Cover plugin routes * Action instead of ReqAction * Fix test initializations * Fix NewPluginProxy call * Duplicate test to add RBAC checks * Cover legacy access control as well * Fix typo * action -> reqAction * Add example Co-authored-by: Andres Martinez Gotor <andres.martinez@grafana.com> --------- Co-authored-by: Andres Martinez Gotor <andres.martinez@grafana.com>
1 year ago
accessControl: accessControl,
Plugins: Handle app plugin proxy routes per request (#51835) Fixes #47530
3 years ago
ps: ps,
pluginRoutes: routes,
ctx: ctx,
proxyPath: proxyPath,
cfg: cfg,
secretsService: secretsService,
tracer: tracer,
transport: transport,
IDforwarding: forward signed id to plugins (#75651) * Plugins: Add client middlware that forwards the signed grafana id token if present * DsProxy: Set grafana id header if id token exists * Add util function to apply id token to header * Only add id forwarding middleware if feature toggle is enabled * Add feature toggles to ds proxy and check if id forwarding is enabled * Clean up test setup * Change to use backend.ForwardHTTPHeaders interface * PluginProxy: Forward signed identity when feature toggle is enabled * PluginProxy: forrward signed id header
2 years ago
features: features,
Plugins: Handle app plugin proxy routes per request (#51835) Fixes #47530
3 years ago
}, nil
}
Instrumentation: Proxy status code correction and various improvements (#47473) For a proxied request, e.g. Grafana's datasource or plugin proxy: If the request is cancelled, e.g. from the browser, the HTTP status code is now 499 Client closed request instead of 502 Bad gateway. If the request times out, e.g. takes longer time than allowed, the HTTP status code is now 504 Gateway timeout instead of 502 Bad gateway. This also means that request metrics and logs will get their status codes adjusted according to above. Fixes #46337 Fixes #46338
3 years ago
Plugins: Handle app plugin proxy routes per request (#51835) Fixes #47530
3 years ago
func (proxy *PluginProxy) HandleRequest() {
// found route if there are any
for _, route := range proxy.pluginRoutes {
// method match
if route.Method != "" && route.Method != "*" && route.Method != proxy.ctx.Req.Method {
continue
Fix panic when using complex dynamic URLs in app plugin routes (#27977) * remove unused function to interpolate URLs * share function to add headers between ds/plugin proxies * stop performing unnecessary plugin setting lookup * fix bug causing runtime errors when using complex templated URLs * lower case util functions not used outside of pluginproxy package * change test URL to a (valid) dummy URL to make intent clearer Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
5 years ago
}
Plugins: Handle app plugin proxy routes per request (#51835) Fixes #47530
3 years ago
t := web.NewTree()
t.Add(route.Path, nil)
_, params, isMatch := t.Match(proxy.proxyPath)
Encryption: Refactor securejsondata.SecureJsonData to stop relying on global functions (#38865) * Encryption: Add support to encrypt/decrypt sjd * Add datasources.Service as a proxy to datasources db operations * Encrypt ds.SecureJsonData before calling SQLStore * Move ds cache code into ds service * Fix tlsmanager tests * Fix pluginproxy tests * Remove some securejsondata.GetEncryptedJsonData usages * Add pluginsettings.Service as a proxy for plugin settings db operations * Add AlertNotificationService as a proxy for alert notification db operations * Remove some securejsondata.GetEncryptedJsonData usages * Remove more securejsondata.GetEncryptedJsonData usages * Fix lint errors * Minor fixes * Remove encryption global functions usages from ngalert * Fix lint errors * Minor fixes * Minor fixes * Remove securejsondata.DecryptedValue usage * Refactor the refactor * Remove securejsondata.DecryptedValue usage * Move securejsondata to migrations package * Move securejsondata to migrations package * Minor fix * Fix integration test * Fix integration tests * Undo undesired changes * Fix tests * Add context.Context into encryption methods * Fix tests * Fix tests * Fix tests * Trigger CI * Fix test * Add names to params of encryption service interface * Remove bus from CacheServiceImpl * Add logging * Add keys to logger Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> * Add missing key to logger Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com> * Undo changes in markdown files * Fix formatting * Add context to secrets service * Rename decryptSecureJsonData to decryptSecureJsonDataFn * Name args in GetDecryptedValueFn * Add template back to NewAlertmanagerNotifier * Copy GetDecryptedValueFn to ngalert * Add logging to pluginsettings * Fix pluginsettings test Co-authored-by: Tania B <yalyna.ts@gmail.com> Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
