Skip to content

theparanoids/grafeas-rds

This branch is 1 commit ahead of main.

Folders and files

NameName
Last commit message
Last commit date
Jun 17, 2024
Dec 29, 2022
Nov 19, 2021
Sep 29, 2021
Sep 29, 2021
Sep 29, 2021
Dec 27, 2022
Oct 4, 2024
Oct 4, 2024

Repository files navigation

Build Status GoDoc Go Report Card Go Coverage

grafeas-rds

AWS RDS backend for Grafeas. This library can periodically refresh the IAM authentication token which is used as the password to connect to an AWS RDS service.

Table of Contents

Background

Grafeas supports pluggable storage backends, and AWS RDS can be one of the options. Furthermore, AWS RDS supports IAM-based authentication, which eliminates the needs to maintain a password, including storing it, fetching it from the application, and rotating it periodically, etc. However, the official documentation also states the following:

Each token has a lifetime of 15 minutes.

As a result, we need a mechanism to refresh the token, hence this project.

Install

This project is intended to be used as a library.

Import github.com/theparanoids/grafeas-rds/rds to use it.

Note that the Go version has to be >= 1.18 (see go.mod).

Usage

If the underlying database were PostgreSQL, the code would look like this:

import (
    "log"

    "github.com/theparanoids/grafeas-rds/go/v1beta1/storage"
    "github.com/grafeas/grafeas/go/v1beta1/storage"
    "github.com/lib/pq"
)

func main() {
    provider := rds.NewGrafeasStorageProvider(
        &pq.Driver{},
        YourCredentialsCreator{},
        YourStorageCreator{},
    )
    if err := storage.RegisterStorageTypeProvider("rds_postgres", provider.Provide); err != nil {
        log.Fatalf("Error registering rds pgsql provider, %s", err)
    }
    // Set up and start the Grafeas server...
}

Usage Notes

  • Currently the configuration passed to CredentialsCreator.Create contains only Athenz-related fields; we welcome contributions to add support for any other mechanism.
  • Regarding StorageCreator, we have an internal implementation to create a grafeas-pqsql storage given a custom driver.Connector, and are actively working on upstreaming it.

Configuration

A valid configuration file can be found here; it can be directly plugged into a configuration file for Grafeas server.

Some default values are also provided in config.go.

Contribute

Please refer to Contributing.md for information about how to get involved. We welcome issues, questions, and pull requests.

License

This project is licensed under the terms of the Apache 2.0 open source license. Please refer to LICENSE for the full terms.