✨ Feat: ad cred passtrough initial commit

Author: mullerpeter

docker-compose.yaml

@@ -7,8 +7,8 @@ services:
     build:
       context: ./.config
       args:
-        grafana_image: ${GRAFANA_IMAGE:-grafana-enterprise}
-        grafana_version: ${GRAFANA_VERSION:-10.0.3}
+        grafana_image: ${GRAFANA_IMAGE:-grafana}
+        grafana_version: ${GRAFANA_VERSION:-11.6.0}
     ports:
       - 3000:3000/tcp
     volumes:

go.mod

@@ -6,6 +6,7 @@ toolchain go1.24.2
 
 require (
 	github.com/databricks/databricks-sql-go v1.7.0
+	github.com/grafana/grafana-azure-sdk-go v1.13.1
 	github.com/grafana/grafana-plugin-sdk-go v0.277.0
 	golang.org/x/oauth2 v0.29.0
 )
@@ -76,7 +77,7 @@ require (
 	github.com/olekukonko/tablewriter v0.0.5 // indirect
 	github.com/perimeterx/marshmallow v1.1.5 // indirect
 	github.com/pierrec/lz4/v4 v4.1.22 // indirect
-	github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 // indirect
+	github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/prometheus/client_golang v1.20.5 // indirect
 	github.com/prometheus/client_model v0.6.1 // indirect

go.sum

@@ -94,6 +94,7 @@ github.com/gopherjs/gopherjs v0.0.0-20181103185306-d547d1d9531e h1:JKmoR8x90Iww1
 github.com/gopherjs/gopherjs v0.0.0-20181103185306-d547d1d9531e/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
 github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY=
 github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ=
+github.com/grafana/grafana-azure-sdk-go v1.13.1/go.mod h1:SAlwLdEuox4vw8ZaeQwnepYXnhznnQQdstJbcw8LH68=
 github.com/grafana/grafana-plugin-sdk-go v0.277.0 h1:VDU2F4Y5NeRS//ejctdZtsAshrGaEdbtW33FsK0EQss=
 github.com/grafana/grafana-plugin-sdk-go v0.277.0/go.mod h1:mAUWg68w5+1f5TLDqagIr8sWr1RT9h7ufJl5NMcWJAU=
 github.com/grafana/otel-profiling-go v0.5.1 h1:stVPKAFZSa7eGiqbYuG25VcqYksR6iWvF3YH66t4qL8=
@@ -190,6 +191,7 @@ github.com/pierrec/lz4/v4 v4.1.22 h1:cKFw6uJDK+/gfw5BcDL0JL5aBsAFdsIT18eRtLj7VIU
 github.com/pierrec/lz4/v4 v4.1.22/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4=
 github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 h1:KoWmjvw+nsYOo29YJK9vDA65RGE3NrOnUtO7a+RF9HU=
 github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI=
+github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
@@ -351,6 +353,7 @@ golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=

pkg/integrations/azure_ad.go

@@ -0,0 +1,29 @@
+package integrations
+
+import (
+	"github.com/databricks/databricks-sql-go/auth"
+	"github.com/grafana/grafana-azure-sdk-go/azsettings"
+	"github.com/grafana/grafana-plugin-sdk-go/backend/log"
+	"net/http"
+)
+
+type azureAdCredentials struct {
+	azuresettings *azsettings.AzureSettings
+}
+
+func (c *azureAdCredentials) Authenticate(r *http.Request) error {
+
+	log.DefaultLogger.Info("AzureSetting", "azuresettings", c.azuresettings)
+	ctx := r.Context()
+	log.DefaultLogger.Info("Auth Token", "token", ctx.Value("token"))
+	log.DefaultLogger.Info("Auth IDToken", "idtoken", ctx.Value("idToken"))
+
+	return nil
+
+}
+
+func NewAzureADCredentials(azuresettings *azsettings.AzureSettings) auth.Authenticator {
+	return &azureAdCredentials{
+		azuresettings: azuresettings,
+	}
+}

pkg/plugin/plugin.go

@@ -9,6 +9,7 @@ import (
 	dbsql "github.com/databricks/databricks-sql-go"
 	"github.com/databricks/databricks-sql-go/auth"
 	"github.com/databricks/databricks-sql-go/auth/oauth/m2m"
+	"github.com/grafana/grafana-azure-sdk-go/azsettings"
 	"github.com/grafana/grafana-plugin-sdk-go/backend"
 	"github.com/grafana/grafana-plugin-sdk-go/backend/instancemgmt"
 	"github.com/grafana/grafana-plugin-sdk-go/backend/log"
@@ -69,10 +70,11 @@ type ConnectionSettings struct {
 	MaxRetryDuration time.Duration
 	Timeout          time.Duration
 	MaxRows          int
+	idToken          string
 }
 
 // NewSampleDatasource creates a new datasource instance.
-func NewSampleDatasource(_ context.Context, settings backend.DataSourceInstanceSettings) (instancemgmt.Instance, error) {
+func NewSampleDatasource(ctx context.Context, settings backend.DataSourceInstanceSettings) (instancemgmt.Instance, error) {
 	datasourceSettings := new(DatasourceSettings)
 	err := json.Unmarshal(settings.JSONData, datasourceSettings)
 	if err != nil {
@@ -91,7 +93,7 @@ func NewSampleDatasource(_ context.Context, settings backend.DataSourceInstanceS
 		port = portInt
 	}
 
