Closed Alan1810 closed 5 months ago
mahendrapaipuri
commented
5 months ago @Alan1810 How many organizations you have in your Grafana deployment? It seems to me that you have your service account created in orgId=1 and that account is making a API request to generate a report of a dashboard in orgId=0. Could you try adding orgId=1 to the query parameters for the report API?
Cheers
Alan1810
commented
5 months ago Hi,
We only have one org with Id=1.
I've added orgId=1 to the query parameters for the report API but i have the same error :
logger=context userId=0 orgId=0 uname= t=2024-04-25T18:29:16.474621771+02:00 level=info msg= error="[auth.unauthorized] cannot authenticate request" remote_addr=127.0.0.1 traceID=
logger=context userId=0 orgId=0 uname= t=2024-04-25T18:29:16.475739121+02:00 level=info msg="Request Completed" method=GET path=/api/dashboards/uid/iLdsyDbWz status=401 remote_addr=127.0.0.1 time_ms=1 duration=1.155599ms size=102 referer= handler=/api/dashboards/uid/:uid status_source=server
logger=plugin.mahendrapaipuri-dashboardreporter-app t=2024-04-25T18:29:16.476427808+02:00 level=error msg="error generating report" endpoint=callResource err="error fetching dashboard iLdsyDbWz: error obtaining dashboard from https://localhost:3000/api/dashboards/uid/iLdsyDbWz?var-datasource=xxx&var-zone=xxx. Got Status 401 Unauthorized, message: {\"extra\":null,\"message\":\"Unauthorized\",\"messageId\":\"auth.unauthorized\",\"statusCode\":401,\"traceID\":\"\"}\n " pluginID=mahendrapaipuri-dashboardreporter-app
logger=context userId=99 orgId=1 uname=sa-1-mahen-reporter t=2024-04-25T18:29:16.47720817+02:00 level=error msg="Request Completed" method=GET path=/api/plugins/mahendrapaipuri-dashboardreporter-app/resources/report status=500 remote_addr=10.12.240.232 time_ms=63 duration=63.30165ms size=24 referer= handler=/api/plugins/:pluginId/resources/* status_source=downstream
Best regards
mahendrapaipuri
commented
5 months ago Cheers @Alan1810 for the info.
Yes, I can reproduce the behaviour with newer Grafana. I have already tested a potential solution but I would like to investigate it more on what is the "recommended" way to do this. I will get back to you ASAP.
Alan1810
commented
5 months ago Fine.
Thanks
mahendrapaipuri
commented
5 months ago Hello @Alan1810, could you please try this patch? You can download the plugin artifacts from here. The service account token must be configured for the plugin as well as stated in docs. If you are using grafana >= 10.3.0, you can use externalServiceAccounts feature which is stated in docs as well.
Alan1810
commented
5 months ago Hi @mahendrapaipuri,
The patch works fine.
Thank you for you work.
Regards
Hi @mahendrapaipuri,
I'm trying to generate a report using grafana api, I have "Status 401: Unauthorized".
[ "dashboards:", "dashboards:", "folders:", "folders:", "dashboards:uid:iLdsyDbWz" ]
$ curl -k -o report.pdf -H "Authorization: Bearer" "https://xxxxx/api/plugins/mahendrapaipuri-dashboardreporter-app/resources/report?dashUid=iLdsyDbWz&from=now-1M%2FM&to=now-1M%2FM&var-datasource=xxx&var-zone=xxx&layout=grid&orientation=landscape" -v
Trying x.x.x.x:443...
Connected to xxxxx (x.x.x.x) port 443 (#0)
ALPN, offering h2
ALPN, offering http/1.1
TLSv1.0 (OUT), TLS header, Certificate Status (22): } [5 bytes data]
TLSv1.3 (OUT), TLS handshake, Client hello (1): } [512 bytes data]
TLSv1.2 (IN), TLS header, Certificate Status (22): { [5 bytes data]
TLSv1.3 (IN), TLS handshake, Server hello (2): { [122 bytes data]
TLSv1.2 (IN), TLS header, Finished (20): { [5 bytes data]
TLSv1.2 (IN), TLS header, Supplemental data (23): { [5 bytes data]
TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): { [25 bytes data]
TLSv1.2 (IN), TLS header, Supplemental data (23): { [5 bytes data]
TLSv1.3 (IN), TLS handshake, Certificate (11): { [1002 bytes data]
TLSv1.2 (IN), TLS header, Supplemental data (23): { [5 bytes data]
TLSv1.3 (IN), TLS handshake, CERT verify (15): { [264 bytes data]
TLSv1.2 (IN), TLS header, Supplemental data (23): { [5 bytes data]
TLSv1.3 (IN), TLS handshake, Finished (20): { [36 bytes data]
TLSv1.2 (OUT), TLS header, Finished (20): } [5 bytes data]
TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): } [1 bytes data]
TLSv1.2 (OUT), TLS header, Supplemental data (23): } [5 bytes data]
TLSv1.3 (OUT), TLS handshake, Finished (20): } [36 bytes data]
SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
ALPN, server accepted to use http/1.1
Server certificate:
subject: C=xx; ST=xxx; L=xxx; O=xxx; OU=xxx; CN=xxx; emailAddress=xxx
start date: Dec 14 15:23:04 2023 GMT
expire date: Jan 13 15:23:04 2024 GMT
issuer: C=xx; ST=xxx; L=xxx; O=xxx; OU=xxx; CN=xxx; emailAddress=xxx
SSL certificate verify result: self-signed certificate (18), continuing anyway.
TLSv1.2 (OUT), TLS header, Supplemental data (23): } [5 bytes data]
TLSv1.2 (IN), TLS header, Supplemental data (23): { [5 bytes data]
TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): { [57 bytes data]
TLSv1.2 (IN), TLS header, Supplemental data (23): { [5 bytes data]
TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): { [57 bytes data]
old SSL session ID is stale, removing
TLSv1.2 (IN), TLS header, Supplemental data (23): { [5 bytes data]
Mark bundle as not supporting multiuse < HTTP/1.1 500 Internal Server Error < cache-control: no-store < content-security-policy: sandbox < content-type: text/plain; charset=utf-8 < x-content-type-options: nosniff < x-frame-options: deny < x-xss-protection: 1; mode=block < date: Thu, 25 Apr 2024 13:17:45 GMT < transfer-encoding: chunked < set-cookie: SERVERID=grafana-01; path=/ < { [30 bytes data]
TLSv1.2 (IN), TLS header, Supplemental data (23): { [5 bytes data]
Connection #0 to host xxxxx left intact
The grafana log file :
Any solutions ?
Best regards
grafana open source 10.4.2 reporter 1.2.0 Ubuntu 22.04