mirror of
https://github.com/hashicorp/vault.git
synced 2025-08-22 23:21:08 +02:00
3372a9b4db
* add usePrivateIP params to determine if to use private ip dial option Signed-off-by: aviv guiser <avivguiser@gmail.com> * fix the connection_producer.go in mysql plugin Signed-off-by: aviv guiser <avivguiser@gmail.com> * Update sdk/database/helper/connutil/sql.go Co-authored-by: Robert <17119716+robmonte@users.noreply.github.com> --------- Signed-off-by: aviv guiser <avivguiser@gmail.com> Signed-off-by: AvivGuiser <aviv.guiser@placer.ai> Co-authored-by: Robert <17119716+robmonte@users.noreply.github.com>
77 lines
1.8 KiB
Go
77 lines
1.8 KiB
Go
// Copyright (c) HashiCorp, Inc.
|
|
// SPDX-License-Identifier: MPL-2.0
|
|
|
|
package connutil
|
|
|
|
import (
|
|
"fmt"
|
|
|
|
"cloud.google.com/go/cloudsqlconn"
|
|
"cloud.google.com/go/cloudsqlconn/postgres/pgxv4"
|
|
)
|
|
|
|
var configurableAuthTypes = []string{
|
|
AuthTypeGCPIAM,
|
|
}
|
|
|
|
func (c *SQLConnectionProducer) getCloudSQLDriverType() (string, error) {
|
|
var driverType string
|
|
// using switch case for future extensibility
|
|
switch c.Type {
|
|
case dbTypePostgres:
|
|
driverType = cloudSQLPostgres
|
|
default:
|
|
return "", fmt.Errorf("unsupported DB type for cloud IAM: %s", c.Type)
|
|
}
|
|
|
|
return driverType, nil
|
|
}
|
|
|
|
func (c *SQLConnectionProducer) registerDrivers(driverName string, credentials string, usePrivateIP bool) (func() error, error) {
|
|
typ, err := c.getCloudSQLDriverType()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
opts, err := GetCloudSQLAuthOptions(credentials, usePrivateIP)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
// using switch case for future extensibility
|
|
switch typ {
|
|
case cloudSQLPostgres:
|
|
return pgxv4.RegisterDriver(driverName, opts...)
|
|
}
|
|
|
|
return nil, fmt.Errorf("unrecognized cloudsql type encountered: %s", typ)
|
|
}
|
|
|
|
// GetCloudSQLAuthOptions takes a credentials JSON and returns
|
|
// a set of GCP CloudSQL options - always WithIAMAUthN, and then the appropriate file/JSON option.
|
|
func GetCloudSQLAuthOptions(credentials string, usePrivateIP bool) ([]cloudsqlconn.Option, error) {
|
|
opts := []cloudsqlconn.Option{cloudsqlconn.WithIAMAuthN()}
|
|
|
|
if credentials != "" {
|
|
opts = append(opts, cloudsqlconn.WithCredentialsJSON([]byte(credentials)))
|
|
}
|
|
|
|
if usePrivateIP {
|
|
opts = append(opts, cloudsqlconn.WithDefaultDialOptions(cloudsqlconn.WithPrivateIP()))
|
|
}
|
|
|
|
return opts, nil
|
|
}
|
|
|
|
func ValidateAuthType(authType string) bool {
|
|
var valid bool
|
|
for _, typ := range configurableAuthTypes {
|
|
if authType == typ {
|
|
valid = true
|
|
break
|
|
}
|
|
}
|
|
|
|
return valid
|
|
}
|