apitech
/
grafana
mirror of https://github.com/grafana/grafana
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
The open and composable observability and data visualization platform. Visualize metrics, logs, and traces from multiple sources like Prometheus, Loki, Elasticsearch, InfluxDB, Postgres and many more.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
39723 Commits
1680 Branches
645 Tags
2.2 GiB
 
 
 
 
 
 
Tag: Branch: Tree: 10cfc27397
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '10cfc27397'
${ noResults }
grafana/pkg/tsdb/azuremonitor/credentials_test.go

209 lines
6.7 KiB
Raw Blame History

package azuremonitor
import (
"testing"
"github.com/grafana/grafana-azure-sdk-go/azcredentials"
"github.com/grafana/grafana-azure-sdk-go/azsettings"
"github.com/grafana/grafana/pkg/components/simplejson"
"github.com/grafana/grafana/pkg/setting"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
func TestCredentials_getAuthType(t *testing.T) {
cfg := &setting.Cfg{
Azure: &azsettings.AzureSettings{},
}
t.Run("when managed identities enabled", func(t *testing.T) {
cfg.Azure.ManagedIdentityEnabled = true
t.Run("should be client secret if auth type is set to client secret", func(t *testing.T) {
jsonData := simplejson.NewFromAny(map[string]interface{}{
"azureAuthType": azcredentials.AzureAuthClientSecret,
})
authType := getAuthType(cfg, jsonData)
assert.Equal(t, azcredentials.AzureAuthClientSecret, authType)
})
t.Run("should be managed identity if datasource not configured", func(t *testing.T) {
jsonData := simplejson.NewFromAny(map[string]interface{}{
"azureAuthType": "",
})
authType := getAuthType(cfg, jsonData)
assert.Equal(t, azcredentials.AzureAuthManagedIdentity, authType)
})
t.Run("should be client secret if auth type not specified but credentials configured", func(t *testing.T) {
jsonData := simplejson.NewFromAny(map[string]interface{}{
"azureAuthType": "",
"tenantId": "9b9d90ee-a5cc-49c2-b97e-0d1b0f086b5c",
"clientId": "849ccbb0-92eb-4226-b228-ef391abd8fe6",
})
authType := getAuthType(cfg, jsonData)
assert.Equal(t, azcredentials.AzureAuthClientSecret, authType)
})
})
t.Run("when managed identities disabled", func(t *testing.T) {
cfg.Azure.ManagedIdentityEnabled = false
t.Run("should be managed identity if auth type is set to managed identity", func(t *testing.T) {
jsonData := simplejson.NewFromAny(map[string]interface{}{
"azureAuthType": azcredentials.AzureAuthManagedIdentity,
})
authType := getAuthType(cfg, jsonData)
assert.Equal(t, azcredentials.AzureAuthManagedIdentity, authType)
})
t.Run("should be client secret if datasource not configured", func(t *testing.T) {
jsonData := simplejson.NewFromAny(map[string]interface{}{
"azureAuthType": "",
})
authType := getAuthType(cfg, jsonData)
assert.Equal(t, azcredentials.AzureAuthClientSecret, authType)
})
})
}
func TestCredentials_getAzureCloud(t *testing.T) {
cfg := &setting.Cfg{
Azure: &azsettings.AzureSettings{
Cloud: azsettings.AzureChina,
},
}
t.Run("when auth type is managed identity", func(t *testing.T) {
jsonData := simplejson.NewFromAny(map[string]interface{}{
"azureAuthType": azcredentials.AzureAuthManagedIdentity,
"cloudName": azureMonitorGermany,
})
t.Run("should be from server configuration regardless of datasource value", func(t *testing.T) {
cloud, err := getAzureCloud(cfg, jsonData)
require.NoError(t, err)
assert.Equal(t, azsettings.AzureChina, cloud)
})
t.Run("should be public if not set in server configuration", func(t *testing.T) {
