mirror of
https://github.com/Unleash/unleash.git
synced 2025-09-19 17:52:45 +02:00
chore: remove AWS IAM DB auth prototype code (#10662)
https://linear.app/unleash/issue/2-3882/remove-aws-iam-db-auth-prototype-code Removes the AWS IAM DB auth prototype code. Related PRs: - https://github.com/Unleash/unleash/pull/10609 - https://github.com/Unleash/unleash/pull/10617 - https://github.com/Unleash/unleash/pull/10622 - https://github.com/Unleash/unleash/pull/10635 - https://github.com/Unleash/unleash/pull/10639 - https://github.com/Unleash/unleash/pull/10643
This commit is contained in:
Nuno Góis
GitHub
parent
a519cb84f5
commit
c2f6cfe45f
2
.github/workflows/dependency-review.yml
vendored
2
.github/workflows/dependency-review.yml
vendored
@ -22,5 +22,5 @@ jobs:
|
|||||||
uses: actions/dependency-review-action@v4
|
uses: actions/dependency-review-action@v4
|
||||||
with:
|
with:
|
||||||
fail-on-severity: moderate
|
fail-on-severity: moderate
|
||||||
allow-licenses: Apache-2.0, MIT, BSD-2-Clause, BSD-3-Clause, ISC, 0BSD, CC0-1.0, Unlicense, BlueOak-1.0.0, CC-BY-4.0, Artistic-2.0, PSF-2.0, MPL-2.0, MITNFA
|
allow-licenses: Apache-2.0, MIT, BSD-2-Clause, BSD-3-Clause, ISC, 0BSD, CC0-1.0, Unlicense, BlueOak-1.0.0, CC-BY-4.0, Artistic-2.0, PSF-2.0, MPL-2.0
|
||||||
comment-summary-in-pr: always
|
comment-summary-in-pr: always
|
||||||
|
|||||||
@ -68,7 +68,6 @@
|
|||||||
"schema:update": "node ./.husky/update-openapi-spec-list.js"
|
"schema:update": "node ./.husky/update-openapi-spec-list.js"
|
||||||
},
|
},
|
||||||
"dependencies": {
|
"dependencies": {
|
||||||
"@aws-sdk/rds-signer": "^3.880.0",
|
|
||||||
"@slack/web-api": "^7.9.1",
|
"@slack/web-api": "^7.9.1",
|
||||||
"@wesleytodd/openapi": "^1.1.0",
|
"@wesleytodd/openapi": "^1.1.0",
|
||||||
"ajv": "^8.17.1",
|
"ajv": "^8.17.1",
|
||||||
@ -121,7 +120,6 @@
|
|||||||
"pg-connection-string": "^2.5.0",
|
"pg-connection-string": "^2.5.0",
|
||||||
"pkginfo": "^0.4.1",
|
"pkginfo": "^0.4.1",
|
||||||
"prom-client": "^15.0.0",
|
"prom-client": "^15.0.0",
|
||||||
"proxy-agent": "^6.5.0",
|
|
||||||
"sanitize-filename": "^1.6.3",
|
"sanitize-filename": "^1.6.3",
|
||||||
"semver": "^7.6.3",
|
"semver": "^7.6.3",
|
||||||
"serve-favicon": "^2.5.0",
|
"serve-favicon": "^2.5.0",
|
||||||
|
|||||||
@ -32,9 +32,6 @@ exports[`should create default config 1`] = `
|
|||||||
"db": {
|
"db": {
|
||||||
"acquireConnectionTimeout": 30000,
|
"acquireConnectionTimeout": 30000,
|
||||||
"applicationName": "unleash",
|
"applicationName": "unleash",
|
||||||
"awsIamAuth": false,
|
|
||||||
"awsRegion": undefined,
|
|
||||||
"awsRoleArn": undefined,
|
|
||||||
"database": "unleash_db",
|
"database": "unleash_db",
|
||||||
"disableMigration": false,
|
"disableMigration": false,
|
||||||
"driver": "postgres",
|
"driver": "postgres",
|
||||||
|
|||||||
@ -266,9 +266,6 @@ const defaultDbOptions: WithOptional<IDBOption, 'user' | 'password' | 'host'> =
|
|||||||
false,
|
false,
|
||||||
),
|
),
|
||||||
applicationName: process.env.DATABASE_APPLICATION_NAME || 'unleash',
|
applicationName: process.env.DATABASE_APPLICATION_NAME || 'unleash',
|
||||||
awsIamAuth: parseEnvVarBoolean(process.env.DATABASE_AWS_IAM, false),
|
|
||||||
