RubyGems - planetscale - Versions diffs - 0.3.1 → 0.3.3 - Mend

planetscale 0.3.1 → 0.3.3

Files changed (368) hide show

data/vendor/github.com/planetscale/sql-proxy/LICENSE DELETED Viewed

@@ -1,202 +0,0 @@
-                                 Apache License
-                           Version 2.0, January 2004
-                        http://www.apache.org/licenses/
-   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-   1. Definitions.
-      "License" shall mean the terms and conditions for use, reproduction,
-      and distribution as defined by Sections 1 through 9 of this document.
-      "Licensor" shall mean the copyright owner or entity authorized by
-      the copyright owner that is granting the License.
-      "Legal Entity" shall mean the union of the acting entity and all
-      other entities that control, are controlled by, or are under common
-      control with that entity. For the purposes of this definition,
-      "control" means (i) the power, direct or indirect, to cause the
-      direction or management of such entity, whether by contract or
-      otherwise, or (ii) ownership of fifty percent (50%) or more of the
-      outstanding shares, or (iii) beneficial ownership of such entity.
-      "You" (or "Your") shall mean an individual or Legal Entity
-      exercising permissions granted by this License.
-      "Source" form shall mean the preferred form for making modifications,
-      including but not limited to software source code, documentation
-      source, and configuration files.
-      "Object" form shall mean any form resulting from mechanical
-      transformation or translation of a Source form, including but
-      not limited to compiled object code, generated documentation,
-      and conversions to other media types.
-      "Work" shall mean the work of authorship, whether in Source or
-      Object form, made available under the License, as indicated by a
-      copyright notice that is included in or attached to the work
-      (an example is provided in the Appendix below).
-      "Derivative Works" shall mean any work, whether in Source or Object
-      form, that is based on (or derived from) the Work and for which the
-      editorial revisions, annotations, elaborations, or other modifications
-      represent, as a whole, an original work of authorship. For the purposes
-      of this License, Derivative Works shall not include works that remain
-      separable from, or merely link (or bind by name) to the interfaces of,
-      the Work and Derivative Works thereof.
-      "Contribution" shall mean any work of authorship, including
-      the original version of the Work and any modifications or additions
-      to that Work or Derivative Works thereof, that is intentionally
-      submitted to Licensor for inclusion in the Work by the copyright owner
-      or by an individual or Legal Entity authorized to submit on behalf of
-      the copyright owner. For the purposes of this definition, "submitted"
-      means any form of electronic, verbal, or written communication sent
-      to the Licensor or its representatives, including but not limited to
-      communication on electronic mailing lists, source code control systems,
-      and issue tracking systems that are managed by, or on behalf of, the
-      Licensor for the purpose of discussing and improving the Work, but
-      excluding communication that is conspicuously marked or otherwise
-      designated in writing by the copyright owner as "Not a Contribution."
-      "Contributor" shall mean Licensor and any individual or Legal Entity
-      on behalf of whom a Contribution has been received by Licensor and
-      subsequently incorporated within the Work.
-   2. Grant of Copyright License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      copyright license to reproduce, prepare Derivative Works of,
-      publicly display, publicly perform, sublicense, and distribute the
-      Work and such Derivative Works in Source or Object form.
-   3. Grant of Patent License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      (except as stated in this section) patent license to make, have made,
-      use, offer to sell, sell, import, and otherwise transfer the Work,
-      where such license applies only to those patent claims licensable
-      by such Contributor that are necessarily infringed by their
-      Contribution(s) alone or by combination of their Contribution(s)
-      with the Work to which such Contribution(s) was submitted. If You
-      institute patent litigation against any entity (including a
-      cross-claim or counterclaim in a lawsuit) alleging that the Work
-      or a Contribution incorporated within the Work constitutes direct
-      or contributory patent infringement, then any patent licenses
-      granted to You under this License for that Work shall terminate
-      as of the date such litigation is filed.
