feat(cloudwatch): adds access and secret key to edit config page

64784db8 · bergquist · c3075a9b · 64784db8 · 64784db8 · 64784db8
Commit 64784db8 authored Nov 23, 2016 by bergquist
Expand all Show whitespace changes
Inline Side-by-side

Showing with 108 additions and 46 deletions

pkg/api/cloudwatch/cloudwatch.go
+33 -8

pkg/api/cloudwatch/metrics.go
+61 -38

public/app/plugins/datasource/cloudwatch/partials/config.html
+14 -0

No files found.
--- a/pkg/api/cloudwatch/cloudwatch.go
+++ b/pkg/api/cloudwatch/cloudwatch.go
@@ -53,11 +53,21 @@ type cache struct {
 	expiration *time.Time
 }

+type CloudwatchDatasource struct {
+	Profile       string
+	Region        string
+	AssumeRoleArn string
+	Namespace     string
+
+	AccessKey string
+	SecretKey string
+}
+
 var awsCredentialCache map[string]cache = make(map[string]cache)
 var credentialCacheLock sync.RWMutex

-func getCredentials(profile string, region string, assumeRoleArn string) *credentials.Credentials {
-	cacheKey := profile + ":" + assumeRoleArn
+func getCredentials(cwDatasource *CloudwatchDatasource) *credentials.Credentials {
+	cacheKey := cwDatasource.Profile + ":" + cwDatasource.AssumeRoleArn
 	credentialCacheLock.RLock()
 	if _, ok := awsCredentialCache[cacheKey]; ok {
 		if awsCredentialCache[cacheKey].expiration != nil &&
@@ -74,9 +84,9 @@ func getCredentials(profile string, region string, assumeRoleArn string) *creden
 	sessionToken := ""
 	var expiration *time.Time
 	expiration = nil
-	if strings.Index(assumeRoleArn, "arn:aws:iam:") == 0 {
+	if strings.Index(cwDatasource.AssumeRoleArn, "arn:aws:iam:") == 0 {
 		params := &sts.AssumeRoleInput{
-			RoleArn:         aws.String(assumeRoleArn),
+			RoleArn:         aws.String(cwDatasource.AssumeRoleArn),
 			RoleSessionName: aws.String("GrafanaSession"),
 			DurationSeconds: aws.Int64(900),
 		}
@@ -85,13 +95,14 @@ func getCredentials(profile string, region string, assumeRoleArn string) *creden
 		stsCreds := credentials.NewChainCredentials(
 			[]credentials.Provider{
 				&credentials.EnvProvider{},
-				&credentials.SharedCredentialsProvider{Filename: "", Profile: profile},
+				&credentials.SharedCredentialsProvider{Filename: "", Profile: cwDatasource.Profile},
 				&ec2rolecreds.EC2RoleProvider{Client: ec2metadata.New(stsSess), ExpiryWindow: 5 * time.Minute},
 			})
 		stsConfig := &aws.Config{
-			Region:      aws.String(region),
+			Region:      aws.String(cwDatasource.Region),
 			Credentials: stsCreds,
 		}
+
 		svc := sts.New(session.New(stsConfig), stsConfig)
 		resp, err := svc.AssumeRole(params)
 		if err != nil {
@@ -115,9 +126,14 @@ func getCredentials(profile string, region string, assumeRoleArn string) *creden
 				SessionToken:    sessionToken,
 			}},
 			&credentials.EnvProvider{},
-			&credentials.SharedCredentialsProvider{Filename: "", Profile: profile},
+			&credentials.StaticProvider{Value: credentials.Value{
+				AccessKeyID:     cwDatasource.AccessKey,
+				SecretAccessKey: cwDatasource.SecretKey,
+			}},
+			&credentials.SharedCredentialsProvider{Filename: "", Profile: cwDatasource.Profile},
 			&ec2rolecreds.EC2RoleProvider{Client: ec2metadata.New(sess), ExpiryWindow: 5 * time.Minute},
 		})
+
 	credentialCacheLock.Lock()
 	awsCredentialCache[cacheKey] = cache{
 		credential: creds,
@@ -130,9 +146,18 @@ func getCredentials(profile string, region string, assumeRoleArn string) *creden

 func getAwsConfig(req *cwRequest) *aws.Config {
 	assumeRoleArn := req.DataSource.JsonData.Get("assumeRoleArn").MustString()
+	accessKey := req.DataSource.JsonData.Get("accessKey").MustString()
+	secretKey := req.DataSource.JsonData.Get("secretKey").MustString()
+
 	cfg := &aws.Config{
 		Region: aws.String(req.Region),
-		Credentials: getCredentials(req.DataSource.Database, req.Region, assumeRoleArn),
+		Credentials: getCredentials(&CloudwatchDatasource{
+			AccessKey:     accessKey,
+			SecretKey:     secretKey,
+			Region:        req.Region,
+			Profile:       req.DataSource.Database,
+			AssumeRoleArn: assumeRoleArn,
+		}),
 	}
 	return cfg
 }

--- a/pkg/api/cloudwatch/metrics.go
+++ b/pkg/api/cloudwatch/metrics.go
--- a/public/app/plugins/datasource/cloudwatch/partials/config.html
+++ b/public/app/plugins/datasource/cloudwatch/partials/config.html
@@ -9,6 +9,20 @@
    </info-popover>
  </div>
  <div class="gf-form">
+    <label class="gf-form-label width-13">Credentials Access key</label>
+    <input type="text" class="gf-form-input max-width-18" ng-model='ctrl.current.jsonData.accessKey' placeholder="default"></input>
+    <info-popover mode="right-absolute">
+      Accesskey
+    </info-popover>
+  </div>
+  <div class="gf-form">
+    <label class="gf-form-label width-13">Credentials Secret key</label>
+    <input type="text" class="gf-form-input max-width-18" ng-model='ctrl.current.jsonData.secretKey' placeholder="default"></input>
+    <info-popover mode="right-absolute">
+      Secret key
+    </info-popover>
+  </div>
+  <div class="gf-form">
    <label class="gf-form-label width-13">Default Region</label>
    <div class="gf-form-select-wrapper max-width-18 gf-form-select-wrapper--has-help-icon">
      <select class="gf-form-input" ng-model="ctrl.current.jsonData.defaultRegion" ng-options="region for region in ['ap-northeast-1', 'ap-northeast-2', 'ap-southeast-1', 'ap-southeast-2', 'ap-south-1', 'cn-north-1', 'eu-central-1', 'eu-west-1', 'sa-east-1', 'us-east-1', 'us-east-2', 'us-gov-west-1', 'us-west-1', 'us-west-2']"></select>