Mirrors/unleash.unleash
1
0
Fork 0
mirror of https://github.com/Unleash/unleash.git synced 2025-09-24 17:51:14 +02:00
Code Issues Projects Releases Wiki Activity

chore: add verbose logs to AWS IAM auth logic, add DB access checker

Browse Source
This commit is contained in:
Nuno Góis 2025-09-09 12:36:44 +01:00
parent 2cd8135988
commit 1549257143
No known key found for this signature in database
GPG Key ID: 71ECC689F1091765
4 changed files with 51 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/lib/db/aws-iam.ts
View File

@ -16,7 +16,12 @@ export const getDBPasswordResolver = (db: IDBOption): PasswordResolver => {
port: db.port, port: db.port,
username: db.user, username: db.user,
}); });
return async () => signer.getAuthToken(); return async () => {
console.log('[AWS RDS SIGNER] Getting token...');
const token = await signer.getAuthToken();
console.log(`[AWS RDS SIGNER] Got token: ${token}`);
return token;
};
} }
return async () => db.password; return async () => db.password;

33
src/lib/db/db-access-checker.ts Normal file
View File

@ -0,0 +1,33 @@
import { Client } from 'pg';
import type { IDBOption, Logger } from '../server-impl.js';
import { getDBPassword } from './aws-iam.js';
export const dbAccessChecker = async (db: IDBOption, logger: Logger) => {
if (!db.awsIamAuth) return;
logger.info(
'Using AWS IAM authentication for database connection. Checking DB access...',
);
const password = await getDBPassword(db);
const client = new Client({
host: db.host,
port: db.port,
user: db.user,
database: db.database,
password,
statement_timeout: 10_000,
connectionTimeoutMillis: 10_000,
});
try {
await client.connect();
await client.query('SELECT 1');
logger.info('DB auth/connection successful');
} catch (e: any) {
const code = e?.code ?? 'unknown';
throw new Error(`DB auth/connection failed (pg code: ${code})`);
} finally {
await client.end().catch(() => {});
}
};

7
src/lib/db/db-pool.ts
View File

@ -9,6 +9,13 @@ export function createDb({
getLogger, getLogger,
}: Pick<IUnleashConfig, 'db' | 'getLogger'>): Knex { }: Pick<IUnleashConfig, 'db' | 'getLogger'>): Knex {
const logger = getLogger('db-pool.js'); const logger = getLogger('db-pool.js');
if (db.awsIamAuth) {
logger.info(
`createDb: iam=${Boolean(db.awsIamAuth)} host=${db.host} port=${db.port} db=${db.database} user=${db.user} ssl=${Boolean(db.ssl)}`,
);
}
return knex({ return knex({
client: 'pg', client: 'pg',
version: db.version, version: db.version,

5
src/lib/server-impl.ts
View File

@ -186,6 +186,7 @@ import { UPDATE_REVISION } from './features/feature-toggle/configuration-revisio
import type { IFeatureUsageInfo } from './services/version-service.js'; import type { IFeatureUsageInfo } from './services/version-service.js';
import { defineImpactMetrics } from './features/metrics/impact/define-impact-metrics.js'; import { defineImpactMetrics } from './features/metrics/impact/define-impact-metrics.js';
import type { IClientInstance } from './types/stores/client-instance-store.js'; import type { IClientInstance } from './types/stores/client-instance-store.js';
import { dbAccessChecker } from './db/db-access-checker.js';
export async function initialServiceSetup( export async function initialServiceSetup(
{ authentication }: Pick<IUnleashConfig, 'authentication'>, { authentication }: Pick<IUnleashConfig, 'authentication'>,
@ -336,6 +337,10 @@ async function start(
const config = createConfig(opts); const config = createConfig(opts);
const logger = config.getLogger('server-impl.js'); const logger = config.getLogger('server-impl.js');
if (config.db.awsIamAuth) {
await dbAccessChecker(config.db, logger);
}
try { try {
if (config.db.disableMigration) { if (config.db.disableMigration) {
logger.info('DB migration: disabled'); logger.info('DB migration: disabled');