Home Esplora Aiuto
Accedi
logic855
/
helm-external-secrets
mirror da https://github.com/external-secrets/external-secrets
1
0
Forka 0
File Problemi 0 Wiki
Albero (Tree): 6dacba7024
Rami (Branch) Tag
helm-externa...
/
pkg
/
generator
/
grafana
/
grafana.go

grafana.go 6.3 KB
Cronologia Originale

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210 
  1. /*
    2. 

  2. Licensed under the Apache License, Version 2.0 (the "License");
    3. 

  3. you may not use this file except in compliance with the License.
    4. 

  4. You may obtain a copy of the License at
    5. 

  5. 

  6.     http://www.apache.org/licenses/LICENSE-2.0
    7. 

  7. 

  8. Unless required by applicable law or agreed to in writing, software
    9. 

  9. distributed under the License is distributed on an "AS IS" BASIS,
    10. 

  10. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    11. 

  11. See the License for the specific language governing permissions and
    12. 

  12. limitations under the License.
    13. 

  13. */
    14. 

  14. 

  15. package grafana
    16. 

  16. 

  17. import (
    18. 

  18. 	"context"
    19. 

  19. 	"encoding/json"
    20. 

  20. 	"fmt"
    21. 

  21. 	"net/url"
    22. 

  22. 	"strings"
    23. 

  23. 

  24. 	"github.com/google/uuid"
    25. 

  25. 	grafanaclient "github.com/grafana/grafana-openapi-client-go/client"
    26. 

  26. 	grafanasa "github.com/grafana/grafana-openapi-client-go/client/service_accounts"
    27. 

  27. 	"github.com/grafana/grafana-openapi-client-go/models"
    28. 

  28. 	apiextensions "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
    29. 

  29. 	"k8s.io/utils/ptr"
    30. 

  30. 	"sigs.k8s.io/controller-runtime/pkg/client"
    31. 

  31. 

  32. 	genv1alpha1 "github.com/external-secrets/external-secrets/apis/generators/v1alpha1"
    33. 

  33. 	esmeta "github.com/external-secrets/external-secrets/apis/meta/v1"
    34. 

  34. 	"github.com/external-secrets/external-secrets/pkg/utils/resolvers"
    35. 

  35. )
    36. 

  36. 

  37. type Grafana struct{}
    38. 

  38. 

  39. func (w *Grafana) Generate(ctx context.Context, jsonSpec *apiextensions.JSON, kclient client.Client, ns string) (map[string][]byte, genv1alpha1.GeneratorProviderState, error) {
    40. 

  40. 	gen, err := parseSpec(jsonSpec.Raw)
    41. 

  41. 	if err != nil {
    42. 

  42. 		return nil, nil, err
    43. 

  43. 	}
    44. 

  44. 

  45. 	cl, err := newClient(ctx, gen, kclient, ns)
    46. 

  46. 	if err != nil {
    47. 

  47. 		return nil, nil, err
    48. 

  48. 	}
    49. 

  49. 

  50. 	state, err := createOrGetServiceAccount(cl, gen)
    51. 

  51. 	if err != nil {
    52. 

  52. 		return nil, nil, err
    53. 

  53. 	}
    54. 

  54. 

  55. 	// create new token
    56. 

  56. 	res, err := cl.ServiceAccounts.CreateToken(&grafanasa.CreateTokenParams{
    57. 

  57. 		ServiceAccountID: *state.ServiceAccount.ServiceAccountID,
    58. 

  58. 		Body: &models.AddServiceAccountTokenCommand{
    59. 

  59. 			Name: uuid.New().String(),
    60. 

  60. 		},
    61. 

  61. 	}, nil)
    62. 

  62. 	if err != nil {
    63. 

  63. 		return nil, nil, err
    64. 

  64. 	}
    65. 

  65. 	state.ServiceAccount.ServiceAccountTokenID = ptr.To(res.Payload.ID)
    66. 

  66. 	return tokenResponse(state, res.Payload.Key)
    67. 

  67. }
    68. 

  68. 

  69. func (w *Grafana) Cleanup(ctx context.Context, jsonSpec *apiextensions.JSON, previousStatus genv1alpha1.GeneratorProviderState, kclient client.Client, ns string) error {
    70. 

