Skip to content

fix: use authenticated urls for pubsub #14261

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 25 commits into from
Aug 26, 2024
Merged

fix: use authenticated urls for pubsub #14261

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
25 commits
Select commit Hold shift + click to select a range
b89ff23
fix: use authenticated urls for pubsub
f0ssel Aug 13, 2024
88d50b8
comments
f0ssel Aug 13, 2024
8be0524
flake
f0ssel Aug 13, 2024
3be05c2
fmt
f0ssel Aug 13, 2024
c7964e4
temp add personal fork
f0ssel Aug 13, 2024
6ff2ec7
update coder fork
f0ssel Aug 14, 2024
02258ee
test pubsub
f0ssel Aug 14, 2024
9d8681b
test pubsub
f0ssel Aug 14, 2024
85f6cfe
t log
f0ssel Aug 14, 2024
dae69c7
add customer driver tests
f0ssel Aug 21, 2024
55df464
merge main
f0ssel Aug 21, 2024
2019fec
update flake
f0ssel Aug 21, 2024
ff2784c
lint
f0ssel Aug 21, 2024
c18963b
move to defer
f0ssel Aug 21, 2024
1600abf
fix tests
f0ssel Aug 22, 2024
839a52e
remove log
f0ssel Aug 22, 2024
428f3f5
merge main
f0ssel Aug 22, 2024
cd61cc7
update flake
f0ssel Aug 22, 2024
c946cdd
fmt
f0ssel Aug 22, 2024
1b139e4
close chan
f0ssel Aug 22, 2024
8c96f6e
use pq
f0ssel Aug 23, 2024
a645a76
merge main
f0ssel Aug 23, 2024
ed009f7
update flake
f0ssel Aug 23, 2024
c8a7c9a
fix flake
f0ssel Aug 23, 2024
05cbc3c
sleep to prevent flake
f0ssel Aug 26, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
fix: use authenticated urls for pubsub
  • Loading branch information
@f0ssel
f0ssel committed Aug 14, 2024
commit b89ff23d1fbcf036b722022c37c5a61b3ad4b5b3
47 changes: 47 additions & 0 deletions coderd/database/awsiamrds/awsiamrds.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,10 @@ import (
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/config"
"github.com/aws/aws-sdk-go-v2/feature/rds/auth"
"github.com/lib/pq"
"golang.org/x/xerrors"

"github.com/coder/coder/v2/coderd/database"
)

type awsIamRdsDriver struct {
Expand All @@ -19,6 +22,7 @@ type awsIamRdsDriver struct {
}

var _ driver.Driver = &awsIamRdsDriver{}
var _ database.ConnectorCreator = &awsIamRdsDriver{}

// Register initializes and registers our aws iam rds wrapped database driver.
func Register(ctx context.Context, parentName string) (string, error) {
Expand Down Expand Up @@ -65,6 +69,15 @@ func (d *awsIamRdsDriver) Open(name string) (driver.Conn, error) {
return conn, nil
}

func (d *awsIamRdsDriver) Connector(name string) (driver.Connector, error) {
connector := &connector{
url: name,
cfg: d.cfg,
}

return connector, nil
}

func getAuthenticatedURL(cfg aws.Config, dbURL string) (string, error) {
nURL, err := url.Parse(dbURL)
if err != nil {
Expand All @@ -82,3 +95,37 @@ func getAuthenticatedURL(cfg aws.Config, dbURL string) (string, error) {

return nURL.String(), nil
}

type connector struct {
url string
cfg aws.Config
dialer pq.Dialer
}

var _ database.DialerConnector = &connector{}

func (c *connector) Connect(ctx context.Context) (driver.Conn, error) {
nURL, err := getAuthenticatedURL(c.cfg, c.url)
if err != nil {
return nil, xerrors.Errorf("assigning authentication token to url: %w", err)
}

nc, err := pq.NewConnector(nURL)
if err != nil {
return nil, xerrors.Errorf("creating new connector: %w", err)
}

if c.dialer != nil {
nc.Dialer(c.dialer)
}

return nc.Connect(ctx)
}

func (c *connector) Driver() driver.Driver {
return &pq.Driver{}
}

func (c *connector) Dialer(dialer pq.Dialer) {
c.dialer = dialer
}
17 changes: 17 additions & 0 deletions coderd/database/connector.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
package database

import (
"context"
"database/sql/driver"

"github.com/lib/pq"
)

type ConnectorCreator interface {
Connector(name string) (driver.Connector, error)
}

type DialerConnector interface {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

Connect(context.Context) (driver.Conn, error)
Dialer(dialer pq.Dialer)
}
27 changes: 26 additions & 1 deletion coderd/database/pubsub/pubsub.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ package pubsub
import (
"context"
"database/sql"
"database/sql/driver"
"errors"
"io"
"net"
Expand All @@ -15,6 +16,8 @@ import (
"github.com/prometheus/client_golang/prometheus"
"golang.org/x/xerrors"

"github.com/coder/coder/v2/coderd/database"

"cdr.dev/slog"
)

Expand Down Expand Up @@ -432,9 +435,31 @@ func (p *PGPubsub) startListener(ctx context.Context, connectURL string) error {
// pq.defaultDialer uses a zero net.Dialer as well.
d: net.Dialer{},
}
connector driver.Connector
err error
)

// Create a custom connector if the database driver supports it.
connectorCreator, ok := p.db.Driver().(database.ConnectorCreator)
if !ok {
connector, err = pq.NewConnector(connectURL)
if err != nil {
return xerrors.Errorf("create pq connector: %w", err)
}
} else {
connector, err = connectorCreator.Connector(connectURL)
if err != nil {
return xerrors.Errorf("create custom connector: %w", err)
}
}

// Set the dialer if the connector supports it.
if dc, ok := connector.(database.DialerConnector); ok {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need to drop a CRITICAL log if this type assertion fails, since it means we've introduced a new driver that doesn't support a Dialer and our logs will be incomplete.

dc.Dialer(dialer)
}

p.pgListener = pqListenerShim{
Listener: pq.NewDialListener(dialer, connectURL, time.Second, time.Minute, func(t pq.ListenerEventType, err error) {
Listener: pq.NewConnectorListener(connector, connectURL, time.Second, time.Minute, func(t pq.ListenerEventType, err error) {
switch t {
case pq.ListenerEventConnected:
p.logger.Info(ctx, "pubsub connected to postgres")
Expand Down
5 changes: 5 additions & 0 deletions go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,11 @@ replace github.com/imulab/go-scim/pkg/v2 => github.com/coder/go-scim/pkg/v2 v2.0
// Fixes https://github.com/coder/coder/issues/6685
replace github.com/pkg/sftp => github.com/mafredri/sftp v1.13.6-0.20231212144145-8218e927edb0

// Adds support for a new Listener from a driver.Connector
// This lets us use rotating authentication tokens for passwords in connection strings
// which we use in the awsiamrds package.
replace github.com/lib/pq => github.com/coder/pq v1.10.5-0.20240813145306-1ce661cfa68d

require (
cdr.dev/slog v1.6.2-0.20240126064726-20367d4aede6
cloud.google.com/go/compute/metadata v0.5.0
Expand Down
4 changes: 2 additions & 2 deletions go.sum
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -215,6 +215,8 @@ github.com/coder/go-httpstat v0.0.0-20230801153223-321c88088322 h1:m0lPZjlQ7vdVp
github.com/coder/go-httpstat v0.0.0-20230801153223-321c88088322/go.mod h1:rOLFDDVKVFiDqZFXoteXc97YXx7kFi9kYqR+2ETPkLQ=
github.com/coder/go-scim/pkg/v2 v2.0.0-20230221055123-1d63c1222136 h1:0RgB61LcNs24WOxc3PBvygSNTQurm0PYPujJjLLOzs0=
github.com/coder/go-scim/pkg/v2 v2.0.0-20230221055123-1d63c1222136/go.mod h1:VkD1P761nykiq75dz+4iFqIQIZka189tx1BQLOp0Skc=
github.com/coder/pq v1.10.5-0.20240813145306-1ce661cfa68d h1:pv+JacyCHoHAr2kh6HltHdFlWqVeWHCvaQDqra5Aff4=
github.com/coder/pq v1.10.5-0.20240813145306-1ce661cfa68d/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
github.com/coder/pretty v0.0.0-20230908205945-e89ba86370e0 h1:3A0ES21Ke+FxEM8CXx9n47SZOKOpgSE1bbJzlE4qPVs=
github.com/coder/pretty v0.0.0-20230908205945-e89ba86370e0/go.mod h1:5UuS2Ts+nTToAMeOjNlnHFkPahrtDkmpydBen/3wgZc=
github.com/coder/quartz v0.1.0 h1:cLL+0g5l7xTf6ordRnUMMiZtRE8Sq5LxpghS63vEXrQ=
Expand Down Expand Up @@ -670,8 +672,6 @@ github.com/ledongthuc/pdf v0.0.0-20220302134840-0c2507a12d80/go.mod h1:imJHygn/1
github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII=
github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ=
github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI=
github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw=
github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
github.com/lucasb-eyer/go-colorful v1.2.0 h1:1nnpGOrhyZZuNyfu1QjKiUICQ74+3FNCN69Aj6K7nkY=
github.com/lucasb-eyer/go-colorful v1.2.0/go.mod h1:R4dSotOR9KMtayYi1e77YzuveK+i7ruzyGqttikkLy0=
github.com/mafredri/sftp v1.13.6-0.20231212144145-8218e927edb0 h1:lG2o/EWMEOlV/RfQrf3zYfQStjnUj0Mg2gmbcBcoxFI=
Expand Down