-   4. Redistribution. You may reproduce and distribute copies of the
-      Work or Derivative Works thereof in any medium, with or without
-      modifications, and in Source or Object form, provided that You
-      meet the following conditions:
-      (a) You must give any other recipients of the Work or
-          Derivative Works a copy of this License; and
-      (b) You must cause any modified files to carry prominent notices
-          stating that You changed the files; and
-      (c) You must retain, in the Source form of any Derivative Works
-          that You distribute, all copyright, patent, trademark, and
-          attribution notices from the Source form of the Work,
-          excluding those notices that do not pertain to any part of
-          the Derivative Works; and
-      (d) If the Work includes a "NOTICE" text file as part of its
-          distribution, then any Derivative Works that You distribute must
-          include a readable copy of the attribution notices contained
-          within such NOTICE file, excluding those notices that do not
-          pertain to any part of the Derivative Works, in at least one
-          of the following places: within a NOTICE text file distributed
-          as part of the Derivative Works; within the Source form or
-          documentation, if provided along with the Derivative Works; or,
-          within a display generated by the Derivative Works, if and
-          wherever such third-party notices normally appear. The contents
-          of the NOTICE file are for informational purposes only and
-          do not modify the License. You may add Your own attribution
-          notices within Derivative Works that You distribute, alongside
-          or as an addendum to the NOTICE text from the Work, provided
-          that such additional attribution notices cannot be construed
-          as modifying the License.
-      You may add Your own copyright statement to Your modifications and
-      may provide additional or different license terms and conditions
-      for use, reproduction, or distribution of Your modifications, or
-      for any such Derivative Works as a whole, provided Your use,
-      reproduction, and distribution of the Work otherwise complies with
-      the conditions stated in this License.
-   5. Submission of Contributions. Unless You explicitly state otherwise,
-      any Contribution intentionally submitted for inclusion in the Work
-      by You to the Licensor shall be under the terms and conditions of
-      this License, without any additional terms or conditions.
-      Notwithstanding the above, nothing herein shall supersede or modify
-      the terms of any separate license agreement you may have executed
-      with Licensor regarding such Contributions.
-   6. Trademarks. This License does not grant permission to use the trade
-      names, trademarks, service marks, or product names of the Licensor,
-      except as required for reasonable and customary use in describing the
-      origin of the Work and reproducing the content of the NOTICE file.
-   7. Disclaimer of Warranty. Unless required by applicable law or
-      agreed to in writing, Licensor provides the Work (and each
-      Contributor provides its Contributions) on an "AS IS" BASIS,
-      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-      implied, including, without limitation, any warranties or conditions
-      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
-      PARTICULAR PURPOSE. You are solely responsible for determining the
-      appropriateness of using or redistributing the Work and assume any
-      risks associated with Your exercise of permissions under this License.
-   8. Limitation of Liability. In no event and under no legal theory,
-      whether in tort (including negligence), contract, or otherwise,
-      unless required by applicable law (such as deliberate and grossly
-      negligent acts) or agreed to in writing, shall any Contributor be
-      liable to You for damages, including any direct, indirect, special,
-      incidental, or consequential damages of any character arising as a
-      result of this License or out of the use or inability to use the
-      Work (including but not limited to damages for loss of goodwill,
-      work stoppage, computer failure or malfunction, or any and all
-      other commercial damages or losses), even if such Contributor
-      has been advised of the possibility of such damages.
-   9. Accepting Warranty or Additional Liability. While redistributing
-      the Work or Derivative Works thereof, You may choose to offer,
-      and charge a fee for, acceptance of support, warranty, indemnity,
-      or other liability obligations and/or rights consistent with this
-      License. However, in accepting such obligations, You may act only
-      on Your own behalf and on Your sole responsibility, not on behalf
-      of any other Contributor, and only if You agree to indemnify,
-      defend, and hold each Contributor harmless for any liability
-      incurred by, or claims asserted against, such Contributor by reason
-      of your accepting any such warranty or additional liability.
-   END OF TERMS AND CONDITIONS
-   APPENDIX: How to apply the Apache License to your work.
