Skip to content

feat: add awsiamrds db auth driver #12566

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 21 commits into from
Mar 20, 2024
Merged

feat: add awsiamrds db auth driver #12566

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
21 commits
Select commit Hold shift + click to select a range
d23ad15
feat: add awsrdsiam db auth connector
f0ssel Mar 12, 2024
f2426d1
fix parent name
f0ssel Mar 12, 2024
03eb9c1
wire to falgs
f0ssel Mar 14, 2024
1ff0291
add aws v2
f0ssel Mar 14, 2024
269097c
remove aws v1
f0ssel Mar 14, 2024
eba4c6b
fix function calls
f0ssel Mar 14, 2024
83d7101
make gen
f0ssel Mar 14, 2024
f25ae4e
implement yaml methods
f0ssel Mar 14, 2024
cb887c0
remove clibase
f0ssel Mar 18, 2024
c0bd787
remove diff
f0ssel Mar 18, 2024
891a7c0
Make gen
f0ssel Mar 18, 2024
7ab2e95
fix complexity
f0ssel Mar 18, 2024
b44becf
lint
f0ssel Mar 18, 2024
66c686d
update serpent
f0ssel Mar 18, 2024
a425f5b
update aws
f0ssel Mar 18, 2024
de7e7d9
log
f0ssel Mar 18, 2024
c256df3
add note
f0ssel Mar 19, 2024
c0a0515
rename awsrdsiam to awsiamrds to match v1
f0ssel Mar 19, 2024
6c3d73d
update golden
f0ssel Mar 19, 2024
c56fddc
rename files
f0ssel Mar 19, 2024
293140b
fix data races
f0ssel Mar 19, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
add aws v2
  • Loading branch information
@f0ssel
f0ssel committed Mar 19, 2024
commit 1ff0291c9b4ee51c2defa19b58c256d42df03cba
26 changes: 14 additions & 12 deletions coderd/database/awsrdsiam/driver.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,28 +1,30 @@
package awsrdsiam

import (
"context"
"database/sql"
"database/sql/driver"
"fmt"
"net/url"

"github.com/aws/aws-sdk-go/aws/session"
"github.com/aws/aws-sdk-go/service/rds/rdsutils"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/config"
"github.com/aws/aws-sdk-go-v2/feature/rds/auth"
"golang.org/x/xerrors"
)

type awsRdsIamDriver struct {
parent driver.Driver
sess *session.Session
cfg aws.Config
}

var _ driver.Driver = &awsRdsIamDriver{}

// Register initializes and registers our aws rds iam wrapped database driver.
func Register(parentName string) (string, error) {
sess, err := session.NewSession()
func Register(ctx context.Context, parentName string) (string, error) {
cfg, err := config.LoadDefaultConfig(ctx)
if err != nil {
return "", xerrors.Errorf("creating aws session: %w", err)
return "", err
}

db, err := sql.Open(parentName, "")
Expand All @@ -31,25 +33,25 @@ func Register(parentName string) (string, error) {
}

// create a new aws rds iam driver
d := newDriver(db.Driver(), sess)
d := newDriver(db.Driver(), cfg)
name := fmt.Sprintf("%s-awsrdsiam", parentName)
sql.Register(fmt.Sprintf("%s-awsrdsiam", parentName), d)

return name, nil
}

// newDriver will create a new *AwsRdsIamDriver using the environment aws session.
func newDriver(parentDriver driver.Driver, sess *session.Session) *awsRdsIamDriver {
func newDriver(parentDriver driver.Driver, cfg aws.Config) *awsRdsIamDriver {
return &awsRdsIamDriver{
parent: parentDriver,
sess: sess,
cfg: cfg,
}
}

// Open creates a new connection to the database using the provided name.
func (d *awsRdsIamDriver) Open(name string) (driver.Conn, error) {
// set password with signed aws authentication token for the rds instance
nURL, err := getAuthenticatedURL(d.sess, name)
nURL, err := getAuthenticatedURL(d.cfg, name)
if err != nil {
return nil, xerrors.Errorf("assigning authentication token to url: %w", err)
}
Expand All @@ -63,15 +65,15 @@ func (d *awsRdsIamDriver) Open(name string) (driver.Conn, error) {
return conn, nil
}

func getAuthenticatedURL(sess *session.Session, dbURL string) (string, error) {
func getAuthenticatedURL(cfg aws.Config, dbURL string) (string, error) {
nURL, err := url.Parse(dbURL)
if err != nil {
return "", xerrors.Errorf("parsing dbURL: %w", err)
}

