diff --git a/.changes/unreleased/ENHANCEMENTS-20231011-122738.yaml b/.changes/unreleased/ENHANCEMENTS-20231011-122738.yaml new file mode 100644 index 0000000..c2fdee8 --- /dev/null +++ b/.changes/unreleased/ENHANCEMENTS-20231011-122738.yaml @@ -0,0 +1,6 @@ +kind: ENHANCEMENTS +body: 'targets/database: Add new field DatabaseAuthenticationConfig and deprecate + SplitCert and DatabaseType' +time: 2023-10-11T12:27:38.297052484-05:00 +custom: + Issues: "40" diff --git a/.changes/unreleased/FEATURES-20231006-135721.yaml b/.changes/unreleased/FEATURES-20231006-135721.yaml new file mode 100644 index 0000000..9cba31d --- /dev/null +++ b/.changes/unreleased/FEATURES-20231006-135721.yaml @@ -0,0 +1,5 @@ +kind: FEATURES +body: 'targets/database: Add support for GET list of database authentication configs' +time: 2023-10-06T13:57:21.309141752-05:00 +custom: + Issues: "40" diff --git a/bastionzero/service/connections/connections.go b/bastionzero/service/connections/connections.go index 3f796a4..5182178 100644 --- a/bastionzero/service/connections/connections.go +++ b/bastionzero/service/connections/connections.go @@ -122,7 +122,10 @@ type CreateUniversalConnectionResponse struct { AgentVersion string `json:"agentVersion"` ConnectionAuthDetails ConnectionAuthDetails `json:"connectionAuthDetails"` SshScpOnly bool `json:"sshScpOnly"` - SplitCert bool `json:"splitCert"` + // Deprecated: SplitCert exists for historical compatibility and should not be used. + // Use IsPasswordless instead. + SplitCert bool `json:"splitCert"` + IsPasswordless bool `json:"isPasswordless"` } // ConnectionAuthDetails contains details needed to connect to a connection node diff --git a/bastionzero/service/targets/database.go b/bastionzero/service/targets/database.go index 2a6fce5..4020564 100644 --- a/bastionzero/service/targets/database.go +++ b/bastionzero/service/targets/database.go @@ -6,6 +6,7 @@ import ( "net/http" "github.com/bastionzero/bastionzero-sdk-go/bastionzero/service/policies" + "github.com/bastionzero/bastionzero-sdk-go/bastionzero/service/targets/dbauthconfig" "github.com/bastionzero/bastionzero-sdk-go/bastionzero/types/targettype" "github.com/bastionzero/bastionzero-sdk-go/internal/client" ) @@ -17,16 +18,26 @@ const ( // CreateDatabaseTargetRequest is used to create a new Database target type CreateDatabaseTargetRequest struct { - TargetName string `json:"targetName"` - ProxyTargetID string `json:"proxyTargetId"` - RemoteHost string `json:"remoteHost"` - RemotePort Port `json:"remotePort"` - LocalPort *Port `json:"localPort,omitempty"` - LocalHost string `json:"localHost,omitempty"` - IsSplitCert bool `json:"splitCert,omitempty"` - DatabaseType string `json:"databaseType,omitempty"` - EnvironmentID string `json:"environmentId,omitempty"` - EnvironmentName string `json:"environmentName,omitempty"` + TargetName string `json:"targetName"` + ProxyTargetID string `json:"proxyTargetId"` + RemoteHost string `json:"remoteHost"` + // TODO: To match REST API, change to: RemotePort *Port `json:"remotePort,omitempty"` + // and update the comment below in a batched breaking changes release + + // RemotePort is required for all databases; however, for GCP-hosted databases, the + // value specified for Port.Value will be ignored when connecting to the database. + RemotePort Port `json:"remotePort"` + LocalPort *Port `json:"localPort,omitempty"` + LocalHost string `json:"localHost,omitempty"` + // Deprecated: IsSplitCert exists for historical compatibility and should not be used. + // Set AuthenticationType in DatabaseAuthenticationConfig appropriately instead. + IsSplitCert bool `json:"splitCert,omitempty"` + // Deprecated: DatabaseType exists for historical compatibility and should not be used. + // Set Database in DatabaseAuthenticationConfig appropriately instead. + DatabaseType string `json:"databaseType,omitempty"` + EnvironmentID string `json:"environmentId,omitempty"` + EnvironmentName string `json:"environmentName,omitempty"` + DatabaseAuthenticationConfig *dbauthconfig.DatabaseAuthenticationConfig `json:"databaseAuthenticationConfig,omitempty"` } // CreateDatabaseTargetResponse is the response returned if a Database target is @@ -43,9 +54,14 @@ type ModifyDatabaseTargetRequest struct { RemotePort *Port `json:"remotePort,omitempty"` LocalPort *Port `json:"localPort,omitempty"` LocalHost *string `json:"localHost,omitempty"` - IsSplitCert *bool `json:"splitCert,omitempty"` - DatabaseType *string `json:"databaseType,omitempty"` - EnvironmentID *string `json:"environmentId,omitempty"` + // Deprecated: IsSplitCert exists for historical compatibility and should not be used. + // Set AuthenticationType in DatabaseAuthenticationConfig appropriately instead. + IsSplitCert *bool `json:"splitCert,omitempty"` + // Deprecated: DatabaseType exists for historical compatibility and should not be used. + // Set Database in DatabaseAuthenticationConfig appropriately instead. + DatabaseType *string `json:"databaseType,omitempty"` + EnvironmentID *string `json:"environmentId,omitempty"` + DatabaseAuthenticationConfig *dbauthconfig.DatabaseAuthenticationConfig `json:"databaseAuthenticationConfig,omitempty"` } // ListDatabaseTargetsOptions specifies the optional parameters when querying @@ -81,9 +97,14 @@ type ListSplitCertDatabaseTypesResponse struct { type DatabaseTarget struct { VirtualTarget - IsSplitCert bool `json:"splitCert"` - DatabaseType *string `json:"databaseType"` - AllowedTargetUsers []policies.TargetUser `json:"allowedTargetUsers"` + // Deprecated: IsSplitCert exists for historical compatibility and should not be used. + // Set AuthenticationType in DatabaseAuthenticationConfig appropriately instead. + IsSplitCert bool `json:"splitCert"` + // Deprecated: DatabaseType exists for historical compatibility and should not be used. + // Set Database in DatabaseAuthenticationConfig appropriately instead. + DatabaseType *string `json:"databaseType"` + AllowedTargetUsers []policies.TargetUser `json:"allowedTargetUsers"` + DatabaseAuthenticationConfig dbauthconfig.DatabaseAuthenticationConfig `json:"databaseAuthenticationConfig"` } // ListDatabaseTargets lists all Database targets. @@ -215,6 +236,7 @@ func (s *TargetsService) ModifyDatabaseTarget(ctx context.Context, targetID stri // ListSplitCertDatabaseTypes lists all Database types for which SplitCert // access is supported. // +// Deprecated: Use ListDatabaseAuthenticationConfigs // BastionZero API docs: https://cloud.bastionzero.com/api/#get-/api/v2/targets/database/supported-databases func (s *TargetsService) ListSplitCertDatabaseTypes(ctx context.Context) (*ListSplitCertDatabaseTypesResponse, *http.Response, error) { u := databaseBasePath + "/supported-databases" @@ -232,6 +254,25 @@ func (s *TargetsService) ListSplitCertDatabaseTypes(ctx context.Context) (*ListS return listResp, resp, nil } +// ListDatabaseAuthenticationConfigs lists all database authentication configurations supported by BasionZero. +// +// BastionZero API docs: https://cloud.bastionzero.com/api/#get-/api/v2/targets/database/supported-database-configs +func (s *TargetsService) ListDatabaseAuthenticationConfigs(ctx context.Context) ([]dbauthconfig.DatabaseAuthenticationConfig, *http.Response, error) { + u := databaseBasePath + "/supported-database-configs" + req, err := s.Client.NewRequest(ctx, http.MethodGet, u, nil) + if err != nil { + return nil, nil, err + } + + dbAuthConfigList := new([]dbauthconfig.DatabaseAuthenticationConfig) + resp, err := s.Client.Do(req, dbAuthConfigList) + if err != nil { + return nil, resp, err + } + + return *dbAuthConfigList, resp, nil +} + // Ensure DatabaseTarget implementation satisfies the expected interfaces. var ( // DatabaseTarget implements VirtualTargetInterface diff --git a/bastionzero/service/targets/dbauthconfig/authenticationtype.go b/bastionzero/service/targets/dbauthconfig/authenticationtype.go new file mode 100644 index 0000000..0efd601 --- /dev/null +++ b/bastionzero/service/targets/dbauthconfig/authenticationtype.go @@ -0,0 +1,8 @@ +package dbauthconfig + +// These constants represent the supported values for the AuthenticationType field in DatabaseAuthenticationConfig. +const ( + Default string = "Default" + SplitCert string = "SplitCert" + ServiceAccountInjection string = "ServiceAccountInjection" +) diff --git a/bastionzero/service/targets/dbauthconfig/cloudserviceprovider.go b/bastionzero/service/targets/dbauthconfig/cloudserviceprovider.go new file mode 100644 index 0000000..47084a3 --- /dev/null +++ b/bastionzero/service/targets/dbauthconfig/cloudserviceprovider.go @@ -0,0 +1,7 @@ +package dbauthconfig + +// These constants represent the supported values for the CloudServiceProvider field in DatabaseAuthenticationConfig. +const ( + AWS string = "AWS" + GCP string = "GCP" +) diff --git a/bastionzero/service/targets/dbauthconfig/database.go b/bastionzero/service/targets/dbauthconfig/database.go new file mode 100644 index 0000000..7cdc352 --- /dev/null +++ b/bastionzero/service/targets/dbauthconfig/database.go @@ -0,0 +1,10 @@ +package dbauthconfig + +// These constants represent the supported values for the Database field in DatabaseAuthenticationConfig. +const ( + CockroachDB string = "CockroachDB" + MicrosoftSQLServer string = "MicrosoftSQLServer" + MongoDB string = "MongoDB" + MySQL string = "MySQL" + Postgres string = "Postgres" +) diff --git a/bastionzero/service/targets/dbauthconfig/dbauthconfig.go b/bastionzero/service/targets/dbauthconfig/dbauthconfig.go new file mode 100644 index 0000000..06fdffe --- /dev/null +++ b/bastionzero/service/targets/dbauthconfig/dbauthconfig.go @@ -0,0 +1,13 @@ +package dbauthconfig + +// DatabaseAuthenticationConfig defines a database authentication configuration supported +// by BastionZero. When using a non-null DatabaseAuthenticationConfig in a request, it +// is recommended that the supported configurations are retrieved from a GET request to +// /api/v2/targets/database/supported-database-configs and then one of the returned +// configurations is used in any subsequent create or update request as needed. +type DatabaseAuthenticationConfig struct { + AuthenticationType *string `json:"authenticationType,omitempty"` + CloudServiceProvider *string `json:"cloudServiceProvider,omitempty"` + Database *string `json:"database,omitempty"` + Label *string `json:"label,omitempty"` +} diff --git a/bastionzero/service/targets_disambiguated/database_target.go b/bastionzero/service/targets_disambiguated/database_target.go index 79a5ae0..962253c 100644 --- a/bastionzero/service/targets_disambiguated/database_target.go +++ b/bastionzero/service/targets_disambiguated/database_target.go @@ -3,19 +3,19 @@ package targets_disambiguated import ( "github.com/bastionzero/bastionzero-sdk-go/bastionzero/service/connections" "github.com/bastionzero/bastionzero-sdk-go/bastionzero/service/policies" + "github.com/bastionzero/bastionzero-sdk-go/bastionzero/service/targets/dbauthconfig" ) type DatabaseTarget struct { Target - ProxyAgentId string `json:"proxyAgentId"` - ProxyAgentName string `json:"proxyAgentName"` - RemoteHost string `json:"remoteHost"` - RemotePort Port `json:"remotePort"` - LocalHost string `json:"localHost"` - LocalPort *Port `json:"localPort"` - SplitCert bool `json:"splitCert"` - DatabaseType string `json:"databaseType"` - AllowedTargetUsers []policies.TargetUser `json:"allowedTargetUsers"` - Connections []connections.DbConnection `json:"connections"` + ProxyAgentId string `json:"proxyAgentId"` + ProxyAgentName string `json:"proxyAgentName"` + RemoteHost string `json:"remoteHost"` + RemotePort Port `json:"remotePort"` + LocalHost string `json:"localHost"` + LocalPort *Port `json:"localPort"` + AllowedTargetUsers []policies.TargetUser `json:"allowedTargetUsers"` + Connections []connections.DbConnection `json:"connections"` + DatabaseAuthenticationConfig dbauthconfig.DatabaseAuthenticationConfig `json:"databaseAuthenticationConfig"` }