-      To apply the Apache License to your work, attach the following
-      boilerplate notice, with the fields enclosed by brackets "[]"
-      replaced with your own identifying information. (Don't include
-      the brackets!)  The text should be enclosed in the appropriate
-      comment syntax for the file format. We also recommend that a
-      file or class name and description of purpose be included on the
-      same "printed page" as the copyright notice for easier
-      identification within third-party archives.
-   Copyright 2021 PlanetScale, Inc.
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-       http://www.apache.org/licenses/LICENSE-2.0
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.

data/vendor/github.com/planetscale/sql-proxy/proxy/client.go DELETED Viewed

@@ -1,476 +0,0 @@
-package proxy
-import (
-	"context"
-	"crypto/tls"
-	"crypto/x509"
-	"errors"
-	"fmt"
-	"io"
-	"net"
-	"os"
-	"strings"
-	"sync/atomic"
-	"time"
-	"go.uber.org/zap"
-)
-const (
-	keepAlivePeriod = time.Minute
-)
-// CertError represents a Cert operation error.
-type CertError struct{ msg string }
-func (c *CertError) Error() string { return c.msg }
-// Cert represents the client certificate key pair in the root certiciate
-// authority that the client uses to verify server certificates.
-type Cert struct {
-	ClientCert tls.Certificate
-	CACerts    []*x509.Certificate
-	RemoteAddr string
-	Ports      RemotePorts
-}
-type RemotePorts struct {
-	Proxy int
-	MySQL int
-}
-// CertSource is used
-type CertSource interface {
-	// Cert returns the required certs needed to establish a TLS connection
-	// from the client to the server.
-	Cert(ctx context.Context, org, db, branch string) (*Cert, error)
-}
-// Client is responsible for listening to unsecured connections over a TCP
-// localhost port and tunneling them securely over a TLS connection to a remote
-// database instance defined by its PlanetScale unique branch identifier.
-type Client struct {
-	// connectionsCounter is used to enforce the optional maxConnections limit
-	// NOTE: don't move this field, as we need to make sure the fields are
-	// 64-bit aligned
-	connectionsCounter uint64
-	remoteAddr     string
-	localAddr      string
-	instance       string
-	maxConnections uint64
-	certSource     CertSource
-	log *zap.Logger
-	// configCache contains the TLS certificate chache for each indiviual
-	// database
-	configCache *tlsCache
-	listener net.Listener
-	// done is closed after a successfull net.Listen bind.
-	done chan struct{}
-}
-// Options are the options for creating a new Client.
-type Options struct {
-	// RemoteAddr defines the server address to tunnel local connections. By
-	// default we connect to the remote address given by the CertSource. This
-	// option can be used to over write it.
-	RemoteAddr string
-	// LocalAddr defines the address to listen for new connection
-	LocalAddr string
-	// Instance defines the remote DB instance to proxy new connection
-	Instance string
-	// MaxConnections is the maximum number of connections to establish
-	// before refusing new connections. 0 means no limit.
-	MaxConnections uint64
-	// CertSource defines the certificate source to obtain the required TLS
-	// certificates for the client and the remote address of the server to
-	// connect.
-	CertSource CertSource
-	// Logger defines which zap.Logger to use. Use it to override the default
-	// Development logger . Useful for tests.
-	Logger *zap.Logger
-}
-// NewClient creates a new proxy client instance
-func NewClient(opts Options) (*Client, error) {
-	c := &Client{
-		certSource:  opts.CertSource,
-		localAddr:   opts.LocalAddr,
-		remoteAddr:  opts.RemoteAddr,
-		instance:    opts.Instance,
-		configCache: newtlsCache(),
-		done:        make(chan struct{}),
-	}
-	if opts.Logger != nil {
-		c.log = opts.Logger
-	} else {
-		logger, err := zap.NewDevelopment(
-			zap.Fields(zap.String("app", "sql-proxy-client")),
-		)
-		if err != nil {
-			return nil, err
-		}
-		zap.ReplaceGlobals(logger)
-		c.log = logger
-	}
-	return c, nil
-}
-// Conn represents a connection from a client to a specific instance.
