apitech
/
grafana
mirror of https://github.com/grafana/grafana
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Plugins: Handle app plugin proxy routes per request (#51835)

Browse Source 
Fixes #47530
pull/54107/head
Marcus Efraimsson 3 years ago committed by GitHub
parent 5f80bf5297
commit e6857bf17d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 440 additions and 233 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 2
      pkg/api/api.go
  2. 79
      pkg/api/app_routes.go
  3. 2
      pkg/api/http_server.go
  4. 68
      pkg/api/plugin_proxy.go
  5. 36
      pkg/api/plugin_proxy_test.go
  6. 225
      pkg/api/pluginproxy/pluginproxy.go
  7. 261
      pkg/api/pluginproxy/pluginproxy_test.go

2
pkg/api/api.go
Unescape View File

@ -365,6 +365,8 @@ func (hs *HTTPServer) registerRoutes() {
apiRoute.Any("/plugins/:pluginId/resources", authorize(reqSignedIn, ac.EvalPermission(plugins.ActionAppAccess, pluginIDScope)), hs.CallResource)
apiRoute.Any("/plugins/:pluginId/resources/*", authorize(reqSignedIn, ac.EvalPermission(plugins.ActionAppAccess, pluginIDScope)), hs.CallResource)
apiRoute.Get("/plugins/errors", routing.Wrap(hs.GetPluginErrorsList))
apiRoute.Any("/plugin-proxy/:pluginId/*", authorize(reqSignedIn, ac.EvalPermission(plugins.ActionAppAccess, pluginIDScope)), hs.ProxyPluginRequest)
apiRoute.Any("/plugin-proxy/:pluginId", authorize(reqSignedIn, ac.EvalPermission(plugins.ActionAppAccess, pluginIDScope)), hs.ProxyPluginRequest)
if hs.Cfg.PluginAdminEnabled && !hs.Cfg.PluginAdminExternalManageEnabled {
apiRoute.Group("/plugins", func(pluginRoute routing.RouteRegister) {

79
pkg/api/app_routes.go
Unescape View File

@ -1,79 +0,0 @@
package api
import (
"context"
"crypto/tls"
"net"
"net/http"
"strings"
"time"
"github.com/grafana/grafana/pkg/api/pluginproxy"
"github.com/grafana/grafana/pkg/infra/log"
"github.com/grafana/grafana/pkg/middleware"
"github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/plugins"
ac "github.com/grafana/grafana/pkg/services/accesscontrol"
"github.com/grafana/grafana/pkg/services/org"
"github.com/grafana/grafana/pkg/util"
"github.com/grafana/grafana/pkg/web"
)
var pluginProxyTransport *http.Transport
var applog = log.New("app.routes")
func (hs *HTTPServer) initAppPluginRoutes(r *web.Mux) {
pluginProxyTransport = &http.Transport{
TLSClientConfig: &tls.Config{
InsecureSkipVerify: hs.Cfg.PluginsAppsSkipVerifyTLS,
Renegotiation: tls.RenegotiateFreelyAsClient,
},
Proxy: http.ProxyFromEnvironment,
DialContext: (&net.Dialer{
Timeout: 30 * time.Second,
KeepAlive: 30 * time.Second,
}).DialContext,
TLSHandshakeTimeout: 10 * time.Second,
}
for _, plugin := range hs.pluginStore.Plugins(context.Background(), plugins.App) {
for _, route := range plugin.Routes {
url := util.JoinURLFragments("/api/plugin-proxy/"+plugin.ID, route.Path)
handlers := make([]web.Handler, 0)
handlers = append(handlers, middleware.Auth(&middleware.AuthOptions{
ReqSignedIn: true,
}))
// Preventing access to plugin routes if the user has no right to access the plugin
authorize := ac.Middleware(hs.AccessControl)
handlers = append(handlers, authorize(middleware.ReqSignedIn,
ac.EvalPermission(plugins.ActionAppAccess, plugins.ScopeProvider.GetResourceScope(plugin.ID))))
if route.ReqRole != "" {
if route.ReqRole == org.RoleAdmin {
handlers = append(handlers, middleware.RoleAuth(org.RoleAdmin))
} else if route.ReqRole == org.RoleEditor {
handlers = append(handlers, middleware.RoleAuth(org.RoleEditor, org.RoleAdmin))
}
}
handlers = append(handlers, AppPluginRoute(route, plugin.ID, hs))
for _, method := range strings.Split(route.Method, ",") {
r.Handle(strings.TrimSpace(method), url, handlers)
}
applog.Debug("Plugins: Adding proxy route", "url", url)
}
}
}
func AppPluginRoute(route *plugins.Route, appID string, hs *HTTPServer) web.Handler {
return func(c *models.ReqContext) {
path := web.Params(c.Req)["*"]
proxy := pluginproxy.NewApiPluginProxy(c, path, route, appID, hs.Cfg, hs.PluginSettings, hs.SecretsService)
proxy.Transport = pluginProxyTransport
proxy.ServeHTTP(c.Resp, c.Req)
}
}

