Example #1
0
func (cmd *UpdatePluginSettingCmd) GetEncryptedJsonData() SecureJsonData {
	encrypted := make(SecureJsonData)
	for key, data := range cmd.SecureJsonData {
		encrypted[key] = util.Encrypt([]byte(data), setting.SecretKey)
	}
	return encrypted
}
Example #2
0
func UpdatePluginSetting(cmd *m.UpdatePluginSettingCmd) error {
	return inTransaction2(func(sess *session) error {
		var pluginSetting m.PluginSetting

		exists, err := sess.Where("org_id=? and plugin_id=?", cmd.OrgId, cmd.PluginId).Get(&pluginSetting)
		sess.UseBool("enabled")
		sess.UseBool("pinned")
		if !exists {
			pluginSetting = m.PluginSetting{
				PluginId:       cmd.PluginId,
				OrgId:          cmd.OrgId,
				Enabled:        cmd.Enabled,
				Pinned:         cmd.Pinned,
				JsonData:       cmd.JsonData,
				SecureJsonData: cmd.GetEncryptedJsonData(),
				Created:        time.Now(),
				Updated:        time.Now(),
			}
			_, err = sess.Insert(&pluginSetting)
			return err
		} else {
			for key, data := range cmd.SecureJsonData {
				pluginSetting.SecureJsonData[key] = util.Encrypt([]byte(data), setting.SecretKey)
			}
			pluginSetting.Updated = time.Now()
			pluginSetting.Enabled = cmd.Enabled
			pluginSetting.JsonData = cmd.JsonData
			pluginSetting.Pinned = cmd.Pinned
			_, err = sess.Id(pluginSetting.Id).Update(&pluginSetting)
			return err
		}
	})
}
Example #3
0
func TestPluginProxy(t *testing.T) {

	Convey("When getting proxy headers", t, func() {
		route := &plugins.AppPluginRoute{
			Headers: []plugins.AppPluginRouteHeader{
				{Name: "x-header", Content: "my secret {{.SecureJsonData.key}}"},
			},
		}

		setting.SecretKey = "password"

		bus.AddHandler("test", func(query *m.GetPluginSettingByIdQuery) error {
			query.Result = &m.PluginSetting{
				SecureJsonData: map[string][]byte{
					"key": util.Encrypt([]byte("123"), "password"),
				},
			}
			return nil
		})

		header, err := getHeaders(route, 1, "my-app")
		So(err, ShouldBeNil)

		Convey("Should render header template", func() {
			So(header.Get("x-header"), ShouldEqual, "my secret 123")
		})
	})

}
Example #4
0
func UpdateAppSettings(cmd *m.UpdateAppSettingsCmd) error {
	return inTransaction2(func(sess *session) error {
		var app m.AppSettings

		exists, err := sess.Where("org_id=? and app_id=?", cmd.OrgId, cmd.AppId).Get(&app)
		sess.UseBool("enabled")
		sess.UseBool("pinned")
		if !exists {
			app = m.AppSettings{
				AppId:          cmd.AppId,
				OrgId:          cmd.OrgId,
				Enabled:        cmd.Enabled,
				Pinned:         cmd.Pinned,
				JsonData:       cmd.JsonData,
				SecureJsonData: cmd.GetEncryptedJsonData(),
				Created:        time.Now(),
				Updated:        time.Now(),
			}
			_, err = sess.Insert(&app)
			return err
		} else {
			for key, data := range cmd.SecureJsonData {
				app.SecureJsonData[key] = util.Encrypt([]byte(data), setting.SecretKey)
			}
			app.SecureJsonData = cmd.GetEncryptedJsonData()
			app.Updated = time.Now()
			app.Enabled = cmd.Enabled
			app.JsonData = cmd.JsonData
			app.Pinned = cmd.Pinned
			_, err = sess.Id(app.Id).Update(&app)
			return err
		}
	})
}
Example #5
0
func GetEncryptedJsonData(sjd map[string]string) SecureJsonData {
	encrypted := make(SecureJsonData)
	for key, data := range sjd {
		encrypted[key] = util.Encrypt([]byte(data), setting.SecretKey)
	}
	return encrypted
}
Example #6
0
func UpdatePluginSetting(cmd *m.UpdatePluginSettingCmd) error {
	return inTransaction2(func(sess *session) error {
		var pluginSetting m.PluginSetting

