Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support API requests from service accounts #25

Merged
merged 1 commit into from
Apr 18, 2024
Merged

Support API requests from service accounts #25

merged 1 commit into from
Apr 18, 2024

Conversation

mahendrapaipuri
Copy link
Owner

Closes #24

@mahendrapaipuri
feat: Support API requests
272f10a 
* Support auth from Authorization header

* First cookies will be checked, if not found, Auth header will be checked

* If any of them are successful, headers will be forwarded for client reqs

Signed-off-by: Mahendra Paipuri <[email protected]>
@mahendrapaipuri mahendrapaipuri added the enhancement New feature or request label Apr 16, 2024
@mahendrapaipuri
Copy link
Owner Author

@and-mora Would you be able to test this patch? You can find the plugin artifacts here.

Cheers!

@and-mora
Copy link
Contributor

@mahendrapaipuri
I tried the nightly plugin (listed as v1.1.0 in grafana UI).
i used the following cmd:

curl --location "<host>/api/plugins/mahendrapaipuri-dashboardreporter-app/resources/report?dashUid=<uid>&from=now-1M%2FM&to=now-1M%2FM" -v -H "Authorization: Bearer <token>"

I get the following error:

logger=context userId=2 orgId=1 uname=sa-grafana-report t=2024-04-18T09:58:13.050862749Z level=error msg="Failed to call resource" error="failed to receive call resource response: rpc error: code = Unknown desc = grafana app URL not configured in JSONData" traceID=
logger=context userId=2 orgId=1 uname=sa-grafana-report t=2024-04-18T09:58:13.05111735Z level=error msg="Request Completed" method=GET path=/api/plugins/mahendrapaipuri-dashboardreporter-app/resources/report status=500 remote_addr=10.0.0.2 time_ms=11 duration=11.73287ms size=51 referer= handler=/api/plugins/:pluginId/resources/*

is there something i might have done wrong?

ps: the auth with service account is working correctly against che grafana server (I tried it against the dashboards API)

@mahendrapaipuri
Copy link
Owner Author

@and-mora Not the nightly version, I am sorry I was not clear enough. nightly version is current main branch.

You will need to download the artifacts from CI.

Regarding the error you are getting

logger=context userId=2 orgId=1 uname=sa-grafana-report t=2024-04-18T09:58:13.050862749Z level=error msg="Failed to call resource" error="failed to receive call resource response: rpc error: code = Unknown desc = grafana app URL not configured in JSONData" traceID=
logger=context userId=2 orgId=1 uname=sa-grafana-report t=2024-04-18T09:58:13.05111735Z level=error msg="Request Completed" method=GET path=/api/plugins/mahendrapaipuri-dashboardreporter-app/resources/report status=500 remote_addr=10.0.0.2 time_ms=11 duration=11.73287ms size=51 referer= handler=/api/plugins/:pluginId/resources/*

You will need to provision the plugin with proper settings. Grafana related config parameters cannot be configured from UI. The error is saying Grafana's App URL is not found which is normally http://localhost:3000. Here is a sample provisioning config file that you will need to install at /etc/grafana/provisioning/plugins/reporter.yml assuming that you are using default Grafana paths.

@and-mora
Copy link
Contributor

Not the nightly version, I am sorry I was not clear enough. nightly version is current main branch.

I just mentioned the name inside the plugin-artifact.zip that I downloaded from the ci action.

You will need to provision the plugin with proper settings

You're right, I haven't replicated correctly the test environment. Now i think i fixed it.
Now both the report generation works within the browser and the dashboard API with serviceaccount works.
Here the logs generated by report API:

logger=plugin.mahendrapaipuri-dashboardreporter-app t=2024-04-18T10:35:49.640822156Z level=error msg="error generating report" endpoint=callResource err="error fetching dashboard d0a30598-95a5-4098-89cc-435d965df315: error obtaining dashboard from <host>/api/dashboards/uid/d0a30598-95a5-4098-89cc-435d965df315. Got Status 401 Unauthorized, message: {\"extra\":null,\"message\":\"Unauthorized\",\"messageId\":\"auth.unauthorized\",\"statusCode\":401,\"traceID\":\"\"}\n " pluginID=mahendrapaipuri-dashboardreporter-app
logger=context userId=2 orgId=1 uname=sa-grafana-report t=2024-04-18T10:35:49.643574854Z level=error msg="Request Completed" method=GET path=/api/plugins/mahendrapaipuri-dashboardreporter-app/resources/report status=500 remote_addr=10.0.0.2 time_ms=417 duration=417.846227ms size=24 referer= handler=/api/plugins/:pluginId/resources/*

@mahendrapaipuri
Copy link
Owner Author

@and-mora Awesome !! Cheers for testing. Appreciate it!

I just mentioned the name inside the plugin-artifact.zip that I downloaded from the ci action.

Oh yes, that is true. Probably we should use a branch specific name in CI to better communicate what we are testing

@mahendrapaipuri mahendrapaipuri merged commit a151d11 into main Apr 18, 2024
2 checks passed
@mahendrapaipuri mahendrapaipuri deleted the support_other_auths branch April 18, 2024 11:05
@and-mora
Copy link
Contributor

Sorry @mahendrapaipuri, maybe I miss-formulated the previous message. The plugin is still not working and returns 401 when I call it with curl.

What I pointed out as working were the other tests I made (plugin with session cookie browser and dashboard API) before testing the plugin itself.

@mahendrapaipuri
Copy link
Owner Author

Sorry, I havent looked at the logs keenly. How are you generating the token? Does token has viewer role?

logger=plugin.mahendrapaipuri-dashboardreporter-app t=2024-04-18T10:35:49.640822156Z level=error msg="error generating report" endpoint=callResource err="error fetching dashboard d0a30598-95a5-4098-89cc-435d965df315: error obtaining dashboard from /api/dashboards/uid/d0a30598-95a5-4098-89cc-435d965df315. Got Status 401 Unauthorized, message: {"extra":null,"message":"Unauthorized","messageId":"auth.unauthorized","statusCode":401,"traceID":""}\n " pluginID=mahendrapaipuri-dashboardreporter-app

This line indicates that token does not have permissions to view that dashboard. So you need to verify the permissions on the token you are using to make the request

I tested it using the docker-compose included in the repo and it worked. What I did is:

  • Created a service account
  • Generated a token with viewer role
  • Made API request with that token in header Authorization

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Support for service account authentication
2 participants
@mahendrapaipuri @and-mora