2
pkg/api/http_server.go
Unescape View File

@ -513,8 +513,6 @@ func (hs *HTTPServer) applyRoutes() {
hs.addMiddlewaresAndStaticRoutes()
// then add view routes & api routes
hs.RouteRegister.Register(hs.web, hs.namedMiddlewares...)
// then custom app proxy routes
hs.initAppPluginRoutes(hs.web)
// lastly not found route
hs.web.NotFound(middleware.ReqSignedIn, hs.NotFoundHandler)
}

68
pkg/api/plugin_proxy.go
Unescape View File

@ -0,0 +1,68 @@
package api
import (
"crypto/tls"
"net"
"net/http"
"regexp"
"sync"
"time"
"github.com/grafana/grafana/pkg/api/pluginproxy"
"github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/services/pluginsettings"
"github.com/grafana/grafana/pkg/web"
)
func (hs *HTTPServer) ProxyPluginRequest(c *models.ReqContext) {
var once sync.Once
var pluginProxyTransport *http.Transport
once.Do(func() {
pluginProxyTransport = &http.Transport{
TLSClientConfig: &tls.Config{
InsecureSkipVerify: hs.Cfg.PluginsAppsSkipVerifyTLS,
Renegotiation: tls.RenegotiateFreelyAsClient,
},
Proxy: http.ProxyFromEnvironment,
DialContext: (&net.Dialer{
Timeout: 30 * time.Second,
KeepAlive: 30 * time.Second,
}).DialContext,
TLSHandshakeTimeout: 10 * time.Second,
}
})
pluginID := web.Params(c.Req)[":pluginId"]
plugin, exists := hs.pluginStore.Plugin(c.Req.Context(), pluginID)
if !exists {
c.JsonApiErr(http.StatusNotFound, "Plugin not found, no installed plugin with that id", nil)
return
}
query := pluginsettings.GetByPluginIDArgs{OrgID: c.OrgID, PluginID: plugin.ID}
ps, err := hs.PluginSettings.GetPluginSettingByPluginID(c.Req.Context(), &query)
if err != nil {
c.JsonApiErr(http.StatusInternalServerError, "Failed to fetch plugin settings", err)
return
}
proxyPath := getProxyPath(c)
p, err := pluginproxy.NewPluginProxy(ps, plugin.Routes, c, proxyPath, hs.Cfg, hs.SecretsService, hs.tracer, pluginProxyTransport)
if err != nil {
c.JsonApiErr(http.StatusInternalServerError, "Failed to create plugin proxy", err)
return
}
p.HandleRequest()
}
var pluginProxyPathRegexp = regexp.MustCompile(`^\/api\/plugin-proxy\/([\w\-]+)\/?`)
func extractProxyPath(originalRawPath string) string {
return pluginProxyPathRegexp.ReplaceAllString(originalRawPath, "")
}
func getProxyPath(c *models.ReqContext) string {
return extractProxyPath(c.Req.URL.EscapedPath())
}

