Documentation
¶
Index ¶
Constants ¶
const DefaultMySQLPort = uint(3306)
DefaultMySQLPort is the default port on which we connect to the MySQL service If another port is found within the connectionDetails, we will use that.
Variables ¶
This section is empty.
Functions ¶
func GetTCPPlugin ¶
GetTCPPlugin is required as part of the Secretless plugin spec for TCP connector plugins. It returns the TCP plugin.
func NewConnector ¶
NewConnector returns a tcp.Connector which returns an authenticated connection to a target service for each incoming client connection. It is a required method on the tcp.Plugin interface. The single argument passed in is of type connector.Resources. It contains connector-specific config and a logger.
func PluginInfo ¶
PluginInfo is required as part of the Secretless plugin spec. It provides important metadata about the plugin.
Types ¶
type AuthenticationHandshake ¶
type AuthenticationHandshake struct {
// contains filtered or unexported fields
}
AuthenticationHandshake represents the entire back and forth process between a MySQL client and server during which authentication occurs. Note this is distinct from the various specific handshake packets that are sent back and forth during this process.
Note this is process is referred to as the "connection phase" in the MySQL docs:
https://dev.mysql.com/doc/dev/mysql-server/latest/page_protocol_connection_phase.html
Overview of the Handshake Process
+---------+ +-------------+ +---------+ | Client | | Secretless | | Backend | +---------+ +-------------+ +---------+ | | | | | InitialHandshakePacket | | |<------------------------------------| | | | | InitialHandshakePacket | | |<------------------------------| | | | | | HandshakeResponse | | |------------------------------>| | | | -------------------------------\ | | |-| If client requested SSL, add | | | | | it to HandshakeResponse | | | | |------------------------------| | | | HandshakeResponse | | |------------------------------------>| | | | | | OkPacket | | |<------------------------------------| | | | | OkPacket | | |<------------------------------| | | | |
Note: The above diagram was created using https://textart.io/sequence and the following source:
object Client Secretless Backend Backend->Secretless: InitialHandshakePacket Secretless->Client: InitialHandshakePacket Client->Secretless: HandshakeResponse note right of Secretless: If client requested SSL, add\n it to HandshakeResponse Secretless->Backend: HandshakeResponse Backend->Secretless: OkPacket Secretless->Client: OkPacket
func NewAuthenticationHandshake ¶
func NewAuthenticationHandshake( clientConn *Connection, backendConn *Connection, connDetails *ConnectionDetails, ) AuthenticationHandshake
NewAuthenticationHandshake creates a new AuthenticationHandshake command object, intended to be Run().
func (*AuthenticationHandshake) AuthenticatedBackendConn ¶
func (h *AuthenticationHandshake) AuthenticatedBackendConn() net.Conn
AuthenticatedBackendConn returns an already authenticated connection to the MySQL server. Intended to be called after Run() has completed.
func (*AuthenticationHandshake) Run ¶
func (h *AuthenticationHandshake) Run() error
Run executes all the logic needed to complete authentication between a MySQL server and client. When it completes successfully, AuthenticatedBackendConn will return the raw, authenticated network conn.
type Connection ¶
type Connection struct {
// contains filtered or unexported fields
}
Connection represents the entire process of sending bytes back and forth between a MySQL server and a MySQL client during the MySQL protocol, which is stateful.
Since the sequence id is, conceptually, a property of *this entire process*, -- and not of any particular packet, even though each packet does include the informationa -- it makes sense that its a property of Connection.
Importantly, putting the sequence id, which is part of the *header*, in Connection allows it to be transparent to the code that is writing the packet *payloads*.
func NewBackendConnection ¶
func NewBackendConnection(conn net.Conn) *Connection
NewBackendConnection is a decorator: it takes a raw net.Conn and returns a mysql.Connection -- that is, a connection specific to a MySQL server (backend) talking to a client using the MySQL protocol.
func NewClientConnection ¶
func NewClientConnection(conn net.Conn) *Connection
NewClientConnection is a decorator: it takes a raw net.Conn and returns a mysql.Connection -- that is, a connection specific to a client talking to a server using the MySQL protocol.
func (*Connection) RawConnection ¶
func (c *Connection) RawConnection() net.Conn
RawConnection return the underlying net.Conn connection that mysql.Connection wraps.
func (*Connection) SetConnection ¶
func (c *Connection) SetConnection(conn net.Conn)
SetConnection sets the underlying net.Conn connection that mysql.Connection wraps.
type ConnectionDetails ¶
type ConnectionDetails struct {
Host string
Options map[string]string
Password string
Port uint
SSLOptions map[string]string
Username string
}
ConnectionDetails stores the connection info to the real backend database. These values are pulled from the SingleUseConnector credentials config
func NewConnectionDetails ¶
func NewConnectionDetails(credentials map[string][]byte) ( *ConnectionDetails, error)
NewConnectionDetails is a constructor of ConnectionDetails structure from a map of credentials.
func (*ConnectionDetails) Address ¶
func (cd *ConnectionDetails) Address() string
Address returns a string representing the network location (host and port) of a MySQL server. This is the string you would would typically use to connect to the database -- eg, in cmd line tools.
type Packet ¶
type Packet []byte
Packet represents a MySQL packet, and currently exists only to hide low level details about packing and unpacking the sequence ids that exist in the header of all MySQL protocol packets.
TODO: This will be moved to protocol when we clean up that package.
func (*Packet) SequenceID ¶
SequenceID returns the sequence id of the MySQL protocol, which is stateful. It allows tracking the different stages of authentication process.
func (*Packet) SetSequenceID ¶
SetSequenceID lets Secretless set the sequence id of the MySQL protocol, so it can advance through the stages of the authentication process.
type SingleUseConnector ¶
type SingleUseConnector struct {
// contains filtered or unexported fields
}
SingleUseConnector is used to create an authenticated connection to a MySQL target service using a client connection and connection details.
func (*SingleUseConnector) Connect ¶
func (connector *SingleUseConnector) Connect( clientConn net.Conn, credentialValuesByID connector.CredentialValuesByID, ) (net.Conn, error)
Connect implements the tcp.Connector func signature
It is the main method of the SingleUseConnector. It:
- Constructs connection details from the provided credentials map.
- Dials the backend using credentials.
- Runs through the connection phase steps to authenticate.
Connect requires "host", "port", "username" and "password" credentials.
Source Files
Directories