Merge pull request #346 from ydb-platform/static-credentials

* Supports static credentials as part of connection string (dsn - dat…

Author: asmyasnikov

.github/workflows/lint.yml

@@ -10,7 +10,7 @@ jobs:
     name: golangci-lint
     strategy:
       matrix:
-        go-version: [1.14.x, 1.18.x, 1.19.x]
+        go-version: [1.16.x, 1.18.x, 1.19.x]
         os: [ubuntu-latest]
     env:
       OS: ${{ matrix.os }}

.github/workflows/tests.yml

@@ -9,7 +9,7 @@ jobs:
   unit:
     strategy:
       matrix:
-        go-version: [1.14.x, 1.18.x, 1.19.x]
+        go-version: [1.16.x, 1.18.x, 1.19.x]
         os: [ubuntu-latest, windows-latest, macOS-latest]
     env:
       OS: ${{ matrix.os }}
@@ -33,7 +33,7 @@ jobs:
   e2e:
     strategy:
       matrix:
-        go-version: [1.14.x, 1.18.x, 1.19.x]
+        go-version: [1.16.x, 1.18.x, 1.19.x]
         os: [ubuntu-latest]
     services:
       ydb:

CHANGELOG.md

@@ -6,6 +6,10 @@
 * Removed support of `YDB_LOG_NO_COLOR` environment variable
 * Changed default behaviour of internal logger to without coloring
 * Fixed coloring (to true) with environment variable `YDB_LOG_SEVERITY_LEVEL`
+* Added `ydb.WithStaticCredentials(user, password)` option for make static credentials 
+* Supports static credentials as part of connection string (dsn - data source name)
+* Changed minimal supported version of go from 1.14 to 1.16 (required for jwt library)
+
 
 ## v3.33.0
 * Added `retry.DoTx` helper for retrying `database/sql` transactions 

README.md

@@ -93,9 +93,11 @@ More examples of usage placed in [examples](https://github.com/ydb-platform/ydb-
 
 ## Credentials <a name="credentials"></a>
 
-Driver contains two options for making simple `credentials.Credentials`:
+Driver implements several ways for making credentials for `YDB`:
 - `ydb.WithAnonymousCredentials()` (enabled by default unless otherwise specified)
 - `ydb.WithAccessTokenCredentials("token")`
+- `ydb.WithStaticCredentials("user", "password")`, 
+- as part of connection string, like as `grpcs://user:password@endpoint/database`
 
 Another variants of `credentials.Credentials` object provides with external packages:
 

config/config.go

@@ -90,12 +90,6 @@ func (c Config) Database() string {
 	return c.database
 }
 
-// Credentials is a ydb client credentials.
-// In most cases Credentials are required.
-func (c Config) Credentials() credentials.Credentials {
-	return c.credentials
-}
-
 // Trace contains driver tracing options.
 func (c Config) Trace() trace.Driver {
 	return c.trace
@@ -268,12 +262,8 @@ func New(opts ...Option) Config {
 	for _, o := range opts {
 		o(&c)
 	}
-	c.grpcOptions = append(
-		c.grpcOptions,
-		grpcCredentials(
-			c.secure,
-			c.tlsConfig,
-		),
+	c.grpcOptions = append(c.grpcOptions,
+		grpcCredentials(c.secure, c.tlsConfig),
 	)
 	c.meta = meta.New(
 		c.database,
@@ -284,6 +274,20 @@ func New(opts ...Option) Config {
 	return c
 }
 
+// With makes copy of current Config with specified options
+func (c Config) With(opts ...Option) Config {
+	for _, o := range opts {
+		o(&c)
+	}
+	c.meta = meta.New(
+		c.database,
+		c.credentials,
+		c.trace,
+		c.metaOptions...,
+	)
+	return c
+}
+
 func certPool() *x509.CertPool {
 	certPool, err := x509.SystemCertPool()
 	if err == nil {

