Skip to content

hkadakia/grafeas-rds

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

grafeas-rds

AWS RDS backend for Grafeas. This library can periodically refresh the IAM authentication token which is used as the password to connect to an AWS RDS service.

Table of Contents

Background

Grafeas supports pluggable storage backends, and AWS RDS can be one of the options. Furthermore, AWS RDS supports IAM-based authentication, which eliminates the needs to maintain a password, including storing it, fetching it from the application, and rotating it periodically, etc. However, the official documentation also states the following:

Each token has a lifetime of 15 minutes.

As a result, we need a mechanism to refresh the token, hence this project.

Install

This project is intended to be used as a library.

Import github.com/theparanoids/grafeas-rds/rds to use it.

Note that the Go version has to be >= 1.17 (see go.mod).

Usage

If the underlying database were PostgreSQL, the code would look like this:

import (
    "log"

    "github.com/theparanoids/grafeas-rds/go/v1beta1/storage"
    "github.com/grafeas/grafeas/go/v1beta1/storage"
    "github.com/lib/pq"
)

func main() {
    provider := rds.NewGrafeasStorageProvider(
        &pq.Driver{},
        YourCredentialsCreator{},
        YourStorageCreator{},
    )
    if err := storage.RegisterStorageTypeProvider("rds_postgres", provider.Provide); err != nil {
        log.Fatalf("Error registering rds pgsql provider, %s", err)
    }
    // Set up and start the Grafeas server...
}

Usage Notes

  • Currently the configuration passed to CredentialsCreator.Create contains only Athenz-related fields; we welcome contributions to add support for any other mechanism.
  • Regarding StorageCreator, we have an internal implementation to create a grafeas-pqsql storage given a custom driver.Connector, and are actively working on upstreaming it.

Configuration

A valid configuration file can be found here; it can be directly plugged into a configuration file for Grafeas server.

Some default values are also provided in config.go.

Contribute

Please refer to Contributing.md for information about how to get involved. We welcome issues, questions, and pull requests.

License

This project is licensed under the terms of the Apache 2.0 open source license. Please refer to LICENSE for the full terms.

About

No description, website, or topics provided.

Resources

Code of conduct

Stars

Watchers

Forks