From a1f40195be6f4c4a1b01858eebf7dc548d0f6f62 Mon Sep 17 00:00:00 2001 From: Maksim Nabokikh <32434187+nabokihms@users.noreply.github.com> Date: Mon, 20 Jul 2020 12:01:25 +0400 Subject: [PATCH] Provisioning: Validate that datasource access field equals to direct or proxy (#26440) * Validate that datasource access field equals to allowed value (direct or proxy) --- .../provisioning/datasources/config_reader.go | 12 +++++++++--- .../provisioning/datasources/config_reader_test.go | 8 ++++++++ .../testdata/invalid-access/invalid-access.yaml | 6 ++++++ 3 files changed, 23 insertions(+), 3 deletions(-) create mode 100644 pkg/services/provisioning/datasources/testdata/invalid-access/invalid-access.yaml diff --git a/pkg/services/provisioning/datasources/config_reader.go b/pkg/services/provisioning/datasources/config_reader.go index 6c8e8046500..9415de953e7 100644 --- a/pkg/services/provisioning/datasources/config_reader.go +++ b/pkg/services/provisioning/datasources/config_reader.go @@ -7,6 +7,7 @@ import ( "strings" "github.com/grafana/grafana/pkg/infra/log" + "github.com/grafana/grafana/pkg/models" "gopkg.in/yaml.v2" ) @@ -36,7 +37,7 @@ func (cr *configReader) readConfig(path string) ([]*configs, error) { } } - err = validateDefaultUniqueness(datasources) + err = cr.validateDefaultUniqueness(datasources) if err != nil { return nil, err } @@ -82,7 +83,7 @@ func (cr *configReader) parseDatasourceConfig(path string, file os.FileInfo) (*c return v0.mapToDatasourceFromConfig(apiVersion.APIVersion), nil } -func validateDefaultUniqueness(datasources []*configs) error { +func (cr *configReader) validateDefaultUniqueness(datasources []*configs) error { defaultCount := map[int64]int{} for i := range datasources { if datasources[i].Datasources == nil { @@ -95,7 +96,12 @@ func validateDefaultUniqueness(datasources []*configs) error { } if ds.Access == "" { - ds.Access = "proxy" + ds.Access = models.DS_ACCESS_PROXY + } + + if ds.Access != models.DS_ACCESS_DIRECT && ds.Access != models.DS_ACCESS_PROXY { + cr.log.Warn("invalid access value, will use 'proxy' instead", "value", ds.Access) + ds.Access = models.DS_ACCESS_PROXY } if ds.IsDefault { diff --git a/pkg/services/provisioning/datasources/config_reader_test.go b/pkg/services/provisioning/datasources/config_reader_test.go index 79bb0506eaf..d3aa905f23b 100644 --- a/pkg/services/provisioning/datasources/config_reader_test.go +++ b/pkg/services/provisioning/datasources/config_reader_test.go @@ -22,6 +22,7 @@ var ( brokenYaml = "testdata/broken-yaml" multipleOrgsWithDefault = "testdata/multiple-org-default" withoutDefaults = "testdata/appliedDefaults" + invalidAccess = "testdata/invalid-access" fakeRepo *fakeRepository ) @@ -149,6 +150,13 @@ func TestDatasourceAsConfig(t *testing.T) { So(err, ShouldNotBeNil) }) + Convey("invalid access should warn about invalid value and return 'proxy'", func() { + reader := &configReader{log: logger} + configs, err := reader.readConfig(invalidAccess) + So(err, ShouldBeNil) + So(configs[0].Datasources[0].Access, ShouldEqual, models.DS_ACCESS_PROXY) + }) + Convey("skip invalid directory", func() { cfgProvider := &configReader{log: log.New("test logger")} cfg, err := cfgProvider.readConfig("./invalid-directory") diff --git a/pkg/services/provisioning/datasources/testdata/invalid-access/invalid-access.yaml b/pkg/services/provisioning/datasources/testdata/invalid-access/invalid-access.yaml new file mode 100644 index 00000000000..dbb02610035 --- /dev/null +++ b/pkg/services/provisioning/datasources/testdata/invalid-access/invalid-access.yaml @@ -0,0 +1,6 @@ +apiVersion: 1 + +datasources: + - name: invalid-access + type: prometheus + access: INVALID_ACCESS