2

I am not able to export data sources in Grafana with basic auth details.

As I searched on internet, people are downloading datasource JSON by URL <grafana>/api/datasources and uploading same way with another API.

I tried doing that. Everything works fine but for basic auth info, only basicAuth: true is downloaded from above rest call as JSON but not password info. So, importing that JSON does not create proper datasource in Grafana.

Is there a way to smoothly export then import JSON to Grafana for data sources?( Specially for Prometheus data sources)

Thanks in advance.

Updating my scenario here:

What is the requirement: I want my Grafana data sources which have basic auth enabled to get exported and imported to client site:

Why it is needed: It is needed because in my one use case, I configured Prometheus datasource with basic auth and tried exported as json and pushed to GIT. And with help of Jenkins (CI/CD), I needed them to be created/updated in UAT deployment and then to customers with same approach.

Everything was working fine until I did not enable basic auth in Prometheus. Once, I enabled, This continuous integration is breaking because Grafana in UAT and Clients are not working with Prometheus due to Auth issue (because basic auth configs are not exported in JSON):

Can anyone help me resolving this scenario?

Moksh
  • 185
  • 1
  • 6
  • 16

3 Answers3

2

No. Credentials are stored in secureJsonFields and these fields are not available via API. It is a feature not a bug - https://github.com/grafana/grafana/issues/20274.

Jan Garaj
  • 25,598
  • 3
  • 38
  • 59
  • I opened this enhancement with my scenario described: https://github.com/grafana/grafana/issues/27843 – Moksh Sep 27 '20 at 05:47
  • @Moksh Did you read https://github.com/grafana/grafana/issues/20274: `However, due to security reasons we don't want to expose this sensitive information thru the API.`? – Jan Garaj Sep 27 '20 at 06:32
  • Yes. But this does not answer the use case. I mentioned it in enhancement request as well. Or you are saying my use case is invalid.? – Moksh Sep 27 '20 at 06:34
0

To cater my scenario, I did found how to pass the password for the basic auth while importing datasource JSON in Grafana.

Note: By defining password and basicAuthPassword under secureJsonData Grafana encrypts them securely as an encrypted blob in the database. The response then lists the encrypted fields under secureJsonFields.

https://grafana.com/docs/grafana/latest/http_api/data_source/

so I put my password manually in the JSON exported from Grafana like below and then pushed into GIT.

{
  "name": "ds_prometheus",
  "type": "prometheus",
  "url": "http://my-prometheus:8080",
  "access": "proxy",
  "basicAuth": true,
  "basicAuthUser": "user",
  "secureJsonData": {
    "basicAuthPassword": "password"
  },
  "isDefault": true,
  "jsonData":{"httpMethod":"POST","keepCookies":[],"timeInterval":"30s","queryTimeout":"120s","tlsSkipVerify":true}
}

So, whenever CI/CD runs, data sources are correctly populated in Grafana with correct credentials.

Moksh
  • 185
  • 1
  • 6
  • 16
0

I was able to use datasource configuration for database:

datasources:

  - id: 123
    uid: "myUid"
    name: "myDatabaseName"
    type: "mssql"
    access: "proxy"
    url: "this.is.my.server:1433"
    user: "databaseUser"
    secureJsonData:
      password: "mySecretPlainPassword"
    database: "myDatabaseName"
    basicAuth: false
    jsonData:
        encrypt: "false"
Damian
  • 437
  • 5
  • 11