Home Explore Help
Sign In
logic855
/
helm-external-secrets
mirror of https://github.com/external-secrets/external-secrets
1
0
Fork 0
Files Issues 0 Wiki
Tree: 10600bcf4c
Branches Tags
helm-externa...
/
pkg
/
generator
/
grafana
/
grafana.go

grafana.go 6.2 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209 
  1. /*
    2. 

  2. Licensed under the Apache License, Version 2.0 (the "License");
    3. 

  3. you may not use this file except in compliance with the License.
    4. 

  4. You may obtain a copy of the License at
    5. 

  5. 

  6.     http://www.apache.org/licenses/LICENSE-2.0
    7. 

  7. 

  8. Unless required by applicable law or agreed to in writing, software
    9. 

  9. distributed under the License is distributed on an "AS IS" BASIS,
    10. 

  10. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    11. 

  11. See the License for the specific language governing permissions and
    12. 

  12. limitations under the License.
    13. 

  13. */
    14. 

  14. 

  15. package grafana
    16. 

  16. 

  17. import (
    18. 

  18. 	"context"
    19. 

  19. 	"encoding/json"
    20. 

  20. 	"fmt"
    21. 

  21. 	"net/url"
    22. 

  22. 	"strings"
    23. 

  23. 

  24. 	"github.com/google/uuid"
    25. 

  25. 	grafanaclient "github.com/grafana/grafana-openapi-client-go/client"
    26. 

  26. 	grafanasa "github.com/grafana/grafana-openapi-client-go/client/service_accounts"
    27. 

  27. 	"github.com/grafana/grafana-openapi-client-go/models"
    28. 

  28. 	apiextensions "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
    29. 

  29. 	"k8s.io/utils/ptr"
    30. 

  30. 	"sigs.k8s.io/controller-runtime/pkg/client"
    31. 

  31. 

  32. 	genv1alpha1 "github.com/external-secrets/external-secrets/apis/generators/v1alpha1"
    33. 

  33. 	esmeta "github.com/external-secrets/external-secrets/apis/meta/v1"
    34. 

  34. 	"github.com/external-secrets/external-secrets/pkg/utils/resolvers"
    35. 

  35. )
    36. 

  36. 

  37. type Grafana struct{}
    38. 

  38. 

  39. func (w *Grafana) Generate(ctx context.Context, jsonSpec *apiextensions.JSON, kclient client.Client, ns string) (map[string][]byte, genv1alpha1.GeneratorProviderState, error) {
    40. 

  40. 	gen, err := parseSpec(jsonSpec.Raw)
    41. 

  41. 	if err != nil {
    42. 

  42. 		return nil, nil, err
    43. 

  43. 	}
    44. 

  44. 

  45. 	cl, err := newClient(ctx, gen, kclient, ns)
    46. 

  46. 	if err != nil {
    47. 

  47. 		return nil, nil, err
    48. 

  48. 	}
    49. 

  49. 

  50. 	state, err := createOrGetServiceAccount(cl, gen)
    51. 

  51. 	if err != nil {
    52. 

  52. 		return nil, nil, err
    53. 

  53. 	}
    54. 

  54. 

  55. 	// create new token
    56. 

  56. 	res, err := cl.ServiceAccounts.CreateToken(&grafanasa.CreateTokenParams{
    57. 

  57. 		ServiceAccountID: *state.ServiceAccount.ServiceAccountID,
    58. 

  58. 		Body: &models.AddServiceAccountTokenCommand{
    59. 

  59. 			Name: uuid.New().String(),
    60. 

  60. 		},
    61. 

  61. 	}, nil)
    62. 

  62. 	if err != nil {
    63. 

  63. 		return nil, nil, err
    64. 

  64. 	}
    65. 

  65. 	state.ServiceAccount.ServiceAccountTokenID = ptr.To(res.Payload.ID)
    66. 

  66. 	return tokenResponse(state, res.Payload.Key)
    67. 

  67. }
    68. 

  68. 

  69. func (w *Grafana) Cleanup(ctx context.Context, jsonSpec *apiextensions.JSON, previousStatus genv1alpha1.GeneratorProviderState, kclient client.Client, ns string) error {
    70. 

