Add ReadSettings to get config settings from context (#118)

Author: iwysiu

pkg/awsds/authSettings.go

@@ -0,0 +1,197 @@
+package awsds
+
+import (
+	"context"
+	"os"
+	"strconv"
+	"strings"
+
+	"github.com/aws/aws-sdk-go/aws/credentials/stscreds"
+	"github.com/grafana/grafana-plugin-sdk-go/backend"
+	"github.com/grafana/grafana-plugin-sdk-go/backend/gtime"
+	"github.com/grafana/grafana-plugin-sdk-go/backend/proxy"
+)
+
+const (
+	// AllowedAuthProvidersEnvVarKeyName is the string literal for the aws allowed auth providers environment variable key name
+	AllowedAuthProvidersEnvVarKeyName = "AWS_AUTH_AllowedAuthProviders"
+
+	// AssumeRoleEnabledEnvVarKeyName is the string literal for the aws assume role enabled environment variable key name
+	AssumeRoleEnabledEnvVarKeyName = "AWS_AUTH_AssumeRoleEnabled"
+
+	// SessionDurationEnvVarKeyName is the string literal for the session duration variable key name
+	SessionDurationEnvVarKeyName = "AWS_AUTH_SESSION_DURATION"
+
+	// GrafanaAssumeRoleExternalIdKeyName is the string literal for the grafana assume role external id environment variable key name
+	GrafanaAssumeRoleExternalIdKeyName = "AWS_AUTH_EXTERNAL_ID"
+
+	// GrafanaListMetricsPageLimit is the string literal for the cloudwatch list metrics page limit key name
+	GrafanaListMetricsPageLimit = "AWS_CW_LIST_METRICS_PAGE_LIMIT"
+
+	defaultAssumeRoleEnabled         = true
+	defaultListMetricsPageLimit      = 500
+	defaultSecureSocksDSProxyEnabled = false
+)
+
+// ReadAuthSettings gets the Grafana auth settings from the context if its available, the environment variables if not
+func ReadAuthSettings(ctx context.Context) *AuthSettings {
+	settings, exists := ReadAuthSettingsFromContext(ctx)
+	if !exists {
+		settings = ReadAuthSettingsFromEnvironmentVariables()
+	}
+	return settings
+}
+
+func defaultAuthSettings() *AuthSettings {
+	return &AuthSettings{
+		AllowedAuthProviders:      []string{"default", "keys", "credentials"},
+		AssumeRoleEnabled:         defaultAssumeRoleEnabled,
+		SessionDuration:           &stscreds.DefaultDuration,
+		ListMetricsPageLimit:      defaultListMetricsPageLimit,
+		SecureSocksDSProxyEnabled: defaultSecureSocksDSProxyEnabled,
+	}
+}
+
+// ReadAuthSettingsFromContext tries to get the auth settings from the GrafanaConfig in ctx, and returns true if it finds a config
+func ReadAuthSettingsFromContext(ctx context.Context) (*AuthSettings, bool) {
+	cfg := backend.GrafanaConfigFromContext(ctx)
+	// initialize settings with the default values set
+	settings := defaultAuthSettings()
+	if cfg == nil {
+		return settings, false
+	}
+	hasSettings := false
+
+	if providers := cfg.Get(AllowedAuthProvidersEnvVarKeyName); providers != "" {
+		allowedAuthProviders := []string{}
+		for _, authProvider := range strings.Split(providers, ",") {
+			authProvider = strings.TrimSpace(authProvider)
+			if authProvider != "" {
+				allowedAuthProviders = append(allowedAuthProviders, authProvider)
+			}
+		}
+		if len(allowedAuthProviders) != 0 {
+			settings.AllowedAuthProviders = allowedAuthProviders
+		}
+		hasSettings = true
+	}
+
+	if v := cfg.Get(AssumeRoleEnabledEnvVarKeyName); v != "" {
+		assumeRoleEnabled, err := strconv.ParseBool(v)
+		if err == nil {
