Skip to content

hkadakia/grafeas-rds

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
.github
.github
 
 
go
go
 
 
.gitignore
.gitignore
 
 
Code-of-Conduct.md
Code-of-Conduct.md
 
 
Contributing.md
Contributing.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 

Repository files navigation

grafeas-rds

AWS RDS backend for Grafeas. This library can periodically refresh the IAM authentication token which is used as the password to connect to an AWS RDS service.

Table of Contents

Background

Grafeas supports pluggable storage backends, and AWS RDS can be one of the options. Furthermore, AWS RDS supports IAM-based authentication, which eliminates the needs to maintain a password, including storing it, fetching it from the application, and rotating it periodically, etc. However, the official documentation also states the following:

Each token has a lifetime of 15 minutes.

As a result, we need a mechanism to refresh the token, hence this project.

Install

This project is intended to be used as a library.

Import github.com/theparanoids/grafeas-rds/rds to use it.

Note that the Go version has to be >= 1.17 (see go.mod).

Usage

If the underlying database were PostgreSQL, the code would look like this:

import (
    "log"

    "github.com/theparanoids/grafeas-rds/go/v1beta1/storage"
    "github.com/grafeas/grafeas/go/v1beta1/storage"
    "github.com/lib/pq"
)

func main() {
    provider := rds.NewGrafeasStorageProvider(
        &pq.Driver{},
        YourCredentialsCreator{},
        YourStorageCreator{},
    )
    if err := storage.RegisterStorageTypeProvider("rds_postgres", provider.Provide); err != nil {
        log.Fatalf("Error registering rds pgsql provider, %s", err)
    }
    // Set up and start the Grafeas server...
}

Usage Notes

  • Currently the configuration passed to CredentialsCreator.Create contains only Athenz-related fields; we welcome contributions to add support for any other mechanism.
  • Regarding StorageCreator, we have an internal implementation to create a grafeas-pqsql storage given a custom driver.Connector, and are actively working on upstreaming it.

Configuration

A valid configuration file can be found here; it can be directly plugged into a configuration file for Grafeas server.

Some default values are also provided in config.go.

Contribute

Please refer to Contributing.md for information about how to get involved. We welcome issues, questions, and pull requests.

License

This project is licensed under the terms of the Apache 2.0 open source license. Please refer to LICENSE for the full terms.

About

No description, website, or topics provided.

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Go 95.5%
  • Shell 4.5%