  70. 	if previousStatus == nil {
    71. 

  71. 		return fmt.Errorf("missing previous status")
    72. 

  72. 	}
    73. 

  73. 	status, err := parseStatus(previousStatus.Raw)
    74. 

  74. 	if err != nil {
    75. 

  75. 		return err
    76. 

  76. 	}
    77. 

  77. 	gen, err := parseSpec(jsonSpec.Raw)
    78. 

  78. 	if err != nil {
    79. 

  79. 		return err
    80. 

  80. 	}
    81. 

  81. 	cl, err := newClient(ctx, gen, kclient, ns)
    82. 

  82. 	if err != nil {
    83. 

  83. 		return err
    84. 

  84. 	}
    85. 

  85. 	_, err = cl.ServiceAccounts.DeleteToken(*status.ServiceAccount.ServiceAccountTokenID, *status.ServiceAccount.ServiceAccountID)
    86. 

  86. 	if err != nil && !strings.Contains(err.Error(), "service account token not found") {
    87. 

  87. 		return err
    88. 

  88. 	}
    89. 

  89. 	return nil
    90. 

  90. }
    91. 

  91. 

  92. func newClient(ctx context.Context, gen *genv1alpha1.Grafana, kclient client.Client, ns string) (*grafanaclient.GrafanaHTTPAPI, error) {
    93. 

  93. 	parsedURL, err := url.Parse(gen.Spec.URL)
    94. 

  94. 	if err != nil {
    95. 

  95. 		return nil, err
    96. 

  96. 	}
    97. 

  97. 

  98. 	cfg := &grafanaclient.TransportConfig{
    99. 

  99. 		Host:     parsedURL.Host,
    100. 

  100. 		BasePath: parsedURL.JoinPath("/api").Path,
    101. 

  101. 		Schemes:  []string{parsedURL.Scheme},
    102. 

  102. 	}
    103. 

  103. 

  104. 	if err := setGrafanaClientCredentials(ctx, gen, kclient, ns, cfg); err != nil {
    105. 

  105. 		return nil, err
    106. 

  106. 	}
    107. 

  107. 

  108. 	return grafanaclient.NewHTTPClientWithConfig(nil, cfg), nil
    109. 

  109. }
    110. 

  110. 

  111. func setGrafanaClientCredentials(ctx context.Context, gen *genv1alpha1.Grafana, kclient client.Client, ns string, cfg *grafanaclient.TransportConfig) error {
    112. 

  112. 	// First try to use service account auth
    113. 

  113. 	if gen.Spec.Auth.Token != nil {
    114. 

  114. 		serviceAccountAPIKey, err := resolvers.SecretKeyRef(ctx, kclient, resolvers.EmptyStoreKind, ns, &esmeta.SecretKeySelector{
    115. 

  115. 			Namespace: &ns,
    116. 

  116. 			Name:      gen.Spec.Auth.Token.Name,
    117. 

  117. 			Key:       gen.Spec.Auth.Token.Key,
    118. 

  118. 		})
    119. 

  119. 		if err != nil {
    120. 

  120. 			return err
    121. 

  121. 		}
    122. 

  122. 

  123. 		cfg.APIKey = serviceAccountAPIKey
    124. 

  124. 		return nil
    125. 

  125. 	}
    126. 

  126. 

  127. 	// Next try to use basic auth
    128. 

  128. 	if gen.Spec.Auth.Basic != nil {
    129. 

  129. 		basicAuthPassword, err := resolvers.SecretKeyRef(ctx, kclient, resolvers.EmptyStoreKind, ns, &esmeta.SecretKeySelector{
    130. 

  130. 			Namespace: &ns,
    131. 

  131. 			Name:      gen.Spec.Auth.Basic.Password.Name,
    132. 

  132. 			Key:       gen.Spec.Auth.Basic.Password.Key,
    133. 

  133. 		})
    134. 

  134. 		if err != nil {
    135. 

  135. 			return err
    136. 

  136. 		}
    137. 

  137. 

  138. 		cfg.BasicAuth = url.UserPassword(gen.Spec.Auth.Basic.Username, basicAuthPassword)
    139. 

  139. 		return nil
    140. 

  140. 	}
    141. 

