AWS IAM auth for PostgreSQL

2026-04-18 04:26:01 +00:00 · 2024-10-08 09:55:51 +02:00
parent d049d8c571
commit cd36259739
3 changed files with 62 additions and 33 deletions
--- a/plugins/dbgate-plugin-postgres/src/backend/drivers.js
+++ b/plugins/dbgate-plugin-postgres/src/backend/drivers.js
@@ -13,6 +13,8 @@ const {
  extractErrorLogData,
 } = global.DBGATE_PACKAGES['dbgate-tools'];

+let authProxy;
+
 const logger = getLogger('postreDriver');

 pg.types.setTypeParser(1082, 'text', val => val); // date
@@ -40,22 +42,27 @@ const drivers = driverBases.map(driverBase => ({
  ...driverBase,
  analyserClass: Analyser,

-  async connect({
-    engine,
-    server,
-    port,
-    user,
-    password,
-    database,
-    databaseUrl,
-    useDatabaseUrl,
-    ssl,
-    isReadOnly,
-    authType,
-    socketPath,
-  }) {
+  async connect(props) {
+    const {
+      engine,
+      server,
+      port,
+      user,
+      password,
+      database,
+      databaseUrl,
+      useDatabaseUrl,
+      ssl,
+      isReadOnly,
+      authType,
+      socketPath,
+    } = props;
    let options = null;

+    if (authType == 'awsIam') {
+      awsIamToken = await authProxy.getAwsIamToken(props);
+    }
+
    if (engine == 'redshift@dbgate-plugin-postgres') {
      let url = databaseUrl;
      if (url && url.startsWith('jdbc:redshift://')) {
@@ -82,9 +89,9 @@ const drivers = driverBases.map(driverBase => ({
            host: authType == 'socket' ? socketPath || driverBase.defaultSocketPath : server,
            port: authType == 'socket' ? null : port,
            user,
-            password,
+            password: awsIamToken || password,
            database: extractDbNameFromComposite(database) || 'postgres',
-            ssl,
+            ssl: authType == 'awsIam' ? ssl || { rejectUnauthorized: false } : ssl,
            application_name: 'DbGate',
          };
    }
@@ -276,7 +283,7 @@ const drivers = driverBases.map(driverBase => ({
  },

  getAuthTypes() {
-    return [
+    const res = [
      {
        title: 'Host and port',
        name: 'hostPort',
@@ -286,6 +293,13 @@ const drivers = driverBases.map(driverBase => ({
        name: 'socket',
      },
    ];
+    if (authProxy.supportsAwsIam()) {
+      res.push({
+        title: 'AWS IAM',
+        name: 'awsIam',
+      });
+    }
+    return res;
  },

  async listSchemas(dbhan) {
@@ -313,4 +327,8 @@ const drivers = driverBases.map(driverBase => ({
  },
 }));

+drivers.initialize = dbgateEnv => {
+  authProxy = dbgateEnv.authProxy;
+};
+
 module.exports = drivers;