public/grafana
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
21,769 Commits 655 Branches 650 Tags
846b9327a54aa41e40b3a5b0a1c19ccda315e310
Commit Graph

89 Commits

Author SHA1 Message Date
Marcus Efraimsson
e210725d3d DataProxy: Restore Set-Cookie header after proxy request (#16838) 
If Grafana rotates the user's auth token during a request to the data 
source proxy it will set the Set-Cookie header with new auth token in 
response before proxying the request to the datasource.
Before this fix the Set-Cookie response header was cleared after the 
proxied request was finished to make sure that proxied datasources 
cannot affect cookies in users browsers. This had the consequence 
of accidentally also clearing the new auth token set in Set-Cookie 
header.
With this fix the original Set-Cookie value in response header is now 
restored after the proxied datasource request is finished. The existing
logic of clearing Set-Cookie response header from proxied request 
have been left intact.

Fixes #16757
 2019-05-01 16:32:03 +02:00
Andrej Ocenas
66f6e16916 Security: Store datasource passwords encrypted in secureJsonData (#16175) 
* Store passwords in secureJsonData

* Revert unnecessary refactors

* Fix for nil jsonSecureData value

* Remove copied encryption code from migration

* Fix wrong field reference

* Remove migration and provisioning changes

* Use password getters in datasource proxy

* Refactor password handling in datasource configs

* Add provisioning warnings

* Update documentation

* Remove migration command, moved to separate PR

* Remove unused code

* Set the upgrade version

* Remove unused code

* Remove double reference
 2019-04-15 11:11:17 +02:00
Sean Lafferty
b696492891 Rename dispatched commands to make them easy to grok 2019-03-20 14:32:41 -04:00
Sean Lafferty
3f9a19dcd5 Merge branch 'master' into 12556-oauth-pass-thru 2019-03-14 13:18:00 -04:00
Andrej Ocenas
697a87b7b2 Add check so that header is not sent for anonymous users 2019-03-14 16:33:21 +01:00
Andrej Ocenas
bbdc1c0e64 Add custom header with grafana user and a config switch for it 2019-03-14 16:33:19 +01:00
Sean Lafferty
fcc18d8121 Change import path for social in the tests 2019-03-13 14:55:22 -04:00
Sean Lafferty
8d8119aa98 Change import path for social since it has moved 2019-03-13 14:34:55 -04:00
Sean Lafferty
8d19ca005f Merge branch 'master' into 12556-oauth-pass-thru 2019-03-13 14:25:43 -04:00
Sean Lafferty
7e62394d01 Add function in ds_proxy to handle oauthPassThru headers 2019-03-13 13:45:32 -04:00
Sean Lafferty
4324a7f51a Remove auth module from ds_proxy oauth test 2019-03-13 13:28:49 -04:00
Sean Lafferty
3b15e110a5 Get most recent oauth token from db, rather than lookup by auth_module 2019-03-13 13:22:22 -04:00
Marcus Efraimsson
a1cd550df4 revert ds_proxy timeout and implement dataproxy timeout correctly 2019-02-11 13:42:05 +01:00
Sean Lafferty
5a59cdf0ef Add oauth pass-thru option for datasources 2019-02-01 19:40:57 -05:00
Mario Trangoni
8261613b51 pkg/util/{ip.go,url.go}: Fix some golint issues 
See,
$ gometalinter --vendor --deadline 10m --disable-all --enable=golint  ./...
ip.go:8:6⚠️ func SplitIpPort should be SplitIPPort (golint)
url.go:14:6⚠️ func NewUrlQueryReader should be NewURLQueryReader (golint)
url.go:9:6⚠️ type UrlQueryReader should be URLQueryReader (golint)
url.go:37:6⚠️ func JoinUrlFragments should be JoinURLFragments (golint)
 2019-01-28 22:29:20 +01:00
Benjamin Reed
9108fd1b9d add global datasource proxy timeout setting 
closes grafana#5699
 2019-01-24 14:06:48 -05:00
Brian Gann
02365514f9 redact value for plugin proxy routes 2018-12-04 22:35:00 -06:00
Kornelijus Survila
0cafd9a663 dataproxy: Override incoming Authorization header 2018-11-30 12:12:55 -07:00
Julien Pivotto
62417ca69f Remove Origin and Referer headers while proxying requests 
Fix #13949
Fix #13328

