Secure socks proxy: Modify how proxy options can be set (#717)

stephaniehingtgen · web-flow · commit 91cb98721bdc · 2023-07-17T13:05:14.000-06:00
diff --git a/backend/common.go b/backend/common.go
@@ -6,6 +6,7 @@ import (
 	"time"
 
 	"github.com/grafana/grafana-plugin-sdk-go/backend/httpclient"
+	"github.com/grafana/grafana-plugin-sdk-go/backend/proxy"
 	"github.com/grafana/grafana-plugin-sdk-go/internal/tenant"
 )
 
@@ -122,6 +123,11 @@ func (s *DataSourceInstanceSettings) HTTPClientOptions() (httpclient.Options, er
 
 	setCustomOptionsFromHTTPSettings(&opts, httpSettings)
 
+	opts.ProxyOptions, err = s.ProxyOptions()
+	if err != nil {
+		return opts, err
+	}
+
 	return opts, nil
 }
 
@@ -214,3 +220,50 @@ func propagateTenantIDIfPresent(ctx context.Context) context.Context {
 	}
 	return ctx
 }
+
+func (s *DataSourceInstanceSettings) ProxyOptions() (*proxy.Options, error) {
+	opts := &proxy.Options{}
+
+	var dat map[string]interface{}
+	if s.JSONData != nil {
+		if err := json.Unmarshal(s.JSONData, &dat); err != nil {
+			return nil, err
+		}
+	}
+
+	opts.Enabled = proxy.SecureSocksProxyEnabledOnDS(dat)
+	if !opts.Enabled {
+		return nil, nil
+	}
+
+	opts.Auth = &proxy.AuthOptions{}
+	opts.Timeouts = &proxy.TimeoutOptions{}
+	if v, exists := dat["secureSocksProxyUsername"]; exists {
+		opts.Auth.Username = v.(string)
+	} else {
+		// default username is the datasource uid
+		opts.Auth.Username = s.UID
+	}
+
+	if v, exists := s.DecryptedSecureJSONData["secureSocksProxyPassword"]; exists {
+		opts.Auth.Password = v
+	}
+
+	if v, exists := dat["timeout"]; exists {
+		if iv, ok := v.(float64); ok {
+			opts.Timeouts.Timeout = time.Duration(iv) * time.Second
+		}
+	} else {
+		opts.Timeouts.Timeout = proxy.DefaultTimeoutOptions.Timeout
+	}
+
+	if v, exists := dat["keepAlive"]; exists {
+		if iv, ok := v.(float64); ok {
+			opts.Timeouts.KeepAlive = time.Duration(iv) * time.Second
+		}
+	} else {
+		opts.Timeouts.KeepAlive = proxy.DefaultTimeoutOptions.KeepAlive
+	}
+
+	return opts, nil
+}
diff --git a/backend/common_test.go b/backend/common_test.go
@@ -2,8 +2,10 @@ package backend
 
 import (
 	"testing"
+	"time"
 
 	"github.com/grafana/grafana-plugin-sdk-go/backend/httpclient"
+	"github.com/grafana/grafana-plugin-sdk-go/backend/proxy"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )
@@ -163,6 +165,27 @@ func TestDataSourceInstanceSettings(t *testing.T) {
 					},
 				},
 			},
+			{
+				instanceSettings: &DataSourceInstanceSettings{
+					UID:                     "uid1",
+					JSONData:                []byte("{ \"enableSecureSocksProxy\": true }"),
+					DecryptedSecureJSONData: map[string]string{},
+				},
+				expectedClientOptions: httpclient.Options{
+					ProxyOptions: &proxy.Options{
+						Enabled: true,
+						Auth: &proxy.AuthOptions{
+							Username: "uid1",
+						},
+					},
+					CustomOptions: map[string]interface{}{
+						dataCustomOptionsKey: map[string]interface{}{
+							"enableSecureSocksProxy": true,
+						},
+						secureDataCustomOptionsKey: map[string]string{},
+					},
+				},
+			},
 		}
 
