From d7d79e194a15f2a77acd605d8259d1ca61272dc5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Zolt=C3=A1n=20Bedi?= Date: Wed, 9 Jul 2025 11:13:11 +0200 Subject: [PATCH] Add OAuth passthrough support - Introduced OAuthPassthroughEnabled field in BigQuerySettings to enable forwarding of HTTP headers. - Updated BigQueryConfigEditor to include a switch for enabling OAuth passthrough in the configuration UI. --- package.json | 2 +- pkg/bigquery/http_client.go | 4 ++++ pkg/bigquery/types/types.go | 1 + src/components/ConfigEditor.tsx | 31 +++++++++++++++++++++++++++---- src/types.ts | 18 +++++++++++++++++- yarn.lock | 10 +++++----- 6 files changed, 55 insertions(+), 11 deletions(-) diff --git a/package.json b/package.json index d75563f..8f39d00 100644 --- a/package.json +++ b/package.json @@ -24,7 +24,7 @@ "dependencies": { "@emotion/css": "11.10.6", "@grafana/data": "^11.5.3", - "@grafana/google-sdk": "0.3.1", + "@grafana/google-sdk": "0.3.4", "@grafana/plugin-ui": "^0.10.4", "@grafana/runtime": "^11.5.3", "@grafana/schema": "^11.5.3", diff --git a/pkg/bigquery/http_client.go b/pkg/bigquery/http_client.go index bdd8526..3395433 100644 --- a/pkg/bigquery/http_client.go +++ b/pkg/bigquery/http_client.go @@ -85,6 +85,10 @@ func getMiddleware(settings types.BigQuerySettings, routePath string) (httpclien } func newHTTPClient(settings types.BigQuerySettings, opts httpclient.Options, route string) (*http.Client, error) { + if settings.OAuthPassthroughEnabled { + opts.ForwardHTTPHeaders = true + return httpclient.New(opts) + } m, err := getMiddleware(settings, route) if err != nil { return nil, err diff --git a/pkg/bigquery/types/types.go b/pkg/bigquery/types/types.go index 702b456..66dff3e 100644 --- a/pkg/bigquery/types/types.go +++ b/pkg/bigquery/types/types.go @@ -21,6 +21,7 @@ type BigQuerySettings struct { ServiceEndpoint string `json:"serviceEndpoint"` UsingImpersonation bool `json:"usingImpersonation"` ServiceAccountToImpersonate string `json:"serviceAccountToImpersonate"` + OAuthPassthroughEnabled bool `json:"oauthPassThru"` // Saved in secure JSON PrivateKey string `json:"-"` diff --git a/src/components/ConfigEditor.tsx b/src/components/ConfigEditor.tsx index e490dcf..1a74172 100644 --- a/src/components/ConfigEditor.tsx +++ b/src/components/ConfigEditor.tsx @@ -2,13 +2,14 @@ import { DataSourcePluginOptionsEditorProps, onUpdateDatasourceJsonDataOptionSelect, onUpdateDatasourceJsonDataOption, + onUpdateDatasourceJsonDataOptionChecked, } from '@grafana/data'; -import { AuthConfig, GOOGLE_AUTH_TYPE_OPTIONS } from '@grafana/google-sdk'; +import { AuthConfig } from '@grafana/google-sdk'; import { config } from '@grafana/runtime'; -import { Field, Input, SecureSocksProxySettings, Select } from '@grafana/ui'; +import { Field, FieldSet, Input, SecureSocksProxySettings, Select, Switch } from '@grafana/ui'; import React from 'react'; import { PROCESSING_LOCATIONS } from '../constants'; -import { BigQueryOptions, BigQuerySecureJsonData } from '../types'; +import { BigQueryAuth, bigQueryAuthTypes, BigQueryOptions, BigQuerySecureJsonData } from '../types'; import { ConfigurationHelp } from './/ConfigurationHelp'; import { ConfigSection, DataSourceDescription } from '@grafana/plugin-ui'; import { Divider } from './Divider'; @@ -28,6 +29,8 @@ export const BigQueryConfigEditor: React.FC = (props) }, }); }; + const showServiceAccountImpersonation = + jsonData.authenticationType === BigQueryAuth.JWT || jsonData.authenticationType === BigQueryAuth.GCE; return ( <> @@ -43,7 +46,27 @@ export const BigQueryConfigEditor: React.FC = (props) - + + + {jsonData.authenticationType === BigQueryAuth.ForwardOAuthIdentity && ( +
+ + + +
+ )} diff --git a/src/types.ts b/src/types.ts index fd0f23a..11e31dd 100644 --- a/src/types.ts +++ b/src/types.ts @@ -1,6 +1,11 @@ import { DataQuery, TimeRange } from '@grafana/data'; +import { + DataSourceOptions, + DataSourceSecureJsonData, + GOOGLE_AUTH_TYPE_OPTIONS, + GoogleAuthType, +} from '@grafana/google-sdk'; import { EditorMode } from '@grafana/plugin-ui'; -import { DataSourceOptions, DataSourceSecureJsonData } from '@grafana/google-sdk'; import { JsonTree } from '@react-awesome-query-builder/ui'; import { BigQueryAPI } from 'api'; import { @@ -29,8 +34,19 @@ export interface BigQueryOptions extends DataSourceOptions { enableSecureSocksProxy?: boolean; MaxBytesBilled?: number; serviceEndpoint?: string; + oauthPassThru?: boolean; } +export const BigQueryAuth = { + ...GoogleAuthType, + ForwardOAuthIdentity: 'forwardOAuthIdentity', +} as const; + +export const bigQueryAuthTypes = [ + { label: 'Forward OAuth Identity', value: BigQueryAuth.ForwardOAuthIdentity }, + ...GOOGLE_AUTH_TYPE_OPTIONS, +]; + export interface BigQuerySecureJsonData extends DataSourceSecureJsonData {} export enum GroupType { diff --git a/yarn.lock b/yarn.lock index 2d6952a..c011e5f 100644 --- a/yarn.lock +++ b/yarn.lock @@ -1703,15 +1703,15 @@ __metadata: languageName: node linkType: hard -"@grafana/google-sdk@npm:0.3.1": - version: 0.3.1 - resolution: "@grafana/google-sdk@npm:0.3.1" +"@grafana/google-sdk@npm:0.3.4": + version: 0.3.4 + resolution: "@grafana/google-sdk@npm:0.3.4" peerDependencies: "@grafana/data": ">=10.4.0" "@grafana/ui": ">=10.4.0" react: ^18.2.0 react-dom: ^18.2.0 - checksum: 10c0/0e1c415445553a8921a0ef6163734f534d493b6c46e2718430ab3ec41aae5566fbeecccd4683eba1b53bff10fbcd0c988345a0021f38d73187a7dcac5d34d2b7 + checksum: 10c0/4b2276d029d55a96ce651e7e4806c15180c9648ba5f13688bbf7d0f6da154404095b94cd337514cac5abe9ae412a548515a47b7c3a27d3e9753edcbe09be5730 languageName: node linkType: hard @@ -7804,7 +7804,7 @@ __metadata: "@grafana/data": "npm:^11.5.3" "@grafana/e2e-selectors": "npm:^11.5.3" "@grafana/eslint-config": "npm:^8.0.0" - "@grafana/google-sdk": "npm:0.3.1" + "@grafana/google-sdk": "npm:0.3.4" "@grafana/plugin-e2e": "npm:^2.0.2" "@grafana/plugin-ui": "npm:^0.10.4" "@grafana/runtime": "npm:^11.5.3"