4 years ago
Plugins: Handle app plugin proxy routes per request (#51835) Fixes #47530
3 years ago
if !isMatch {
continue
Fix panic when using complex dynamic URLs in app plugin routes (#27977) * remove unused function to interpolate URLs * share function to add headers between ds/plugin proxies * stop performing unnecessary plugin setting lookup * fix bug causing runtime errors when using complex templated URLs * lower case util functions not used outside of pluginproxy package * change test URL to a (valid) dummy URL to make intent clearer Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
5 years ago
}
RBAC: Cover plugin routes (#80578) * RBAC: Cover plugin routes * Action instead of ReqAction * Fix test initializations * Fix NewPluginProxy call * Duplicate test to add RBAC checks * Cover legacy access control as well * Fix typo * action -> reqAction * Add example Co-authored-by: Andres Martinez Gotor <andres.martinez@grafana.com> --------- Co-authored-by: Andres Martinez Gotor <andres.martinez@grafana.com>
1 year ago
if !proxy.hasAccessToRoute(route) {
proxy.ctx.JsonApiErr(http.StatusForbidden, "plugin proxy route access denied", nil)
return
Fix panic when using complex dynamic URLs in app plugin routes (#27977) * remove unused function to interpolate URLs * share function to add headers between ds/plugin proxies * stop performing unnecessary plugin setting lookup * fix bug causing runtime errors when using complex templated URLs * lower case util functions not used outside of pluginproxy package * change test URL to a (valid) dummy URL to make intent clearer Co-authored-by: Arve Knudsen <arve.knudsen@gmail.com>
5 years ago
}
Plugins: Handle app plugin proxy routes per request (#51835) Fixes #47530
3 years ago
if path, exists := params["*"]; exists {
proxy.proxyPath = path
} else {
proxy.proxyPath = ""
feat(app routes): worked on app routes, added unit test, changed Grafana-Context header to start with X to be standard compliant, got cloud saas queries to work via app route feature and header template
10 years ago
}
Plugins: Handle app plugin proxy routes per request (#51835) Fixes #47530
3 years ago
proxy.matchedRoute = route
break
}
feat(app routes): worked on app routes, added unit test, changed Grafana-Context header to start with X to be standard compliant, got cloud saas queries to work via app route feature and header template
10 years ago
Plugins: Handle app plugin proxy routes per request (#51835) Fixes #47530
3 years ago
if proxy.matchedRoute == nil {
proxy.ctx.JsonApiErr(http.StatusNotFound, "plugin route match not found", nil)
return
}
Add custom header with grafana user and a config switch for it
6 years ago
Plugins: Handle app plugin proxy routes per request (#51835) Fixes #47530
3 years ago
proxyErrorLogger := logger.New(
"userId", proxy.ctx.UserID,
"orgId", proxy.ctx.OrgID,
"uname", proxy.ctx.Login,
"path", proxy.ctx.Req.URL.Path,
"remote_addr", proxy.ctx.RemoteAddr(),
"referer", proxy.ctx.Req.Referer(),
)
Plugins: Support set body content in plugin routes (#32551) Adds support for overriding the body and length in plugin routes.
4 years ago
Plugins: Handle app plugin proxy routes per request (#51835) Fixes #47530
3 years ago
reverseProxy := proxyutil.NewReverseProxy(
proxyErrorLogger,
proxy.director,
proxyutil.WithTransport(proxy.transport),
)
proxy.logRequest()
ctx, span := proxy.tracer.Start(proxy.ctx.Req.Context(), "plugin reverse proxy")
defer span.End()
proxy.ctx.Req = proxy.ctx.Req.WithContext(ctx)
Tracing: Standardize on otel tracing (#75528)
2 years ago
span.SetAttributes(
attribute.String("user", proxy.ctx.SignedInUser.Login),
attribute.Int64("org_id", proxy.ctx.SignedInUser.OrgID),
)
Plugins: Handle app plugin proxy routes per request (#51835) Fixes #47530
3 years ago
proxy.tracer.Inject(ctx, proxy.ctx.Req.Header, span)
reverseProxy.ServeHTTP(proxy.ctx.Resp, proxy.ctx.Req)
}
RBAC: Cover plugin routes (#80578) * RBAC: Cover plugin routes * Action instead of ReqAction * Fix test initializations * Fix NewPluginProxy call * Duplicate test to add RBAC checks * Cover legacy access control as well * Fix typo * action -> reqAction * Add example Co-authored-by: Andres Martinez Gotor <andres.martinez@grafana.com> --------- Co-authored-by: Andres Martinez Gotor <andres.martinez@grafana.com>
1 year ago
func (proxy *PluginProxy) hasAccessToRoute(route *plugins.Route) bool {
useRBAC := proxy.features.IsEnabled(proxy.ctx.Req.Context(), featuremgmt.FlagAccessControlOnCall) && route.RequiresRBACAction()
if useRBAC {
hasAccess := ac.HasAccess(proxy.accessControl, proxy.ctx)(ac.EvalPermission(route.ReqAction))
if !hasAccess {
proxy.ctx.Logger.Debug("plugin route is covered by RBAC, user doesn't have access", "route", proxy.ctx.Req.URL.Path)
}
return hasAccess
}
if route.ReqRole.IsValid() {
return proxy.ctx.HasUserRole(route.ReqRole)
}
return true
}
Plugins: Handle app plugin proxy routes per request (#51835) Fixes #47530
3 years ago
func (proxy PluginProxy) director(req *http.Request) {
secureJsonData, err := proxy.secretsService.DecryptJsonData(proxy.ctx.Req.Context(), proxy.ps.SecureJSONData)
if err != nil {
proxy.ctx.JsonApiErr(500, "Failed to decrypt plugin settings", err)
return
}
data := templateData{
JsonData: proxy.ps.JSONData,
SecureJsonData: secureJsonData,
}
interpolatedURL, err := interpolateString(proxy.matchedRoute.URL, data)
if err != nil {
proxy.ctx.JsonApiErr(500, "Could not interpolate plugin route url", err)
return
}
targetURL, err := url.Parse(interpolatedURL)
if err != nil {
proxy.ctx.JsonApiErr(500, "Could not parse url", err)
return
}
req.URL.Scheme = targetURL.Scheme
req.URL.Host = targetURL.Host
req.Host = targetURL.Host
req.URL.Path = util.JoinURLFragments(targetURL.Path, proxy.proxyPath)
// clear cookie headers
req.Header.Del("Cookie")
req.Header.Del("Set-Cookie")
// Create a HTTP header with the context in it.
ctxJSON, err := json.Marshal(proxy.ctx.SignedInUser)
if err != nil {
proxy.ctx.JsonApiErr(500, "failed to marshal context to json.", err)
return
feat(app routes): worked on app routes, added unit test, changed Grafana-Context header to start with X to be standard compliant, got cloud saas queries to work via app route feature and header template
10 years ago
}
Plugins: Handle app plugin proxy routes per request (#51835) Fixes #47530
3 years ago
req.Header.Set("X-Grafana-Context", string(ctxJSON))
Instrumentation: Proxy status code correction and various improvements (#47473) For a proxied request, e.g. Grafana's datasource or plugin proxy: If the request is cancelled, e.g. from the browser, the HTTP status code is now 499 Client closed request instead of 502 Bad gateway. If the request times out, e.g. takes longer time than allowed, the HTTP status code is now 504 Gateway timeout instead of 502 Bad gateway. This also means that request metrics and logs will get their status codes adjusted according to above. Fixes #46337 Fixes #46338
3 years ago
Plugins: Forward user header (X-Grafana-User) in backend plugin requests (#58646) Grafana would forward the X-Grafana-User header to backend plugin request when dataproxy.send_user_header is enabled. In addition, X-Grafana-User will be automatically forwarded in outgoing HTTP requests for core/builtin HTTP datasources. Use grafana-plugin-sdk-go v0.147.0. Fixes #47734 Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
3 years ago
proxyutil.ApplyUserHeader(proxy.cfg.SendUserHeader, req, proxy.ctx.SignedInUser)
Plugins: Handle app plugin proxy routes per request (#51835) Fixes #47530
3 years ago
FeatureToggles: Add context and and an explicit global check (#78081)
2 years ago
if proxy.features.IsEnabled(req.Context(), featuremgmt.FlagIdForwarding) {
IDforwarding: forward signed id to plugins (#75651) * Plugins: Add client middlware that forwards the signed grafana id token if present * DsProxy: Set grafana id header if id token exists * Add util function to apply id token to header * Only add id forwarding middleware if feature toggle is enabled * Add feature toggles to ds proxy and check if id forwarding is enabled * Clean up test setup * Change to use backend.ForwardHTTPHeaders interface * PluginProxy: Forward signed identity when feature toggle is enabled * PluginProxy: forrward signed id header
2 years ago
proxyutil.ApplyForwardIDHeader(req, proxy.ctx.SignedInUser)
}
Plugins: Handle app plugin proxy routes per request (#51835) Fixes #47530
3 years ago
if err := addHeaders(&req.Header, proxy.matchedRoute, data); err != nil {
proxy.ctx.JsonApiErr(500, "Failed to render plugin headers", err)
return
}
if err := setBodyContent(req, proxy.matchedRoute, data); err != nil {
Logging: Introduce API for contextual logging (#55198) Introduces a FromContext method on the log.Logger interface that allows contextual key/value pairs to be attached, e.g. per request, so that any logger using this API will automatically get the per request context attached. The proposal makes the traceID available for contextual logger , if available, and would allow logs originating from a certain HTTP request to be correlated with traceID. In addition, when tracing not enabled, skip adding traceID=00000000000000000000000000000000 to logs.
3 years ago
logger.FromContext(req.Context()).Error("Failed to set plugin route body content", "error", err)
Plugins: Handle app plugin proxy routes per request (#51835) Fixes #47530
3 years ago
}
Security: Sync security changes on main (#45083) * * Teams: Appropriately apply user id filter in /api/teams/:id and /api/teams/search * Teams: Ensure that users searching for teams are only able see teams they have access to * Teams: Require teamGuardian admin privileges to list team members * Teams: Prevent org viewers from administering teams * Teams: Add org_id condition to team count query * Teams: clarify permission requirements in teams api docs * Teams: expand scenarios for team search tests * Teams: mock teamGuardian in tests Co-authored-by: Dan Cech <dcech@grafana.com> * remove duplicate WHERE statement * Fix for CVE-2022-21702 (cherry picked from commit 202d7c190082c094bc1dc13f7fe9464746c37f9e) * Lint and test fixes (cherry picked from commit 3e6b67d5504abf4a1d7b8d621f04d062c048e981) * check content type properly (cherry picked from commit 70b4458892bf2f776302720c10d24c9ff34edd98) * basic csrf origin check (cherry picked from commit 3adaa5ff39832364f6390881fb5b42ad47df92e1) * compare origin to host (cherry picked from commit 5443892699e8ed42836bb2b9a44744ff3e970f42) * simplify url parsing (cherry picked from commit b2ffbc9513fed75468628370a48b929d30af2b1d) * check csrf for GET requests, only compare origin (cherry picked from commit 8b81dc12d8f8a1f07852809c5b4d44f0f0b1d709) * parse content type properly (cherry picked from commit 16f76f4902e6f2188bea9606c68b551af186bdc0) * mentioned get in the comment (cherry picked from commit a7e61811ef8ae558ce721e2e3fed04ce7a5a5345) * add content-type: application/json to test HTTP requests * fix pluginproxy test * Fix linter when comparing errors Co-authored-by: Kevin Minehart <kmineh0151@gmail.com> Co-authored-by: Dan Cech <dcech@grafana.com> Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com> Co-authored-by: Serge Zaitsev <serge.zaitsev@grafana.com> Co-authored-by: Vardan Torosyan <vardants@gmail.com>
3 years ago
}
Plugins: Handle app plugin proxy routes per request (#51835) Fixes #47530
3 years ago
func (proxy PluginProxy) logRequest() {
if !proxy.cfg.DataProxyLogging {
Instrumentation: Proxy status code correction and various improvements (#47473) For a proxied request, e.g. Grafana's datasource or plugin proxy: If the request is cancelled, e.g. from the browser, the HTTP status code is now 499 Client closed request instead of 502 Bad gateway. If the request times out, e.g. takes longer time than allowed, the HTTP status code is now 504 Gateway timeout instead of 502 Bad gateway. This also means that request metrics and logs will get their status codes adjusted according to above. Fixes #46337 Fixes #46338
3 years ago
return
}
var body string
Plugins: Handle app plugin proxy routes per request (#51835) Fixes #47530
3 years ago
if proxy.ctx.Req.Body != nil {
buffer, err := io.ReadAll(proxy.ctx.Req.Body)
Instrumentation: Proxy status code correction and various improvements (#47473) For a proxied request, e.g. Grafana's datasource or plugin proxy: If the request is cancelled, e.g. from the browser, the HTTP status code is now 499 Client closed request instead of 502 Bad gateway. If the request times out, e.g. takes longer time than allowed, the HTTP status code is now 504 Gateway timeout instead of 502 Bad gateway. This also means that request metrics and logs will get their status codes adjusted according to above. Fixes #46337 Fixes #46338
3 years ago
if err == nil {
Plugins: Handle app plugin proxy routes per request (#51835) Fixes #47530
3 years ago
proxy.ctx.Req.Body = io.NopCloser(bytes.NewBuffer(buffer))
Instrumentation: Proxy status code correction and various improvements (#47473) For a proxied request, e.g. Grafana's datasource or plugin proxy: If the request is cancelled, e.g. from the browser, the HTTP status code is now 499 Client closed request instead of 502 Bad gateway. If the request times out, e.g. takes longer time than allowed, the HTTP status code is now 504 Gateway timeout instead of 502 Bad gateway. This also means that request metrics and logs will get their status codes adjusted according to above. Fixes #46337 Fixes #46338
3 years ago
body = string(buffer)
}
}
Security: Sync security changes on main (#45083) * * Teams: Appropriately apply user id filter in /api/teams/:id and /api/teams/search * Teams: Ensure that users searching for teams are only able see teams they have access to * Teams: Require teamGuardian admin privileges to list team members * Teams: Prevent org viewers from administering teams * Teams: Add org_id condition to team count query * Teams: clarify permission requirements in teams api docs * Teams: expand scenarios for team search tests * Teams: mock teamGuardian in tests Co-authored-by: Dan Cech <dcech@grafana.com> * remove duplicate WHERE statement * Fix for CVE-2022-21702 (cherry picked from commit 202d7c190082c094bc1dc13f7fe9464746c37f9e) * Lint and test fixes (cherry picked from commit 3e6b67d5504abf4a1d7b8d621f04d062c048e981) * check content type properly (cherry picked from commit 70b4458892bf2f776302720c10d24c9ff34edd98) * basic csrf origin check (cherry picked from commit 3adaa5ff39832364f6390881fb5b42ad47df92e1) * compare origin to host (cherry picked from commit 5443892699e8ed42836bb2b9a44744ff3e970f42) * simplify url parsing (cherry picked from commit b2ffbc9513fed75468628370a48b929d30af2b1d) * check csrf for GET requests, only compare origin (cherry picked from commit 8b81dc12d8f8a1f07852809c5b4d44f0f0b1d709) * parse content type properly (cherry picked from commit 16f76f4902e6f2188bea9606c68b551af186bdc0) * mentioned get in the comment (cherry picked from commit a7e61811ef8ae558ce721e2e3fed04ce7a5a5345) * add content-type: application/json to test HTTP requests * fix pluginproxy test * Fix linter when comparing errors Co-authored-by: Kevin Minehart <kmineh0151@gmail.com> Co-authored-by: Dan Cech <dcech@grafana.com> Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com> Co-authored-by: Serge Zaitsev <serge.zaitsev@grafana.com> Co-authored-by: Vardan Torosyan <vardants@gmail.com>
3 years ago
Logging: Introduce API for contextual logging (#55198) Introduces a FromContext method on the log.Logger interface that allows contextual key/value pairs to be attached, e.g. per request, so that any logger using this API will automatically get the per request context attached. The proposal makes the traceID available for contextual logger , if available, and would allow logs originating from a certain HTTP request to be correlated with traceID. In addition, when tracing not enabled, skip adding traceID=00000000000000000000000000000000 to logs.
3 years ago
ctxLogger := logger.FromContext(proxy.ctx.Req.Context())
ctxLogger.Info("Proxying incoming request",
Plugins: Handle app plugin proxy routes per request (#51835) Fixes #47530
3 years ago
"userid", proxy.ctx.UserID,
"orgid", proxy.ctx.OrgID,
"username", proxy.ctx.Login,
"app", proxy.ps.PluginID,
"uri", proxy.ctx.Req.RequestURI,
"method", proxy.ctx.Req.Method,
Instrumentation: Proxy status code correction and various improvements (#47473) For a proxied request, e.g. Grafana's datasource or plugin proxy: If the request is cancelled, e.g. from the browser, the HTTP status code is now 499 Client closed request instead of 502 Bad gateway. If the request times out, e.g. takes longer time than allowed, the HTTP status code is now 504 Gateway timeout instead of 502 Bad gateway. This also means that request metrics and logs will get their status codes adjusted according to above. Fixes #46337 Fixes #46338
3 years ago
"body", body)
feat(app routes): worked on app routes, added unit test, changed Grafana-Context header to start with X to be standard compliant, got cloud saas queries to work via app route feature and header template
10 years ago
}
Plugins: Handle app plugin proxy routes per request (#51835) Fixes #47530
3 years ago
type templateData struct {
Chore: use any rather than interface{} (#74066)
2 years ago
JsonData map[string]any
Plugins: Handle app plugin proxy routes per request (#51835) Fixes #47530
3 years ago
SecureJsonData map[string]string
}