-type Conn struct {
-	Instance string
-	Conn     net.Conn
-}
-// Run runs the proxy. It listens to the configured localhost address and
-// proxies the connection over a TLS tunnel to the remote DB instance.
-func (c *Client) Run(ctx context.Context) error {
-	// cache the certs for the given instance. This will also validate the
-	// input and ensure to exit early.
-	_, _, err := c.clientCerts(context.Background(), c.instance)
-	if err != nil {
-		return &CertError{msg: err.Error()}
-	}
-	c.log.Info("ready for new connections")
-	l, err := c.getListener()
-	if err != nil {
-		return fmt.Errorf("error net.Listen: %w", err)
-	}
-	defer c.log.Sync() // nolint: errcheck
-	c.listener = l
-	close(c.done)
-	return c.run(ctx, l)
-}
-// LocalAddr returns the address of the local listener. This is by default
-// blocking and will only return if the proxy is invoked with the Run() method.
-func (c *Client) LocalAddr() (net.Addr, error) {
-	<-c.done
-	if c.listener == nil {
-		return nil, errors.New("listener is not set")
-	}
-	return c.listener.Addr(), nil
-}
-func (c *Client) getListener() (net.Listener, error) {
-	if strings.HasPrefix(c.localAddr, "unix://") {
-		p := strings.TrimPrefix(c.localAddr, "unix://")
-		if err := os.Remove(p); err != nil && !os.IsNotExist(err) {
-			return nil, fmt.Errorf("failed to remove unix domain socket file %s, error: %s", p, err)
-		}
-		return net.Listen("unix", p)
-	}
-	return net.Listen("tcp", c.localAddr)
-}
-// run is an internal function for testing the Client proxy event loop for
-// handling TCP connections
-func (c *Client) run(ctx context.Context, l net.Listener) error {
-	connSrc := make(chan Conn, 1)
-	go func() {
-		if err := c.listen(l, connSrc); err != nil {
-			c.log.Error("listen to local address", zap.Error(err))
-		}
-	}()
-	for {
-		select {
-		case <-ctx.Done():
-			termTimeout := time.Second * 1
-			c.log.Info("received context cancellation, waiting until timeout",
-				zap.Duration("timeout", termTimeout))
-			err := c.Shutdown(termTimeout)
-			if err != nil {
-				return fmt.Errorf("error during shutdown: %v", err)
-			}
-			return nil
-		case conn := <-connSrc:
-			go func(lc Conn) {
-				// TODO(fatih): detach context from parent
-				err := c.handleConn(ctx, lc.Conn, lc.Instance)
-				if err != nil {
-					c.log.Error("error proxying conns", zap.Error(err))
-				}
-			}(conn)
-		}
-	}
-}
-// listen listens to the client's localAddres and sends each incoming
-// connections to the given connSrc channel.
