Datasource: Propagate datasource secret decryption errors to the frontend (#52068) (#52557)

* update decrypt secrets function signature and add secrets error handling * remove a couple instances of unnecessary logging since errors are properly handled now * add unit test * fix linting issues (cherry picked from commit 9aa6ce2a50) Co-authored-by: Michael Mandrus <41969079+mmandrus@users.noreply.github.com>
2022-07-20 18:03:44 -03:00
parent e95c97c119
commit d1f1041aba
9 changed files with 94 additions and 37 deletions
@@ -622,13 +622,9 @@ func (hs *HTTPServer) checkDatasourceHealth(c *models.ReqContext, ds *models.Dat
 	return response.JSON(http.StatusOK, payload)
 }

-func (hs *HTTPServer) decryptSecureJsonDataFn(ctx context.Context) func(ds *models.DataSource) map[string]string {
-	return func(ds *models.DataSource) map[string]string {
-		decryptedJsonData, err := hs.DataSourcesService.DecryptedValues(ctx, ds)
-		if err != nil {
-			hs.log.Error("Failed to decrypt secure json data", "error", err)
-		}
-		return decryptedJsonData
+func (hs *HTTPServer) decryptSecureJsonDataFn(ctx context.Context) func(ds *models.DataSource) (map[string]string, error) {
+	return func(ds *models.DataSource) (map[string]string, error) {
+		return hs.DataSourcesService.DecryptedValues(ctx, ds)
 	}
 }

@@ -2,6 +2,7 @@ package api

 import (
 	"errors"
+	"fmt"
 	"net/http"

 	"github.com/grafana/grafana-plugin-sdk-go/backend"
@@ -23,7 +24,13 @@ func (hs *HTTPServer) handleQueryMetricsError(err error) *response.NormalRespons
 	if errors.Is(err, models.ErrDataSourceNotFound) {
 		return response.Error(http.StatusNotFound, "Data source not found", err)
 	}
-	var badQuery *query.ErrBadQuery
+
+	var secretsPlugin models.ErrDatasourceSecretsPluginUserFriendly
+	if errors.As(err, &secretsPlugin) {
+		return response.Error(http.StatusInternalServerError, fmt.Sprint("Secrets Plugin error: ", err.Error()), err)
+	}
+
+	var badQuery query.ErrBadQuery
 	if errors.As(err, &badQuery) {
 		return response.Error(http.StatusBadRequest, util.Capitalize(badQuery.Message), err)
 	}
@@ -1,7 +1,9 @@
 package api

 import (
+	"bytes"
 	"context"
+	"encoding/json"
 	"fmt"
 	"net/http"
 	"strings"
@@ -37,6 +39,11 @@ type fakePluginRequestValidator struct {
 	err error
 }

+type secretsErrorResponseBody struct {
+	Error   string `json:"error"`
+	Message string `json:"message"`
+}
+
 func (rv *fakePluginRequestValidator) Validate(dsURL string, req *http.Request) error {
 	return rv.err
 }
@@ -101,3 +108,44 @@ func TestAPIEndpoint_Metrics_QueryMetricsV2(t *testing.T) {
 		require.Equal(t, http.StatusMultiStatus, resp.StatusCode)
 	})
 }
+
+func TestAPIEndpoint_Metrics_PluginDecryptionFailure(t *testing.T) {
+	qds := query.ProvideService(
+		nil,
+		nil,
+		nil,
+		&fakePluginRequestValidator{},
+		&fakeDatasources.FakeDataSourceService{SimulatePluginFailure: true},
+		&fakePluginClient{
+			QueryDataHandlerFunc: func(ctx context.Context, req *backend.QueryDataRequest) (*backend.QueryDataResponse, error) {
+				resp := backend.Responses{
+					"A": backend.DataResponse{
+						Error: fmt.Errorf("query failed"),
+					},
+				}
+				return &backend.QueryDataResponse{Responses: resp}, nil
+			},
+		},
+		&fakeOAuthTokenService{},
+	)
+	httpServer := SetupAPITestServer(t, func(hs *HTTPServer) {
+		hs.queryDataService = qds
+	})
+
+	t.Run("Status code is 500 and a secrets plugin error is returned if there is a problem getting secrets from the remote plugin", func(t *testing.T) {
+		req := httpServer.NewPostRequest("/api/ds/query", strings.NewReader(queryDatasourceInput))
+		webtest.RequestWithSignedInUser(req, &models.SignedInUser{UserId: 1, OrgId: 1, OrgRole: models.ROLE_VIEWER})
+		resp, err := httpServer.SendJSON(req)
+		require.NoError(t, err)
+		require.Equal(t, http.StatusInternalServerError, resp.StatusCode)
+		buf := new(bytes.Buffer)
+		_, err = buf.ReadFrom(resp.Body)
+		require.NoError(t, err)
+		require.NoError(t, resp.Body.Close())
+		var resObj secretsErrorResponseBody
+		err = json.Unmarshal(buf.Bytes(), &resObj)
+		require.NoError(t, err)
+		require.Equal(t, "unknown error", resObj.Error)
+		require.Contains(t, resObj.Message, "Secrets Plugin error:")
+	})
+}