awsRegion: process.env.AWS_REGION,
|
|
||||||
awsRoleArn: process.env.DATABASE_AWS_ROLE_ARN,
|
|
||||||
};
|
};
|
||||||
|
|
||||||
const defaultSessionOption = (isEnterprise: boolean): ISessionOption => ({
|
const defaultSessionOption = (isEnterprise: boolean): ISessionOption => ({
|
||||||
|
|||||||
@ -1,64 +0,0 @@
|
|||||||
import { Signer } from '@aws-sdk/rds-signer';
|
|
||||||
import {
|
|
||||||
fromTemporaryCredentials,
|
|
||||||
fromNodeProviderChain,
|
|
||||||
} from '@aws-sdk/credential-providers';
|
|
||||||
import { NodeHttpHandler } from '@smithy/node-http-handler';
|
|
||||||
import { ProxyAgent } from 'proxy-agent';
|
|
||||||
import type { IDBOption } from '../types/option.js';
|
|
||||||
|
|
||||||
type PasswordResolver = () => Promise<string>;
|
|
||||||
|
|
||||||
export const getDBPasswordResolver = (db: IDBOption): PasswordResolver => {
|
|
||||||
if (!db.awsIamAuth) return async () => db.password;
|
|
||||||
if (!db.awsRegion)
|
|
||||||
throw new Error('AWS_REGION is required when DATABASE_AWS_IAM=true');
|
|
||||||
|
|
||||||
const needProxy = Boolean(
|
|
||||||
process.env.HTTPS_PROXY ||
|
|
||||||
process.env.HTTP_PROXY ||
|
|
||||||
process.env.NO_PROXY,
|
|
||||||
);
|
|
||||||
const proxyAgent = needProxy ? new ProxyAgent() : undefined;
|
|
||||||
|
|
||||||
const requestHandler = needProxy
|
|
||||||
? new NodeHttpHandler({
|
|
||||||
httpAgent: proxyAgent,
|
|
||||||
httpsAgent: proxyAgent,
|
|
||||||
})
|
|
||||||
: undefined;
|
|
||||||
|
|
||||||
const clientConfig = {
|
|
||||||
region: db.awsRegion,
|
|
||||||
endpoint: `https://sts.${db.awsRegion}.amazonaws.com`,
|
|
||||||
requestHandler,
|
|
||||||
};
|
|
||||||
|
|
||||||
const baseCreds = fromNodeProviderChain({
|
|
||||||
clientConfig,
|
|
||||||
});
|
|
||||||
|
|
||||||
const credentials = db.awsRoleArn
|
|
||||||
? fromTemporaryCredentials({
|
|
||||||
params: {
|
|
||||||
RoleArn: db.awsRoleArn,
|
|
||||||
RoleSessionName: 'unleash-db-session',
|
|
||||||
},
|
|
||||||
clientConfig,
|
|
||||||
masterCredentials: baseCreds,
|
|
||||||
})
|
|
||||||
: baseCreds;
|
|
||||||
|
|
||||||
const signer = new Signer({
|
|
||||||
region: db.awsRegion,
|
|
||||||
hostname: db.host,
|
|
||||||
port: db.port,
|
|
||||||
username: db.user,
|
|
||||||
credentials,
|
|
||||||
});
|
|
||||||
|
|
||||||
return async () => signer.getAuthToken();
|
|
||||||
};
|
|
||||||
|
|
||||||
export const getDBPassword = (db: IDBOption): Promise<string> =>
|
|
||||||
getDBPasswordResolver(db)();
|
|
||||||
@ -2,7 +2,6 @@ import type { Knex } from 'knex';
|
|||||||
import knexpkg from 'knex';
|
import knexpkg from 'knex';
|
||||||
const { knex } = knexpkg;
|
const { knex } = knexpkg;
|
||||||
import type { IUnleashConfig } from '../types/option.js';
|
import type { IUnleashConfig } from '../types/option.js';
|
||||||
import { getDBPasswordResolver } from './aws-iam.js';
|
|
||||||
|
|
||||||
export function createDb({
|
export function createDb({
|
||||||
db,
|
db,
|
||||||
@ -15,7 +14,6 @@ export function createDb({
|
|||||||
connection: {
|
connection: {
|
||||||
...db,
|
...db,
|
||||||
application_name: db.applicationName,
|
application_name: db.applicationName,
|
||||||
