Cloudwatch: Upgrade aws-sdk and display external ids for temporary credentials (#72821)

(under a feature toggle, not yet ready for public testing)
2023-08-14 13:42:30 -04:00 · 2023-08-14 13:42:30 -04:00 · 09d5483c6c
parent c2aeb9882d
commit 09d5483c6c
9 changed files with 92 additions and 6 deletions
--- a/package.json
+++ b/package.json
@ -261,7 +261,7 @@
    "@emotion/css": "11.11.2",
    "@emotion/react": "11.11.1",
    "@glideapps/glide-data-grid": "^5.2.1",
-    "@grafana/aws-sdk": "0.0.47",
+    "@grafana/aws-sdk": "0.1.1",
    "@grafana/data": "workspace:*",
    "@grafana/e2e-selectors": "workspace:*",
    "@grafana/experimental": "1.6.1",
--- a/pkg/setting/setting.go
+++ b/pkg/setting/setting.go
@ -1301,6 +1301,7 @@ func (cfg *Cfg) handleAWSConfig() {
 	}

 	cfg.AWSExternalId = awsPluginSec.Key("external_id").Value()
+	err = os.Setenv(awsds.GrafanaAssumeRoleExternalIdKeyName, cfg.AWSExternalId)
 	if err != nil {
 		cfg.Logger.Error(fmt.Sprintf("could not set environment variable '%s'", awsds.GrafanaAssumeRoleExternalIdKeyName), err)
 	}
--- a/pkg/tsdb/cloudwatch/resource_handler.go
+++ b/pkg/tsdb/cloudwatch/resource_handler.go
@ -26,6 +26,8 @@ func (e *cloudWatchExecutor) newResourceMux() *http.ServeMux {
 	mux.HandleFunc("/accounts", routes.ResourceRequestMiddleware(routes.AccountsHandler, logger, e.getRequestContext))
 	mux.HandleFunc("/namespaces", routes.ResourceRequestMiddleware(routes.NamespacesHandler, logger, e.getRequestContext))
 	mux.HandleFunc("/log-group-fields", routes.ResourceRequestMiddleware(routes.LogGroupFieldsHandler, logger, e.getRequestContext))
+	mux.HandleFunc("/external-id", routes.ResourceRequestMiddleware(routes.ExternalIdHandler, logger, e.getRequestContext))
+
 	return mux
 }

--- a/pkg/tsdb/cloudwatch/routes/external_id.go
+++ b/pkg/tsdb/cloudwatch/routes/external_id.go
@ -0,0 +1,29 @@
+package routes
+
+import (
+	"context"
+	"encoding/json"
+	"net/http"
+	"net/url"
+	"os"
+
+	"github.com/grafana/grafana-aws-sdk/pkg/awsds"
+	"github.com/grafana/grafana-plugin-sdk-go/backend"
+	"github.com/grafana/grafana/pkg/tsdb/cloudwatch/models"
+)
+
+type ExternalIdResponse struct {
+	ExternalId string `json:"externalId"`
+}
+
+func ExternalIdHandler(ctx context.Context, pluginCtx backend.PluginContext, reqCtxFactory models.RequestContextFactoryFunc, parameters url.Values) ([]byte, *models.HttpError) {
+	response := ExternalIdResponse{
+		ExternalId: os.Getenv(awsds.GrafanaAssumeRoleExternalIdKeyName),
+	}
+	jsonResponse, err := json.Marshal(response)
+	if err != nil {
+		return nil, models.NewHttpError("error in ExternalIdHandler", http.StatusInternalServerError, err)
+	}
+
+	return jsonResponse, nil
+}
--- a/pkg/tsdb/cloudwatch/routes/external_id_test.go
+++ b/pkg/tsdb/cloudwatch/routes/external_id_test.go
@ -0,0 +1,36 @@
+package routes
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func Test_external_id_route(t *testing.T) {
+	t.Run("successfully returns an external id from the env", func(t *testing.T) {
+		t.Setenv("AWS_AUTH_EXTERNAL_ID", "mock-external-id")
+		rr := httptest.NewRecorder()
+
+		handler := http.HandlerFunc(ResourceRequestMiddleware(ExternalIdHandler, logger, nil))
+		req := httptest.NewRequest("GET", "/external-id", nil)
+
+		handler.ServeHTTP(rr, req)
+
+		assert.Equal(t, http.StatusOK, rr.Code)
+		assert.JSONEq(t, `{"externalId":"mock-external-id"}`, rr.Body.String())
+	})
+
+	t.Run("returns an empty string if there is no external id", func(t *testing.T) {
+		rr := httptest.NewRecorder()
+
+		handler := http.HandlerFunc(ResourceRequestMiddleware(ExternalIdHandler, logger, nil))
+		req := httptest.NewRequest("GET", "/external-id", nil)
+
+		handler.ServeHTTP(rr, req)
+
+		assert.Equal(t, http.StatusOK, rr.Code)
+		assert.JSONEq(t, `{"externalId":""}`, rr.Body.String())
+	})
+}
--- a/public/app/plugins/datasource/cloudwatch/components/ConfigEditor/ConfigEditor.test.tsx
+++ b/public/app/plugins/datasource/cloudwatch/components/ConfigEditor/ConfigEditor.test.tsx
@ -36,6 +36,10 @@ jest.mock('@grafana/runtime', () => ({
    get: getMock,
  }),
  getAppEvents: () => mockAppEvents,
+  config: {
+    ...jest.requireActual('@grafana/runtime').config,
+    awsAssumeRoleEnabled: true,
+  },
 }));