 		for _, tc := range tcs {
@@ -237,3 +260,96 @@ func TestCustomOptions(t *testing.T) {
 		require.Empty(t, secureJSONData)
 	})
 }
+
+func TestProxyOptions(t *testing.T) {
+	t.Run("ProxyOptions() should translate settings as expected", func(t *testing.T) {
+		tcs := []struct {
+			instanceSettings      *DataSourceInstanceSettings
+			expectedClientOptions *proxy.Options
+		}{
+			{
+				instanceSettings:      &DataSourceInstanceSettings{},
+				expectedClientOptions: nil,
+			},
+			{
+				instanceSettings: &DataSourceInstanceSettings{
+					Name:             "ds1",
+					UID:              "uid1",
+					User:             "user",
+					Type:             "example-datasource",
+					JSONData:         []byte("{ \"enableSecureSocksProxy\": false }"),
+					BasicAuthEnabled: true,
+					BasicAuthUser:    "buser",
+				},
+				expectedClientOptions: nil,
+			},
+			{
+				instanceSettings: &DataSourceInstanceSettings{
+					Name:             "ds1",
+					UID:              "uid1",
+					User:             "user",
+					Type:             "example-datasource",
+					JSONData:         []byte("{ \"enableSecureSocksProxy\": true }"),
+					BasicAuthEnabled: true,
+					BasicAuthUser:    "buser",
+				},
+				expectedClientOptions: &proxy.Options{
+					Enabled: true,
+					Auth: &proxy.AuthOptions{
+						Username: "uid1",
+					},
+					Timeouts: &proxy.DefaultTimeoutOptions,
+				},
+			},
+			{
+				instanceSettings: &DataSourceInstanceSettings{
+					Name:             "ds1",
+					UID:              "uid1",
+					User:             "user",
+					Type:             "example-datasource",
+					JSONData:         []byte("{ \"enableSecureSocksProxy\": true, \"secureSocksProxyUsername\": \"username\" }"),
+					BasicAuthEnabled: true,
+					BasicAuthUser:    "buser",
+					DecryptedSecureJSONData: map[string]string{
+						"secureSocksProxyPassword": "pswd",
+					},
+				},
+				expectedClientOptions: &proxy.Options{
+					Enabled: true,
+					Auth: &proxy.AuthOptions{
+						Username: "username",
+						Password: "pswd",
+					},
+					Timeouts: &proxy.DefaultTimeoutOptions,
+				},
+			},
+			{
+				instanceSettings: &DataSourceInstanceSettings{
+					Name:             "ds1",
+					UID:              "uid1",
+					User:             "user",
+					Type:             "example-datasource",
+					JSONData:         []byte("{ \"enableSecureSocksProxy\": true, \"timeout\": 10, \"keepAlive\": 15 }"),
+					BasicAuthEnabled: true,
+					BasicAuthUser:    "buser",
+				},
+				expectedClientOptions: &proxy.Options{
+					Enabled: true,
+					Auth: &proxy.AuthOptions{
+						Username: "uid1",
+					},
+					Timeouts: &proxy.TimeoutOptions{
+						KeepAlive: time.Second * 15,
+						Timeout:   time.Second * 10,
+					},
+				},
+			},
+		}
+
+		for _, tc := range tcs {
+			opts, err := tc.instanceSettings.ProxyOptions()
+			assert.NoError(t, err)
+			assert.Equal(t, tc.expectedClientOptions, opts)
+		}
+	})
+}
diff --git a/backend/http_settings.go b/backend/http_settings.go
@@ -6,7 +6,6 @@ import (
 	"time"
 
 	"github.com/grafana/grafana-plugin-sdk-go/backend/httpclient"
-	"github.com/grafana/grafana-plugin-sdk-go/backend/proxy"
 )
 
 // HTTPSettings is a convenient struct for holding decoded HTTP settings from
@@ -46,10 +45,6 @@ type HTTPSettings struct {
 	SigV4AccessKey     string
 	SigV4SecretKey     string
 
-	SecureSocksProxyEnabled  bool
-	SecureSocksProxyUsername string
-	SecureSocksProxyPass     string
-
 	JSONData       map[string]interface{}
 	SecureJSONData map[string]string
 }
@@ -103,20 +98,6 @@ func (s *HTTPSettings) HTTPClientOptions() httpclient.Options {
 		}
 	}
 