-func (c *Client) listen(l net.Listener, connSrc chan<- Conn) error {
-	c.log.Info("listening remote DB instance",
-		zap.String("local_addr", c.localAddr),
-		zap.String("instance", c.instance),
-	)
-	for {
-		start := time.Now()
-		conn, err := l.Accept()
-		if err != nil {
-			if nerr, ok := err.(net.Error); ok && nerr.Temporary() {
-				d := 10*time.Millisecond - time.Since(start)
-				if d > 0 {
-					time.Sleep(d)
-				}
-				continue
-			}
-			l.Close()
-			return fmt.Errorf("error in accept for on %v: %w", c.localAddr, err)
-		}
-		c.log.Info("new connection", zap.String("conn_addr", l.Addr().String()))
-		switch clientConn := conn.(type) {
-		case *net.TCPConn:
-			clientConn.SetKeepAlive(true)                  //nolint: errcheck
-			clientConn.SetKeepAlivePeriod(1 * time.Minute) //nolint: errcheck
-		}
-		connSrc <- Conn{
-			Conn:     conn,
-			Instance: c.instance,
-		}
-	}
-}
-func (c *Client) handleConn(ctx context.Context, conn net.Conn, instance string) error {
-	log := c.log.With(zap.String("instance", instance))
-	active := atomic.AddUint64(&c.connectionsCounter, 1)
-	// Deferred decrement of ConnectionsCounter upon connection closing
-	defer atomic.AddUint64(&c.connectionsCounter, ^uint64(0))
-	if c.maxConnections > 0 && active > c.maxConnections {
-		conn.Close()
-		return fmt.Errorf("too many open connections (max %d)", c.maxConnections)
-	}
-	cfg, remoteAddr, err := c.clientCerts(ctx, instance)
-	if err != nil {
-		return fmt.Errorf("couldn't retrieve certs for instance: %q: %w", instance, err)
-	}
-	// TODO(fatih): implement refreshing certs
-	// go p.refreshCertAfter(instance, timeToRefresh)
-	// overwrite the remote address if the user explicitly set it
-	if c.remoteAddr != "" {
-		remoteAddr = c.remoteAddr
-	}
-	c.log.Info("connecting to remote server", zap.String("remote_addr", remoteAddr))
-	var d net.Dialer
-	remoteConn, err := d.DialContext(ctx, "tcp", remoteAddr)
-	if err != nil {
-		conn.Close()
-		return fmt.Errorf("couldn't connect to %q: %v", remoteAddr, err)
-	}
-	type setKeepAliver interface {
-		SetKeepAlive(keepalive bool) error
-		SetKeepAlivePeriod(d time.Duration) error
-	}
-	if s, ok := conn.(setKeepAliver); ok {
-		if err := s.SetKeepAlive(true); err != nil {
-			log.Error("couldn't set KeepAlive to true", zap.Error(err))
-		} else if err := s.SetKeepAlivePeriod(keepAlivePeriod); err != nil {
-			log.Error("couldn't set KeepAlivePeriod", zap.Error(err), zap.Duration("keep_alive_period", keepAlivePeriod))
-		}
-	} else {
-		log.Warn("KeepAlive not supported: long-running tcp connections may be killed by the OS.")
-	}
-	secureConn := tls.Client(remoteConn, cfg)
-	if err := secureConn.Handshake(); err != nil {
-		secureConn.Close()
-		return fmt.Errorf("couldn't initiate TLS handshake to remote addr: %s", err)
-	}
-	// Hasta la vista, baby
-	copyThenClose(
-		secureConn,
-		conn,
-		"remote connection",
-		"local connection on "+conn.LocalAddr().String(),
-	)
-	return nil
-}
-// clientCerts returns the TLS configuration needed for the TLS handshake and
-// connection
-func (c *Client) clientCerts(ctx context.Context, instance string) (*tls.Config, string, error) {
-	cacheEntry, err := c.configCache.Get(instance)
-	if err == nil {
-		c.log.Info("using tls.Config from the cache", zap.String("instance", instance))
-		return cacheEntry.cfg, cacheEntry.remoteAddr, nil
-	}
-	if err != errConfigNotFound {
-		return nil, "", err // we don't handle non errConfigNotFound errors
-	}
-	s := strings.Split(instance, "/")
-	if len(s) != 3 {
-		return nil, "", fmt.Errorf("instance format is malformed, should be in form organization/dbname/branch, have: %q", instance)
-	}
-	cert, err := c.certSource.Cert(ctx, s[0], s[1], s[2])
-	if err != nil {
-		return nil, "", fmt.Errorf("couldn't retrieve certs from cert source: %s", err)
-	}
-	rootCertPool := x509.NewCertPool()
-	for _, caCert := range cert.CACerts {
-		rootCertPool.AddCert(caCert)
-	}
-	serverName := fmt.Sprintf("%s.%s.%s.%s", s[2], s[1], s[0], cert.RemoteAddr)
-	fullAddr := fmt.Sprintf("%s:%d", serverName, cert.Ports.Proxy)
-	cfg := &tls.Config{
-		ServerName:   serverName,
-		Certificates: []tls.Certificate{cert.ClientCert},
-		MinVersion:   tls.VersionTLS12,
-		RootCAs:      rootCertPool,
-		// Set InsecureSkipVerify to skip the default validation we are
-		// replacing. This will not disable VerifyConnection.