cfg := &setting.Cfg{
Azure: &azsettings.AzureSettings{
Cloud: "",
},
}
cloud, err := getAzureCloud(cfg, jsonData)
require.NoError(t, err)
assert.Equal(t, azsettings.AzurePublic, cloud)
})
})
t.Run("when auth type is client secret", func(t *testing.T) {
t.Run("should be from datasource value normalized to known cloud name", func(t *testing.T) {
jsonData := simplejson.NewFromAny(map[string]interface{}{
"azureAuthType": azcredentials.AzureAuthClientSecret,
"cloudName": azureMonitorUSGovernment,
})
cloud, err := getAzureCloud(cfg, jsonData)
require.NoError(t, err)
assert.Equal(t, azsettings.AzureUSGovernment, cloud)
})
t.Run("should be from server configuration if not set in datasource", func(t *testing.T) {
jsonData := simplejson.NewFromAny(map[string]interface{}{
"azureAuthType": azcredentials.AzureAuthClientSecret,
"cloudName": "",
})
cloud, err := getAzureCloud(cfg, jsonData)
require.NoError(t, err)
assert.Equal(t, azsettings.AzureChina, cloud)
})
})
}
func TestCredentials_getAzureCredentials(t *testing.T) {
cfg := &setting.Cfg{
Azure: &azsettings.AzureSettings{
Cloud: azsettings.AzureChina,
},
}
secureJsonData := map[string]string{
"clientSecret": "59e3498f-eb12-4943-b8f0-a5aa42640058",
}
t.Run("when auth type is managed identity", func(t *testing.T) {
jsonData := simplejson.NewFromAny(map[string]interface{}{
"azureAuthType": azcredentials.AzureAuthManagedIdentity,
"cloudName": azureMonitorGermany,
"tenantId": "9b9d90ee-a5cc-49c2-b97e-0d1b0f086b5c",
"clientId": "849ccbb0-92eb-4226-b228-ef391abd8fe6",
})
t.Run("should return managed identity credentials", func(t *testing.T) {
credentials, err := getAzureCredentials(cfg, jsonData, secureJsonData)
require.NoError(t, err)
require.IsType(t, &azcredentials.AzureManagedIdentityCredentials{}, credentials)
msiCredentials := credentials.(*azcredentials.AzureManagedIdentityCredentials)
// Azure Monitor datasource doesn't support user-assigned managed identities (ClientId is always empty)
assert.Equal(t, "", msiCredentials.ClientId)
})
})
t.Run("when auth type is client secret", func(t *testing.T) {
jsonData := simplejson.NewFromAny(map[string]interface{}{
"azureAuthType": azcredentials.AzureAuthClientSecret,
"cloudName": azUSGovManagement,
"tenantId": "9b9d90ee-a5cc-49c2-b97e-0d1b0f086b5c",
"clientId": "849ccbb0-92eb-4226-b228-ef391abd8fe6",
})
t.Run("should return client secret credentials", func(t *testing.T) {
cfg := &setting.Cfg{
Azure: &azsettings.AzureSettings{
Cloud: azsettings.AzureChina,
},
}
credentials, err := getAzureCredentials(cfg, jsonData, secureJsonData)
require.NoError(t, err)
require.IsType(t, &azcredentials.AzureClientSecretCredentials{}, credentials)
clientSecretCredentials := credentials.(*azcredentials.AzureClientSecretCredentials)
assert.Equal(t, azsettings.AzureChina, clientSecretCredentials.AzureCloud)
assert.Equal(t, "9b9d90ee-a5cc-49c2-b97e-0d1b0f086b5c", clientSecretCredentials.TenantId)
assert.Equal(t, "849ccbb0-92eb-4226-b228-ef391abd8fe6", clientSecretCredentials.ClientId)
assert.Equal(t, "59e3498f-eb12-4943-b8f0-a5aa42640058", clientSecretCredentials.ClientSecret)
// Azure Monitor datasource doesn't support custom IdP authorities (Authority is always empty)
assert.Equal(t, "", clientSecretCredentials.Authority)
})
t.Run("should error if no client secret is set", func(t *testing.T) {
cfg := &setting.Cfg{}
_, err := getAzureCredentials(cfg, jsonData, map[string]string{
"clientSecret": "",
})
require.ErrorContains(t, err, "clientSecret must be set")
})
})
}