grafana · yesoreyeram · Jun 24, 2024 · Jun 24, 2024 · Jul 15, 2024
@@ -0,0 +1,5 @@
+---
+'grafana-infinity-datasource': minor
+---
+
+Added support for configuring secure HTTP POST form data
@@ -60,6 +60,10 @@ You can configure the headers required for the URL in the datasource config and
 
 Note: We suggest adding secure headers only via configuration and not in query.
 
+## Sending secure params as HTTP POST Form data
+
+When you are using HTTP POST method and one of the HTTP Form body types (**Form Data**/**X-WWW-FORM-URLENCODED**), you can pass additional secure form data via config option. The parameters set in config will be set in addition to the form parameters set in the query. You can find the settings under **HTTP Options** in the datasource config
+
 ## Allowed Hosts
 
 Leaving blank will allow all the hosts. This is by default.

@@ -278,7 +278,7 @@ func (client *Client) GetResults(ctx context.Context, query models.Query, reques
 	}
 	switch strings.ToUpper(query.URLOptions.Method) {
 	case http.MethodPost:
-		body := GetQueryBody(ctx, query)
+		body := GetQueryBody(ctx,query, client.Settings)
 		return client.req(ctx, query.URL, body, client.Settings, query, requestHeaders)
 	default:
 		return client.req(ctx, query.URL, nil, client.Settings, query, requestHeaders)
@@ -311,7 +311,7 @@ func CanAllowURL(url string, allowedHosts []string) bool {
 	return allow
 }
 
-func GetQueryBody(ctx context.Context, query models.Query) io.Reader {
+func GetQueryBody(ctx context.Context, query models.Query, settings models.InfinitySettings) io.Reader {
 	logger := backend.Logger.FromContext(ctx)
 	var body io.Reader
 	if strings.EqualFold(query.URLOptions.Method, http.MethodPost) {
@@ -324,6 +324,9 @@ func GetQueryBody(ctx context.Context, query models.Query) io.Reader {
 			for _, f := range query.URLOptions.BodyForm {
 				_ = writer.WriteField(f.Key, f.Value)
 			}
+			for k, v := range settings.FormPostItems {
+				_ = writer.WriteField(k, v)
+			}
 			if err := writer.Close(); err != nil {
 				logger.Error("error closing the query body reader")
 				return nil
@@ -334,6 +337,9 @@ func GetQueryBody(ctx context.Context, query models.Query) io.Reader {
 			for _, f := range query.URLOptions.BodyForm {
 				form.Set(f.Key, f.Value)
 			}
+			for k, v := range settings.FormPostItems {
+				form.Set(k, v)
+			}
 			body = strings.NewReader(form.Encode())
 		case "graphql":
 			var variables map[string]interface{}

@@ -95,7 +95,7 @@ func NormalizeURL(u string) string {
 func (client *Client) GetExecutedURL(ctx context.Context, query models.Query) string {
 	out := []string{}
 	if query.Source != "inline" && query.Source != "azure-blob" {
-		req, err := GetRequest(ctx, client.Settings, GetQueryBody(ctx, query), query, map[string]string{}, false)
+		req, err := GetRequest(ctx, client.Settings, GetQueryBody(query, models.InfinitySettings{}), query, map[string]string{}, false)
 		if err != nil {
 			return fmt.Sprintf("error retrieving full url. %s", query.URL)
 		}

@@ -98,6 +98,7 @@ type InfinitySettings struct {
 	ForwardOauthIdentity     bool
 	CustomHeaders            map[string]string
 	SecureQueryFields        map[string]string
+	FormPostItems            map[string]string
 	InsecureSkipVerify       bool
 	ServerName               string
 	TimeoutInSeconds         int64
@@ -171,6 +172,9 @@ func (s *InfinitySettings) HaveSecureHeaders() bool {
 		}
 		return false
 	}
+	if len(s.FormPostItems) > 0 {
+		return true
+	}
 	return false
 }
 
@@ -294,6 +298,7 @@ func LoadSettings(ctx context.Context, config backend.DataSourceInstanceSettings
 	}
 	settings.CustomHeaders = GetSecrets(config, "httpHeaderName", "httpHeaderValue")
 	settings.SecureQueryFields = GetSecrets(config, "secureQueryName", "secureQueryValue")
+	settings.FormPostItems = GetSecrets(config, "formPostItemName", "formPostItemValue")
 	settings.OAuth2Settings.EndpointParams = GetSecrets(config, "oauth2EndPointParamsName", "oauth2EndPointParamsValue")
 	if settings.AuthenticationMethod == "" {
 		settings.AuthenticationMethod = AuthenticationMethodNone