+			settings.AssumeRoleEnabled = assumeRoleEnabled
+		} else {
+			backend.Logger.Error("could not parse context variable", "var", AllowedAuthProvidersEnvVarKeyName)
+		}
+		hasSettings = true
+	}
+
+	if v := cfg.Get(GrafanaAssumeRoleExternalIdKeyName); v != "" {
+		settings.ExternalID = v
+		hasSettings = true
+	}
+
+	if v := cfg.Get(GrafanaListMetricsPageLimit); v != "" {
+		listMetricsPageLimit, err := strconv.Atoi(v)
+		if err == nil {
+			settings.ListMetricsPageLimit = listMetricsPageLimit
+		} else {
+			backend.Logger.Error("could not parse context variable", "var", GrafanaListMetricsPageLimit)
+		}
+		hasSettings = true
+	}
+
+	if v := cfg.Get(proxy.PluginSecureSocksProxyEnabled); v != "" {
+		secureSocksDSProxyEnabled, err := strconv.ParseBool(v)
+		if err == nil {
+			settings.SecureSocksDSProxyEnabled = secureSocksDSProxyEnabled
+		} else {
+			backend.Logger.Error("could not parse context variable", "var", proxy.PluginSecureSocksProxyEnabled)
+		}
+		hasSettings = true
+	}
+
+	// Users set session duration directly as an environment variable
+	sessionDurationString := os.Getenv(SessionDurationEnvVarKeyName)
+	if sessionDurationString != "" {
+		sessionDuration, err := gtime.ParseDuration(sessionDurationString)
+		if err == nil {
+			settings.SessionDuration = &sessionDuration
+		} else {
+			backend.Logger.Error("could not parse env variable", "var", SessionDurationEnvVarKeyName)
+		}
+	}
+
+	return settings, hasSettings
+}
+
+// ReadAuthSettingsFromEnvironmentVariables gets the Grafana auth settings from the environment variables
+// Deprecated: Use ReadAuthSettingsFromContext instead
+func ReadAuthSettingsFromEnvironmentVariables() *AuthSettings {
+	authSettings := &AuthSettings{}
+	allowedAuthProviders := []string{}
+	providers := os.Getenv(AllowedAuthProvidersEnvVarKeyName)
+	for _, authProvider := range strings.Split(providers, ",") {
+		authProvider = strings.TrimSpace(authProvider)
+		if authProvider != "" {
+			allowedAuthProviders = append(allowedAuthProviders, authProvider)
+		}
+	}
+
+	if len(allowedAuthProviders) == 0 {
+		allowedAuthProviders = []string{"default", "keys", "credentials"}
+		backend.Logger.Warn("could not find allowed auth providers. falling back to 'default, keys, credentials'")
+	}
+	authSettings.AllowedAuthProviders = allowedAuthProviders
+
+	assumeRoleEnabledString := os.Getenv(AssumeRoleEnabledEnvVarKeyName)
+	if len(assumeRoleEnabledString) == 0 {
+		backend.Logger.Warn("environment variable missing. falling back to enable assume role", "var", AssumeRoleEnabledEnvVarKeyName)
+		assumeRoleEnabledString = "true"
+	}
+
+	var err error
+	authSettings.AssumeRoleEnabled, err = strconv.ParseBool(assumeRoleEnabledString)
+	if err != nil {
+		backend.Logger.Error("could not parse env variable", "var", AssumeRoleEnabledEnvVarKeyName)
+		authSettings.AssumeRoleEnabled = defaultAssumeRoleEnabled
+	}
+
+	authSettings.ExternalID = os.Getenv(GrafanaAssumeRoleExternalIdKeyName)
+
+	listMetricsPageLimitString := os.Getenv(GrafanaListMetricsPageLimit)
+	if len(listMetricsPageLimitString) == 0 {
+		backend.Logger.Warn("environment variable missing. falling back to default page limit", "var", GrafanaListMetricsPageLimit)
