-
Notifications
You must be signed in to change notification settings - Fork 11.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AzureMonitor: User authentication support #81918
Conversation
# Conflicts: # pkg/tsdb/azuremonitor/httpclient.go
# Conflicts: # public/app/plugins/datasource/azuremonitor/components/AzureCredentialsForm.tsx
# Conflicts: # pkg/tsdb/azuremonitor/azuremonitor.go # public/app/plugins/datasource/azuremonitor/components/QueryEditor/QueryEditor.tsx # public/app/plugins/datasource/azuremonitor/components/ResourcePicker/AdvancedMulti.tsx # public/app/plugins/datasource/azuremonitor/components/ResourcePicker/NestedEntry.tsx # public/app/plugins/datasource/azuremonitor/components/ResourcePicker/ResourcePicker.tsx # public/app/plugins/datasource/azuremonitor/components/VariableEditor/VariableEditor.tsx # public/app/plugins/datasource/azuremonitor/components/shared/Space.tsx
…r current user authentication (#82332) * Rename field * Add fallback setting * Update tests and mock * Remove duplicate setting line * Update name of property * Update frontend settings * Update docs and default config files * Update azure-sdk * Fix lint * Update test * Bump dependency
# Conflicts: # pkg/plugins/envvars/envvars.go # pkg/services/pluginsintegration/pluginconfig/envvars_test.go
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some more style suggestions for the documentation changes.
Let me know if I can explain any in more detail :)
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM! Thank you for considering the suggestions and writing these docs in the first place :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This was a lot of work! Very nice test coverage. Thank you for splitting up the PRs by PRing into this branch
🎉 🎉 🎉
I gave it a once over, and nothing stuck out. I didn't test alerting and recorded queries. Let me know if I should tests these
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
/deploy-to-hg |
|
|
# Conflicts: # go.mod # go.sum # pkg/services/pluginsintegration/pluginconfig/envvars_test.go # pkg/tsdb/azuremonitor/azuremonitor.go
This PR adds support for current user authentication to the Azure Monitor data source. It's quite a large PR but its been done in segments with each PR reviewed individually.
grafana
PR's:grafana-azure-sdk-go
PR's:In order to support user-based authentication in Azure Monitor the following has been done:
grafana-azure-sdk-go
to v1.13.1. This adds support for current user authentication fallback credentials and adds support for these credentials in the credentials builder.user_identity_fallback_credentials_enabled
to the Grafana configuration. This defaults totrue
whenuser_identity_enabled
is alsotrue
. This configuration variable allows Grafana administrators to enable/disable fallback credentials at the instance level.sample.ini
file has been updated.QueryData
,CallResource
, andCheckHealth
functions have been updated to appropriately pass the user context.ConfigEditor
components have been co-located, similar to the variousQueryEditor
components.authenticatedBy
prop to user object in@grafana/runtime
, making it available to data sources.This will benefit from manual user testing. Let me know if you need help to achieve this.
Fallback credentials disabled alert:
![image](https://private-user-images.githubusercontent.com/15019026/306285535-29760ff7-300b-4d58-848f-2bfe8147720c.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjIxODM0MzUsIm5iZiI6MTcyMjE4MzEzNSwicGF0aCI6Ii8xNTAxOTAyNi8zMDYyODU1MzUtMjk3NjBmZjctMzAwYi00ZDU4LTg0OGYtMmJmZTgxNDc3MjBjLnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA3MjglMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNzI4VDE2MTIxNVomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTg4ZDk4YjMwODVkOWFiMDlhZTg5YTgwYTg5MDY0MmUyOWEyZGM4ZTM0NmU5YjFmYTdkY2JiM2VhMzZhODA2YjkmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.N_TnaTMmA7O339KCz1WmjM7ZW9ImDXEaoyV4eV2zprc)
Fallback credentials information alert:
![image](https://private-user-images.githubusercontent.com/15019026/306285654-0ba5e64c-0f3f-4b35-9b32-b93bd3b1eed8.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjIxODM0MzUsIm5iZiI6MTcyMjE4MzEzNSwicGF0aCI6Ii8xNTAxOTAyNi8zMDYyODU2NTQtMGJhNWU2NGMtMGYzZi00YjM1LTliMzItYjkzYmQzYjFlZWQ4LnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA3MjglMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNzI4VDE2MTIxNVomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTMxZWMwMWI0OWY3ZTdmYjc1OGIzODUyYjljYmZiZDdhZTE1ZWM5NWRhYmRmN2FjMjA0OWFkYTQzMzg2ODIwMjEmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.MfH13LuMX0Nj-hwUGzE4C350Nc60FPPr7_zul3gIqqo)
Fallback credentials configuration:
![image](https://private-user-images.githubusercontent.com/15019026/306285810-c44349aa-1206-4e3a-98f4-20bf14f80bb4.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjIxODM0MzUsIm5iZiI6MTcyMjE4MzEzNSwicGF0aCI6Ii8xNTAxOTAyNi8zMDYyODU4MTAtYzQ0MzQ5YWEtMTIwNi00ZTNhLTk4ZjQtMjBiZjE0ZjgwYmI0LnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA3MjglMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNzI4VDE2MTIxNVomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTJiOWUxMTBjMTRmOWNjYzUzZWU2ZjdiMmJiM2FmYzliMzQ3OTA4NzhkMDg3ZTNkNzZmNmRiMzQ3YWNmZDhmZmQmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.x4QK97oNjbh9ZmiWL6be8gGn_iS1Gil6RGqiPaMzPgo)
Alerting warning when fallback credentials are missing/disabled:
![image](https://private-user-images.githubusercontent.com/15019026/306286067-ec7a075e-daa7-4241-b539-76e96749beec.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjIxODM0MzUsIm5iZiI6MTcyMjE4MzEzNSwicGF0aCI6Ii8xNTAxOTAyNi8zMDYyODYwNjctZWM3YTA3NWUtZGFhNy00MjQxLWI1MzktNzZlOTY3NDliZWVjLnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA3MjglMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNzI4VDE2MTIxNVomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTBmMTI3ZDJhZWE1ZWNkMzZkZTI1NGEwZThkNTdhMDIzMTVlYzg3ODBiZmI1NTUzYTJiMGIwOTYxNGFlMjM0ODMmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.7sohl3dJTZ8YBOVXFv1DyYodoI8wXppG9TEZIXfr0MA)
Query editor warning when logged in with auth provider other than Azure:
![image](https://private-user-images.githubusercontent.com/15019026/306288489-d989e663-c6ef-47d8-9b83-f65e8d9a2edb.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjIxODM0MzUsIm5iZiI6MTcyMjE4MzEzNSwicGF0aCI6Ii8xNTAxOTAyNi8zMDYyODg0ODktZDk4OWU2NjMtYzZlZi00N2Q4LTliODMtZjY1ZThkOWEyZWRiLnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA3MjglMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNzI4VDE2MTIxNVomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPWI5ZmMxMDFlZWM0M2NlY2RlZGUxZGNhZjA5MjQyY2RmMTE0MjhlM2Q3ODI4N2E1MDVhZDJmYmU4YWRmY2YxYTkmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.CP_APRyQAIB1hkFBhnDD72Hu_3b3OC1tRm61S_wZEy0)
Part of #81918
Note: This feature is experimental and may be subject to unexpected behaviour or potential breaking changes. Backend Grafana functionality e.g. alerts, recorded queries, reporting etc may not function as expected with current user authentication.
Fixes #85635