-	if s.SecureSocksProxyEnabled {
-		opts.ProxyOptions = &proxy.Options{
-			Enabled: s.SecureSocksProxyEnabled,
-			Timeouts: &proxy.TimeoutOptions{
-				Timeout:   s.Timeout,
-				KeepAlive: s.KeepAlive,
-			},
-			Auth: &proxy.AuthOptions{
-				Username: s.SecureSocksProxyUsername,
-				Password: s.SecureSocksProxyPass,
-			},
-		}
-	}
-
 	return opts
 }
 
@@ -284,20 +265,6 @@ func parseHTTPSettings(jsonData json.RawMessage, secureJSONData map[string]strin
 		}
 	}
 
-	// secure socks proxy
-	if v, exists := dat["enableSecureSocksProxy"]; exists {
-		s.SecureSocksProxyEnabled = v.(bool)
-	}
-
-	if s.SecureSocksProxyEnabled {
-		if v, exists := dat["secureSocksProxyUsername"]; exists {
-			s.SecureSocksProxyUsername = v.(string)
-		}
-		if v, exists := secureJSONData["secureSocksProxyPassword"]; exists {
-			s.SecureSocksProxyPass = v
-		}
-	}
-
 	// headers
 	index := 1
 	for {
diff --git a/backend/httpclient/http_client.go b/backend/httpclient/http_client.go
@@ -159,17 +159,6 @@ func createOptions(providedOpts ...Options) Options {
 		opts.Middlewares = DefaultMiddlewares()
 	}
 
-	if proxy.SecureSocksProxyEnabled(opts.ProxyOptions) {
-		// default username is the datasource uid, this can be updated
-		// by setting `secureSocksProxyUsername` in the datasource json
-		if opts.ProxyOptions.Auth == nil {
-			opts.ProxyOptions.Auth = &proxy.AuthOptions{}
-		}
-		if opts.ProxyOptions.Auth.Username == "" {
-			opts.ProxyOptions.Auth.Username = opts.Labels["datasource_uid"]
-		}
-	}
-
 	return opts
 }
 
diff --git a/backend/proxy/options.go b/backend/proxy/options.go
@@ -28,7 +28,7 @@ var DefaultTimeoutOptions = TimeoutOptions{
 	KeepAlive: 30 * time.Second,
 }
 
-func createOptions(providedOpts *Options) Options {
+func setDefaults(providedOpts *Options) Options {
 	var opts Options
 	if providedOpts == nil {
 		return opts
diff --git a/backend/proxy/secure_socks_proxy.go b/backend/proxy/secure_socks_proxy.go
@@ -114,7 +114,7 @@ func NewSecureSocksProxyContextDialer(opts *Options) (proxy.Dialer, error) {
 		return nil, err
 	}
 
-	clientOpts := createOptions(opts)
+	clientOpts := setDefaults(opts)
 
 	certPool := x509.NewCertPool()
 	for _, rootCAFile := range strings.Split(cfg.rootCA, " ") {

Original file line number	Diff line number	Diff line change
`@@ -28,7 +28,7 @@ var DefaultTimeoutOptions = TimeoutOptions{`
`28`	`28`	`KeepAlive: 30 * time.Second,`
`29`	`29`	`}`
`30`	`30`
`31`		`-func createOptions(providedOpts *Options) Options {`
	`31`	`+func setDefaults(providedOpts *Options) Options {`
`32`	`32`	`var opts Options`
`33`	`33`	`if providedOpts == nil {`
`34`	`34`	`return opts`
Original file line number	Diff line number	Diff line change
`@@ -114,7 +114,7 @@ func NewSecureSocksProxyContextDialer(opts *Options) (proxy.Dialer, error) {`
`114`	`114`	`return nil, err`
`115`	`115`	`}`
`116`	`116`
`117`		`- clientOpts := createOptions(opts)`
	`117`	`+ clientOpts := setDefaults(opts)`
`118`	`118`
`119`	`119`	`certPool := x509.NewCertPool()`
`120`	`120`	`for _, rootCAFile := range strings.Split(cfg.rootCA, " ") {`