@@ -26,6 +26,7 @@ func TestLoadSettings(t *testing.T) {
 				OAuth2Settings: models.OAuth2Settings{
 					EndpointParams: map[string]string{},
 				},
+				FormPostItems:     map[string]string{},
 				CustomHeaders:     map[string]string{},
 				SecureQueryFields: map[string]string{},
 			},
@@ -45,12 +46,14 @@ func TestLoadSettings(t *testing.T) {
 				JSONData: []byte(`{ 
 					"datasource_mode"  : "advanced",
 					"secureQueryName1" : "foo",
+					"formPostItemName1"  : "hello",
 					"httpHeaderName1"  : "header1"
 				}`),
 				DecryptedSecureJSONData: map[string]string{
-					"basicAuthPassword": "password",
-					"secureQueryValue1": "bar",
-					"httpHeaderValue1":  "headervalue1",
+					"basicAuthPassword":  "password",
+					"secureQueryValue1":  "bar",
+					"formPostItemValue1": "world",
+					"httpHeaderValue1":   "headervalue1",
 				},
 			},
 			wantSettings: models.InfinitySettings{
@@ -66,6 +69,9 @@ func TestLoadSettings(t *testing.T) {
 				OAuth2Settings: models.OAuth2Settings{
 					EndpointParams: map[string]string{},
 				},
+				FormPostItems: map[string]string{
+					"hello": "world",
+				},
 				CustomHeaders: map[string]string{
 					"header1": "headervalue1",
 				},
@@ -105,6 +111,7 @@ func TestLoadSettings(t *testing.T) {
 				OAuth2Settings: models.OAuth2Settings{
 					EndpointParams: map[string]string{},
 				},
+				FormPostItems: map[string]string{},
 				CustomHeaders: map[string]string{
 					"header1": "headervalue1",
 				},
@@ -144,6 +151,7 @@ func TestAllSettingsAgainstFrontEnd(t *testing.T) {
 			"apiKeyType" 	   : "query",
 			"datasource_mode"  : "advanced",
 			"secureQueryName1" : "foo",
+			"formPostItemName1": "hello",
 			"httpHeaderName1"  : "header1",
 			"timeoutInSeconds" : 30,
 			"tlsAuth"		   : true,
@@ -178,6 +186,7 @@ func TestAllSettingsAgainstFrontEnd(t *testing.T) {
 			"tlsClientKey":               "myTlsClientKey",
 			"basicAuthPassword":          "password",
 			"secureQueryValue1":          "bar",
+			"formPostItemValue1":         "world",
 			"httpHeaderValue1":           "headervalue1",
 			"apiKeyValue":                "earth",
 			"bearerToken":                "myBearerToken",
@@ -244,6 +253,9 @@ func TestAllSettingsAgainstFrontEnd(t *testing.T) {
 		CustomHealthCheckEnabled: true,
 		CustomHealthCheckUrl:     "https://foo-check/",
 		UnsecuredQueryHandling:   models.UnsecuredQueryHandlingDeny,
+		FormPostItems: map[string]string{
+			"hello": "world",
+		},
 		CustomHeaders: map[string]string{
 			"header1": "headervalue1",
 		},

@@ -80,6 +80,16 @@ export const HeadersEditor = (props: DataSourcePluginOptionsEditorProps<Infinity
       <Collapse isOpen={true} collapsible={true} label="URL Query Param">
         <SecureFieldsEditor dataSourceConfig={options} onChange={onOptionsChange} title="URL Query Param" secureFieldName="secureQueryName" secureFieldValue="secureQueryValue" hideTile={true} />
       </Collapse>
+      <Collapse isOpen={true} collapsible={true} label="HTTP POST form data parameter">
+        <SecureFieldsEditor
+          dataSourceConfig={options}
+          onChange={onOptionsChange}
+          title="HTTP POST form data parameter"
+          secureFieldName="formPostItemName"
+          secureFieldValue="formPostItemValue"
+          hideTile={true}
+        />
+      </Collapse>
       <Collapse isOpen={true} collapsible={true} label="Query Param Encoding (EXPERIMENTAL)">
         <QueryParamEditor options={options} onOptionsChange={onOptionsChange} />
       </Collapse>
@@ -138,7 +148,7 @@ export const MiscEditor = (props: DataSourcePluginOptionsEditorProps<InfinityOpt
 const config_sections: Array<{ value: string; label: string }> = [
   { value: 'main', label: 'Main' },
   { value: 'auth', label: 'Authentication' },
-  { value: 'headers_and_params', label: 'Headers & URL params' },
+  { value: 'http_options', label: 'HTTP Options' },
   { value: 'network', label: 'Network' },
   { value: 'security', label: 'Security' },
   { value: 'health_check', label: 'Health check' },
@@ -214,7 +224,7 @@ export const InfinityConfigEditor = (props: DataSourcePluginOptionsEditorProps<I
             <MainEditor options={options} onOptionsChange={onOptionsChange} setActiveTab={setActiveTab} />
           ) : activeTab === 'auth' ? (
             <AuthEditor options={options} onOptionsChange={onOptionsChange} />
-          ) : activeTab === 'headers_and_params' ? (
+          ) : activeTab === 'http_options' ? (
             <HeadersEditor options={options} onOptionsChange={onOptionsChange} />
           ) : activeTab === 'network' ? (
             <NetworkEditor options={options} onOptionsChange={onOptionsChange} />