mysql2-aws_rds_iam 0.1.0 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +7 -2
- data/README.md +1 -1
- data/lib/mysql2/aws_rds_iam/auth_token/expirable_token.rb +48 -0
- data/lib/mysql2/aws_rds_iam/auth_token/generator.rb +23 -5
- data/lib/mysql2/aws_rds_iam/version.rb +1 -1
- metadata +5 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d1d42f3ccbe9a75350ece952e8b561e2a7c1089d3f15d2897377868390f905b5
|
|
4
|
+
data.tar.gz: 50bdb0f9a79e34c1499a48c23a620a52e7ac00c1f2ac4d0d25f94c689159f309
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c9eb87a90b92d530a403534c3132f0230dba864056e33f2d9223aaffe1101de3f10e53407315368dccb23da0c8f4e1285b945fb85aa4e46bb8a315b7db77f2d1
|
|
7
|
+
data.tar.gz: 5a347dd53b35407532c1ec0545670b53ec596a4656a0868209d13bbdc29bf215cfcfca06c510a2dabbd4ef997dce31296b395af1170fbb6c4a38ec2c01eab481
|
data/CHANGELOG.md
CHANGED
|
@@ -4,11 +4,16 @@ All notable changes to this project will be documented in this file.
|
|
|
4
4
|
|
|
5
5
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
6
6
|
|
|
7
|
-
## [Unreleased](https://github.com/
|
|
7
|
+
## [Unreleased](https://github.com/floor114/mysql2-aws_rds_iam/compare/v0.1.0...HEAD)
|
|
8
8
|
|
|
9
9
|
No notable changes.
|
|
10
10
|
|
|
11
|
-
## [0.
|
|
11
|
+
## [0.2.0](https://github.com/floor114/mysql2-aws_rds_iam/compare/v0.1.0...v0.2.0) - 2024-12-16
|
|
12
|
+
|
|
13
|
+
### Added
|
|
14
|
+
* Cache and reuse generated tokens ([#5](https://github.com/floor114/mysql2-aws_rds_iam/pull/5))
|
|
15
|
+
|
|
16
|
+
## [0.1.0](https://github.com/floor114/mysql2-aws_rds_iam/compare/f7035d3fea3ac90e6c1b8193f8befe797a425179...v0.1.0) - 2024-01-14
|
|
12
17
|
|
|
13
18
|
### Added
|
|
14
19
|
* `Mysql2::AwsRdsIam` is an extension of [mysql2](https://github.com/brianmario/mysql2) gem that adds support of [IAM authentication](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html) when connecting to MySQL in Amazon RDS.
|
data/README.md
CHANGED
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
[](https://rubygems.org/gems/mysql2-aws_rds_iam)
|
|
4
4
|
 
|
|
5
|
-
|
|
5
|
+
[](https://github.com/floor114/mysql2-aws_rds_iam/actions/workflows/ci.yml)
|
|
6
6
|
|
|
7
7
|
`Mysql2::AwsRdsIam` is an extension of [mysql2](https://github.com/brianmario/mysql2) gem that adds support of [IAM authentication](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html) when connecting to MySQL in Amazon RDS.
|
|
8
8
|
|
|
@@ -0,0 +1,48 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Mysql2
|
|
4
|
+
module AwsRdsIam
|
|
5
|
+
module AuthToken
|
|
6
|
+
class ExpirableToken
|
|
7
|
+
# By default token is valid for up to 15 minutes, here we expire it after 14 minutes
|
|
8
|
+
DEFAULT_EXPIRE_AT = (15 * 60) # 15 minutes
|
|
9
|
+
EXPIRATION_THRESHOLD = (1 * 60) # 1 minute
|
|
10
|
+
EXPIRE_HEADER = 'x-amz-expires'
|
|
11
|
+
|
|
12
|
+
def initialize(token)
|
|
13
|
+
@token = token
|
|
14
|
+
@created_at = now
|
|
15
|
+
@expire_at = parse_expiration || DEFAULT_EXPIRE_AT
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
def value
|
|
19
|
+
token unless expired?
