Add mssql AD login functionality. Bump mssql package to v0.12.3

Signed-off-by: Mikel Landa <[email protected]>

Author: Mikel-Landa

apis/mssql/v1alpha1/user_types.go

@@ -48,6 +48,7 @@ type UserParameters struct {
 	// for this user. If no reference is given, a password will be auto-generated.
 	// +optional
 	PasswordSecretRef *xpv1.SecretKeySelector `json:"passwordSecretRef,omitempty"`
+	Type              *string                 `json:"type,omitempty"`
 }
 
 // A UserObservation represents the observed state of a MSSQL user.

cmd/provider/main.go

@@ -21,6 +21,7 @@ import (
 	"path/filepath"
 
 	_ "github.com/denisenkom/go-mssqldb"
+	_ "github.com/denisenkom/go-mssqldb/azuread"
 	_ "github.com/go-sql-driver/mysql"
 	_ "github.com/lib/pq"
 

examples/mssql/database.yaml examples/mssql/ad/database.yamlexamples/mssql/database.yaml renamed to examples/mssql/ad/database.yaml

@@ -1,5 +1,5 @@
 apiVersion: mssql.sql.crossplane.io/v1alpha1
 kind: Database
 metadata:
-  name: example-db
+  name: example-db-ad
 spec: {}

examples/mssql/ad/grant.yaml

@@ -0,0 +1,17 @@
+apiVersion: mssql.sql.crossplane.io/v1alpha1
+kind: Grant
+metadata:
+  name: example-grant
+spec:
+  forProvider:
+    permissions:
+      # CONNECT permission is added by default when user created. So, make sure
+      # to include it unless you are sure that you don't need it.
+      - CONNECT
+      - CREATE TABLE
+      - INSERT
+      - SELECT
+    userRef:
+      name: example-user-ad
+    databaseRef:
+      name: example-db-ad

examples/mssql/ad/user.yaml

@@ -0,0 +1,11 @@
+apiVersion: mssql.sql.crossplane.io/v1alpha1
+kind: User
+metadata:
+  name: example-user-ad
+  annotations:
+    crossplane.io/external-name: "[email protected]"
+spec:
+  forProvider:
+    type: AD
+    databaseRef:
+      name: example-db-ad

examples/mssql/config.yaml

@@ -44,6 +44,7 @@ require (
 	github.com/gobuffalo/flect v1.0.2 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe // indirect
+	github.com/golang-sql/sqlexp v0.1.0 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/google/gnostic-models v0.6.8 // indirect

go.mod

@@ -110,6 +110,7 @@ github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
+github.com/modocache/gover v0.0.0-20171022184752-b58185e213c5/go.mod h1:caMODM3PzxT8aQXRPkAt8xlV/e7d7w8GM5g0fa5F0D8=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
 github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE=

go.sum

@@ -32,22 +32,26 @@ import (
 )
 
 const (
-	driverName = "sqlserver"
+	schema        = "sqlserver"
+	stdDriverName = "sqlserver"
+	azDriverName  = "azuresql"
 
 	errNotSupported = "%s not supported by MSSQL client"
+	fedauth         = "fedauth"
 )
 
 type mssqlDB struct {
 	dsn      string
 	endpoint string
 	port     string
+	driver   string
 }
 
 // New returns a new mssql database client.
 func New(creds map[string][]byte, database string) xsql.DB {
 	endpoint := string(creds[xpv1.ResourceCredentialsSecretEndpointKey])
 	port := string(creds[xpv1.ResourceCredentialsSecretPortKey])
-
+	driver := stdDriverName
 	host := endpoint
 	if port != "" {
 		host = fmt.Sprintf("%s:%s", endpoint, port)
@@ -57,16 +61,36 @@ func New(creds map[string][]byte, database string) xsql.DB {
 	if database != "" {
 		query.Add("database", database)
 	}
-	u := &url.URL{
-		Scheme:   driverName,
-		User:     url.UserPassword(string(creds[xpv1.ResourceCredentialsSecretUserKey]), string(creds[xpv1.ResourceCredentialsSecretPasswordKey])),
-		Host:     host,
-		RawQuery: query.Encode(),
+	var u *url.URL
+	if val, ok := creds[fedauth]; ok {
+		authType := string(val)
+		query.Add(fedauth, authType)
+		if authType == "ActiveDirectoryServicePrincipal" || authType == "ActiveDirectoryApplication" || authType == "ActiveDirectoryPassword" {
+			query.Add("password", string(creds[xpv1.ResourceCredentialsSecretPasswordKey]))
+		}
+		if val, ok := creds[xpv1.ResourceCredentialsSecretUserKey]; ok {
+			query.Add("user id", string(val))
+		}
+		u = &url.URL{
+			Scheme:   schema,
+			Host:     host,
+			RawQuery: query.Encode(),
+		}
+		driver = azDriverName
+	} else {
+
+		u = &url.URL{
+			Scheme:   schema,
+			User:     url.UserPassword(string(creds[xpv1.ResourceCredentialsSecretUserKey]), string(creds[xpv1.ResourceCredentialsSecretPasswordKey])),
+			Host:     host,
+			RawQuery: query.Encode(),
+		}
 	}
 	return mssqlDB{
 		dsn:      u.String(),
 		endpoint: endpoint,
 		port:     port,
+		driver:   driver,
 	}
 }
 