36
pkg/api/plugin_proxy_test.go
Unescape View File

@ -0,0 +1,36 @@
package api
import (
"testing"
"github.com/stretchr/testify/assert"
)
func TestExtractPluginProxyPath(t *testing.T) {
testCases := []struct {
originalRawPath string
exp string
}{
{
"/api/plugin-proxy/test",
"",
},
{
"/api/plugin-proxy/test/some/thing",
"some/thing",
},
{
"/api/plugin-proxy/test2/api/services/afsd%2Fafsd/operations",
"api/services/afsd%2Fafsd/operations",
},
{
"/api/plugin-proxy/cloudflare-app/with-token/api/v4/accounts",
"with-token/api/v4/accounts",
},
}
for _, tc := range testCases {
t.Run("Given raw path, should extract expected proxy path", func(t *testing.T) {
assert.Equal(t, tc.exp, extractProxyPath(tc.originalRawPath))
})
}
}

225
pkg/api/pluginproxy/pluginproxy.go
Unescape View File

@ -5,9 +5,9 @@ import (
"encoding/json"
"io"
"net/http"
"net/http/httputil"
"net/url"
"github.com/grafana/grafana/pkg/infra/tracing"
"github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/plugins"
"github.com/grafana/grafana/pkg/services/pluginsettings"
@ -15,111 +15,184 @@ import (
"github.com/grafana/grafana/pkg/setting"
"github.com/grafana/grafana/pkg/util"
"github.com/grafana/grafana/pkg/util/proxyutil"
"github.com/grafana/grafana/pkg/web"
"go.opentelemetry.io/otel/attribute"
)
type templateData struct {
JsonData map[string]interface{}
SecureJsonData map[string]string
type PluginProxy struct {
ps *pluginsettings.DTO
pluginRoutes []*plugins.Route
ctx *models.ReqContext
proxyPath string
matchedRoute *plugins.Route
cfg *setting.Cfg
secretsService secrets.Service
tracer tracing.Tracer
transport *http.Transport
}
// NewApiPluginProxy create a plugin proxy
func NewApiPluginProxy(ctx *models.ReqContext, proxyPath string, route *plugins.Route,
appID string, cfg *setting.Cfg, pluginSettingsService pluginsettings.Service,
secretsService secrets.Service) *httputil.ReverseProxy {
appProxyLogger := logger.New(
"userId", ctx.UserID,
"orgId", ctx.OrgID,
"uname", ctx.Login,
"app", appID,
"path", ctx.Req.URL.Path,
"remote_addr", ctx.RemoteAddr(),
"referer", ctx.Req.Referer(),
)
// NewPluginProxy creates a plugin proxy.
func NewPluginProxy(ps *pluginsettings.DTO, routes []*plugins.Route, ctx *models.ReqContext,
proxyPath string, cfg *setting.Cfg, secretsService secrets.Service, tracer tracing.Tracer,
transport *http.Transport) (*PluginProxy, error) {
return &PluginProxy{
ps: ps,
pluginRoutes: routes,
ctx: ctx,
proxyPath: proxyPath,
cfg: cfg,
secretsService: secretsService,
tracer: tracer,
transport: transport,
}, nil
}
director := func(req *http.Request) {
query := pluginsettings.GetByPluginIDArgs{OrgID: ctx.OrgID, PluginID: appID}
ps, err := pluginSettingsService.GetPluginSettingByPluginID(ctx.Req.Context(), &query)
if err != nil {
ctx.JsonApiErr(500, "Failed to fetch plugin settings", err)
