-
Notifications
You must be signed in to change notification settings - Fork 482
/
metadata.go
113 lines (97 loc) · 3.47 KB
/
metadata.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
/*
Copyright 2023 The Dapr Authors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package postgresql
import (
"context"
"errors"
"fmt"
"time"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
"github.com/jackc/pgx/v5"
"github.com/jackc/pgx/v5/pgxpool"
"github.com/dapr/components-contrib/internal/authentication/azure"
)
// PostgresAuthMetadata contains authentication metadata for PostgreSQL components.
type PostgresAuthMetadata struct {
ConnectionString string `mapstructure:"connectionString"`
ConnectionMaxIdleTime time.Duration `mapstructure:"connectionMaxIdleTime"`
MaxConns int `mapstructure:"maxConns"`
UseAzureAD bool `mapstructure:"useAzureAD"`
azureEnv azure.EnvironmentSettings
}
// Reset the object.
func (m *PostgresAuthMetadata) Reset() {
m.ConnectionString = ""
m.ConnectionMaxIdleTime = 0
m.MaxConns = 0
m.UseAzureAD = false
}
// InitWithMetadata inits the object with metadata from the user.
// Set azureADEnabled to true if the component can support authentication with Azure AD.
// This is different from the "useAzureAD" property from the user, which is provided by the user and instructs the component to authenticate using Azure AD.
func (m *PostgresAuthMetadata) InitWithMetadata(meta map[string]string, azureADEnabled bool) (err error) {
// Validate input
if m.ConnectionString == "" {
return errors.New("missing connection string")
}
// Populate the Azure environment if using Azure AD
if azureADEnabled && m.UseAzureAD {
m.azureEnv, err = azure.NewEnvironmentSettings(meta)
if err != nil {
return err
}
} else {
// Make sure this is false
m.UseAzureAD = false
}
return nil
}
// GetPgxPoolConfig returns the pgxpool.Config object that contains the credentials for connecting to PostgreSQL.
func (m *PostgresAuthMetadata) GetPgxPoolConfig() (*pgxpool.Config, error) {
// Get the config from the connection string
config, err := pgxpool.ParseConfig(m.ConnectionString)
if err != nil {
return nil, fmt.Errorf("failed to parse connection string: %w", err)
}
if m.ConnectionMaxIdleTime > 0 {
config.MaxConnIdleTime = m.ConnectionMaxIdleTime
}
if m.MaxConns > 1 {
config.MaxConns = int32(m.MaxConns)
}
// Check if we should use Azure AD
if m.UseAzureAD {
tokenCred, errToken := m.azureEnv.GetTokenCredential()
if errToken != nil {
return nil, errToken
}
// Reset the password
config.ConnConfig.Password = ""
// We need to retrieve the token every time we attempt a new connection
// This is because tokens expire, and connections can drop and need to be re-established at any time
// Fortunately, we can do this with the "BeforeConnect" hook
config.BeforeConnect = func(ctx context.Context, cc *pgx.ConnConfig) error {
at, err := tokenCred.GetToken(ctx, policy.TokenRequestOptions{
Scopes: []string{
m.azureEnv.Cloud.Services[azure.ServiceOSSRDBMS].Audience + "/.default",
},
})
if err != nil {
return err
}
cc.Password = at.Token
return nil
}
}
return config, nil
}