AWS IAM auth for PostgreSQL

2026-04-24 06:06:00 +00:00 · 2024-10-08 09:55:51 +02:00
parent d049d8c571
commit cd36259739
3 changed files with 62 additions and 33 deletions
--- a/plugins/dbgate-plugin-postgres/src/backend/drivers.js
+++ b/plugins/dbgate-plugin-postgres/src/backend/drivers.js
@@ -13,6 +13,8 @@ const {
  extractErrorLogData,
 } = global.DBGATE_PACKAGES['dbgate-tools'];
 let authProxy;
 const logger = getLogger('postreDriver');
 pg.types.setTypeParser(1082, 'text', val => val); // date
@@ -40,22 +42,27 @@ const drivers = driverBases.map(driverBase => ({
  ...driverBase,
  analyserClass: Analyser,
-  async connect({
+  async connect(props) {
-    engine,
+    const {
-    server,
+      engine,
-    port,
+      server,
-    user,
+      port,
-    password,
+      user,
-    database,
+      password,
-    databaseUrl,
+      database,
-    useDatabaseUrl,
+      databaseUrl,
-    ssl,
+      useDatabaseUrl,
-    isReadOnly,
+      ssl,
-    authType,
+      isReadOnly,
-    socketPath,
+      authType,
-  }) {
+      socketPath,
    } = props;
    let options = null;
    if (authType == 'awsIam') {
      awsIamToken = await authProxy.getAwsIamToken(props);
    }
    if (engine == 'redshift@dbgate-plugin-postgres') {
      let url = databaseUrl;
      if (url && url.startsWith('jdbc:redshift://')) {
@@ -82,9 +89,9 @@ const drivers = driverBases.map(driverBase => ({
            host: authType == 'socket' ? socketPath || driverBase.defaultSocketPath : server,
            port: authType == 'socket' ? null : port,
            user,
-            password,
+            password: awsIamToken || password,
            database: extractDbNameFromComposite(database) || 'postgres',
-            ssl,
+            ssl: authType == 'awsIam' ? ssl || { rejectUnauthorized: false } : ssl,
            application_name: 'DbGate',
          };
    }
@@ -276,7 +283,7 @@ const drivers = driverBases.map(driverBase => ({
  },
  getAuthTypes() {
-    return [
+    const res = [
      {
        title: 'Host and port',
        name: 'hostPort',
@@ -286,6 +293,13 @@ const drivers = driverBases.map(driverBase => ({
        name: 'socket',
      },
    ];
    if (authProxy.supportsAwsIam()) {
      res.push({
        title: 'AWS IAM',
        name: 'awsIam',
      });
    }
    return res;
  },
  async listSchemas(dbhan) {
@@ -313,4 +327,8 @@ const drivers = driverBases.map(driverBase => ({
  },
 }));
 drivers.initialize = dbgateEnv => {
  authProxy = dbgateEnv.authProxy;
 };
 module.exports = drivers;
--- a/plugins/dbgate-plugin-postgres/src/backend/index.js
+++ b/plugins/dbgate-plugin-postgres/src/backend/index.js
@@ -3,4 +3,7 @@ const drivers = require('./drivers');
 module.exports = {
  packageName: 'dbgate-plugin-postgres',
  drivers,
  initialize(dbgateEnv) {
    drivers.initialize(dbgateEnv);
  },
 };
--- a/plugins/dbgate-plugin-postgres/src/frontend/drivers.js
+++ b/plugins/dbgate-plugin-postgres/src/frontend/drivers.js
@@ -135,24 +135,31 @@ const postgresDriverBase = {
  databaseUrlPlaceholder: 'e.g. postgresql://user:password@localhost:5432/default_database',
  showConnectionField: (field, values) => {
-    if (field == 'useDatabaseUrl') return true;
+    const allowedFields = ['useDatabaseUrl', 'authType', 'user', 'isReadOnly', 'useSeparateSchemas'];
-    if (values.useDatabaseUrl) {
+
-      return ['databaseUrl', 'isReadOnly'].includes(field);
+    if (values.authType == 'awsIam') {
      allowedFields.push('awsRegion', 'secretAccessKey', 'accessKeyId');
    }
-    return (
+    if (values.authType == 'socket') {
-      [
+      allowedFields.push('socketPath');
-        'authType',
+    } else {
-        'user',
+      if (values.useDatabaseUrl) {
-        'password',
+        allowedFields.push('databaseUrl');
-        'defaultDatabase',
+      } else {
-        'singleDatabase',
+        allowedFields.push('server', 'port');
-        'isReadOnly',
+      }
-        'useSeparateSchemas',
+    }
-      ].includes(field) ||
+
-      (values.authType == 'socket' && ['socketPath'].includes(field)) ||
+    if (values.authType != 'awsIam' && values.authType != 'socket') {
-      (values.authType != 'socket' && ['server', 'port'].includes(field))
+      allowedFields.push('password');
-    );
+    }
    if (!values.useDatabaseUrl) {
      allowedFields.push('defaultDatabase', 'singleDatabase');
    }
    return allowedFields.includes(field);
  },
  beforeConnectionSave: connection => {
@@ -162,6 +169,7 @@ const postgresDriverBase = {
      return {
        ...connection,
        singleDatabase: !!m,
        defaultDatabase: m ? m[1] : null,
      };
    }