-		InsecureSkipVerify: true,
-		VerifyConnection: func(cs tls.ConnectionState) error {
-			// For now, only verify the server's certificate chain.
-			// We don't know yet what the server's FQDN will be.
-			//
-			// 			serverName := cs.ServerName
-			// 			commonName := cs.PeerCertificates[0].Subject.CommonName
-			// 			if commonName != serverName {
-			// 				return fmt.Errorf("invalid certificate name %q, expected %q", commonName, serverName)
-			// 			}
-			opts := x509.VerifyOptions{
-				Roots:         rootCertPool,
-				Intermediates: x509.NewCertPool(),
-			}
-			for _, cert := range cs.PeerCertificates[1:] {
-				opts.Intermediates.AddCert(cert)
-			}
-			_, err := cs.PeerCertificates[0].Verify(opts)
-			return err
-		},
-	}
-	c.log.Info("adding tls.Config to the cache", zap.String("instance", instance))
-	c.configCache.Add(instance, cfg, fullAddr)
-	return cfg, fullAddr, nil
-}
-// Shutdown waits up to a given amount of time for all active connections to
-// close. Returns an error if there are still active connections after waiting
-// for the whole length of the timeout.
-func (c *Client) Shutdown(timeout time.Duration) error {
-	term, ticker := time.After(timeout), time.NewTicker(100*time.Millisecond)
-	defer ticker.Stop()
-	for {
-		select {
-		case <-ticker.C:
-			if atomic.LoadUint64(&c.connectionsCounter) > 0 {
-				continue
-			}
-			c.log.Info("no connections to wait, bailing out")
-		case <-term:
-		}
-		break
-	}
-	active := atomic.LoadUint64(&c.connectionsCounter)
-	if active == 0 {
-		return nil
-	}
-	return fmt.Errorf("%d active connections still exist after waiting for %v", active, timeout)
-}
-func copyThenClose(remote, local io.ReadWriteCloser, remoteDesc, localDesc string) {
-	firstErr := make(chan error, 1)
-	go func() {
-		readErr, err := myCopy(remote, local)
-		select {
-		case firstErr <- err:
-			if readErr && err == io.EOF {
-				zap.L().Info("client closed connection",
-					zap.String("local_desc", localDesc))
-			} else {
-				logError(localDesc, remoteDesc, readErr, err)
-			}
-			remote.Close()
-			local.Close()
-		default:
-		}
-	}()
-	readErr, err := myCopy(local, remote)
-	select {
-	case firstErr <- err:
-		if readErr && err == io.EOF {
-			zap.L().Info("instance closed connection",
-				zap.String("remote_desc", remoteDesc))
-		} else {
-			logError(remoteDesc, localDesc, readErr, err)
-		}
-		remote.Close()
-		local.Close()
-	default:
-		// In this case, the other goroutine exited first and already printed its
-		// error (and closed the things).
-	}
-}
-func logError(readDesc, writeDesc string, readErr bool, err error) {
-	var desc string
-	if readErr {
-		desc = "reading data from " + readDesc
-	} else {
-		desc = "writing data to " + writeDesc
-	}
-	zap.L().Error("copy error", zap.String("desc", desc), zap.Error(err))
-}
-// myCopy is similar to io.Copy, but reports whether the returned error was due
-// to a bad read or write. The returned error will never be nil
-func myCopy(dst io.Writer, src io.Reader) (readErr bool, err error) {
-	buf := make([]byte, 4096)
-	for {
-		n, err := src.Read(buf)
-		if n > 0 {
-			if _, werr := dst.Write(buf[:n]); werr != nil {
-				if err == nil {
-					return false, werr
-				}
-				// Read and write error; just report read error (it happened first).
-				return true, err
-			}
-		}
-		if err != nil {
-			return true, err
-		}
-	}
-}