return
func (proxy *PluginProxy) HandleRequest() {
// found route if there are any
for _, route := range proxy.pluginRoutes {
// method match
if route.Method != "" && route.Method != "*" && route.Method != proxy.ctx.Req.Method {
continue
}
secureJsonData, err := secretsService.DecryptJsonData(ctx.Req.Context(), ps.SecureJSONData)
if err != nil {
ctx.JsonApiErr(500, "Failed to decrypt plugin settings", err)
return
}
t := web.NewTree()
t.Add(route.Path, nil)
_, params, isMatch := t.Match(proxy.proxyPath)
data := templateData{
JsonData: ps.JSONData,
SecureJsonData: secureJsonData,
if !isMatch {
continue
}
interpolatedURL, err := interpolateString(route.URL, data)
if err != nil {
ctx.JsonApiErr(500, "Could not interpolate plugin route url", err)
return
if route.ReqRole.IsValid() {
if !proxy.ctx.HasUserRole(route.ReqRole) {
proxy.ctx.JsonApiErr(http.StatusForbidden, "plugin proxy route access denied", nil)
return
}
}
targetURL, err := url.Parse(interpolatedURL)
if err != nil {
ctx.JsonApiErr(500, "Could not parse url", err)
return
}
req.URL.Scheme = targetURL.Scheme
req.URL.Host = targetURL.Host
req.Host = targetURL.Host
req.URL.Path = util.JoinURLFragments(targetURL.Path, proxyPath)
// clear cookie headers
req.Header.Del("Cookie")
req.Header.Del("Set-Cookie")
// Create a HTTP header with the context in it.
ctxJSON, err := json.Marshal(ctx.SignedInUser)
if err != nil {
ctx.JsonApiErr(500, "failed to marshal context to json.", err)
return
if path, exists := params["*"]; exists {
proxy.proxyPath = path
} else {
proxy.proxyPath = ""
}
req.Header.Set("X-Grafana-Context", string(ctxJSON))
proxy.matchedRoute = route
break
}
applyUserHeader(cfg.SendUserHeader, req, ctx.SignedInUser)
if proxy.matchedRoute == nil {
proxy.ctx.JsonApiErr(http.StatusNotFound, "plugin route match not found", nil)
return
}
if err := addHeaders(&req.Header, route, data); err != nil {
ctx.JsonApiErr(500, "Failed to render plugin headers", err)
return
}
traceID := tracing.TraceIDFromContext(proxy.ctx.Req.Context(), false)
proxyErrorLogger := logger.New(
"userId", proxy.ctx.UserID,
"orgId", proxy.ctx.OrgID,
"uname", proxy.ctx.Login,
"path", proxy.ctx.Req.URL.Path,
"remote_addr", proxy.ctx.RemoteAddr(),
"referer", proxy.ctx.Req.Referer(),
"traceID", traceID,
)
if err := setBodyContent(req, route, data); err != nil {
appProxyLogger.Error("Failed to set plugin route body content", "error", err)
}
reverseProxy := proxyutil.NewReverseProxy(
proxyErrorLogger,
proxy.director,
proxyutil.WithTransport(proxy.transport),
)
proxy.logRequest()
ctx, span := proxy.tracer.Start(proxy.ctx.Req.Context(), "plugin reverse proxy")
defer span.End()
proxy.ctx.Req = proxy.ctx.Req.WithContext(ctx)
span.SetAttributes("user", proxy.ctx.SignedInUser.Login, attribute.Key("user").String(proxy.ctx.SignedInUser.Login))
span.SetAttributes("org_id", proxy.ctx.SignedInUser.OrgID, attribute.Key("org_id").Int64(proxy.ctx.SignedInUser.OrgID))
proxy.tracer.Inject(ctx, proxy.ctx.Req.Header, span)
reverseProxy.ServeHTTP(proxy.ctx.Resp, proxy.ctx.Req)
}
func (proxy PluginProxy) director(req *http.Request) {
secureJsonData, err := proxy.secretsService.DecryptJsonData(proxy.ctx.Req.Context(), proxy.ps.SecureJSONData)
if err != nil {
proxy.ctx.JsonApiErr(500, "Failed to decrypt plugin settings", err)
return
}
data := templateData{
JsonData: proxy.ps.JSONData,
SecureJsonData: secureJsonData,
}
interpolatedURL, err := interpolateString(proxy.matchedRoute.URL, data)
if err != nil {
proxy.ctx.JsonApiErr(500, "Could not interpolate plugin route url", err)
return
}
targetURL, err := url.Parse(interpolatedURL)
if err != nil {
proxy.ctx.JsonApiErr(500, "Could not parse url", err)
return
}
req.URL.Scheme = targetURL.Scheme
req.URL.Host = targetURL.Host
req.Host = targetURL.Host
req.URL.Path = util.JoinURLFragments(targetURL.Path, proxy.proxyPath)
// clear cookie headers
req.Header.Del("Cookie")
req.Header.Del("Set-Cookie")
// Create a HTTP header with the context in it.
ctxJSON, err := json.Marshal(proxy.ctx.SignedInUser)
if err != nil {
proxy.ctx.JsonApiErr(500, "failed to marshal context to json.", err)
return
}
logAppPluginProxyRequest(appID, cfg, ctx)
req.Header.Set("X-Grafana-Context", string(ctxJSON))
return proxyutil.NewReverseProxy(appProxyLogger, director)
applyUserHeader(proxy.cfg.SendUserHeader, req, proxy.ctx.SignedInUser)
if err := addHeaders(&req.Header, proxy.matchedRoute, data); err != nil {
proxy.ctx.JsonApiErr(500, "Failed to render plugin headers", err)
return
}
if err := setBodyContent(req, proxy.matchedRoute, data); err != nil {
logger.Error("Failed to set plugin route body content", "error", err)
}
}
func logAppPluginProxyRequest(appID string, cfg *setting.Cfg, c *models.ReqContext) {
if !cfg.DataProxyLogging {
func (proxy PluginProxy) logRequest() {
if !proxy.cfg.DataProxyLogging {
return
}
var body string
if c.Req.Body != nil {
buffer, err := io.ReadAll(c.Req.Body)
if proxy.ctx.Req.Body != nil {
buffer, err := io.ReadAll(proxy.ctx.Req.Body)
if err == nil {
c.Req.Body = io.NopCloser(bytes.NewBuffer(buffer))
proxy.ctx.Req.Body = io.NopCloser(bytes.NewBuffer(buffer))
body = string(buffer)
}
}
logger.Info("Proxying incoming request",
"userid", c.UserID,
"orgid", c.OrgID,
"username", c.Login,
"app", appID,
"uri", c.Req.RequestURI,
"method", c.Req.Method,
"userid", proxy.ctx.UserID,
"orgid", proxy.ctx.OrgID,
"username", proxy.ctx.Login,
"app", proxy.ps.PluginID,
"uri", proxy.ctx.Req.RequestURI,
"method", proxy.ctx.Req.Method,
"body", body)
}
type templateData struct {
JsonData map[string]interface{}
SecureJsonData map[string]string
}

261
pkg/api/pluginproxy/pluginproxy_test.go
Unescape View File

@ -2,11 +2,14 @@ package pluginproxy
import (
"context"
"fmt"
"io"
"net/http"
"net/http/httptest"
"net/url"
"testing"
"github.com/grafana/grafana/pkg/infra/tracing"
"github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/plugins"
"github.com/grafana/grafana/pkg/services/org"
@ -32,19 +35,19 @@ func TestPluginProxy(t *testing.T) {
},
}
store := &mockPluginsSettingsService{}
key, _ := secretsService.Encrypt(context.Background(), []byte("123"), secrets.WithoutScope())
store.pluginSetting = &pluginsettings.DTO{
SecureJSONData: map[string][]byte{
"key": key,
},
}
key, err := secretsService.Encrypt(context.Background(), []byte("123"), secrets.WithoutScope())
require.NoError(t, err)
httpReq, err := http.NewRequest(http.MethodGet, "", nil)
require.NoError(t, err)
req := getPluginProxiedRequest(
t,
&pluginsettings.DTO{
SecureJSONData: map[string][]byte{
"key": key,
},
},
secretsService,
&models.ReqContext{
SignedInUser: &user.SignedInUser{
@ -56,7 +59,6 @@ func TestPluginProxy(t *testing.T) {
},
&setting.Cfg{SendUserHeader: true},
route,
store,
)
assert.Equal(t, "my secret 123", req.Header.Get("x-header"))
@ -66,11 +68,9 @@ func TestPluginProxy(t *testing.T) {
httpReq, err := http.NewRequest(http.MethodGet, "", nil)
require.NoError(t, err)
store := &mockPluginsSettingsService{}
store.pluginSetting = &pluginsettings.DTO{}
req := getPluginProxiedRequest(
t,
&pluginsettings.DTO{},
secretsService,
&models.ReqContext{
SignedInUser: &user.SignedInUser{
@ -82,7 +82,6 @@ func TestPluginProxy(t *testing.T) {
},
&setting.Cfg{SendUserHeader: true},
nil,
store,
)
// Get will return empty string even if header is not set
@ -93,11 +92,9 @@ func TestPluginProxy(t *testing.T) {
httpReq, err := http.NewRequest(http.MethodGet, "", nil)
require.NoError(t, err)
store := &mockPluginsSettingsService{}
store.pluginSetting = &pluginsettings.DTO{}
req := getPluginProxiedRequest(
t,
&pluginsettings.DTO{},
secretsService,
&models.ReqContext{
SignedInUser: &user.SignedInUser{
@ -109,7 +106,6 @@ func TestPluginProxy(t *testing.T) {
},
&setting.Cfg{SendUserHeader: false},
nil,
store,
)
// Get will return empty string even if header is not set
assert.Equal(t, "", req.Header.Get("X-Grafana-User"))
@ -119,11 +115,9 @@ func TestPluginProxy(t *testing.T) {
httpReq, err := http.NewRequest(http.MethodGet, "", nil)
require.NoError(t, err)
store := &mockPluginsSettingsService{}
store.pluginSetting = &pluginsettings.DTO{}
req := getPluginProxiedRequest(
t,
&pluginsettings.DTO{},
secretsService,
&models.ReqContext{
SignedInUser: &user.SignedInUser{IsAnonymous: true},
@ -133,7 +127,6 @@ func TestPluginProxy(t *testing.T) {
},
&setting.Cfg{SendUserHeader: true},
nil,
store,
)
// Get will return empty string even if header is not set
@ -146,18 +139,16 @@ func TestPluginProxy(t *testing.T) {
Method: "GET",
}
store := &mockPluginsSettingsService{}
store.pluginSetting = &pluginsettings.DTO{
JSONData: map[string]interface{}{
"dynamicUrl": "https://dynamic.grafana.com",
},
}
httpReq, err := http.NewRequest(http.MethodGet, "", nil)
require.NoError(t, err)
req := getPluginProxiedRequest(
t,
&pluginsettings.DTO{
JSONData: map[string]interface{}{
"dynamicUrl": "https://dynamic.grafana.com",
},
},
secretsService,
&models.ReqContext{
SignedInUser: &user.SignedInUser{
@ -169,7 +160,6 @@ func TestPluginProxy(t *testing.T) {
},
&setting.Cfg{SendUserHeader: true},
route,
store,
)
assert.Equal(t, "https://dynamic.grafana.com", req.URL.String())
assert.Equal(t, "{{.JsonData.dynamicUrl}}", route.URL)
@ -181,14 +171,12 @@ func TestPluginProxy(t *testing.T) {
Method: "GET",
}
store := &mockPluginsSettingsService{}
store.pluginSetting = &pluginsettings.DTO{}
