Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add MariaDB to AWS RDS auto discovery #10333

Merged
merged 9 commits into from
Mar 9, 2022
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Add MariaDB AWS IAM version check
  • Loading branch information
jakule committed Mar 4, 2022
commit bd54ae55267fd7f61f75178c0478d34518fb710c
24 changes: 23 additions & 1 deletion lib/services/database.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ import (
"fmt"
"strings"

"github.com/coreos/go-semver/semver"
greedy52 marked this conversation as resolved.
Show resolved Hide resolved
"github.com/gravitational/teleport/api/types"
apiutils "github.com/gravitational/teleport/api/utils"
"github.com/gravitational/teleport/lib/defaults"
Expand Down Expand Up @@ -49,7 +50,7 @@ type Databases interface {
DatabaseGetter
// CreateDatabase creates a new database resource.
CreateDatabase(context.Context, types.Database) error
// UpdateDatabse updates an existing database resource.
// UpdateDatabase updates an existing database resource.
UpdateDatabase(context.Context, types.Database) error
// DeleteDatabase removes the specified database resource.
DeleteDatabase(ctx context.Context, name string) error
Expand Down Expand Up @@ -369,6 +370,27 @@ func rdsTagsToLabels(tags []*rds.Tag) map[string]string {
return labels
}

// IsRDSInstanceSupported returns true if database supports IAM authentication.
// Currently, only MariaDB is being checked as all other RDS databases supports
// IAM authentication in all configurations.
func IsRDSInstanceSupported(instance *rds.DBInstance) bool {
greedy52 marked this conversation as resolved.
Show resolved Hide resolved
if aws.StringValue(instance.Engine) != RDSEngineMariaDB {
return true
}

// MariaDB follows semver schema: https://mariadb.org/about/
ver, err := semver.NewVersion(aws.StringValue(instance.EngineVersion))
if err != nil {
log.Errorf("Failed to parse RDS MariaDB version: %s", aws.StringValue(instance.EngineVersion))
return false
}

// Min supported MariaDB version that supports IAM is 10.6
// https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html
minIAMSupportedVer := semver.New("10.6.0")
return ver.Compare(*minIAMSupportedVer) >= 0
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: I think using LessThan is a bit more readable.

}

// IsRDSClusterSupported checks whether the aurora cluster is supported and logs
// related info if not.
func IsRDSClusterSupported(cluster *rds.DBCluster) bool {
Expand Down
48 changes: 48 additions & 0 deletions lib/services/database_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -364,6 +364,54 @@ func TestIsRDSClusterSupported(t *testing.T) {
}
}

func TestIsRDSInstanceSupported(t *testing.T) {
tests := []struct {
name string
engine string
engineVersion string
isSupported bool
}{
{
name: "non-MariaDB engine",
engine: RDSEnginePostgres,
engineVersion: "13.3",
isSupported: true,
},
{
name: "unsupported MariaDB",
engine: RDSEngineMariaDB,
engineVersion: "10.3.28",
isSupported: false,
},
{
name: "min supported version",
engine: RDSEngineMariaDB,
engineVersion: "10.6.2",
isSupported: true,
},
{
name: "supported version",
engine: RDSEngineMariaDB,
engineVersion: "10.8.0",
isSupported: true,
},
}

for _, test := range tests {
t.Run(test.name, func(t *testing.T) {
cluster := &rds.DBInstance{
DBInstanceArn: aws.String("arn:aws:rds:us-east-1:1234567890:instance:test"),
DBClusterIdentifier: aws.String(test.name),
DbiResourceId: aws.String(uuid.New().String()),
Engine: aws.String(test.engine),
EngineVersion: aws.String(test.engineVersion),
}

require.Equal(t, test.isSupported, IsRDSInstanceSupported(cluster))
codingllama marked this conversation as resolved.
Show resolved Hide resolved
})
}
}

func TestRDSTagsToLabels(t *testing.T) {
rdsTags := []*rds.Tag{
&rds.Tag{
Expand Down
8 changes: 8 additions & 0 deletions lib/srv/db/cloud/watchers/rds.go
Original file line number Diff line number Diff line change
Expand Up @@ -106,6 +106,14 @@ func (f *rdsDBInstancesFetcher) getRDSDatabases(ctx context.Context) (types.Data
}
databases := make(types.Databases, 0, len(instances))
for _, instance := range instances {
if !services.IsRDSInstanceSupported(instance) {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What about Aurora clusters? Does Aurora provide MariaDB engine?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't see MariaDB in Aurora (checked website + docs).

f.log.Debugf("RDS instance %q (engine mode %v, engine version %v) doesn't support IAM authentication. Skipping.",
aws.StringValue(instance.DBInstanceIdentifier),
aws.StringValue(instance.Engine),
aws.StringValue(instance.EngineVersion))
continue
}

if !services.IsRDSInstanceAvailable(instance) {
f.log.Debugf("The current status of RDS instance %q is %q. Skipping.",
aws.StringValue(instance.DBInstanceIdentifier),
Expand Down