From c0adf1022becbe6cccfa61a7121d033cbe0f73a7 Mon Sep 17 00:00:00 2001 From: "Grot (@grafanabot)" <43478413+grafanabot@users.noreply.github.com> Date: Tue, 10 Nov 2020 19:35:53 +0530 Subject: [PATCH] Plugins: allow override when allowing unsigned plugins (#28901) (#28927) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Plugins: allow override when allowing unsigned plugins * Update pkg/plugins/plugins.go Co-authored-by: Emil Tullstedt * Plugins: removed java-style setter * Plugins: cleanup * Update pkg/plugins/plugins.go Co-authored-by: Agnès Toulet <35176601+AgnesToulet@users.noreply.github.com> Co-authored-by: Emil Tullstedt Co-authored-by: Agnès Toulet <35176601+AgnesToulet@users.noreply.github.com> (cherry picked from commit 8fb06da34e677d535d343f048a6e33f8233ebb5b) Co-authored-by: Leonard Gram --- pkg/plugins/plugins.go | 62 +++++++++++++++++++++++++++--------------- 1 file changed, 40 insertions(+), 22 deletions(-) diff --git a/pkg/plugins/plugins.go b/pkg/plugins/plugins.go index 444af0bd8d5..ecaddc7f79e 100644 --- a/pkg/plugins/plugins.go +++ b/pkg/plugins/plugins.go @@ -41,14 +41,17 @@ var ( pluginScanningErrors map[string]*PluginError ) +type unsignedPluginConditionFunc = func(plugin *PluginBase) bool + type PluginScanner struct { - pluginPath string - errors []error - backendPluginManager backendplugin.Manager - cfg *setting.Cfg - requireSigned bool - log log.Logger - plugins map[string]*PluginBase + pluginPath string + errors []error + backendPluginManager backendplugin.Manager + cfg *setting.Cfg + requireSigned bool + log log.Logger + plugins map[string]*PluginBase + allowUnsignedPluginsCondition unsignedPluginConditionFunc } type PluginManager struct { @@ -56,6 +59,10 @@ type PluginManager struct { Cfg *setting.Cfg `inject:""` log log.Logger scanningErrors []error + + // AllowUnsignedPluginsCondition changes the policy for allowing unsigned plugins. Signature validation only runs when plugins are starting + // and running plugins will not be terminated if they violate the new policy. + AllowUnsignedPluginsCondition unsignedPluginConditionFunc } func init() { @@ -188,12 +195,13 @@ func (pm *PluginManager) scanPluginPaths() error { // scan a directory for plugins. func (pm *PluginManager) scan(pluginDir string, requireSigned bool) error { scanner := &PluginScanner{ - pluginPath: pluginDir, - backendPluginManager: pm.BackendPluginManager, - cfg: pm.Cfg, - requireSigned: requireSigned, - log: pm.log, - plugins: map[string]*PluginBase{}, + pluginPath: pluginDir, + backendPluginManager: pm.BackendPluginManager, + cfg: pm.Cfg, + requireSigned: requireSigned, + log: pm.log, + plugins: map[string]*PluginBase{}, + allowUnsignedPluginsCondition: pm.AllowUnsignedPluginsCondition, } // 1st pass: Scan plugins, also mapping plugins to their respective directories @@ -406,21 +414,13 @@ func (s *PluginScanner) validateSignature(plugin *PluginBase) *PluginError { switch plugin.Signature { case PluginSignatureUnsigned: - allowUnsigned := false - for _, plug := range s.cfg.PluginsAllowUnsigned { - if plug == plugin.Id { - allowUnsigned = true - break - } - } - if setting.Env != setting.Dev && !allowUnsigned { + if allowed := s.allowUnsigned(plugin); !allowed { s.log.Debug("Plugin is unsigned", "id", plugin.Id) s.errors = append(s.errors, fmt.Errorf("plugin %q is unsigned", plugin.Id)) return &PluginError{ ErrorCode: signatureMissing, } } - s.log.Warn("Running an unsigned backend plugin", "pluginID", plugin.Id, "pluginDir", plugin.PluginDir) return nil @@ -441,6 +441,24 @@ func (s *PluginScanner) validateSignature(plugin *PluginBase) *PluginError { } } +func (s *PluginScanner) allowUnsigned(plugin *PluginBase) bool { + if s.allowUnsignedPluginsCondition != nil { + return s.allowUnsignedPluginsCondition(plugin) + } + + if setting.Env == setting.Dev { + return true + } + + for _, plug := range s.cfg.PluginsAllowUnsigned { + if plug == plugin.Id { + return true + } + } + + return false +} + func ScanningErrors() []PluginError { scanningErrs := make([]PluginError, 0) for id, e := range pluginScanningErrors {