Mirrors/unleash.unleash
1
0
Fork 0
mirror of https://github.com/Unleash/unleash.git synced 2025-09-24 17:51:14 +02:00
Code Issues Projects Releases Wiki Activity

chore: AWS IAM DB auth migrator, logs

Browse Source
This commit is contained in:
Nuno Góis 2025-09-04 12:41:07 +01:00
parent 4a00792f1e
commit 7cec27a75a
No known key found for this signature in database
GPG Key ID: 71ECC689F1091765
4 changed files with 46 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
src/lib/db/aws-iam.ts Normal file
View File

@ -0,0 +1,31 @@
import { Signer } from '@aws-sdk/rds-signer';
import type { IDBOption } from '../types/option.js';
type PasswordResolver = () => Promise<string>;
export const getDBPasswordResolver = (db: IDBOption): PasswordResolver => {
if (db.awsIamAuth) {
if (!db.awsRegion)
throw new Error(
'AWS_REGION is required when DATABASE_AWS_IAM=true',
);
const signer = new Signer({
region: db.awsRegion,
hostname: db.host,
port: db.port,
username: db.user,
});
return async () => {
console.log('[AWS RDS SIGNER] Getting token...');
const token = await signer.getAuthToken();
console.log(`[AWS RDS SIGNER] Got token: ${token}`);
return token;
};
}
return async () => db.password;
};
export const getDBPassword = (db: IDBOption): Promise<string> =>
getDBPasswordResolver(db)();

55
src/lib/db/db-pool.ts
View File

@ -2,8 +2,7 @@ import type { Knex } from 'knex';
import knexpkg from 'knex';
const { knex } = knexpkg;
import type { IUnleashConfig } from '../types/option.js';
import { Signer } from '@aws-sdk/rds-signer';
import { getDBPasswordResolver } from './aws-iam.js';
export function createDb({
db,
@ -11,53 +10,19 @@ export function createDb({
}: Pick<IUnleashConfig, 'db' | 'getLogger'>): Knex {
const logger = getLogger('db-pool.js');
const {
host,
port,
user,
database,
ssl,
applicationName,
password,
awsIamAuth,
awsRegion,
pool,
} = db;
let resolvedPassword: string | (() => Promise<string>) | undefined =
password;
if (awsIamAuth) {
if (!awsRegion) {
throw new Error(
'AWS_REGION is required when DATABASE_AWS_IAM=true',
);
}
const signer = new Signer({
region: awsRegion,
hostname: host,
port,
username: user,
});
resolvedPassword = async () => signer.getAuthToken();
}
const connection = {
host,
port,
user,
database,
ssl,
application_name: applicationName,
password: resolvedPassword,
};
logger.info(
`createDb: iam=${Boolean(db.awsIamAuth)} host=${db.host} port=${db.port} db=${db.database} user=${db.user} ssl=${Boolean(db.ssl)}`,
);
return knex({
client: 'pg',
version: db.version,
connection,
pool,
connection: {
...db,
application_name: db.applicationName,
password: getDBPasswordResolver(db),
},
pool: db.pool,
searchPath: db.schema,
asyncStackTraces: true,
log: {

2
src/lib/types/option.ts
View File

@ -20,7 +20,7 @@ export interface ISSLOption {
export interface IDBOption {
user: string;
password?: string;
password: string;
host: string;
port: number;
database: string;

4
src/migrator.ts
View File

@ -6,6 +6,7 @@ import type { IUnleashConfig } from './lib/types/option.js';
import { secondsToMilliseconds } from 'date-fns';
import path from 'path';
import { fileURLToPath } from 'node:url';
import { getDBPassword } from './lib/db/aws-iam.js';
log.setLogLevel('error');
const __filename = fileURLToPath(import.meta.url);
@ -25,6 +26,7 @@ export async function migrateDb(
return noDatabaseUrl(async () => {
const custom = {
...db,
password: await getDBPassword(db),
connectionTimeoutMillis: secondsToMilliseconds(10),
};
@ -46,6 +48,7 @@ export async function requiresMigration({
return noDatabaseUrl(async () => {
const custom = {
...db,
password: await getDBPassword(db),
connectionTimeoutMillis: secondsToMilliseconds(10),
};
@ -67,6 +70,7 @@ export async function resetDb({ db }: IUnleashConfig): Promise<void> {
return noDatabaseUrl(async () => {
const custom = {
...db,
password: await getDBPassword(db),
connectionTimeoutMillis: secondsToMilliseconds(10),
};