+		listMetricsPageLimitString = "500"
+	}
+
+	authSettings.ListMetricsPageLimit, err = strconv.Atoi(listMetricsPageLimitString)
+	if err != nil {
+		backend.Logger.Error("could not parse env variable", "var", GrafanaListMetricsPageLimit)
+		authSettings.ListMetricsPageLimit = defaultListMetricsPageLimit
+	}
+
+	sessionDurationString := os.Getenv(SessionDurationEnvVarKeyName)
+	if sessionDurationString != "" {
+		sessionDuration, err := gtime.ParseDuration(sessionDurationString)
+		if err != nil {
+			backend.Logger.Error("could not parse env variable", "var", SessionDurationEnvVarKeyName)
+		} else {
+			authSettings.SessionDuration = &sessionDuration
+		}
+	}
+
+	proxyEnabledString := os.Getenv(proxy.PluginSecureSocksProxyEnabled)
+	if len(proxyEnabledString) == 0 {
+		backend.Logger.Warn("environment variable missing. falling back to enable assume role", "var", AssumeRoleEnabledEnvVarKeyName)
+		proxyEnabledString = "false"
+	}
+
+	authSettings.SecureSocksDSProxyEnabled, err = strconv.ParseBool(proxyEnabledString)
+	if err != nil {
+		backend.Logger.Error("could not parse env variable", "var", proxy.PluginSecureSocksProxyEnabled)
+		authSettings.SecureSocksDSProxyEnabled = defaultSecureSocksDSProxyEnabled
+	}
+
+	return authSettings
+}

pkg/awsds/authSettings_test.go

@@ -0,0 +1,157 @@
+package awsds
+
+import (
+	"context"
+	"os"
+	"testing"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws/credentials/stscreds"
+	"github.com/grafana/grafana-plugin-sdk-go/backend"
+	"github.com/grafana/grafana-plugin-sdk-go/backend/proxy"
+	"github.com/stretchr/testify/require"
+)
+
+func TestReadAuthSettingsFromContext(t *testing.T) {
+	tcs := []struct {
+		name                string
+		cfg                 *backend.GrafanaCfg
+		expectedSettings    *AuthSettings
+		expectedHasSettings bool
+	}{
+		{
+			name:                "nil config",
+			cfg:                 nil,
+			expectedSettings:    defaultAuthSettings(),
+			expectedHasSettings: false,
+		},
+		{
+			name:                "empty config",
+			cfg:                 &backend.GrafanaCfg{},
+			expectedSettings:    defaultAuthSettings(),
+			expectedHasSettings: false,
+		},
+		{
+			name:                "nil config map",
+			cfg:                 backend.NewGrafanaCfg(nil),
+			expectedSettings:    defaultAuthSettings(),
+			expectedHasSettings: false,
+		},
+		{
+			name:                "empty config map",
+			cfg:                 backend.NewGrafanaCfg(make(map[string]string)),
+			expectedSettings:    defaultAuthSettings(),
+			expectedHasSettings: false,
+		},
+		{
+			name: "aws settings in config",
+			cfg: backend.NewGrafanaCfg(map[string]string{
+				AllowedAuthProvidersEnvVarKeyName:   "foo , bar,baz",
+				AssumeRoleEnabledEnvVarKeyName:      "false",
+				GrafanaAssumeRoleExternalIdKeyName:  "mock_id",
+				GrafanaListMetricsPageLimit:         "50",
+				proxy.PluginSecureSocksProxyEnabled: "true",
+			}),
+			expectedSettings: &AuthSettings{
+				AllowedAuthProviders:      []string{"foo", "bar", "baz"},
+				AssumeRoleEnabled:         false,
+				ExternalID:                "mock_id",
+				ListMetricsPageLimit:      50,
+				SessionDuration:           &stscreds.DefaultDuration,
+				SecureSocksDSProxyEnabled: true,
+			},
+			expectedHasSettings: true,
+		},
+	}
+	for _, tc := range tcs {
+		t.Run(tc.name, func(t *testing.T) {
+			ctx := backend.WithGrafanaConfig(context.Background(), tc.cfg)
+			settings, hasSettings := ReadAuthSettingsFromContext(ctx)
+
+			require.Equal(t, tc.expectedHasSettings, hasSettings)
+			require.Equal(t, tc.expectedSettings, settings)
+		})
+	}
+}
+
+func TestReadAuthSettings(t *testing.T) {
+	originalExternalId := os.Getenv(GrafanaAssumeRoleExternalIdKeyName)
+	os.Setenv(GrafanaAssumeRoleExternalIdKeyName, "env_id")
+	defer func() {
+		os.Setenv(GrafanaAssumeRoleExternalIdKeyName, originalExternalId)
+	}()
+
+	expectedDuration, err := time.ParseDuration("20m")
+	require.NoError(t, err)
+	expectedSessionContextSettings := &AuthSettings{
+		AllowedAuthProviders:      []string{"foo", "bar", "baz"},
+		AssumeRoleEnabled:         false,
+		SessionDuration:           &expectedDuration, //20 minutes in nanoseconds count,
+		ExternalID:                "mock_id",
+		ListMetricsPageLimit:      50,
+		SecureSocksDSProxyEnabled: true,
+	}
+
+	expectedSessionEnvSettings := &AuthSettings{
+		AllowedAuthProviders:      []string{"env1", "env2"},
+		AssumeRoleEnabled:         true,
+		SessionDuration:           &expectedDuration,
+		ExternalID:                "env_id",
+		ListMetricsPageLimit:      30,
+		SecureSocksDSProxyEnabled: false,
+	}
+
+	require.NoError(t, os.Setenv(AllowedAuthProvidersEnvVarKeyName, "env1,env2"))
+	require.NoError(t, os.Setenv(AssumeRoleEnabledEnvVarKeyName, "true"))
+	require.NoError(t, os.Setenv(GrafanaListMetricsPageLimit, "30"))
+	require.NoError(t, os.Setenv(SessionDurationEnvVarKeyName, "20m"))
+	require.NoError(t, os.Setenv(proxy.PluginSecureSocksProxyEnabled, "false"))
+	defer unsetEnvironmentVariables()
+
+	tcs := []struct {
+		name             string
+		cfg              *backend.GrafanaCfg
+		expectedSettings *AuthSettings
+	}{
+		{
+			name:             "read from env if config is nil",
+			cfg:              nil,
+			expectedSettings: expectedSessionEnvSettings,
+		},
+		{
+			name:             "read from env if config is empty",
+			cfg:              &backend.GrafanaCfg{},
+			expectedSettings: expectedSessionEnvSettings,
+		},
+		{
+			name:             "read from env if config map is nil",
+			cfg:              backend.NewGrafanaCfg(nil),
+			expectedSettings: expectedSessionEnvSettings,
+		},
+		{
+			name:             "read from env if config map is empty",
+			cfg:              backend.NewGrafanaCfg(make(map[string]string)),
+			expectedSettings: expectedSessionEnvSettings,
+		},
+		{
+			name: "read from context",
+			cfg: backend.NewGrafanaCfg(map[string]string{
+				AllowedAuthProvidersEnvVarKeyName:   "foo , bar,baz",
+				AssumeRoleEnabledEnvVarKeyName:      "false",
+				GrafanaAssumeRoleExternalIdKeyName:  "mock_id",
+				GrafanaListMetricsPageLimit:         "50",
+				proxy.PluginSecureSocksProxyEnabled: "true",
+			}),
+			expectedSettings: expectedSessionContextSettings,
+		},
+	}
+
+	for _, tc := range tcs {
+		t.Run(tc.name, func(t *testing.T) {
+			ctx := backend.WithGrafanaConfig(context.Background(), tc.cfg)
+			settings := ReadAuthSettings(ctx)
+
+			require.Equal(t, tc.expectedSettings, settings)
+		})
+	}
+}