  70. 	if previousStatus == nil {
    71. 

  71. 		return fmt.Errorf("missing previous status")
    72. 

  72. 	}
    73. 

  73. 	status, err := parseStatus(previousStatus.Raw)
    74. 

  74. 	if err != nil {
    75. 

  75. 		return err
    76. 

  76. 	}
    77. 

  77. 	gen, err := parseSpec(jsonSpec.Raw)
    78. 

  78. 	if err != nil {
    79. 

  79. 		return err
    80. 

  80. 	}
    81. 

  81. 	cl, err := newClient(ctx, gen, kclient, ns)
    82. 

  82. 	if err != nil {
    83. 

  83. 		return err
    84. 

  84. 	}
    85. 

  85. 	_, err = cl.ServiceAccounts.DeleteToken(*status.ServiceAccount.ServiceAccountTokenID, *status.ServiceAccount.ServiceAccountID)
    86. 

  86. 	if err != nil && !strings.Contains(err.Error(), "service account token not found") {
    87. 

  87. 		return err
    88. 

  88. 	}
    89. 

  89. 	return nil
    90. 

  90. }
    91. 

  91. 

  92. func newClient(ctx context.Context, gen *genv1alpha1.Grafana, kclient client.Client, ns string) (*grafanaclient.GrafanaHTTPAPI, error) {
    93. 

  93. 	parsedURL, err := url.Parse(gen.Spec.URL)
    94. 

  94. 	if err != nil {
    95. 

  95. 		return nil, err
    96. 

  96. 	}
    97. 

  97. 

  98. 	cfg := &grafanaclient.TransportConfig{
    99. 

  99. 		Host:     parsedURL.Host,
    100. 

  100. 		BasePath: parsedURL.JoinPath("/api").Path,
    101. 

  101. 		Schemes:  []string{parsedURL.Scheme},
    102. 

  102. 	}
    103. 

  103. 

  104. 	if err := setGrafanaClientCredentials(ctx, gen, kclient, ns, cfg); err != nil {
    105. 

  105. 		return nil, err
    106. 

  106. 	}
    107. 

  107. 

  108. 	return grafanaclient.NewHTTPClientWithConfig(nil, cfg), nil
    109. 

  109. }
    110. 

  110. 

  111. func setGrafanaClientCredentials(ctx context.Context, gen *genv1alpha1.Grafana, kclient client.Client, ns string, cfg *grafanaclient.TransportConfig) error {
    112. 

  112. 	// First try to use service account auth
    113. 

  113. 	if gen.Spec.Auth.Token != nil {
    114. 

  114. 		serviceAccountAPIKey, err := resolvers.SecretKeyRef(ctx, kclient, resolvers.EmptyStoreKind, ns, &esmeta.SecretKeySelector{
    115. 

  115. 			Namespace: &ns,
    116. 

  116. 			Name:      gen.Spec.Auth.Token.Name,
    117. 

  117. 			Key:       gen.Spec.Auth.Token.Key,
    118. 

  118. 		})
    119. 

  119. 		if err != nil {
    120. 

  120. 			return err
    121. 

  121. 		}
    122. 

  122. 

  123. 		cfg.APIKey = serviceAccountAPIKey
    124. 

  124. 		return nil
    125. 

  125. 	}
    126. 

  126. 

  127. 	// Next try to use basic auth
    128. 

  128. 	if gen.Spec.Auth.Basic != nil {
    129. 

  129. 		basicAuthPassword, err := resolvers.SecretKeyRef(ctx, kclient, resolvers.EmptyStoreKind, ns, &esmeta.SecretKeySelector{
    130. 

  130. 			Namespace: &ns,
    131. 

  131. 			Name:      gen.Spec.Auth.Basic.Password.Name,
    132. 

  132. 			Key:       gen.Spec.Auth.Basic.Password.Key,
    133. 

  133. 		})
    134. 

  134. 		if err != nil {
    135. 

  135. 			return err
    136. 

  136. 		}
    137. 

  137. 

  138. 		cfg.BasicAuth = url.UserPassword(gen.Spec.Auth.Basic.Username, basicAuthPassword)
    139. 

  139. 		return nil
    140. 

