Export basic auth credentials to access token connection secret; prov…

…ide example (#241) Signed-off-by: Holger Johannes Heinz <[email protected]>
grafana · Feb 6, 2025 · f81621c · f81621c
1 parent 3543c0b
commit f81621c
Show file tree

Hide file tree

Showing 2 changed files with 76 additions and 2 deletions.
diff --git a/config/grafana/config.go b/config/grafana/config.go
@@ -186,14 +186,23 @@ func Configure(p *ujconfig.Provider) {
 		r.Sensitive.AdditionalConnectionDetailsFn = func(attr map[string]interface{}) (map[string][]byte, error) {
 			conn := map[string][]byte{}
 			cloudConfig := map[string]string{}
+			basicAuthConfig := map[string]string{}
 			if a, ok := attr["token"].(string); ok {
 				cloudConfig["cloud_access_policy_token"] = a
+				basicAuthConfig["basicAuthPassword"] = a
 			}
-			marshalled, err := json.Marshal(cloudConfig)
+
+			marshalledBasicAuthConfig, err := json.Marshal(basicAuthConfig)
+			if err != nil {
+				return nil, err
+			}
+			conn["basicAuthCredentials"] = marshalledBasicAuthConfig
+
+			marshalledCloudConfig, err := json.Marshal(cloudConfig)
 			if err != nil {
 				return nil, err
 			}
-			conn["cloudCredentials"] = marshalled
+			conn["cloudCredentials"] = marshalledCloudConfig
 			return conn, nil
 		}
 	})

diff --git a/examples/datasource-with-access-policy-basic-auth.yaml b/examples/datasource-with-access-policy-basic-auth.yaml
@@ -0,0 +1,65 @@
+# Example that creates a DataSource that uses BasicAuth to connect to a Prometheus endpoint
+# Note: There exists a race condition between access policy token and datasource as datasource currently
+# does not block creation if secureJsonDataEncodedSecretRef points to a non-existing secret.
+apiVersion: cloud.grafana.crossplane.io/v1alpha1
+kind: AccessPolicy
+metadata:
+  name: example-datasource-with-basic-auth
+  labels:
+    example.com/name: example-datasource-with-basic-auth
+spec:
+  forProvider:
+    name: example-datasource-with-basic-auth
+    realm:
+    - labelPolicy:
+      - selector: '{foo="bar"}'
+      type: stack
+      identifier: "STACKID" # changeme
+    region: REGION # changeme
+    scopes:
+    - metrics:read
+    - logs:read
+  providerConfigRef:
+    name: grafana-cloud-provider
+---
+apiVersion: cloud.grafana.crossplane.io/v1alpha1
+kind: AccessPolicyToken
+metadata:
+  name: example-datasource-with-basic-auth
+spec:
+  forProvider:
+    accessPolicySelector:
+      matchLabels:
+        example.com/name: example-datasource-with-basic-auth
+    name: example-datasource-with-basic-auth
+    region: REGION  # changeme
+  writeConnectionSecretToRef:
+    name: example-datasource-with-basic-auth
+    namespace: crossplane
+  providerConfigRef:
+    name: grafana-cloud-provider
+---
+apiVersion: oss.grafana.crossplane.io/v1alpha1
+kind: DataSource
+metadata:
+  labels:
+    example.com/name: example-datasource-with-basic-auth
+  name: example-datasource-with-basic-auth
+spec:
+  forProvider:
+    name: example-datasource-with-basic-auth
+    type: prometheus
+    url: URL  # changeme
+    basicAuthEnabled: true
+    basicAuthUsername: "USERID"  # changeme
+    jsonDataEncoded: |
+      {
+        "httpMethod": "POST",
+        "tokenName": "example-datasource-with-basic-auth"
+      }
+    secureJsonDataEncodedSecretRef:
+      key: basicAuthCredentials
+      name: example-datasource-with-basic-auth
+      namespace: crossplane
+  providerConfigRef:
+    name: grafana-cloud-instance-provider