password: getDBPasswordResolver(db),
|
|
||||||
},
|
},
|
||||||
pool: db.pool,
|
pool: db.pool,
|
||||||
searchPath: db.schema,
|
searchPath: db.schema,
|
||||||
|
|||||||
@ -38,9 +38,6 @@ export interface IDBOption {
|
|||||||
schema: string;
|
schema: string;
|
||||||
disableMigration: boolean;
|
disableMigration: boolean;
|
||||||
applicationName?: string;
|
applicationName?: string;
|
||||||
awsIamAuth?: boolean;
|
|
||||||
awsRegion?: string;
|
|
||||||
awsRoleArn?: string;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
export interface ISessionOption {
|
export interface ISessionOption {
|
||||||
|
|||||||
@ -6,7 +6,6 @@ import type { IUnleashConfig } from './lib/types/option.js';
|
|||||||
import { secondsToMilliseconds } from 'date-fns';
|
import { secondsToMilliseconds } from 'date-fns';
|
||||||
import path from 'path';
|
import path from 'path';
|
||||||
import { fileURLToPath } from 'node:url';
|
import { fileURLToPath } from 'node:url';
|
||||||
import { getDBPassword } from './lib/db/aws-iam.js';
|
|
||||||
|
|
||||||
log.setLogLevel('error');
|
log.setLogLevel('error');
|
||||||
const __filename = fileURLToPath(import.meta.url);
|
const __filename = fileURLToPath(import.meta.url);
|
||||||
@ -23,11 +22,9 @@ export async function migrateDb(
|
|||||||
{ db }: Pick<IUnleashConfig, 'db'>,
|
{ db }: Pick<IUnleashConfig, 'db'>,
|
||||||
stopAt?: string,
|
stopAt?: string,
|
||||||
): Promise<void> {
|
): Promise<void> {
|
||||||
const password = await getDBPassword(db);
|
|
||||||
return noDatabaseUrl(async () => {
|
return noDatabaseUrl(async () => {
|
||||||
const custom = {
|
const custom = {
|
||||||
...db,
|
...db,
|
||||||
password,
|
|
||||||
connectionTimeoutMillis: secondsToMilliseconds(10),
|
connectionTimeoutMillis: secondsToMilliseconds(10),
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -46,11 +43,9 @@ export async function migrateDb(
|
|||||||
export async function requiresMigration({
|
export async function requiresMigration({
|
||||||
db,
|
db,
|
||||||
}: Pick<IUnleashConfig, 'db'>): Promise<boolean> {
|
}: Pick<IUnleashConfig, 'db'>): Promise<boolean> {
|
||||||
const password = await getDBPassword(db);
|
|
||||||
return noDatabaseUrl(async () => {
|
return noDatabaseUrl(async () => {
|
||||||
const custom = {
|
const custom = {
|
||||||
...db,
|
...db,
|
||||||
password,
|
|
||||||
connectionTimeoutMillis: secondsToMilliseconds(10),
|
connectionTimeoutMillis: secondsToMilliseconds(10),
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -69,11 +64,9 @@ export async function requiresMigration({
|
|||||||
|
|
||||||
// This exists to ease testing
|
// This exists to ease testing
|
||||||
export async function resetDb({ db }: IUnleashConfig): Promise<void> {
|
export async function resetDb({ db }: IUnleashConfig): Promise<void> {
|
||||||
const password = await getDBPassword(db);
|
|
||||||
return noDatabaseUrl(async () => {
|
return noDatabaseUrl(async () => {
|
||||||
const custom = {
|
const custom = {
|
||||||
...db,
|
...db,
|
||||||
password,
|
|
||||||
connectionTimeoutMillis: secondsToMilliseconds(10),
|
connectionTimeoutMillis: secondsToMilliseconds(10),
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user