@@ -77,7 +101,7 @@ func (c mssqlDB) ExecTx(_ context.Context, _ []xsql.Query) error {
 
 // Exec the supplied query.
 func (c mssqlDB) Exec(ctx context.Context, q xsql.Query) error {
-	d, err := sql.Open(driverName, c.dsn)
+	d, err := sql.Open(c.driver, c.dsn)
 	if err != nil {
 		return err
 	}
@@ -89,7 +113,7 @@ func (c mssqlDB) Exec(ctx context.Context, q xsql.Query) error {
 
 // Query the supplied query.
 func (c mssqlDB) Query(ctx context.Context, q xsql.Query) (*sql.Rows, error) {
-	d, err := sql.Open(driverName, c.dsn)
+	d, err := sql.Open(c.driver, c.dsn)
 	if err != nil {
 		return nil, err
 	}
@@ -100,7 +124,7 @@ func (c mssqlDB) Query(ctx context.Context, q xsql.Query) (*sql.Rows, error) {
 
 // Scan the results of the supplied query into the supplied destination.
 func (c mssqlDB) Scan(ctx context.Context, q xsql.Query, dest ...interface{}) error {
-	db, err := sql.Open(driverName, c.dsn)
+	db, err := sql.Open(c.driver, c.dsn)
 	if err != nil {
 		return err
 	}

pkg/clients/mssql/mssql.go

@@ -169,16 +169,25 @@ func (c *external) Create(ctx context.Context, mg resource.Managed) (managed.Ext
 	if !ok {
 		return managed.ExternalCreation{}, errors.New(errNotUser)
 	}
+	var query string
+	var pw string
+	if t := cr.Spec.ForProvider.Type; t == nil || *t != "AD" {
 
-	pw, _, err := c.getPassword(ctx, cr)
-	if err != nil {
-		return managed.ExternalCreation{}, err
-	}
-	if pw == "" {
-		pw, err = password.Generate()
+		pw, _, err := c.getPassword(ctx, cr)
 		if err != nil {
 			return managed.ExternalCreation{}, err
 		}
+		if pw == "" {
+			pw, err = password.Generate()
+			if err != nil {
+				return managed.ExternalCreation{}, err
+			}
+		}
+
+		query = fmt.Sprintf("CREATE USER %s WITH PASSWORD=%s", mssql.QuoteIdentifier(meta.GetExternalName(cr)), mssql.QuoteValue(pw))
+	} else {
+		query = fmt.Sprintf("CREATE USER %s", mssql.QuoteIdentifier(meta.GetExternalName(cr)))
+
 	}
 
 	loginQuery := fmt.Sprintf("CREATE LOGIN %s WITH PASSWORD=%s", mssql.QuoteIdentifier(meta.GetExternalName(cr)), mssql.QuoteValue(pw))
@@ -219,9 +228,18 @@ func (c *external) Update(ctx context.Context, mg resource.Managed) (managed.Ext
 			return managed.ExternalUpdate{}, errors.Wrap(err, errUpdateUser)
 		}
 
-		return managed.ExternalUpdate{
-			ConnectionDetails: c.db.GetConnectionDetails(meta.GetExternalName(cr), pw),
-		}, nil
+		if changed {
+			query := fmt.Sprintf("ALTER USER %s WITH PASSWORD=%s", mssql.QuoteIdentifier(meta.GetExternalName(cr)), mssql.QuoteValue(pw))
+			if err := c.db.Exec(ctx, xsql.Query{
+				String: query,
+			}); err != nil {
+				return managed.ExternalUpdate{}, errors.Wrap(err, errUpdateUser)
+			}
+
+			return managed.ExternalUpdate{
+				ConnectionDetails: c.db.GetConnectionDetails(meta.GetExternalName(cr), pw),
+			}, nil
+		}
 	}
 	return managed.ExternalUpdate{}, nil
 }