httpReq, err := http.NewRequest(http.MethodGet, "", nil)
require.NoError(t, err)
req := getPluginProxiedRequest(
t,
&pluginsettings.DTO{},
secretsService,
&models.ReqContext{
SignedInUser: &user.SignedInUser{
@ -200,7 +188,6 @@ func TestPluginProxy(t *testing.T) {
},
&setting.Cfg{SendUserHeader: true},
route,
store,
)
assert.Equal(t, "https://example.com", req.URL.String())
})
@ -212,22 +199,22 @@ func TestPluginProxy(t *testing.T) {
Body: []byte(`{ "url": "{{.JsonData.dynamicUrl}}", "secret": "{{.SecureJsonData.key}}" }`),
}
store := &mockPluginsSettingsService{}
encryptedJsonData, _ := secretsService.EncryptJsonData(
encryptedJsonData, err := secretsService.EncryptJsonData(
context.Background(),
map[string]string{"key": "123"},
secrets.WithoutScope(),
)
store.pluginSetting = &pluginsettings.DTO{
JSONData: map[string]interface{}{"dynamicUrl": "https://dynamic.grafana.com"},
SecureJSONData: encryptedJsonData,
}
require.NoError(t, err)
httpReq, err := http.NewRequest(http.MethodGet, "", nil)
require.NoError(t, err)
req := getPluginProxiedRequest(
t,
&pluginsettings.DTO{
JSONData: map[string]interface{}{"dynamicUrl": "https://dynamic.grafana.com"},
SecureJSONData: encryptedJsonData,
},
secretsService,
&models.ReqContext{
SignedInUser: &user.SignedInUser{
@ -239,7 +226,6 @@ func TestPluginProxy(t *testing.T) {
},
&setting.Cfg{SendUserHeader: true},
route,
store,
)
content, err := io.ReadAll(req.Body)
require.NoError(t, err)
@ -257,9 +243,11 @@ func TestPluginProxy(t *testing.T) {
responseWriter := web.NewResponseWriter("GET", httptest.NewRecorder())
route := &plugins.Route{
Path: "/",
URL: backendServer.URL,
routes := []*plugins.Route{
{
Path: "/",
URL: backendServer.URL,
},
}
ctx := &models.ReqContext{
@ -269,13 +257,12 @@ func TestPluginProxy(t *testing.T) {
Resp: responseWriter,
},
}
pluginSettingsService := &mockPluginsSettingsService{
pluginSetting: &pluginsettings.DTO{
SecureJSONData: map[string][]byte{},
},
ps := &pluginsettings.DTO{
SecureJSONData: map[string][]byte{},
}
proxy := NewApiPluginProxy(ctx, "", route, "", &setting.Cfg{}, pluginSettingsService, secretsService)
proxy.ServeHTTP(ctx.Resp, ctx.Req)
proxy, err := NewPluginProxy(ps, routes, ctx, "", &setting.Cfg{}, secretsService, tracing.InitializeTracerForTest(), &http.Transport{})
require.NoError(t, err)
proxy.HandleRequest()
for {
if requestHandled {
@ -287,8 +274,153 @@ func TestPluginProxy(t *testing.T) {
})
}
func TestPluginProxyRoutes(t *testing.T) {
routes := []*plugins.Route{
{
Path: "",
Method: "GET",
URL: "http://localhost",
},
{
Path: "some-api",
Method: "GET",
URL: "http://localhost/api",
},
{
Path: "some-api/instances",
Method: "GET",
URL: "http://localhost/api/instances/",
},
{
Path: "some-api/*",
Method: "GET",
URL: "http://localhost/api",
},
{
Path: "some-api/instances/*",
Method: "GET",
URL: "http://localhost/api/instances",
},
{
Path: "some-other-api/*",
Method: "GET",
URL: "http://localhost/api/v2",
},
{
Path: "some-other-api/instances/*",
Method: "GET",
URL: "http://localhost/api/v2/instances",
},
}
tcs := []struct {
proxyPath string
expectedURLPath string
expectedStatus int
}{
{
proxyPath: "/notexists",
expectedStatus: http.StatusNotFound,
},
{
proxyPath: "/",
expectedURLPath: "/",
expectedStatus: http.StatusOK,
},
{
proxyPath: "/some-api",
expectedURLPath: "/api",
expectedStatus: http.StatusOK,
},
{
proxyPath: "/some-api/instances",
expectedURLPath: "/api/instances/",
expectedStatus: http.StatusOK,
},
{
proxyPath: "/some-api/some/thing",
expectedURLPath: "/api/some/thing",
expectedStatus: http.StatusOK,
},
{
proxyPath: "/some-api/instances/instance-one",
expectedURLPath: "/api/instances/instance-one",
expectedStatus: http.StatusOK,
},
{
proxyPath: "/some-other-api/some/thing",
