Open izgeri opened 4 years ago
Did a demo today and they were asking about AWS-hosted DBs like Cassandra and RDS instance types.
@jodyhuntatx we do our XA and performance testing against RDS instances, so we've already tested with PostgreSQL, MySQL, and MSSQL!
Last Friday, I spent some time exploring possible implementations of Cassandra support for Secretless-Broker. This is what I found!
conn.go
and conn_test.go
. This module contains a majority of the methods we would need for creating and authenticating a connection.The driver has a nice baked-in implementation of SSLOptions you can see below. EnableHostVerification
in particular will be helpful, as we had to create a solution for this exact issue ourselves in MsSQL.
type SslOptions struct {
*tls.Config
// CertPath and KeyPath are optional depending on server
// config, but both fields must be omitted to avoid using a
// client certificate
CertPath string
KeyPath string
CaPath string //optional depending on server config
// If you want to verify the hostname and server cert (like a wildcard for cass cluster) then you should turn this on
// This option is basically the inverse of InSecureSkipVerify
// See InSecureSkipVerify in http://golang.org/pkg/crypto/tls/ for more info
EnableHostVerification bool
}
Overall, I think this would be something we could reasonably implement.
I made a branch called cassandra-support
that can be used if anyone else wants to dig in. The local version of the forked repo sits inside our third_party
directory as a submodule, so we can make changes as needed for now.
Nice find @BradleyBoutcher! I'm glad to see the library you found uses BSD 3-clause, which allows code modifications and distribution. Thanks for looking into this - if you get to the point of getting e2e with an initial version of this, that'd be cool!
Objective
Adds a Cassandra DB connector to Secretless, so it can proxy connections to a Cassandra backend.
Feature Overview
Details TBA, but Cassandra apparently ships with the
AllowAllAuthenticator
on by default and support for aPasswordAuthenticator
in the default distribution (see here for more info)If this connector is interesting for you, please share info about the Cassandra DB versions you're using, the authentication mode your server is configured with, and the client you're using to connect to it.
AC:
Story Breakdown
To be added. Will include handler, tests, documentation, etc.