  141. 

  142. 	// No auth found, fail
    143. 

  143. 	return fmt.Errorf("no auth configuration found")
    144. 

  144. }
    145. 

  145. 

  146. func createOrGetServiceAccount(cl *grafanaclient.GrafanaHTTPAPI, gen *genv1alpha1.Grafana) (*genv1alpha1.GrafanaServiceAccountTokenState, error) {
    147. 

  147. 	saList, err := cl.ServiceAccounts.SearchOrgServiceAccountsWithPaging(&grafanasa.SearchOrgServiceAccountsWithPagingParams{
    148. 

  148. 		Query: ptr.To(gen.Spec.ServiceAccount.Name),
    149. 

  149. 	})
    150. 

  150. 	if err != nil {
    151. 

  151. 		return nil, err
    152. 

  152. 	}
    153. 

  153. 	for _, sa := range saList.Payload.ServiceAccounts {
    154. 

  154. 		if sa.Name == gen.Spec.ServiceAccount.Name {
    155. 

  155. 			return &genv1alpha1.GrafanaServiceAccountTokenState{
    156. 

  156. 				ServiceAccount: genv1alpha1.GrafanaStateServiceAccount{
    157. 

  157. 					ServiceAccountID:    &sa.ID,
    158. 

  158. 					ServiceAccountLogin: &sa.Login,
    159. 

  159. 				},
    160. 

  160. 			}, nil
    161. 

  161. 		}
    162. 

  162. 	}
    163. 

  163. 

  164. 	res, err := cl.ServiceAccounts.CreateServiceAccount(&grafanasa.CreateServiceAccountParams{
    165. 

  165. 		Body: &models.CreateServiceAccountForm{
    166. 

  166. 			Name: gen.Spec.ServiceAccount.Name,
    167. 

  167. 			Role: gen.Spec.ServiceAccount.Role,
    168. 

  168. 		},
    169. 

  169. 	}, nil)
    170. 

  170. 	if err != nil {
    171. 

  171. 		return nil, err
    172. 

  172. 	}
    173. 

  173. 

  174. 	return &genv1alpha1.GrafanaServiceAccountTokenState{
    175. 

  175. 		ServiceAccount: genv1alpha1.GrafanaStateServiceAccount{
    176. 

  176. 			ServiceAccountID:    ptr.To(res.Payload.ID),
    177. 

  177. 			ServiceAccountLogin: &res.Payload.Login,
    178. 

  178. 		},
    179. 

  179. 	}, nil
    180. 

  180. }
    181. 

  181. 

  182. func tokenResponse(state *genv1alpha1.GrafanaServiceAccountTokenState, token string) (map[string][]byte, genv1alpha1.GeneratorProviderState, error) {
    183. 

  183. 	newStateJSON, err := json.Marshal(state)
    184. 

  184. 	if err != nil {
    185. 

  185. 		return nil, nil, err
    186. 

  186. 	}
    187. 

  187. 	return map[string][]byte{
    188. 

  188. 		"login": []byte(*state.ServiceAccount.ServiceAccountLogin),
    189. 

  189. 		"token": []byte(token),
    190. 

  190. 	}, &apiextensions.JSON{Raw: newStateJSON}, nil
    191. 

  191. }
    192. 

  192. 

  193. func parseSpec(data []byte) (*genv1alpha1.Grafana, error) {
    194. 

  194. 	var spec genv1alpha1.Grafana
    195. 

  195. 	err := json.Unmarshal(data, &spec)
    196. 

  196. 	return &spec, err
    197. 

  197. }
    198. 

  198. 

  199. func parseStatus(data []byte) (*genv1alpha1.GrafanaServiceAccountTokenState, error) {
    200. 

  200. 	var state genv1alpha1.GrafanaServiceAccountTokenState
    201. 

  201. 	err := json.Unmarshal(data, &state)
    202. 

  202. 	if err != nil {
    203. 

  203. 		return nil, err
    204. 

  204. 	}
    205. 

  205. 	return &state, err
    206. 

  206. }
    207. 

  207. 

  208. func init() {
    209. 

  209. 	genv1alpha1.Register(genv1alpha1.GrafanaKind, &Grafana{})
    210. 

  210. }
    211.