expectedURLPath: "/api/v2/some/thing",
expectedStatus: http.StatusOK,
},
{
proxyPath: "/some-other-api/instances/instance-one",
expectedURLPath: "/api/v2/instances/instance-one",
expectedStatus: http.StatusOK,
},
}
for _, tc := range tcs {
t.Run(fmt.Sprintf("When proxying path %q should call expected URL", tc.proxyPath), func(t *testing.T) {
secretsService := secretsManager.SetupTestService(t, fakes.NewFakeSecretsStore())
requestHandled := false
requestURL := ""
backendServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
requestURL = r.URL.RequestURI()
w.WriteHeader(200)
_, _ = w.Write([]byte("I am the backend"))
requestHandled = true
}))
t.Cleanup(backendServer.Close)
backendURL, err := url.Parse(backendServer.URL)
require.NoError(t, err)
testRoutes := make([]*plugins.Route, len(routes))
for i, r := range routes {
u, err := url.Parse(r.URL)
require.NoError(t, err)
u.Scheme = backendURL.Scheme
u.Host = backendURL.Host
testRoute := *r
testRoute.URL = u.String()
testRoutes[i] = &testRoute
}
responseWriter := web.NewResponseWriter("GET", httptest.NewRecorder())
ctx := &models.ReqContext{
SignedInUser: &user.SignedInUser{},
Context: &web.Context{
Req: httptest.NewRequest("GET", tc.proxyPath, nil),
Resp: responseWriter,
},
}
ps := &pluginsettings.DTO{
SecureJSONData: map[string][]byte{},
}
proxy, err := NewPluginProxy(ps, testRoutes, ctx, tc.proxyPath, &setting.Cfg{}, secretsService, tracing.InitializeTracerForTest(), &http.Transport{})
require.NoError(t, err)
proxy.HandleRequest()
for {
if requestHandled || ctx.Resp.Written() {
break
}
}
require.Equal(t, tc.expectedStatus, ctx.Resp.Status())
if tc.expectedStatus == http.StatusNotFound {
return
}
require.Equal(t, tc.expectedURLPath, requestURL)
})
}
}
// getPluginProxiedRequest is a helper for easier setup of tests based on global config and ReqContext.
func getPluginProxiedRequest(t *testing.T, secretsService secrets.Service, ctx *models.ReqContext, cfg *setting.Cfg, route *plugins.Route, pluginSettingsService pluginsettings.Service) *http.Request {
func getPluginProxiedRequest(t *testing.T, ps *pluginsettings.DTO, secretsService secrets.Service, ctx *models.ReqContext, cfg *setting.Cfg, route *plugins.Route) *http.Request {
// insert dummy route if none is specified
if route == nil {
route = &plugins.Route{
@ -297,35 +429,12 @@ func getPluginProxiedRequest(t *testing.T, secretsService secrets.Service, ctx *
ReqRole: org.RoleEditor,
}
}
proxy := NewApiPluginProxy(ctx, "", route, "", cfg, pluginSettingsService, secretsService)
proxy, err := NewPluginProxy(ps, []*plugins.Route{}, ctx, "", cfg, secretsService, tracing.InitializeTracerForTest(), &http.Transport{})
require.NoError(t, err)
req, err := http.NewRequest(http.MethodGet, "/api/plugin-proxy/grafana-simple-app/api/v4/alerts", nil)
require.NoError(t, err)
proxy.Director(req)
proxy.matchedRoute = route
proxy.director(req)
return req
}
type mockPluginsSettingsService struct {
pluginSetting *pluginsettings.DTO
err error
}
func (s *mockPluginsSettingsService) GetPluginSettings(_ context.Context, _ *pluginsettings.GetArgs) ([]*pluginsettings.DTO, error) {
return nil, s.err
}
func (s *mockPluginsSettingsService) GetPluginSettingByPluginID(_ context.Context, _ *pluginsettings.GetByPluginIDArgs) (*pluginsettings.DTO, error) {
return s.pluginSetting, s.err
}
func (s *mockPluginsSettingsService) UpdatePluginSettingPluginVersion(_ context.Context, _ *pluginsettings.UpdatePluginVersionArgs) error {
return s.err
}
func (s *mockPluginsSettingsService) UpdatePluginSetting(_ context.Context, _ *pluginsettings.UpdateArgs) error {
return s.err
}
func (s *mockPluginsSettingsService) DecryptedValues(_ *pluginsettings.DTO) map[string]string {
return nil
}

Write Preview
Loading…
Cancel
Save