-	if datasourceSettings.AuthenticationMethod == "m2m" || datasourceSettings.AuthenticationMethod == "oauth2_client_credentials" {
+	if datasourceSettings.AuthenticationMethod == "m2m" || datasourceSettings.AuthenticationMethod == "oauth2_client_credentials" || datasourceSettings.AuthenticationMethod == "azure_ad_forward" {
 		var authenticator auth.Authenticator
 
 		if datasourceSettings.AuthenticationMethod == "oauth2_client_credentials" {
@@ -112,6 +114,15 @@ func NewSampleDatasource(_ context.Context, settings backend.DataSourceInstanceS
 				datasourceSettings.Hostname,
 				[]string{},
 			)
+		} else if datasourceSettings.AuthenticationMethod == "azure_ad_forward" {
+			azureSettings, err := azsettings.ReadSettings(ctx)
+			if err != nil {
+				log.DefaultLogger.Info("Failed to get Azure Setting", "err", err)
+				return nil, err
+			}
+			authenticator = integrations.NewAzureADCredentials(
+				azureSettings,
+			)
 		} else {
 			log.DefaultLogger.Info("Authentication Method Parse Error", "err", nil)
 			return nil, fmt.Errorf("authentication Method Parse Error")
@@ -131,18 +142,11 @@ func NewSampleDatasource(_ context.Context, settings backend.DataSourceInstanceS
 			return nil, err
 		} else {
 			log.DefaultLogger.Info("Init Databricks SQL DB")
-			databricksDB := sql.OpenDB(connector)
-
-			if err := databricksDB.Ping(); err != nil {
-				log.DefaultLogger.Info("Ping Error (Could not ping Databricks)", "err", err)
-				return nil, err
-			}
 
-			SetDatasourceSettings(databricksDB, connectionSettings)
 			log.DefaultLogger.Info("Store Databricks SQL DB Connection")
 			return &Datasource{
 				connector:          connector,
-				databricksDB:       databricksDB,
+				databricksDB:       nil,
 				connectionSettings: connectionSettings,
 			}, nil
 		}
@@ -449,6 +453,22 @@ func (d *Datasource) query(ctx context.Context, pCtx backend.PluginContext, quer
 func (d *Datasource) CheckHealth(ctx context.Context, req *backend.CheckHealthRequest) (*backend.CheckHealthResult, error) {
 	log.DefaultLogger.Info("CheckHealth called", "request", req)
 
+	token := strings.Fields(req.GetHTTPHeader(backend.OAuthIdentityTokenHeaderName))
+	idToken := req.GetHTTPHeader(backend.OAuthIdentityIDTokenHeaderName)
+	log.DefaultLogger.Info("Token", "token", token)
+	log.DefaultLogger.Info("ID Token", "idToken", idToken)
+
+	ctx = context.WithValue(ctx, backend.OAuthIdentityTokenHeaderName, token)
+	ctx = context.WithValue(ctx, backend.OAuthIdentityIDTokenHeaderName, idToken)
+
+	if d.databricksDB == nil {
+		err := d.RefreshDBConnection()
+		if err != nil {
+			log.DefaultLogger.Info("RefreshDBConnection Error", "err", err)
+			return nil, err
+		}
+	}
+
 	rows, err := d.QueryContext(ctx, "SELECT 1")
 
 	if err != nil {

src/components/ConfigEditor/ConfigEditor.tsx

@@ -30,12 +30,20 @@ export class ConfigEditor extends PureComponent<Props, State> {
 
     onSelectValueChange = (value: string | undefined, key: string) => {
         const {onOptionsChange, options} = this.props;
+        let jsonData = (options.jsonData || {}) as DatabricksDataSourceOptions;
+        jsonData = {
+            ...jsonData,
+            [key]: value
+        }
+        if (key == 'authenticationMethod') {
+            jsonData = {
+                ...jsonData,
+                oauthPassThru: true,
+            }
+        }
         onOptionsChange({
             ...options,
-            jsonData: {
-                ...options.jsonData,
-                [key]: value,
-            },
+            jsonData: jsonData
         });
     }
 
@@ -118,6 +126,10 @@ export class ConfigEditor extends PureComponent<Props, State> {
                                     value: 'oauth2_client_credentials',
                                     label: 'OAuth2 Client Credentials',
                                 },
+                                {
+                                    value: 'azure_ad_forward',
+                                    label: 'Forward Azure AD Auth',
+                                },
                             ]}
                             value={jsonData.authenticationMethod || 'dsn'}
                             backspaceRemovesValue

src/types.ts

@@ -16,6 +16,7 @@ export interface DatabricksDataSourceOptions extends SQLOptions {
   maxRetryDuration?: string;
   timeout?: string;
   maxRows?: string;
+  oauthPassThru?: boolean;
 }
 
 /**