CloudWatch: Remove dependencies on grafana/pkg/setting #81208
Conversation
| @@ -874,6 +874,10 @@ list_metrics_page_limit = 500 | |||
| # Experimental, for use in Grafana Cloud only. Please do not set. | |||
| external_id = | |||
|
|
|||
| # Set the plugins that will receive AWS settings for each request (via plugin context) | |||
| # By default this will include all Grafana Labs owned AWS plugins, or those that make use of AWS settings (ElasticSearch, Prometheus). | |||
| forward_settings_to_plugins = cloudwatch, grafana-athena-datasource, grafana-redshift-datasource, grafana-x-ray-datasource, grafana-timestream-datasource, grafana-iot-sitewise-datasource, grafana-iot-twinmaker-app, grafana-opensearch-datasource, aws-datasource-provisioner, elasticsearch, prometheus | |||
There was a problem hiding this comment.
I added all the external AWS plugins (even though they're not using the context yet), the AWS provisioner app, and ElasticSearch and Prometheus (which support sigv4) to the list along with CloudWatch. I think that's all of them, unless something else uses sigv4?
iwysiu
force-pushed
the
iwysiu/79324
branch
3 times, most recently
from
138eb14 to
1b66b90
Compare
| AWSAllowedAuthProviders []string | ||
| AWSAssumeRoleEnabled bool | ||
| AWSExternalId string | ||
| AWSSessionDuration string |
There was a problem hiding this comment.
grafana-aws-sdk had session duration settable as a secret environment variable setting before this, and the AWSListMetricsPageLimit was settable but not propagated to Cfg.
| @@ -35,6 +35,9 @@ func ProvideConfig(settingProvider setting.Provider, grafanaCfg *setting.Cfg, fe | |||
| allowedAuth, | |||
| aws.KeyValue("assume_role_enabled").MustBool(grafanaCfg.AWSAssumeRoleEnabled), | |||
| aws.KeyValue("external_id").Value(), | |||
| aws.KeyValue("session_duration").Value(), | |||
| grafanaCfg.AWSListMetricsPageLimit, | |||
There was a problem hiding this comment.
Is there a reason that the old aws variables get values off settingsProvider instead of grafanaCfg? I wasn't sure what the difference was
There was a problem hiding this comment.
settingsProvider can be backed by a database instead of a file - which I believe AWS originally wanted so that config could be reloaded on the fly. When not used, the settingsProvider just falls back to the file anyway. That was the original motivation there!
There was a problem hiding this comment.
Ah, I see! Should I update the new settings to be gotten off settingsProvider? It's a little weird because allowedAuth is actually being gotten from grafanaCfg
There was a problem hiding this comment.
Yeah TBH I'm not sure we've done a great job here of making it clear what should be happening (and I don't think many know the actual details of settingsProvider). I just remember needing to do this for plugin settings originally - but I think any config that people would like to potentially be updated via API/backend by the DB/can change at runtime, should be fetched from the settingsProvider!
There was a problem hiding this comment.
I made it so that the aws settings (including allowedAuth) are gotten from the settingsProvider and added a comment so hopefully we remember
| @@ -1333,11 +1339,20 @@ func (cfg *Cfg) handleAWSConfig() { | |||
| cfg.Logger.Error(fmt.Sprintf("could not set environment variable '%s'", awsds.AllowedAuthProvidersEnvVarKeyName), err) | |||
| } | |||
|
|
|||
| cfg.AWSExternalId = awsPluginSec.Key("external_id").Value() | |||
There was a problem hiding this comment.
I moved this to group all the cfg setting together
| @@ -874,6 +874,14 @@ list_metrics_page_limit = 500 | |||
| # Experimental, for use in Grafana Cloud only. Please do not set. | |||
| external_id = | |||
|
|
|||
| # Sets the expiry duration of an assumed role. | |||
| # This setting should be expressed as a duration. Examples: 6h (hours), 10d (days), 2w (weeks), 1M (month). | |||
| session_duration = "15m" | |||
There was a problem hiding this comment.
This was a secret/experimental setting for grafana-aws-sdk that was being fetched from the environment variables
| "github.com/stretchr/testify/assert" | ||
| "github.com/stretchr/testify/require" | ||
| ) | ||
|
|
||
| func Test_Settings_LoadCloudWatchSettings(t *testing.T) { | ||
| settingCtx := backend.WithGrafanaConfig(context.Background(), backend.NewGrafanaCfg(map[string]string{ |
There was a problem hiding this comment.
This context just exists so that the tests not testing the context settings don't produce a bunch of warning messages
iwysiu
changed the title
iwysiu
requested review from
marefr,
oshirohugo,
sarahzinger,
idastambuk,
undef1nd,
suntala and
idafurjes
and removed request for
a team
There was a problem hiding this comment.
After double checking, I confirmed that if it's not set to forward the setting to cloudwatch we use the environment variables. Note that forward_settings_to_plugins has to be set to something for it to overwrite the default, and it can't just be an empty string.
| @@ -35,6 +35,9 @@ func ProvideConfig(settingProvider setting.Provider, grafanaCfg *setting.Cfg, fe | |||
| allowedAuth, | |||
| aws.KeyValue("assume_role_enabled").MustBool(grafanaCfg.AWSAssumeRoleEnabled), | |||
| aws.KeyValue("external_id").Value(), | |||
| aws.KeyValue("session_duration").Value(), | |||
| grafanaCfg.AWSListMetricsPageLimit, | |||
There was a problem hiding this comment.
Ah, I see! Should I update the new settings to be gotten off settingsProvider? It's a little weird because allowedAuth is actually being gotten from grafanaCfg
| // } | ||
|
|
||
| if slices.Contains[[]string, string](s.cfg.AWSForwardSettingsPlugins, pluginID) { | ||
| if !s.cfg.AWSAssumeRoleEnabled { |
There was a problem hiding this comment.
This value defaults to true, so it actually should be added if its false
What is this feature?
Removes references to the
grafana/pkg/settingpackage from the CloudWatch plugin. Currently, CloudWatch is passed the settings when the service is started up and stores the settings on the executor, and after this change it will get the settings from the instance context and store them on the instance. It also passes those settings toGetSessionin thegrafana-aws-sdkso it doesn't need to use environment variables for its session settings. Depends on grafana/grafana-aws-sdk#118I also found that
AWSListMetricsPageLimitwas only insettings.Cfgand not inconfig.Cfgso I copied it over. In the opposite direction, I found that there was an AWS Session Duration that was only being set through an environment variable and added it to the aws config settingsWhy do we need this feature?
It's required as part of the decoupling work for CloudWatch
Which issue(s) does this PR fix?:
Fixes #79324
Special notes for your reviewer:
Please check that: