import { css } from '@emotion/css'; import { SyntheticEvent } from 'react'; import { DataSourcePluginOptionsEditorProps, GrafanaTheme2, onUpdateDatasourceJsonDataOption, onUpdateDatasourceSecureJsonDataOption, SelectableValue, updateDatasourcePluginJsonDataOption, updateDatasourcePluginResetOption, } from '@grafana/data'; import { ConfigSection, ConfigSubSection, DataSourceDescription } from '@grafana/plugin-ui'; import { config } from '@grafana/runtime'; import { ConnectionLimits, useMigrateDatabaseFields } from '@grafana/sql'; import { NumberInput } from '@grafana/sql/src/components/configuration/NumberInput'; import { Alert, FieldSet, Input, Link, SecretInput, Select, useStyles2, SecureSocksProxySettings, Divider, Field, Switch, } from '@grafana/ui'; import { AzureAuthSettings } from '../azureauth/AzureAuthSettings'; import { MSSQLAuthenticationType, MSSQLEncryptOptions, MssqlOptions, AzureAuthConfigType, MssqlSecureOptions, } from '../types'; import { KerberosConfig, KerberosAdvancedSettings, UsernameMessage } from './Kerberos'; const LONG_WIDTH = 40; export const ConfigurationEditor = (props: DataSourcePluginOptionsEditorProps) => { useMigrateDatabaseFields(props); const { options: dsSettings, onOptionsChange } = props; const styles = useStyles2(getStyles); const jsonData = dsSettings.jsonData; const azureAuthIsSupported = config.azureAuthEnabled; const azureAuthSettings: AzureAuthConfigType = { azureAuthIsSupported, azureAuthSettingsUI: AzureAuthSettings, }; const onResetPassword = () => { updateDatasourcePluginResetOption(props, 'password'); }; const onDSOptionChanged = (property: keyof MssqlOptions) => { return (event: SyntheticEvent) => { onOptionsChange({ ...dsSettings, ...{ [property]: event.currentTarget.value } }); }; }; const onSkipTLSVerifyChanged = (event: SyntheticEvent) => { updateDatasourcePluginJsonDataOption(props, 'tlsSkipVerify', event.currentTarget.checked); }; const onEncryptChanged = (value: SelectableValue) => { updateDatasourcePluginJsonDataOption(props, 'encrypt', value.value); }; const onAuthenticationMethodChanged = (value: SelectableValue) => { onOptionsChange({ ...dsSettings, ...{ jsonData: { ...jsonData, ...{ authenticationType: value.value }, azureCredentials: undefined, keytabFilePath: undefined, credentialCache: undefined, credentialCacheLookupFile: undefined, }, secureJsonData: { ...dsSettings.secureJsonData, ...{ password: '' } }, secureJsonFields: { ...dsSettings.secureJsonFields, ...{ password: false } }, user: '', }, }); }; const onConnectionTimeoutChanged = (connectionTimeout?: number) => { if (connectionTimeout && connectionTimeout < 0) { connectionTimeout = 0; } updateDatasourcePluginJsonDataOption(props, 'connectionTimeout', connectionTimeout); }; const buildAuthenticationOptions = (): Array> => { const basicAuthenticationOptions: Array> = [ { value: MSSQLAuthenticationType.sqlAuth, label: 'SQL Server Authentication' }, { value: MSSQLAuthenticationType.windowsAuth, label: 'Windows Authentication' }, { value: MSSQLAuthenticationType.kerberosRaw, label: 'Windows AD: Username + password' }, { value: MSSQLAuthenticationType.kerberosKeytab, label: 'Windows AD: Keytab file' }, { value: MSSQLAuthenticationType.kerberosCredentialCache, label: 'Windows AD: Credential cache' }, { value: MSSQLAuthenticationType.kerberosCredentialCacheLookupFile, label: 'Windows AD: Credential cache file' }, ]; if (azureAuthIsSupported) { return [ ...basicAuthenticationOptions, { value: MSSQLAuthenticationType.azureAuth, label: MSSQLAuthenticationType.azureAuth }, ]; } return basicAuthenticationOptions; }; const encryptOptions: Array> = [ { value: MSSQLEncryptOptions.disable, label: 'disable' }, { value: MSSQLEncryptOptions.false, label: 'false' }, { value: MSSQLEncryptOptions.true, label: 'true' }, ]; return ( <> The database user should only be granted SELECT permissions on the specified database and tables you want to query. Grafana does not validate that queries are safe so queries can contain any SQL statement. For example, statements like USE otherdb; and DROP TABLE user; would be executed. To protect against this we highly recommend you create a specific MS SQL user with restricted permissions. Check out the{' '} Microsoft SQL Server Data Source Docs {' '} for more information. Determines whether or to which extent a secure SSL TCP/IP connection will be negotiated with the server.
  • disable - Data sent between client and server is not encrypted.
  • false - Data sent between client and server is not encrypted beyond the login packet. (default)
  • true - Data sent between client and server is encrypted.
If you're using an older version of Microsoft SQL Server like 2008 and 2008R2 you may need to disable encryption to be able to connect. } label="Encrypt" > )} ) : null}
  • SQL Server Authentication This is the default mechanism to connect to MS SQL Server. Enter the SQL Server Authentication login or the Windows Authentication login in the DOMAIN\User format.
  • Windows Authentication Windows Integrated Security - single sign on for users who are already logged onto Windows and have enabled this option for MS SQL Server.
    • {azureAuthIsSupported && (
  • Azure Authentication Securely authenticate and access Azure resources and applications using Azure AD credentials - Managed Service Identity and Client Secret Credentials are supported.
    • )}
  • Windows AD: Username + password Windows Active Directory - Sign on for domain user via username/password.
  • Windows AD: Keytab Windows Active Directory - Sign on for domain user via keytab file.
  • Windows AD: Credential cache Windows Active Directory - Sign on for domain user via credential cache.
  • Windows AD: Credential cache file Windows Active Directory - Sign on for domain user via credential cache file.
    • } >     )} {azureAuthIsSupported && jsonData.authenticationType === MSSQLAuthenticationType.azureAuth && (
    )}     A lower limit for the auto group by time interval. Recommended to be set to write frequency, for example 1m if your data is written every minute. } label="Min time interval" > The number of seconds to wait before canceling the request when connecting to the database. The default is 0, meaning no timeout. } label="Connection timeout" > {config.secureSocksDSProxyEnabled && ( )} ); }; function getStyles(theme: GrafanaTheme2) { return { ulPadding: css({ margin: theme.spacing(1, 0), paddingLeft: theme.spacing(5), }), }; }