mssql

package
v1.5.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 24, 2020 License: Apache-2.0 Imports: 11 Imported by: 0

README

MSSQL Server Connector

NOTE: This connector is in beta.

The MSSQL Server Connector enables:

  • Kubernetes or OpenShift applications to connect to a MSSQL Server 2017 v14.x database using SQL Server authentication
  • Connecting applications to have no knowledge of the required database credentials
  • New connections to MSSQL to always use fresh credentials from the configured credential provider

Supported configuration (with samples)

Here's a sample secretless.yml configuration file that enables Secretless to connect to an MSSQL Server:

version: 2

services:
  mssql:
    connector: mssql
    listenOn: tcp://0.0.0.0:2223
    credentials:
      username: sa
      password:
        from: conjur
        get: my-sql-server-password
      host: mssql
      port: 1433
Required credentials

All credentials are required unless they're explicitly marked as "optional".

  • username - Database username under SQL Server authentication mode
  • password - Database password under SQL Server authentication mode
  • host - The network address of the target MSSQL Server. In the example above, sine we're using Docker networking, it happens to be just the bare name mssql.
  • (optional) port - The port the target MSSQL Server is listening on. Defaults to the standard 1433.

Target Service SSL Support

SSL is currently not supported in the beta version, but will be coming soon.

Supported versions

The connector supports MSSQL Server 2017.

In particular, it is tested against the mcr.microsoft.com/mssql/server:2017-latest Linux docker image, whose version at the time of this writing is:

Microsoft SQL Server 2017 (RTM-CU17) (KB4515579) - 14.0.3238.1 (X64)  
Sep 13 2019 15:49:57  
Copyright (C) 2017 Microsoft Corporation 
Developer Edition (64-bit) on Linux (Ubuntu 16.04.6 LTS)

Known limitations

  • Does not currently support SSL in the connection between Secretless and MSSQL Server.
  • Only supports SQL Server authentication mode
  • Only limited tests have been performed. Specifically, the ability to connect using Secretless has been tested using two clients:
    • The sqlcmd tool that ships with the above version of MSSQL server
    • The Go MSSQL driver provided by the package github.com/denisenkom/go-mssqldb
  • Since we use the go-mssqldb package, Secretless is also affected by the known issues of that package.

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GetTCPPlugin

func GetTCPPlugin() tcp.Plugin

GetTCPPlugin is required as part of the Secretless plugin spec for TCP connector plugins. It returns the TCP plugin.

func NewConnector

func NewConnector(conRes connector.Resources) tcp.Connector

NewConnector returns a tcp.Connector which returns an authenticated connection to a target service for each incoming client connection. It is a required method on the tcp.Plugin interface. The single argument passed in is of type connector.Resources. It contains connector-specific config and a logger.

func NewMSSQLConnector added in v1.4.2

func NewMSSQLConnector(dsn string) (types.MSSQLConnector, error)

NewMSSQLConnector is the production implementation of MSSQLConnectorCtor, used for creating mssql.Connector instances. We need to wrap the raw constructor provided by mssql (ie, mssql.NewConnector) in this function so that it returns an interface, which enables us to mock it in unit tests.

func PluginInfo

func PluginInfo() map[string]string

PluginInfo is required as part of the Secretless plugin spec. It provides important metadata about the plugin.

Types

type ConnectionDetails

type ConnectionDetails struct {
	Host     string
	Port     uint
	Username string
	Password string
}

ConnectionDetails stores the connection info to the real backend database. These values are pulled from the SingleUseConnector credentials config

func NewConnectionDetails

func NewConnectionDetails(credentials map[string][]byte) *ConnectionDetails

NewConnectionDetails is a constructor of ConnectionDetails structure from a map of credentials.

func (*ConnectionDetails) Address

func (cd *ConnectionDetails) Address() string

Address returns a string representing the network location (host and port) of a MSSQL server. This is the string you would would typically use to connect to the database -- eg, in cmd line tools.

type SingleUseConnector

type SingleUseConnector struct {
	types.ConnectorOptions
	// contains filtered or unexported fields
}

SingleUseConnector is used to create an authenticated connection to an MSSQL target

func NewSingleUseConnector added in v1.4.2

func NewSingleUseConnector(logger log.Logger) *SingleUseConnector

NewSingleUseConnector creates a new production SingleUseConnector. This uses the production version of the dependencies, which delegate to the actual 3rd party driver.

func (*SingleUseConnector) Connect

func (connector *SingleUseConnector) Connect(
	clientConn net.Conn,
	credentialValuesByID connector.CredentialValuesByID,
) (net.Conn, error)

Connect implements the tcp.Connector func signature

It is the main method of the SingleUseConnector. It:

  1. Reads the client PreLogin request
  2. Constructs connection details from the provided credentials map
  3. Adds a ConnectInterceptor to the context to exchange data with the driver via channels
  4. Initiates authentication and connection to MSSQL through the third-party driver
  5. Injects client's PreLogin request to the driver, which the driver incorporates into its PreLogin request to server
  6. Intercepts PreLogin response or error from the driver
  7. Customizes the PreLogin response to meet Secretless standards and sends it to client
  8. Intercepts Login response or error from the driver, and simultaneously extracts net.Conn to server from the driver
  9. Sends Login response or error to client

Connect requires "host", "port", "username" and "password" credentials.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL