fysmtkhc
/
grafana-jool
forked from grafana.jool/grafana-jool
0
1
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
1
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3 Commits
1 Branch
1 Tag
74 MiB
 
 
 
 
 
 
Tree: 46f946e7dc
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '46f946e7dc'
${ noResults }
grafana-jool/public/app/plugins/datasource/prometheus/configuration/AzureCredentialsConfig.ts

107 lines
3.3 KiB
Raw Blame History

import { DataSourceSettings } from '@grafana/data';
import { config } from '@grafana/runtime';
import { AzureCloud, AzureCredentials, ConcealedSecret } from './AzureCredentials';
const concealed: ConcealedSecret = Symbol('Concealed client secret');
function getDefaultAzureCloud(): string {
return config.azure.cloud || AzureCloud.Public;
}
function getSecret(options: DataSourceSettings<any, any>): undefined | string | ConcealedSecret {
if (options.secureJsonFields.azureClientSecret) {
// The secret is concealed on server
return concealed;
} else {
const secret = options.secureJsonData?.azureClientSecret;
return typeof secret === 'string' && secret.length > 0 ? secret : undefined;
}
}
export function getCredentials(options: DataSourceSettings<any, any>): AzureCredentials {
const credentials = options.jsonData.azureCredentials as AzureCredentials | undefined;
// If no credentials saved, then return empty credentials
// of type based on whether the managed identity enabled
if (!credentials) {
return {
authType: config.azure.managedIdentityEnabled ? 'msi' : 'clientsecret',
azureCloud: getDefaultAzureCloud(),
};
}
switch (credentials.authType) {
case 'msi':
if (config.azure.managedIdentityEnabled) {
return {
authType: 'msi',
};
} else {
// If authentication type is managed identity but managed identities were disabled in Grafana config,
// then we should fallback to an empty app registration (client secret) configuration
return {
authType: 'clientsecret',
azureCloud: getDefaultAzureCloud(),
};
}
case 'clientsecret':
return {
authType: 'clientsecret',
azureCloud: credentials.azureCloud || getDefaultAzureCloud(),
tenantId: credentials.tenantId,
clientId: credentials.clientId,
clientSecret: getSecret(options),
};
}
}
export function updateCredentials(
options: DataSourceSettings<any, any>,
credentials: AzureCredentials
): DataSourceSettings<any, any> {
switch (credentials.authType) {
case 'msi':
if (!config.azure.managedIdentityEnabled) {
throw new Error('Managed Identity authentication is not enabled in Grafana config.');
}
options = {
...options,
jsonData: {
...options.jsonData,
azureCredentials: {
authType: 'msi',
},
},
};
return options;
case 'clientsecret':
options = {
...options,
jsonData: {
...options.jsonData,
azureCredentials: {
authType: 'clientsecret',
azureCloud: credentials.azureCloud || getDefaultAzureCloud(),
tenantId: credentials.tenantId,
clientId: credentials.clientId,
},
},
secureJsonData: {
...options.secureJsonData,
azureClientSecret:
typeof credentials.clientSecret === 'string' && credentials.clientSecret.length > 0
? credentials.clientSecret
: undefined,
},
secureJsonFields: {
...options.secureJsonFields,
azureClientSecret: typeof credentials.clientSecret === 'symbol',
},
};
return options;
}
}