Documentation
¶
Index ¶
- Constants
- func ConnectToDB(ctx context.Context, serverAddress string, database string, port int, ...) (*sql.DB, error)
- func ConnectToDBAAD(ctx context.Context, serverAddress string, database string, port int, ...) (*sql.DB, error)
- func CreateOrUpdateAADUser(ctx context.Context, db *sql.DB, username string, alias string) error
- func CreateOrUpdateUser(ctx context.Context, db *sql.DB, username string, hostname string, ...) error
- func DoesUserExist(ctx context.Context, db *sql.DB, username string) (bool, error)
- func DropUser(ctx context.Context, db *sql.DB, username string) error
- func GetUserDatabasePrivileges(ctx context.Context, db *sql.DB, user string, hostname string) (map[string]set.Set[string], error)
- func GetUserServerPrivileges(ctx context.Context, db *sql.DB, user string, hostname string) (set.Set[string], error)
- func HostnameOrDefault(hostname string) string
- func IsSQLAll(privilege string) bool
- func ReconcileUserDatabasePrivileges(ctx context.Context, conn *sql.DB, user string, hostname string, ...) error
- func ReconcileUserServerPrivileges(ctx context.Context, db *sql.DB, user string, hostname string, ...) error
- type SQLPrivilegeDelta
Constants ¶
const DriverName = "mysql"
DriverName is driver name for psqldb connection
const ServerPort = 3306
ServerPort is the default server port for sql server
const SystemDatabase = "mysql"
SystemDatabase is the name of the system database in a MySQL server where users and privileges are stored (and which we can always assume will exist).
Variables ¶
This section is empty.
Functions ¶
func ConnectToDB ¶
func ConnectToDBAAD ¶
func ConnectToDBAAD(ctx context.Context, serverAddress string, database string, port int, user string, token string) (*sql.DB, error)
ConnectToDBAAD connects to the MySQL database using the specified user. user must be an AAD user of the form:
- "user@tenant.onmicrosoft.com" (for AAD users)
- "my-mi" (for Managed Identities)
- "mygroup" (for AAD groups)
func CreateOrUpdateAADUser ¶
CreateOrUpdateAADUser creates or updates an AAD user. See https://learn.microsoft.com/en-us/azure/mysql/flexible-server/how-to-azure-ad for details on how to create AAD users. username can be either the actual AAD username (for real AAD users), the group name for groups, or the managed identity name for managed identities.
func CreateOrUpdateUser ¶
func DoesUserExist ¶
DoesUserExist checks if db contains user
func GetUserDatabasePrivileges ¶
func GetUserDatabasePrivileges(ctx context.Context, db *sql.DB, user string, hostname string) (map[string]set.Set[string], error)
GetUserDatabasePrivileges gets the per-database privileges that the user has. The user can have different permissions to each database. The details of access are returned in the map, keyed by database name.
func GetUserServerPrivileges ¶
func GetUserServerPrivileges(ctx context.Context, db *sql.DB, user string, hostname string) (set.Set[string], error)
GetUserServerPrivileges gets the server-level privileges the user has as a set.
func HostnameOrDefault ¶
func ReconcileUserDatabasePrivileges ¶
func ReconcileUserDatabasePrivileges(ctx context.Context, conn *sql.DB, user string, hostname string, dbPrivs map[string][]string) error
ReconcileUserDatabasePrivileges revokes and grants database privileges as needed so they match the ones passed in. If there's an error applying privileges for one database it will still continue to apply privileges for subsequent databases (before reporting all errors).
Source Files