Home Explore Help
Sign In
logic855
/
helm-external-secrets
mirror of https://github.com/external-secrets/external-secrets
1
0
Fork 0
Files Issues 0 Wiki
Tree: d46e3b58ed
Branches Tags
helm-externa...
/
pkg
/
generator
/
grafana
/
grafana.go

grafana.go 6.3 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212 
  1. /*
    2. 

  2. Copyright © 2025 ESO Maintainer Team
    3. 

  3. 

  4. Licensed under the Apache License, Version 2.0 (the "License");
    5. 

  5. you may not use this file except in compliance with the License.
    6. 

  6. You may obtain a copy of the License at
    7. 

  7. 

  8.     https://www.apache.org/licenses/LICENSE-2.0
    9. 

  9. 

  10. Unless required by applicable law or agreed to in writing, software
    11. 

  11. distributed under the License is distributed on an "AS IS" BASIS,
    12. 

  12. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13. 

  13. See the License for the specific language governing permissions and
    14. 

  14. limitations under the License.
    15. 

  15. */
    16. 

  16. 

  17. package grafana
    18. 

  18. 

  19. import (
    20. 

  20. 	"context"
    21. 

  21. 	"encoding/json"
    22. 

  22. 	"fmt"
    23. 

  23. 	"net/url"
    24. 

  24. 	"strings"
    25. 

  25. 

  26. 	"github.com/google/uuid"
    27. 

  27. 	grafanaclient "github.com/grafana/grafana-openapi-client-go/client"
    28. 

  28. 	grafanasa "github.com/grafana/grafana-openapi-client-go/client/service_accounts"
    29. 

  29. 	"github.com/grafana/grafana-openapi-client-go/models"
    30. 

  30. 	apiextensions "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
    31. 

  31. 	"k8s.io/utils/ptr"
    32. 

  32. 	"sigs.k8s.io/controller-runtime/pkg/client"
    33. 

  33. 

  34. 	genv1alpha1 "github.com/external-secrets/external-secrets/apis/generators/v1alpha1"
    35. 

  35. 	esmeta "github.com/external-secrets/external-secrets/apis/meta/v1"
    36. 

  36. 	"github.com/external-secrets/external-secrets/pkg/utils/resolvers"
    37. 

  37. )
    38. 

  38. 

  39. type Grafana struct{}
    40. 

  40. 

  41. func (w *Grafana) Generate(ctx context.Context, jsonSpec *apiextensions.JSON, kclient client.Client, ns string) (map[string][]byte, genv1alpha1.GeneratorProviderState, error) {
    42. 

  42. 	gen, err := parseSpec(jsonSpec.Raw)
    43. 

  43. 	if err != nil {
    44. 

  44. 		return nil, nil, err
    45. 

  45. 	}
    46. 

  46. 

  47. 	cl, err := newClient(ctx, gen, kclient, ns)
    48. 

  48. 	if err != nil {
    49. 

  49. 		return nil, nil, err
    50. 

  50. 	}
    51. 

  51. 

  52. 	state, err := createOrGetServiceAccount(cl, gen)
    53. 

  53. 	if err != nil {
    54. 

  54. 		return nil, nil, err
    55. 

  55. 	}
    56. 

  56. 

  57. 	// create new token
    58. 

  58. 	res, err := cl.ServiceAccounts.CreateToken(&grafanasa.CreateTokenParams{
    59. 

  59. 		ServiceAccountID: *state.ServiceAccount.ServiceAccountID,
    60. 

  60. 		Body: &models.AddServiceAccountTokenCommand{
    61. 

  61. 			Name: uuid.New().String(),
    62. 

  62. 		},
    63. 

  63. 	}, nil)
    64. 

  64. 	if err != nil {
    65. 

  65. 		return nil, nil, err
    66. 

  66. 	}
    67. 

  67. 	state.ServiceAccount.ServiceAccountTokenID = ptr.To(res.Payload.ID)
    68. 

  68. 	return tokenResponse(state, res.Payload.Key)
    69. 

  69. }
    70. 

  70. 

  71. func (w *Grafana) Cleanup(ctx context.Context, jsonSpec *apiextensions.JSON, previousStatus genv1alpha1.GeneratorProviderState, kclient client.Client, ns string) error {
    72. 