		exists, err := sess.Where("org_id=? and plugin_id=?", cmd.OrgId, cmd.PluginId).Get(&pluginSetting)
		sess.UseBool("enabled")
		sess.UseBool("pinned")
		if !exists {
			pluginSetting = m.PluginSetting{
				PluginId:       cmd.PluginId,
				OrgId:          cmd.OrgId,
				Enabled:        cmd.Enabled,
				Pinned:         cmd.Pinned,
				JsonData:       cmd.JsonData,
				PluginVersion:  cmd.PluginVersion,
				SecureJsonData: cmd.GetEncryptedJsonData(),
				Created:        time.Now(),
				Updated:        time.Now(),
			}

			// add state change event on commit success
			sess.events = append(sess.events, &m.PluginStateChangedEvent{
				PluginId: cmd.PluginId,
				OrgId:    cmd.OrgId,
				Enabled:  cmd.Enabled,
			})

			_, err = sess.Insert(&pluginSetting)
			return err
		} else {
			for key, data := range cmd.SecureJsonData {
				pluginSetting.SecureJsonData[key] = util.Encrypt([]byte(data), setting.SecretKey)
			}

			// add state change event on commit success
			if pluginSetting.Enabled != cmd.Enabled {
				sess.events = append(sess.events, &m.PluginStateChangedEvent{
					PluginId: cmd.PluginId,
					OrgId:    cmd.OrgId,
					Enabled:  cmd.Enabled,
				})
			}

			pluginSetting.Updated = time.Now()
			pluginSetting.Enabled = cmd.Enabled
			pluginSetting.JsonData = cmd.JsonData
			pluginSetting.Pinned = cmd.Pinned
			pluginSetting.PluginVersion = cmd.PluginVersion

			_, err = sess.Id(pluginSetting.Id).Update(&pluginSetting)
			return err
		}
	})
}
Example #7
0
func TestDataSourceCache(t *testing.T) {
	Convey("When caching a datasource proxy", t, func() {
		clearCache()
		ds := DataSource{
			Id:   1,
			Url:  "http://k8s:8001",
			Type: "Kubernetes",
		}

		t1, err := ds.GetHttpTransport()
		So(err, ShouldBeNil)

		t2, err := ds.GetHttpTransport()
		So(err, ShouldBeNil)

		Convey("Should be using the cached proxy", func() {
			So(t2, ShouldEqual, t1)
		})
	})

	Convey("When getting kubernetes datasource proxy", t, func() {
		clearCache()
		setting.SecretKey = "password"

		json := simplejson.New()
		json.Set("tlsAuth", true)
		json.Set("tlsAuthWithCACert", true)

		t := time.Now()
		ds := DataSource{
			Url:     "http://k8s:8001",
			Type:    "Kubernetes",
			Updated: t.Add(-2 * time.Minute),
		}

		transport, err := ds.GetHttpTransport()
		So(err, ShouldBeNil)

		Convey("Should have no cert", func() {
			So(transport.TLSClientConfig.InsecureSkipVerify, ShouldEqual, true)
		})

		ds.JsonData = json
		ds.SecureJsonData = map[string][]byte{
			"tlsCACert":     util.Encrypt([]byte(caCert), "password"),
			"tlsClientCert": util.Encrypt([]byte(clientCert), "password"),
			"tlsClientKey":  util.Encrypt([]byte(clientKey), "password"),
		}
		ds.Updated = t.Add(-1 * time.Minute)

		transport, err = ds.GetHttpTransport()
		So(err, ShouldBeNil)