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
private
|
|
23
|
+
|
|
24
|
+
attr_reader :token, :created_at, :expire_at
|
|
25
|
+
|
|
26
|
+
def expired?
|
|
27
|
+
(now - created_at) > (expire_at - EXPIRATION_THRESHOLD)
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
def now
|
|
31
|
+
Process.clock_gettime(Process::CLOCK_MONOTONIC)
|
|
32
|
+
end
|
|
33
|
+
|
|
34
|
+
def parse_expiration
|
|
35
|
+
query = URI.parse("https://#{token}").query
|
|
36
|
+
|
|
37
|
+
return nil unless query
|
|
38
|
+
|
|
39
|
+
URI.decode_www_form(query)
|
|
40
|
+
.filter_map { |(key, value)| Integer(value) if key.downcase == EXPIRE_HEADER }
|
|
41
|
+
.first
|
|
42
|
+
rescue StandardError
|
|
43
|
+
nil
|
|
44
|
+
end
|
|
45
|
+
end
|
|
46
|
+
end
|
|
47
|
+
end
|
|
48
|
+
end
|
|
@@ -9,14 +9,32 @@ module Mysql2
|
|
|
9
9
|
|
|
10
10
|
@generator = Aws::RDS::AuthTokenGenerator.new(credentials: aws_config.credentials)
|
|
11
11
|
@region = aws_config.region
|
|
12
|
+
|
|
13
|
+
@cache = {}
|
|
14
|
+
@cache_mutex = Mutex.new
|
|
12
15
|
end
|
|
13
16
|
|
|
14
17
|
def call(host:, port:, username:)
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
18
|
+
cache_key = "#{host}:#{port}:#{username}"
|
|
19
|
+
|
|
20
|
+
cached_token = @cache[cache_key]&.value
|
|
21
|
+
return cached_token if cached_token
|
|
22
|
+
|
|
23
|
+
@cache_mutex.synchronize do
|
|
24
|
+
# :nocov: Executed only when parallel thread just created token
|
|
25
|
+
cached_token = @cache[cache_key]&.value
|
|
26
|
+
return cached_token if cached_token
|
|
27
|
+
|
|
28
|
+
# :nocov:
|
|
29
|
+
|
|
30
|
+
generator.auth_token(
|
|
31
|
+
region: region,
|
|
32
|
+
endpoint: "#{host}:#{port}",
|
|
33
|
+
user_name: username.to_s
|
|
34
|
+
).tap do |token|
|
|
35
|
+
@cache[cache_key] = ExpirableToken.new(token)
|
|
36
|
+
end
|
|
37
|
+
end
|
|
20
38
|
end
|
|
21
39
|
|
|
22
40
|
private
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: mysql2-aws_rds_iam
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.2.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Taras Shpachenko
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-
|
|
11
|
+
date: 2024-12-16 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-sdk-rds
|
|
@@ -66,6 +66,7 @@ files:
|
|
|
66
66
|
- README.md
|
|
67
67
|
- lib/mysql2-aws_rds_iam.rb
|
|
68
68
|
- lib/mysql2/aws_rds_iam.rb
|
|
69
|
+
- lib/mysql2/aws_rds_iam/auth_token/expirable_token.rb
|
|
69
70
|
- lib/mysql2/aws_rds_iam/auth_token/factory.rb
|
|
70
71
|
- lib/mysql2/aws_rds_iam/auth_token/generator.rb
|
|
71
72
|
- lib/mysql2/aws_rds_iam/auth_token/registry.rb
|
|
@@ -82,7 +83,7 @@ metadata:
|
|
|
82
83
|
source_code_uri: https://github.com/floor114/mysql2-aws_rds_iam
|
|
83
84
|
changelog_uri: https://github.com/floor114/mysql2-aws_rds_iam/blob/main/CHANGELOG.md
|
|
84
85
|
bug_tracker_uri: https://github.com/floor114/mysql2-aws_rds_iam/issues
|
|
85
|
-
documentation_uri: https://rubydoc.info/gems/mysql2-aws_rds_iam/0.
|
|
86
|
+
documentation_uri: https://rubydoc.info/gems/mysql2-aws_rds_iam/0.2.0
|
|
86
87
|
post_install_message:
|
|
87
88
|
rdoc_options: []
|
|
88
89
|
require_paths:
|
|
@@ -98,7 +99,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
98
99
|
- !ruby/object:Gem::Version
|
|
99
100
|
version: '0'
|
|
100
101
|
requirements: []
|
|
101
|
-
rubygems_version: 3.5.
|
|
102
|
+
rubygems_version: 3.5.16
|
|
102
103
|
signing_key:
|
|
103
104
|
specification_version: 4
|
|
104
105
|
summary: AWS RDS IAM authentication for MySQL
|