Documentation ¶
Overview ¶
godbi is an appauthal method for logging in into databases
Import github.com/jazzhandscmdb/goappauthal/db and the underlying database module, which can be imported anonymously. At this point it's only been tested with github.com/jackc/pgx/v5/stdlib, but that should be addresed.
NOTE: The session user magic used in other languages DOES NOT WORK. This is because of how golang splits opening a connection and connection pools. This requires more attention, but in the meantime, calling apps need to set and reset the jazzhands.appuser if they want to use it.
To switch the underlying driver, something like this:
if err := godbi.SetDatabaseDriver("postgresql", "pgx"); err != nil { log.Fatal(err) }
pgx, however, is the default.
To connect:
db, e := godbi.Connect(app) if e != nil { log.Fatal(e) }
This is the golang implementation of the Application Authorization Layer for talking to databases. Given application details, the library figures out connection details, connects and returns a database handle for talking to said database. This allows connection information to be completely outside the code, stored in a standardized fashion.
There is support for various login methods, including using Hashicorp Vault to store the actual crednetials, which is handled by the govault module. Note that the it is still necessary for the calling application to ensure the correct underlying database module is included, and in the case of things like hashicorp vault, that is also included.
DBI/databse configuration happens under the top level "database" stanza. Ultimately the DBType must be set, and based on that typically also Username, Password, DBName, DBHost and DBPort although if the underlying library has defaults, they can be left out. The Method argument can be password, which just does basic username and password auth or Vault, which uses Hashicorp Vault to determine credentials and synthesize a dbauth entry that gets parsed by this library. JazzHands::Vault contains the information on how this works.
An example of a minimal configuration for a database is this:
{ "database": { "DBType": "postgresql", "Method": "password", "DBHost": "jazzhands-db.example.com", "DBName": "jazzhands", "Username": "app_stab", "Password": "thisisabadpassword" } }
Values are case sensitive. It is possible to set the value to a an array of entries, in which case they are tried serially until one works.
The global configuration file (defaults to /etc/jazzhands/appauth.json) can be used to define system wide defaults. It is optional.
The file format for dbauth files themselves is documented in goappautahl and the Hashicorp vault specifics can be found in govault
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.