Misthios/grafana-zabbix
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Refactor HTTP client

Browse Source
This commit is contained in:
Alexander Zobnin
2021-05-19 18:08:12 +03:00
parent 74c5dc866d
commit 7d8005838c
2 changed files with 18 additions and 155 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/datasource/datasource.go
View File

@@ -57,7 +57,7 @@ func newZabbixDatasourceInstance(settings backend.DataSourceInstanceSettings) (i
return nil, err return nil, err
} }
client, err := httpclient.NewHttpClient(&settings, zabbixSettings.Timeout) client, err := httpclient.New(&settings, zabbixSettings.Timeout)
if err != nil { if err != nil {
logger.Error("Error initializing HTTP client", "error", err) logger.Error("Error initializing HTTP client", "error", err)
return nil, err return nil, err

171
pkg/httpclient/httpclient.go
View File

@@ -2,187 +2,50 @@ package httpclient
import ( import (
"crypto/tls" "crypto/tls"
"crypto/x509"
"encoding/base64"
"errors"
"fmt"
"net"
"net/http" "net/http"
"sync"
"time" "time"
simplejson "github.com/bitly/go-simplejson" simplejson "github.com/bitly/go-simplejson"
"github.com/grafana/grafana-plugin-sdk-go/backend" "github.com/grafana/grafana-plugin-sdk-go/backend"
"github.com/grafana/grafana-plugin-sdk-go/backend/httpclient"
"github.com/grafana/grafana-plugin-sdk-go/backend/log" "github.com/grafana/grafana-plugin-sdk-go/backend/log"
) )
type proxyTransportCache struct { // New creates new HTTP client.
cache map[int64]cachedTransport func New(dsInfo *backend.DataSourceInstanceSettings, timeout time.Duration) (*http.Client, error) {
sync.Mutex clientOptions, err := dsInfo.HTTPClientOptions()
} clientOptions.Timeouts.Timeout = timeout
// dataSourceTransport implements http.RoundTripper (https://golang.org/pkg/net/http/#RoundTripper) tlsSkipVerify, err := getTLSSkipVerify(dsInfo)
type dataSourceTransport struct {
headers map[string]string
transport *http.Transport
}
// RoundTrip executes a single HTTP transaction, returning a Response for the provided Request.
func (d *dataSourceTransport) RoundTrip(req *http.Request) (*http.Response, error) {
for key, value := range d.headers {
req.Header.Set(key, value)
}
return d.transport.RoundTrip(req)
}
type cachedTransport struct {
updated time.Time
*dataSourceTransport
}
var ptc = proxyTransportCache{
cache: make(map[int64]cachedTransport),
}
// NewHttpClient returns new http.Client. Transport either initialized or got from cache.
func NewHttpClient(ds *backend.DataSourceInstanceSettings, timeout time.Duration) (*http.Client, error) {
transport, err := newHttpTransport(ds)
if err != nil { if err != nil {
return nil, err return nil, err
} }
log.DefaultLogger.Debug("Initializing new HTTP client", "timeout", timeout.Seconds()) clientOptions.ConfigureTLSConfig = func(opts httpclient.Options, tlsConfig *tls.Config) {
// grafana-plugin-sdk-go has a bug and InsecureSkipVerify only set if TLS Client Auth enabled, so it should be set
return &http.Client{ // manually here
Timeout: timeout, tlsConfig.InsecureSkipVerify = tlsSkipVerify
Transport: transport,
}, nil
}
func newHttpTransport(ds *backend.DataSourceInstanceSettings) (*dataSourceTransport, error) {
ptc.Lock()
defer ptc.Unlock()
if t, present := ptc.cache[ds.ID]; present && ds.Updated.Equal(t.updated) {
return t.dataSourceTransport, nil
} }
tlsConfig, err := getTLSConfig(ds) client, err := httpclient.New(clientOptions)