 const props: Props = {
--- a/public/app/plugins/datasource/cloudwatch/components/ConfigEditor/ConfigEditor.tsx
+++ b/public/app/plugins/datasource/cloudwatch/components/ConfigEditor/ConfigEditor.tsx
@ -57,6 +57,15 @@ export const ConfigEditor = (props: Props) => {
      failSubscription.unsubscribe();
    };
  }, [options.jsonData.authType, report]);
+  const [externalId, setExternalId] = useState('');
+  useEffect(() => {
+    if (!externalId && datasource) {
+      datasource.resources
+        .getExternalId()
+        .then(setExternalId)
+        .catch(() => setExternalId('Unable to fetch externalId'));
+    }
+  }, [datasource, externalId]);

  return (
    <>
@ -76,6 +85,7 @@ export const ConfigEditor = (props: Props) => {
              );
          })
        }
+        externalId={externalId}
      >
        <InlineField label="Namespaces of Custom Metrics" labelWidth={29} tooltip="Namespaces of Custom Metrics.">
          <Input
--- a/public/app/plugins/datasource/cloudwatch/resources/ResourcesAPI.ts
+++ b/public/app/plugins/datasource/cloudwatch/resources/ResourcesAPI.ts
@ -35,6 +35,10 @@ export class ResourcesAPI extends CloudWatchRequest {
    return getBackendSrv().get(`/api/datasources/${this.instanceSettings.id}/resources/${subtype}`, parameters);
  }

+  async getExternalId(): Promise<string> {
+    return await this.memoizedGetRequest<{ externalId: string }>('external-id').then(({ externalId }) => externalId);
+  }
+
  getAccounts({ region }: ResourceRequest): Promise<Account[]> {
    return this.memoizedGetRequest<Array<ResourceResponse<Account>>>('accounts', {
      region: this.templateSrv.replace(this.getActualRegion(region)),
--- a/yarn.lock
+++ b/yarn.lock
@ -3604,13 +3604,13 @@ __metadata:
  languageName: node
  linkType: hard

-"@grafana/aws-sdk@npm:0.0.47":
-  version: 0.0.47
-  resolution: "@grafana/aws-sdk@npm:0.0.47"
+"@grafana/aws-sdk@npm:0.1.1":
+  version: 0.1.1
+  resolution: "@grafana/aws-sdk@npm:0.1.1"
  dependencies:
    "@grafana/async-query-data": 0.1.4
    "@grafana/experimental": 1.1.0
-  checksum: 1e9f57bddf08f0c0b432bb8bdd5ad63382c2d40e9d8282469e3add0ea970a80bcd31e852f050412e0d41620d71e53839510261f92333d026bf79a88d7346c626
+  checksum: 12d1b27b0959a4d16ddf643b360ce067f6debd4141eb28652ff36fece98a99087f865aa2b9f6fda78df2b9e38870a6a7cfa48e0fd1a1ec03de63bc340b344f05
  languageName: node
  linkType: hard

@ -19268,7 +19268,7 @@ __metadata:
    "@emotion/eslint-plugin": 11.11.0
    "@emotion/react": 11.11.1
    "@glideapps/glide-data-grid": ^5.2.1
-    "@grafana/aws-sdk": 0.0.47
+    "@grafana/aws-sdk": 0.1.1
    "@grafana/data": "workspace:*"
    "@grafana/e2e": "workspace:*"
    "@grafana/e2e-selectors": "workspace:*"