connection.go

@@ -15,7 +15,10 @@ import (
 	"github.com/ydb-platform/ydb-go-sdk/v3/internal/conn"
 	internalCoordination "github.com/ydb-platform/ydb-go-sdk/v3/internal/coordination"
 	coordinationConfig "github.com/ydb-platform/ydb-go-sdk/v3/internal/coordination/config"
+	"github.com/ydb-platform/ydb-go-sdk/v3/internal/credentials"
 	discoveryConfig "github.com/ydb-platform/ydb-go-sdk/v3/internal/discovery/config"
+	"github.com/ydb-platform/ydb-go-sdk/v3/internal/dsn"
+	"github.com/ydb-platform/ydb-go-sdk/v3/internal/endpoint"
 	internalRatelimiter "github.com/ydb-platform/ydb-go-sdk/v3/internal/ratelimiter"
 	ratelimiterConfig "github.com/ydb-platform/ydb-go-sdk/v3/internal/ratelimiter/config"
 	internalScheme "github.com/ydb-platform/ydb-go-sdk/v3/internal/scheme"
@@ -83,6 +86,8 @@ type Connection interface {
 
 //nolint:maligned
 type connection struct {
+	userInfo *dsn.UserInfo
+
 	opts []Option
 
 	config  config.Config
@@ -408,16 +413,20 @@ func open(ctx context.Context, opts ...Option) (_ Connection, err error) {
 	}()
 
 	if c.pool == nil {
-		c.pool = conn.NewPool(
-			ctx,
-			c.config,
-		)
+		c.pool = conn.NewPool(ctx, c.config)
 	}
 
-	c.balancer, err = balancer.New(
-		ctx,
-		c.config,
-		c.pool,
+	if c.userInfo != nil {
+		c.config = c.config.With(config.WithCredentials(
+			credentials.NewStaticCredentials(
+				c.userInfo.User, c.userInfo.Password,
+				c.pool.Get(endpoint.New(c.config.Endpoint())),
+			),
+		))
+	}
+
+	c.balancer, err = balancer.New(ctx,
+		c.config, c.pool,
 		append(
 			// prepend common params from root config
 			[]discoveryConfig.Option{

go.mod

@@ -3,6 +3,7 @@ module github.com/ydb-platform/ydb-go-sdk/v3
 go 1.18
 
 require (
+	github.com/golang-jwt/jwt/v4 v4.4.1
 	github.com/golang/mock v1.6.0
 	github.com/jonboulle/clockwork v0.2.2
 	github.com/stretchr/testify v1.7.1

go.sum

@@ -20,6 +20,8 @@ github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.m
 github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go.mod h1:KJwIaB5Mv44NWtYuAOFCVOjcI94vtpEz2JU/D2v6IjE=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
+github.com/golang-jwt/jwt/v4 v4.4.1 h1:pC5DB52sCeK48Wlb9oPcdhnjkz1TKt1D/P7WKJ0kUcQ=
+github.com/golang-jwt/jwt/v4 v4.4.1/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
 github.com/golang/mock v1.6.0 h1:ErTB+efbowRARo13NNdxyJji2egdxLGQhRaY+DUumQc=

internal/credentials/access_token.go

@@ -0,0 +1,24 @@
+package credentials
+
+import (
+	"context"
+)
+
+// accessTokenCredentials implements Credentials interface with static
+// authorization parameters.
+type accessTokenCredentials struct {
+	token      string
+	sourceInfo string
+}
+
+func NewAccessTokenCredentials(token string, sourceInfo string) Credentials {
+	return &accessTokenCredentials{
+		token:      token,
+		sourceInfo: sourceInfo,
+	}
+}
+
+// Token implements Credentials.
+func (a accessTokenCredentials) Token(_ context.Context) (string, error) {
+	return a.token, nil
+}

internal/credentials/anonymous.go

@@ -0,0 +1,21 @@
+package credentials
+
+import (
+	"context"
+)
+
+// anonymousCredentials implements Credentials interface with anonymousCredentials access
+type anonymousCredentials struct {
+	sourceInfo string
+}
+
+func NewAnonymousCredentials(sourceInfo string) Credentials {
+	return &anonymousCredentials{
+		sourceInfo: sourceInfo,
+	}
+}
+
+// Token implements Credentials.
+func (a anonymousCredentials) Token(_ context.Context) (string, error) {
+	return "", nil
+}