		Convey("Should add cert", func() {
			So(transport.TLSClientConfig.InsecureSkipVerify, ShouldEqual, false)
			So(len(transport.TLSClientConfig.Certificates), ShouldEqual, 1)
		})

		ds.JsonData = nil
		ds.SecureJsonData = map[string][]byte{}
		ds.Updated = t

		transport, err = ds.GetHttpTransport()
		So(err, ShouldBeNil)

		Convey("Should remove cert", func() {
			So(transport.TLSClientConfig.InsecureSkipVerify, ShouldEqual, true)
			So(len(transport.TLSClientConfig.Certificates), ShouldEqual, 0)
		})
	})
}
Example #8
0
func TestDataSourceProxy(t *testing.T) {

	Convey("When getting graphite datasource proxy", t, func() {
		ds := m.DataSource{Url: "htttp://graphite:8080", Type: m.DS_GRAPHITE}
		targetUrl, err := url.Parse(ds.Url)
		proxy := NewReverseProxy(&ds, "/render", targetUrl)
		proxy.Transport, err = DataProxyTransport(&ds)
		So(err, ShouldBeNil)

		transport, ok := proxy.Transport.(*http.Transport)
		So(ok, ShouldBeTrue)
		So(transport.TLSClientConfig.InsecureSkipVerify, ShouldBeTrue)

		requestUrl, _ := url.Parse("http://grafana.com/sub")
		req := http.Request{URL: requestUrl}

		proxy.Director(&req)

		Convey("Can translate request url and path", func() {
			So(req.URL.Host, ShouldEqual, "graphite:8080")
			So(req.URL.Path, ShouldEqual, "/render")
		})
	})

	Convey("When getting influxdb datasource proxy", t, func() {
		ds := m.DataSource{
			Type:     m.DS_INFLUXDB_08,
			Url:      "http://influxdb:8083",
			Database: "site",
			User:     "******",
			Password: "******",
		}

		targetUrl, _ := url.Parse(ds.Url)
		proxy := NewReverseProxy(&ds, "", targetUrl)

		requestUrl, _ := url.Parse("http://grafana.com/sub")
		req := http.Request{URL: requestUrl}

		proxy.Director(&req)

		Convey("Should add db to url", func() {
			So(req.URL.Path, ShouldEqual, "/db/site/")
		})

		Convey("Should add username and password", func() {
			queryVals := req.URL.Query()
			So(queryVals["u"][0], ShouldEqual, "user")
			So(queryVals["p"][0], ShouldEqual, "password")
		})
	})

	Convey("When getting kubernetes datasource proxy", t, func() {
		setting.SecretKey = "password"

		json := simplejson.New()
		json.Set("tlsAuth", true)
		json.Set("tlsAuthWithCACert", true)
		ds := m.DataSource{
			Url:      "htttp://k8s:8001",
			Type:     "Kubernetes",
			JsonData: json,
			SecureJsonData: map[string][]byte{
				"tlsCACert":     util.Encrypt([]byte(caCert), "password"),
				"tlsClientCert": util.Encrypt([]byte(clientCert), "password"),
				"tlsClientKey":  util.Encrypt([]byte(clientKey), "password"),
			},
		}
		targetUrl, err := url.Parse(ds.Url)
		proxy := NewReverseProxy(&ds, "", targetUrl)
		proxy.Transport, err = DataProxyTransport(&ds)
		So(err, ShouldBeNil)

		transport, ok := proxy.Transport.(*http.Transport)

		Convey("Should add cert", func() {
			So(ok, ShouldBeTrue)
			So(transport.TLSClientConfig.InsecureSkipVerify, ShouldEqual, false)
			So(len(transport.TLSClientConfig.Certificates), ShouldEqual, 1)
		})
	})

}