Signed-off-by: Julien Pivotto <roidelapluie@inuits.eu>
 2018-11-08 14:57:47 +01:00
Erik Sundell
b02a8127ff stackdriver: remove debug comments 2018-10-22 16:11:17 +02:00
Erik Sundell
afe0b4b8db stackdriver: fix typo 2018-10-22 16:11:17 +02:00
Erik Sundell
b2c6c743ce stackdriver: add debug logging 2018-10-22 16:11:17 +02:00
Erik Sundell
cd7b454e25 stackdriver: add default value for authentication type 2018-10-22 16:03:14 +02:00
Erik Sundell
823838a839 stackdriver: wip - remove debug code 2018-10-22 16:03:14 +02:00
Erik Sundell
2b1709b875 stackdriver: only get default token from metadata server when applying route 2018-10-22 16:03:13 +02:00
Erik Sundell
ff5f281508 stackdriver: wip - get metric descriptors in the backend 2018-10-22 16:03:13 +02:00
Erik Sundell
60617d0bf7 stackdriver: wip - add logic for retrieving token from gce metadata server in the auth provider 2018-10-22 16:03:13 +02:00
Erik Sundell
3f9ed2efaa stackdriver: wip - temp remove jwt token auth 2018-10-22 16:03:12 +02:00
Erik Sundell
b2de0d8c3e stackdriver: wip - always use gce default account for stackdriver 2018-10-22 16:03:12 +02:00
Erik Sundell
2002162073 stackdriver: wip - add scope and remove debug code 2018-10-22 16:03:12 +02:00
Erik Sundell
df215d9d09 stackdriver: WIP - test retrieving project id from gce metadata 2018-10-22 16:03:12 +02:00
Mitsuhiro Tanda
fbe0ffd10b skip jwt token auth if privateKey is empty 2018-10-22 16:03:12 +02:00
Mitsuhiro Tanda
43aa6603a3 fetch token from GCE metadata server 2018-10-22 16:03:12 +02:00
Marcus Efraimsson
2b1e4d001a Merge pull request #13326 from ryantxu/proxy-slash 
Keep trailing slash for datasource proxy requests
 2018-10-04 14:38:34 +02:00
Marcus Efraimsson
8bf4d68035 add datasource proxy test to verify trailing slashes are forwarded 2018-10-03 12:28:30 +02:00
Daniel Lee
d11f67eb25 stackdriver: change info logging to debug logging 2018-09-28 16:16:27 +02:00
Torkel Ödegaard
6db0880fd8 invalidate access token cache after datasource is updated 2018-09-21 14:24:44 +02:00
Ryan McKinley
7c6227c061 remove the test that does not do anything 2018-09-18 11:18:55 -07:00
Ryan McKinley
71dfeff782 add a test 2018-09-17 12:28:36 -07:00
Daniel Lee
982e095f85 dsproxy: add mutex protection to the token caches 2018-09-14 11:13:09 +02:00
Erik Sundell
56e8e50497 Stackdriver: Use ds_auth_provider in stackdriver. This will make sure the token is renewed when it has exporired 2018-09-14 09:38:16 +02:00
Erik Sundell
db170845b0 Stackdriver: Restructured ds proxy tests 2018-09-14 09:38:16 +02:00
Daniel Lee
05f6710454 stackdriver: fix test 2018-09-14 09:38:16 +02:00
Erik Sundell
1725940ab9 Stackdriver: Add new file 2018-09-14 09:38:16 +02:00
Erik Sundell
6a610558c4 Stackdriver: Start breaking out apply route to its own file 2018-09-14 09:38:16 +02:00
Erik Sundell
23339e4322 Stackdriver: Use new access token API 2018-09-14 09:35:28 +02:00
Erik Sundell
71af62e741 Stackdriver: Temporary exporting token lookup 2018-09-14 09:35:28 +02:00
Erik Sundell
92d631986f Stackdriver: Removed debug logging 2018-09-14 09:35:27 +02:00
Daniel Lee
e7648c4070 dsproxy: implements support for plugin routes with jwt file 
Google Cloud service accounts use a JWT token to get an
oauth access token. This adds support for that.
 2018-09-14 09:35:27 +02:00
Erik Sundell
a4ef4792bc Stackdriver: Add scope for google resource manager 2018-09-14 09:35:26 +02:00