if err != nil { if err != nil {
log.DefaultLogger.Error("Failed to create HTTP client", err)
return nil, err return nil, err
} }
tlsConfig.Renegotiation = tls.RenegotiateFreelyAsClient return client, nil
// Create transport which adds all
customHeaders := getCustomHeaders(ds)
transport := &http.Transport{
TLSClientConfig: tlsConfig,
Proxy: http.ProxyFromEnvironment,
Dial: (&net.Dialer{
Timeout: 30 * time.Second,
KeepAlive: 30 * time.Second,
}).Dial,
TLSHandshakeTimeout: 10 * time.Second,
ExpectContinueTimeout: 1 * time.Second,
MaxIdleConns: 100,
IdleConnTimeout: 90 * time.Second,
}
if ds.BasicAuthEnabled {
user := ds.BasicAuthUser
password := ds.DecryptedSecureJSONData["basicAuthPassword"]
basicAuthHeader := getBasicAuthHeader(user, password)
customHeaders["Authorization"] = basicAuthHeader
}
dsTransport := &dataSourceTransport{
headers: customHeaders,
transport: transport,
}
ptc.cache[ds.ID] = cachedTransport{
dataSourceTransport: dsTransport,
updated: ds.Updated,
}
return dsTransport, nil
} }
func getTLSConfig(ds *backend.DataSourceInstanceSettings) (*tls.Config, error) { func getTLSSkipVerify(ds *backend.DataSourceInstanceSettings) (bool, error) {
var tlsSkipVerify, tlsClientAuth, tlsAuthWithCACert bool var tlsSkipVerify bool
jsonData, err := simplejson.NewJson(ds.JSONData) jsonData, err := simplejson.NewJson(ds.JSONData)
if err != nil { if err != nil {
return nil, err return false, err
} }
if jsonData != nil { if jsonData != nil {
tlsClientAuth = jsonData.Get("tlsAuth").MustBool(false)
tlsAuthWithCACert = jsonData.Get("tlsAuthWithCACert").MustBool(false)
tlsSkipVerify = jsonData.Get("tlsSkipVerify").MustBool(false) tlsSkipVerify = jsonData.Get("tlsSkipVerify").MustBool(false)
} }
tlsConfig := &tls.Config{ return tlsSkipVerify, nil
InsecureSkipVerify: tlsSkipVerify,
}
if tlsClientAuth || tlsAuthWithCACert {
decrypted := ds.DecryptedSecureJSONData
if tlsAuthWithCACert && len(decrypted["tlsCACert"]) > 0 {
caPool := x509.NewCertPool()
ok := caPool.AppendCertsFromPEM([]byte(decrypted["tlsCACert"]))
if !ok {
return nil, errors.New("Failed to parse TLS CA PEM certificate")
}
tlsConfig.RootCAs = caPool
}
if tlsClientAuth {
cert, err := tls.X509KeyPair([]byte(decrypted["tlsClientCert"]), []byte(decrypted["tlsClientKey"]))
if err != nil {
return nil, err
}
tlsConfig.Certificates = []tls.Certificate{cert}
}
}
return tlsConfig, nil
}
// getCustomHeaders returns a map with all the to be set headers
// The map key represents the HeaderName and the value represents this header's value
func getCustomHeaders(ds *backend.DataSourceInstanceSettings) map[string]string {
headers := make(map[string]string)
jsonData, err := simplejson.NewJson(ds.JSONData)
if jsonData == nil || err != nil {
return headers
}
decrypted := ds.DecryptedSecureJSONData
index := 1
for {
headerNameSuffix := fmt.Sprintf("httpHeaderName%d", index)
headerValueSuffix := fmt.Sprintf("httpHeaderValue%d", index)
key := jsonData.Get(headerNameSuffix).MustString()
if key == "" {
// No (more) header values are available
break
}
if val, ok := decrypted[headerValueSuffix]; ok {
headers[key] = val
}
index++
}
return headers
}
// getBasicAuthHeader returns a base64 encoded string from user and password.
func getBasicAuthHeader(user string, password string) string {
var userAndPass = user + ":" + password
return "Basic " + base64.StdEncoding.EncodeToString([]byte(userAndPass))
} }