// generate a new rds session auth tokenized URL
rdsEndpoint := fmt.Sprintf("%s:%s", nURL.Hostname(), nURL.Port())
token, err := rdsutils.BuildAuthToken(rdsEndpoint, *sess.Config.Region, nURL.User.Username(), sess.Config.Credentials)
token, err := auth.BuildAuthToken(context.Background(), rdsEndpoint, cfg.Region, nURL.User.Username(), cfg.Credentials)
if err != nil {
return "", xerrors.Errorf("building rds auth token: %w", err)
}
Expand Down
5 changes: 3 additions & 2 deletions go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,7 @@ require (
github.com/andybalholm/brotli v1.1.0
github.com/armon/circbuf v0.0.0-20190214190532-5111143e8da2
github.com/awalterschulze/gographviz v2.0.3+incompatible
github.com/aws/smithy-go v1.20.0
github.com/aws/smithy-go v1.20.1
github.com/bgentry/speakeasy v0.1.1-0.20220910012023-760eaf8b6816
github.com/bramvdbogaerde/go-scp v1.3.0
github.com/briandowns/spinner v1.18.1
Expand Down Expand Up @@ -248,10 +248,11 @@ require (
github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect
github.com/armon/go-radix v1.0.1-0.20221118154546-54df44f2176c // indirect
github.com/aws/aws-sdk-go v1.50.36
github.com/aws/aws-sdk-go-v2 v1.24.1 // indirect
github.com/aws/aws-sdk-go-v2 v1.25.3 // indirect
github.com/aws/aws-sdk-go-v2/config v1.26.1 // indirect
github.com/aws/aws-sdk-go-v2/credentials v1.16.12 // indirect
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.10 // indirect
github.com/aws/aws-sdk-go-v2/feature/rds/auth v1.4.3
github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10 // indirect
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10 // indirect
github.com/aws/aws-sdk-go-v2/internal/ini v1.7.2 // indirect
Expand Down
6 changes: 6 additions & 0 deletions go.sum
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -96,12 +96,16 @@ github.com/aws/aws-sdk-go v1.50.36 h1:PjWXHwZPuTLMR1NIb8nEjLucZBMzmf84TLoLbD8BZq
github.com/aws/aws-sdk-go v1.50.36/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk=
github.com/aws/aws-sdk-go-v2 v1.24.1 h1:xAojnj+ktS95YZlDf0zxWBkbFtymPeDP+rvUQIH3uAU=
github.com/aws/aws-sdk-go-v2 v1.24.1/go.mod h1:LNh45Br1YAkEKaAqvmE1m8FUx6a5b/V0oAKV7of29b4=
github.com/aws/aws-sdk-go-v2 v1.25.3 h1:xYiLpZTQs1mzvz5PaI6uR0Wh57ippuEthxS4iK5v0n0=
github.com/aws/aws-sdk-go-v2 v1.25.3/go.mod h1:35hUlJVYd+M++iLI3ALmVwMOyRYMmRqUXpTtRGW+K9I=
github.com/aws/aws-sdk-go-v2/config v1.26.1 h1:z6DqMxclFGL3Zfo+4Q0rLnAZ6yVkzCRxhRMsiRQnD1o=
github.com/aws/aws-sdk-go-v2/config v1.26.1/go.mod h1:ZB+CuKHRbb5v5F0oJtGdhFTelmrxd4iWO1lf0rQwSAg=
github.com/aws/aws-sdk-go-v2/credentials v1.16.12 h1:v/WgB8NxprNvr5inKIiVVrXPuuTegM+K8nncFkr1usU=
github.com/aws/aws-sdk-go-v2/credentials v1.16.12/go.mod h1:X21k0FjEJe+/pauud82HYiQbEr9jRKY3kXEIQ4hXeTQ=
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.10 h1:w98BT5w+ao1/r5sUuiH6JkVzjowOKeOJRHERyy1vh58=
github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.10/go.mod h1:K2WGI7vUvkIv1HoNbfBA1bvIZ+9kL3YVmWxeKuLQsiw=
github.com/aws/aws-sdk-go-v2/feature/rds/auth v1.4.3 h1:mfxA6HX/mla8BrjVHdVD0G49+0Z+xKel//NCPBk0qbo=
github.com/aws/aws-sdk-go-v2/feature/rds/auth v1.4.3/go.mod h1:PjvlBlYNNXPrMAGarXrnV+UYv1T9XyTT2Ono41NQjq8=
github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10 h1:vF+Zgd9s+H4vOXd5BMaPWykta2a6Ih0AKLq/X6NYKn4=
github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10/go.mod h1:6BkRjejp/GR4411UGqkX8+wFMbFbqsUIimfK4XjOKR4=
github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10 h1:nYPe006ktcqUji8S2mqXf9c/7NdiKriOwMvWQHgYztw=
Expand All @@ -122,6 +126,8 @@ github.com/aws/aws-sdk-go-v2/service/sts v1.26.5 h1:5UYvv8JUvllZsRnfrcMQ+hJ9jNIC
github.com/aws/aws-sdk-go-v2/service/sts v1.26.5/go.mod h1:XX5gh4CB7wAs4KhcF46G6C8a2i7eupU19dcAAE+EydU=
github.com/aws/smithy-go v1.20.0 h1:6+kZsCXZwKxZS9RfISnPc4EXlHoyAkm2hPuM8X2BrrQ=
github.com/aws/smithy-go v1.20.0/go.mod h1:uo5RKksAl4PzhqaAbjd4rLgFoq5koTsQKYuGe7dklGc=
github.com/aws/smithy-go v1.20.1 h1:4SZlSlMr36UEqC7XOyRVb27XMeZubNcBNN+9IgEPIQw=
github.com/aws/smithy-go v1.20.1/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E=
github.com/aymanbagabas/go-osc52 v1.0.3/go.mod h1:zT8H+Rk4VSabYN90pWyugflM3ZhpTZNC7cASDfUCdT4=
github.com/aymanbagabas/go-osc52/v2 v2.0.1 h1:HwpRHbFMcZLEVr42D4p7XBqjyuxQH5SMiErDT4WkJ2k=
github.com/aymanbagabas/go-osc52/v2 v2.0.1/go.mod h1:uYgXzlJ7ZpABp8OJ+exZzJJhRNQ2ASbcXHWsFqH8hp8=
Expand Down