  140. 	}
    141. 

  141. 

  142. 	// No auth found, fail
    143. 

  143. 	return fmt.Errorf("no auth configuration found")
    144. 

  144. }
    145. 

  145. 

  146. func createOrGetServiceAccount(cl *grafanaclient.GrafanaHTTPAPI, gen *genv1alpha1.Grafana) (*genv1alpha1.GrafanaServiceAccountTokenState, error) {
    147. 

  147. 	saList, err := cl.ServiceAccounts.SearchOrgServiceAccountsWithPaging(&grafanasa.SearchOrgServiceAccountsWithPagingParams{
    148. 

  148. 		Query: ptr.To(gen.Spec.ServiceAccount.Name),
    149. 

  149. 	})
    150. 

  150. 	if err != nil {
    151. 

  151. 		return nil, err
    152. 

  152. 	}
    153. 

  153. 	for _, sa := range saList.Payload.ServiceAccounts {
    154. 

  154. 		if sa.Name == gen.Spec.ServiceAccount.Name {
    155. 

  155. 			return &genv1alpha1.GrafanaServiceAccountTokenState{
    156. 

  156. 				ServiceAccount: genv1alpha1.GrafanaStateServiceAccount{
    157. 

  157. 					ServiceAccountID:    &sa.ID,
    158. 

  158. 					ServiceAccountLogin: &sa.Login,
    159. 

  159. 				},
    160. 

  160. 			}, nil
    161. 

  161. 		}
    162. 

  162. 	}
    163. 

  163. 

  164. 	res, err := cl.ServiceAccounts.CreateServiceAccount(&grafanasa.CreateServiceAccountParams{
    165. 

  165. 		Body: &models.CreateServiceAccountForm{
    166. 

  166. 			Name: gen.Spec.ServiceAccount.Name,
    167. 

  167. 		},
    168. 

  168. 	}, nil)
    169. 

  169. 	if err != nil {
    170. 

  170. 		return nil, err
    171. 

  171. 	}
    172. 

  172. 

  173. 	return &genv1alpha1.GrafanaServiceAccountTokenState{
    174. 

  174. 		ServiceAccount: genv1alpha1.GrafanaStateServiceAccount{
    175. 

  175. 			ServiceAccountID:    ptr.To(res.Payload.ID),
    176. 

  176. 			ServiceAccountLogin: &res.Payload.Login,
    177. 

  177. 		},
    178. 

  178. 	}, nil
    179. 

  179. }
    180. 

  180. 

  181. func tokenResponse(state *genv1alpha1.GrafanaServiceAccountTokenState, token string) (map[string][]byte, genv1alpha1.GeneratorProviderState, error) {
    182. 

  182. 	newStateJSON, err := json.Marshal(state)
    183. 

  183. 	if err != nil {
    184. 

  184. 		return nil, nil, err
    185. 

  185. 	}
    186. 

  186. 	return map[string][]byte{
    187. 

  187. 		"login": []byte(*state.ServiceAccount.ServiceAccountLogin),
    188. 

  188. 		"token": []byte(token),
    189. 

  189. 	}, &apiextensions.JSON{Raw: newStateJSON}, nil
    190. 

  190. }
    191. 

  191. 

  192. func parseSpec(data []byte) (*genv1alpha1.Grafana, error) {
    193. 

  193. 	var spec genv1alpha1.Grafana
    194. 

  194. 	err := json.Unmarshal(data, &spec)
    195. 

  195. 	return &spec, err
    196. 

  196. }
    197. 

  197. 

  198. func parseStatus(data []byte) (*genv1alpha1.GrafanaServiceAccountTokenState, error) {
    199. 

  199. 	var state genv1alpha1.GrafanaServiceAccountTokenState
    200. 

  200. 	err := json.Unmarshal(data, &state)
    201. 

  201. 	if err != nil {
    202. 

  202. 		return nil, err
    203. 

  203. 	}
    204. 

  204. 	return &state, err
    205. 

  205. }
    206. 

  206. 

  207. func init() {
    208. 

  208. 	genv1alpha1.Register(genv1alpha1.GrafanaKind, &Grafana{})
    209. 

  209. }
    210.