PMM-12776 Re-enable RBAC (#749)

* PMM-12776 Re-enable RBAC

* PMM-12776 Re-enable RBAC

* PMM-12776 Address comments

---------

Co-authored-by: Matej Kubinec <[email protected]>

Makefile

@@ -336,3 +336,9 @@ format-drone:
 
 help: ## Display this help.
 	@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n  make \033[36m<target>\033[0m\n"} /^[a-zA-Z_-]+:.*?##/ { printf "  \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
+
+rebuild-pmm:
+		make build-go
+		rm -f /usr/sbin/grafana
+		cp ./bin/linux-amd64/grafana /usr/sbin/grafana
+		supervisorctl restart grafana

go.sum

@@ -2364,6 +2364,7 @@ github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEW
 github.com/golangci/lint-1 v0.0.0-20181222135242-d2cdd8c08219 h1:utua3L2IbQJmauC5IXdEA547bcoU5dozgQAfc8Onsg4=
 github.com/golangci/lint-1 v0.0.0-20181222135242-d2cdd8c08219/go.mod h1:/X8TswGSh1pIozq4ZwCfxS0WA5JGXguxk94ar/4c87Y=
 github.com/gomodule/redigo v1.7.1-0.20190724094224-574c33c3df38/go.mod h1:B4C85qUVwatsJoIUNIfCRsp7qO0iAmpGFZ4EELWSbC4=
+github.com/gomodule/redigo v1.8.9/go.mod h1:7ArFNvsTjH8GMMzB4uy1snslv2BwmginuMs06a1uzZE=
 github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA=

pkg/services/pluginsintegration/clientmiddleware/forwarded_percona_token_middleware.go

@@ -0,0 +1,84 @@
+package clientmiddleware
+
+import (
+	"context"
+	"net/http"
+
+	"github.com/grafana/grafana-plugin-sdk-go/backend"
+	"github.com/grafana/grafana-plugin-sdk-go/backend/httpclient"
+
+	"github.com/grafana/grafana/pkg/plugins"
+	"github.com/grafana/grafana/pkg/services/contexthandler"
+)
+
+// @PERCONA
+const forwardedProxyFilterMiddlewareName = "forwarded-x-proxy-filter"
+
+// NewPerconaForwarderHTTPClientMiddleware creates a new plugins.ClientMiddleware
+// that will forward plugin request headers as outgoing HTTP headers.
+func NewPerconaForwarderHTTPClientMiddleware() plugins.ClientMiddleware {
+	return plugins.ClientMiddlewareFunc(func(next plugins.Client) plugins.Client {
+		return &PerconaForwarderHTTPClientMiddleware{
+			next: next,
+		}
+	})
+}
+
+type PerconaForwarderHTTPClientMiddleware struct {
+	next plugins.Client
+}
+
+func (m *PerconaForwarderHTTPClientMiddleware) applyHeaders(ctx context.Context, pReq *backend.QueryDataRequest) context.Context {
+	if pReq == nil {
+		return ctx
+	}
+
+	mw := httpclient.NamedMiddlewareFunc(forwardedProxyFilterMiddlewareName, func(opts httpclient.Options, next http.RoundTripper) http.RoundTripper {
+		return httpclient.RoundTripperFunc(func(req *http.Request) (*http.Response, error) {
+			reqCtx := contexthandler.FromContext(ctx)
+
+			xProxyFilter := reqCtx.Req.Header.Get("X-Proxy-Filter")
+			if xProxyFilter != "" {
+				req.Header.Set("X-Proxy-Filter", xProxyFilter)
+			}
+
+			return next.RoundTrip(req)
+		})
+	})
+
+	return httpclient.WithContextualMiddleware(ctx, mw)
+}
+
+func (m *PerconaForwarderHTTPClientMiddleware) QueryData(ctx context.Context, req *backend.QueryDataRequest) (*backend.QueryDataResponse, error) {
+	if req == nil {
+		return m.next.QueryData(ctx, req)
+	}
+
+	ctx = m.applyHeaders(ctx, req)
+
+	return m.next.QueryData(ctx, req)
+}
+
+func (m *PerconaForwarderHTTPClientMiddleware) CallResource(ctx context.Context, req *backend.CallResourceRequest, sender backend.CallResourceResponseSender) error {
+	return m.next.CallResource(ctx, req, sender)
+}
+
+func (m *PerconaForwarderHTTPClientMiddleware) CheckHealth(ctx context.Context, req *backend.CheckHealthRequest) (*backend.CheckHealthResult, error) {
+	return m.next.CheckHealth(ctx, req)
+}
+
+func (m *PerconaForwarderHTTPClientMiddleware) CollectMetrics(ctx context.Context, req *backend.CollectMetricsRequest) (*backend.CollectMetricsResult, error) {
+	return m.next.CollectMetrics(ctx, req)
+}
+
+func (m *PerconaForwarderHTTPClientMiddleware) SubscribeStream(ctx context.Context, req *backend.SubscribeStreamRequest) (*backend.SubscribeStreamResponse, error) {
+	return m.next.SubscribeStream(ctx, req)
+}
+
+func (m *PerconaForwarderHTTPClientMiddleware) PublishStream(ctx context.Context, req *backend.PublishStreamRequest) (*backend.PublishStreamResponse, error) {
+	return m.next.PublishStream(ctx, req)
+}
+
+func (m *PerconaForwarderHTTPClientMiddleware) RunStream(ctx context.Context, req *backend.RunStreamRequest, sender *backend.StreamSender) error {
+	return m.next.RunStream(ctx, req, sender)
+}

pkg/services/pluginsintegration/pluginsintegration.go

@@ -189,6 +189,9 @@ func CreateMiddlewares(cfg *setting.Cfg, oAuthTokenService oauthtoken.OAuthToken
 
 	middlewares = append(middlewares, clientmiddleware.NewHTTPClientMiddleware())
 
+	// @PERCONA
+	middlewares = append(middlewares, clientmiddleware.NewPerconaForwarderHTTPClientMiddleware())
+
 	if features.IsEnabledGlobally(featuremgmt.FlagPluginsInstrumentationStatusSource) {
 		// StatusSourceMiddleware should be at the very bottom, or any middlewares below it won't see the
 		// correct status source in their context.Context

pkg/services/query/query.go

@@ -265,12 +265,6 @@ func (s *ServiceImpl) handleQuerySingleDatasource(ctx context.Context, user iden
 		Queries:       []backend.DataQuery{},
 	}
 
-	// @PERCONA
-	// @PERCONA_TODO
-	// xProxyFilter := parsedReq.httpRequest.Header.Get("X-Proxy-Filter")
-	// req.Headers["X-Proxy-Filter"] = xProxyFilter
-	// middlewares = append(middlewares, httpclientprovider.ForwardedProxyFilterMiddleware(xProxyFilter))
-
 	for _, q := range queries {
 		req.Queries = append(req.Queries, q.query)
 	}