Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Include Cloud SQL database connectors #2651

Merged
merged 1 commit into from
Jul 8, 2023
Merged

Include Cloud SQL database connectors #2651

merged 1 commit into from
Jul 8, 2023

Conversation

dustin-decker
Copy link
Contributor

@dustin-decker dustin-decker commented Apr 7, 2023
edited by nscuro
Loading

Description

Adds database connectors to facilitate securely connecting to Cloud SQL with IAM and MTLS encryption. This is the easiest way to connect securely when running Dependency Track on GCP.

This includes Cloud SQL for Postgres, MySQL, and SQL Server.

https://github.com/GoogleCloudPlatform/cloud-sql-jdbc-socket-factory

This socket factory also adds to capability to connect to databases through unix sockets: https://github.com/GoogleCloudPlatform/cloud-sql-jdbc-socket-factory/blob/main/docs/jdbc-postgres.md#connection-via-unix-sockets

Addressed Issue

Closes #2650

Checklist

  • I have read and understand the contributing guidelines
  • This PR fixes a defect, and I have provided tests to verify that the fix is effective
  • This PR implements an enhancement, and I have provided tests to verify that it works as intended
  • This PR introduces changes to the database model, and I have added corresponding update logic
  • This PR introduces new or alters existing behavior, and I have updated the documentation accordingly

@dustin-decker dustin-decker force-pushed the cloud-sql-connectors branch 2 times, most recently from a781aa5 to a46eac6 Compare April 7, 2023 17:14
@dustin-decker
Include Cloud SQL database connectors
d8e3af4 
Signed-off-by: Dustin Decker <dustin@trufflesec.com>
@syalioune
Copy link
Contributor

Wouldn't using Cloud SQL Auth Proxy be easier and less invasive for Dependency Track ? I don't know much about Cloud Run but for GKE it's quite straightforward (c.f https://cloud.google.com/sql/docs/mysql/connect-kubernetes-engine)

For maintenance sake, I think it shouldn't be Dependency Track responsibility to adapt to each and every deployment context (i.e. embed connectors for all possible public or private cloud).

@dustin-decker
Copy link
Contributor Author

When running in a serverless environment such as Cloud Run there isn't an opportunity to run a side car like Cloud SQL Auth Proxy. But Cloud Run will make a unix socket available to connect to the database. A socket factory must be provided to connect to a unix socket as well. The socket factory in this PR can connect to both a unix socket and directly to the Cloud SQL instance.

https://github.com/GoogleCloudPlatform/cloud-sql-jdbc-socket-factory/blob/main/docs/jdbc-postgres.md#connection-via-unix-sockets

@nscuro
Copy link
Member

nscuro commented Apr 11, 2023

Including the connectors is fine I think, as we want users to be able to run DT in various cloud settings. They don't interfere with any of the JDBC connectors, so they're not that invasive.

The major downside here is that we as maintainers will not be able to test whether these connectors work, and continue to work.

@nscuro nscuro added this to the 4.9 milestone Apr 18, 2023
@nscuro nscuro added the enhancement New feature or request label Jul 8, 2023
@nscuro nscuro merged commit 561ef18 into DependencyTrack:master Jul 8, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Aug 8, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@nscuro nscuro nscuro approved these changes

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
4.9
Development

Successfully merging this pull request may close these issues.

Support Cloud SQL connectors
3 participants
@dustin-decker @syalioune @nscuro