  72. 	if previousStatus == nil {
    73. 

  73. 		return fmt.Errorf("missing previous status")
    74. 

  74. 	}
    75. 

  75. 	status, err := parseStatus(previousStatus.Raw)
    76. 

  76. 	if err != nil {
    77. 

  77. 		return err
    78. 

  78. 	}
    79. 

  79. 	gen, err := parseSpec(jsonSpec.Raw)
    80. 

  80. 	if err != nil {
    81. 

  81. 		return err
    82. 

  82. 	}
    83. 

  83. 	cl, err := newClient(ctx, gen, kclient, ns)
    84. 

  84. 	if err != nil {
    85. 

  85. 		return err
    86. 

  86. 	}
    87. 

  87. 	_, err = cl.ServiceAccounts.DeleteToken(*status.ServiceAccount.ServiceAccountTokenID, *status.ServiceAccount.ServiceAccountID)
    88. 

  88. 	if err != nil && !strings.Contains(err.Error(), "service account token not found") {
    89. 

  89. 		return err
    90. 

  90. 	}
    91. 

  91. 	return nil
    92. 

  92. }
    93. 

  93. 

  94. func newClient(ctx context.Context, gen *genv1alpha1.Grafana, kclient client.Client, ns string) (*grafanaclient.GrafanaHTTPAPI, error) {
    95. 

  95. 	parsedURL, err := url.Parse(gen.Spec.URL)
    96. 

  96. 	if err != nil {
    97. 

  97. 		return nil, err
    98. 

  98. 	}
    99. 

  99. 

  100. 	cfg := &grafanaclient.TransportConfig{
    101. 

  101. 		Host:     parsedURL.Host,
    102. 

  102. 		BasePath: parsedURL.JoinPath("/api").Path,
    103. 

  103. 		Schemes:  []string{parsedURL.Scheme},
    104. 

  104. 	}
    105. 

  105. 

  106. 	if err := setGrafanaClientCredentials(ctx, gen, kclient, ns, cfg); err != nil {
    107. 

  107. 		return nil, err
    108. 

  108. 	}
    109. 

  109. 

  110. 	return grafanaclient.NewHTTPClientWithConfig(nil, cfg), nil
    111. 

  111. }
    112. 

  112. 

  113. func setGrafanaClientCredentials(ctx context.Context, gen *genv1alpha1.Grafana, kclient client.Client, ns string, cfg *grafanaclient.TransportConfig) error {
    114. 

  114. 	// First try to use service account auth
    115. 

  115. 	if gen.Spec.Auth.Token != nil {
    116. 

  116. 		serviceAccountAPIKey, err := resolvers.SecretKeyRef(ctx, kclient, resolvers.EmptyStoreKind, ns, &esmeta.SecretKeySelector{
    117. 

  117. 			Namespace: &ns,
    118. 

  118. 			Name:      gen.Spec.Auth.Token.Name,
    119. 

  119. 			Key:       gen.Spec.Auth.Token.Key,
    120. 

  120. 		})
    121. 

  121. 		if err != nil {
    122. 

  122. 			return err
    123. 

  123. 		}
    124. 

  124. 

  125. 		cfg.APIKey = serviceAccountAPIKey
    126. 

  126. 		return nil
    127. 

  127. 	}
    128. 

  128. 

  129. 	// Next try to use basic auth
    130. 

  130. 	if gen.Spec.Auth.Basic != nil {
    131. 

  131. 		basicAuthPassword, err := resolvers.SecretKeyRef(ctx, kclient, resolvers.EmptyStoreKind, ns, &esmeta.SecretKeySelector{
    132. 

  132. 			Namespace: &ns,
    133. 

  133. 			Name:      gen.Spec.Auth.Basic.Password.Name,
    134. 

  134. 			Key:       gen.Spec.Auth.Basic.Password.Key,
    135. 

  135. 		})
    136. 

  136. 		if err != nil {
    137. 

  137. 			return err
    138. 

  138. 		}
    139. 

  139. 

  140. 		cfg.BasicAuth = url.UserPassword(gen.Spec.Auth.Basic.Username, basicAuthPassword)
    141. 

  141. 		return nil
    142. 

  142. 	}
    143. 

