How to set GET params from SecureJson in the route config?

Grafana Plugin Development
1

In my datasource plugin I have a plugin.json with a route like this:

 "routes": [
    {
      "path": "webservice",
      "method": "GET",
      "url": "https://example/service/?apiKey={{.SecureJsonData.apiKey}}"
    }
  ]

However, the data proxy seems to strip the query string. Unfortunately the apiKey in the query string is the only way to pass the token. Is there anyway to solve this problem?

EDIT: I found a issue https://github.com/grafana/grafana/issues/14088
I grep’d the master branch but I couldn’t find the unit test that Torkel mentioned.

$ git grep '{{.SecureJsonData.' | grep url
docs/sources/plugins/developing/auth-for-datasources.md:      "url": "{{.SecureJsonData.dynamicUrl}}",
2

I couldn’t find an example of plugin trying to set a query string value in a route.

I will test locally and see if I can figure out if this is a bug or not. The interpolation (replacing .SecureJsonData.apiKey with the value) should be supported but not sure if there is a good reason for the query string getting stripped or if it is a bug.

3

Think Torkel is referring to this test:

But that doesn’t test with a query string, only that you can use variables for the url field.

So digging into how this works, it does indeed strip the query string.

If you call a url that is:

webservice/somepath

then the route will replace website and result in the url:

https://example/service/somepath

The logic for building this url only uses the path part of the route url to build this new url and does not use the query part of the url.

Relevant line of code: https://github.com/grafana/grafana/blob/master/pkg/api/pluginproxy/ds_proxy.go#L170

4

Thanks for the quick reply. I understood why it doesn’t work.

A quick hack might be to copy .RawQuery just like .Path but not sure if they are re-encoded along with the extra params from the datasource plugin.

5

I think the proper fix is to introduce “params” to the route config in the plugin.json.

The interpolation of the query params in the url would cause problem when the value contains URL unsafe characters.

Proposed config

"routes": [
    {
      "path": "webservice",
      "method": "GET",
      "url": "https://example/service/",
      "params": {
        "apiKey": "{{.SecureJsonData.apiKey}}"
      }
    } 
  ]
6

Yes, that seems like a reasonable solution. I’ll have a look at doing a PR for this today.

1 Like
7

PR submitted here: https://github.com/grafana/grafana/pull/23503

1 Like
8

I’m happy to know that the auth will work with your PR. Thanks!

I noticed the the query string params are positional so the params has to be an array. One minor nitpick is there will be two “params” with different syntax e.g. the params for tokenAuth. That might be a bit confusing . “queryParams” or “urlParams” might be better? Just a suggestion.

1 Like