godbi

package
v0.52.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 27, 2024 License: Apache-2.0 Imports: 8 Imported by: 0

Documentation

Overview

godbi is an appauthal method for logging in into databases

Import github.com/jazzhandscmdb/goappauthal/db and the underlying database module, which can be imported anonymously. At this point it's only been tested with github.com/jackc/pgx/v5/stdlib, but that should be addresed.

NOTE: The session user magic used in other languages DOES NOT WORK. This is because of how golang splits opening a connection and connection pools. This requires more attention, but in the meantime, calling apps need to set and reset the jazzhands.appuser if they want to use it.

To switch the underlying driver, something like this: 

if err := godbi.SetDatabaseDriver("postgresql", "pgx"); err != nil {
        log.Fatal(err)
}

pgx, however, is the default.

To connect: 

db, e := godbi.Connect(app)
if e != nil {
        log.Fatal(e)
}

This is the golang implementation of the Application Authorization Layer for talking to databases. Given application details, the library figures out connection details, connects and returns a database handle for talking to said database. This allows connection information to be completely outside the code, stored in a standardized fashion.

There is support for various login methods, including using Hashicorp Vault to store the actual crednetials, which is handled by the govault module. Note that the it is still necessary for the calling application to ensure the correct underlying database module is included, and in the case of things like hashicorp vault, that is also included.

DBI/databse configuration happens under the top level "database" stanza. Ultimately the DBType must be set, and based on that typically also Username, Password, DBName, DBHost and DBPort although if the underlying library has defaults, they can be left out. The Method argument can be password, which just does basic username and password auth or Vault, which uses Hashicorp Vault to determine credentials and synthesize a dbauth entry that gets parsed by this library. JazzHands::Vault contains the information on how this works.

An example of a minimal configuration for a database is this: 

{
      "database": {
              "DBType": "postgresql",
              "Method": "password",
              "DBHost": "jazzhands-db.example.com",
              "DBName": "jazzhands",
              "Username": "app_stab",
              "Password": "thisisabadpassword"
      }
}

Values are case sensitive. It is possible to set the value to a an array of entries, in which case they are tried serially until one works.

The global configuration file (defaults to /etc/jazzhands/appauth.json) can be used to define system wide defaults. It is optional.

The file format for dbauth files themselves is documented in goappautahl and the Hashicorp vault specifics can be found in govault

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Connect 

func Connect(app string) (*sql.DB, error)

func SetDatabaseDriver 

func SetDatabaseDriver(dbtype string, driver string) error

func SetSessionUser 

func SetSessionUser(dbc *sql.DB, login string) error

Types

type Database 

type Database struct {
	Method   string
	DBType   string
	DBHost   string
	DBName   string
	Username string
	Password string

	// These are all for Method Vault
	VaultPath string
	Import    map[string]string
	TokenMap  map[string]string `json:"map"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.