  143. 

  144. 	// No auth found, fail
    145. 

  145. 	return fmt.Errorf("no auth configuration found")
    146. 

  146. }
    147. 

  147. 

  148. func createOrGetServiceAccount(cl *grafanaclient.GrafanaHTTPAPI, gen *genv1alpha1.Grafana) (*genv1alpha1.GrafanaServiceAccountTokenState, error) {
    149. 

  149. 	saList, err := cl.ServiceAccounts.SearchOrgServiceAccountsWithPaging(&grafanasa.SearchOrgServiceAccountsWithPagingParams{
    150. 

  150. 		Query: ptr.To(gen.Spec.ServiceAccount.Name),
    151. 

  151. 	})
    152. 

  152. 	if err != nil {
    153. 

  153. 		return nil, err
    154. 

  154. 	}
    155. 

  155. 	for _, sa := range saList.Payload.ServiceAccounts {
    156. 

  156. 		if sa.Name == gen.Spec.ServiceAccount.Name {
    157. 

  157. 			return &genv1alpha1.GrafanaServiceAccountTokenState{
    158. 

  158. 				ServiceAccount: genv1alpha1.GrafanaStateServiceAccount{
    159. 

  159. 					ServiceAccountID:    &sa.ID,
    160. 

  160. 					ServiceAccountLogin: &sa.Login,
    161. 

  161. 				},
    162. 

  162. 			}, nil
    163. 

  163. 		}
    164. 

  164. 	}
    165. 

  165. 

  166. 	res, err := cl.ServiceAccounts.CreateServiceAccount(&grafanasa.CreateServiceAccountParams{
    167. 

  167. 		Body: &models.CreateServiceAccountForm{
    168. 

  168. 			Name: gen.Spec.ServiceAccount.Name,
    169. 

  169. 			Role: gen.Spec.ServiceAccount.Role,
    170. 

  170. 		},
    171. 

  171. 	}, nil)
    172. 

  172. 	if err != nil {
    173. 

  173. 		return nil, err
    174. 

  174. 	}
    175. 

  175. 

  176. 	return &genv1alpha1.GrafanaServiceAccountTokenState{
    177. 

  177. 		ServiceAccount: genv1alpha1.GrafanaStateServiceAccount{
    178. 

  178. 			ServiceAccountID:    ptr.To(res.Payload.ID),
    179. 

  179. 			ServiceAccountLogin: &res.Payload.Login,
    180. 

  180. 		},
    181. 

  181. 	}, nil
    182. 

  182. }
    183. 

  183. 

  184. func tokenResponse(state *genv1alpha1.GrafanaServiceAccountTokenState, token string) (map[string][]byte, genv1alpha1.GeneratorProviderState, error) {
    185. 

  185. 	newStateJSON, err := json.Marshal(state)
    186. 

  186. 	if err != nil {
    187. 

  187. 		return nil, nil, err
    188. 

  188. 	}
    189. 

  189. 	return map[string][]byte{
    190. 

  190. 		"login": []byte(*state.ServiceAccount.ServiceAccountLogin),
    191. 

  191. 		"token": []byte(token),
    192. 

  192. 	}, &apiextensions.JSON{Raw: newStateJSON}, nil
    193. 

  193. }
    194. 

  194. 

  195. func parseSpec(data []byte) (*genv1alpha1.Grafana, error) {
    196. 

  196. 	var spec genv1alpha1.Grafana
    197. 

  197. 	err := json.Unmarshal(data, &spec)
    198. 

  198. 	return &spec, err
    199. 

  199. }
    200. 

  200. 

  201. func parseStatus(data []byte) (*genv1alpha1.GrafanaServiceAccountTokenState, error) {
    202. 

  202. 	var state genv1alpha1.GrafanaServiceAccountTokenState
    203. 

  203. 	err := json.Unmarshal(data, &state)
    204. 

  204. 	if err != nil {
    205. 

  205. 		return nil, err
    206. 

  206. 	}
    207. 

  207. 	return &state, err
    208. 

  208. }
    209. 

  209. 

  210. func init() {
    211. 

  211. 	genv1alpha1.Register(genv1alpha1.GrafanaKind, &Grafana{})
    212. 

  212. }
    213.