public/grafana
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
bd2b4e956bd2fdfd063017856809f4d90118f31e
grafana/pkg/services/pluginsintegration/clientmiddleware/team_headers_middleware.go
T
Eric Leijonmarck be5ba68132 Team LBAC: Add teamHeaders for datasource proxy requests (#76339) 
* Add teamHeaders for datasource proxy requests

* adds validation for the teamHeaders

* added tests for applying teamHeaders

* remove previous implementation

* validation for header values being set to authproxy

* removed unnecessary checks

* newline

* Add middleware for injecting headers on the data source backend

* renamed feature toggle

* Get user teams from context

* Fix feature toggle name

* added test for validation of the auth headers and fixed evaluation to cover headers

* renaming of teamHeaders to teamHTTPHeaders

* use of header set for non-existing header and add for existing headers

* moves types into datasources

* fixed unchecked errors

* Refactor

* Add tests for data model

* Update pkg/api/datasources.go

Co-authored-by: Victor Cinaglia <victor@grafana.com>

* Update pkg/api/datasources.go

Co-authored-by: Victor Cinaglia <victor@grafana.com>

---------

Co-authored-by: Alexander Zobnin <alexanderzobnin@gmail.com>
Co-authored-by: Victor Cinaglia <victor@grafana.com>
2023-10-17 11:23:54 +01:00

132 lines
3.8 KiB
Go
Raw Blame History

package clientmiddleware
import (
"context"
"github.com/grafana/grafana-plugin-sdk-go/backend"
"github.com/grafana/grafana/pkg/components/simplejson"
"github.com/grafana/grafana/pkg/infra/appcontext"
"github.com/grafana/grafana/pkg/plugins"
"github.com/grafana/grafana/pkg/services/contexthandler"
"github.com/grafana/grafana/pkg/services/datasources"
"github.com/grafana/grafana/pkg/util/proxyutil"
)
// NewTeamHTTPHeaderMiddleware creates a new plugins.ClientMiddleware that will
// set headers based on teams user is member of.
func NewTeamHTTPHeadersMiddleware() plugins.ClientMiddleware {
return plugins.ClientMiddlewareFunc(func(next plugins.Client) plugins.Client {
return &TeamHTTPHeadersMiddleware{
next: next,
}
})
}
type TeamHTTPHeadersMiddleware struct {
next plugins.Client
}
func (m *TeamHTTPHeadersMiddleware) QueryData(ctx context.Context, req *backend.QueryDataRequest) (*backend.QueryDataResponse, error) {
if req == nil {
return m.next.QueryData(ctx, req)
}
err := m.setHeaders(ctx, req.PluginContext, req)
if err != nil {
return nil, err
}
return m.next.QueryData(ctx, req)
}
func (m *TeamHTTPHeadersMiddleware) CallResource(ctx context.Context, req *backend.CallResourceRequest, sender backend.CallResourceResponseSender) error {
if req == nil {
return m.next.CallResource(ctx, req, sender)
}
err := m.setHeaders(ctx, req.PluginContext, req)
if err != nil {
return err
}
return m.next.CallResource(ctx, req, sender)
}
func (m *TeamHTTPHeadersMiddleware) CheckHealth(ctx context.Context, req *backend.CheckHealthRequest) (*backend.CheckHealthResult, error) {
if req == nil {
return m.next.CheckHealth(ctx, req)
}
// NOTE: might not be needed to set headers. we want to for now set these headers
err := m.setHeaders(ctx, req.PluginContext, req)
if err != nil {
return nil, err
}
return m.next.CheckHealth(ctx, req)
}
func (m *TeamHTTPHeadersMiddleware) CollectMetrics(ctx context.Context, req *backend.CollectMetricsRequest) (*backend.CollectMetricsResult, error) {
return m.next.CollectMetrics(ctx, req)
}
func (m *TeamHTTPHeadersMiddleware) SubscribeStream(ctx context.Context, req *backend.SubscribeStreamRequest) (*backend.SubscribeStreamResponse, error) {
return m.next.SubscribeStream(ctx, req)
}
func (m *TeamHTTPHeadersMiddleware) PublishStream(ctx context.Context, req *backend.PublishStreamRequest) (*backend.PublishStreamResponse, error) {
return m.next.PublishStream(ctx, req)
}
func (m *TeamHTTPHeadersMiddleware) RunStream(ctx context.Context, req *backend.RunStreamRequest, sender *backend.StreamSender) error {
return m.next.RunStream(ctx, req, sender)
}
func (m *TeamHTTPHeadersMiddleware) setHeaders(ctx context.Context, pCtx backend.PluginContext, req interface{}) error {
reqCtx := contexthandler.FromContext(ctx)
// if request not for a datasource or no HTTP request context skip middleware
if req == nil || pCtx.DataSourceInstanceSettings == nil || reqCtx == nil || reqCtx.Req == nil {
return nil
}
settings := pCtx.DataSourceInstanceSettings
jsonDataBytes, err := simplejson.NewJson(settings.JSONData)
if err != nil {
return err
}
ds := &datasources.DataSource{
ID: settings.ID,
OrgID: pCtx.OrgID,
JsonData: jsonDataBytes,
Updated: settings.Updated,
}
signedInUser, err := appcontext.User(ctx)
if err != nil {
return nil // no user
}
teamHTTPHeaders, err := proxyutil.GetTeamHTTPHeaders(ds, signedInUser.GetTeams())
if err != nil {
return err
}
switch t := req.(type) {
case *backend.QueryDataRequest:
for key, value := range teamHTTPHeaders {
t.SetHTTPHeader(key, value)
}
case *backend.CheckHealthRequest:
for key, value := range teamHTTPHeaders {
t.SetHTTPHeader(key, value)
}
case *backend.CallResourceRequest:
for key, value := range teamHTTPHeaders {
t.SetHTTPHeader(key, value)
}
}
return nil
}
Reference in New Issue View Git Blame Copy Permalink