Documentation
¶
Index ¶
- type Config
- type PasswordClient
- type PasswordSetter
- func (m *PasswordSetter) Init(ctx context.Context, secret map[string]string) error
- func (m *PasswordSetter) Rollback(ctx context.Context, creds db.NewPassword) error
- func (m *PasswordSetter) SetPassword(ctx context.Context, creds db.NewPassword) error
- func (m *PasswordSetter) VerifyPassword(ctx context.Context, creds db.NewPassword) error
- type RDSClient
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct {
RDSClient rdsiface.RDSAPI
DbClient PasswordClient
Filter func(*rds.DBInstance) bool
Parallel uint
Retry uint
RetryWait time.Duration
}
Config configures a PasswordSetter when passed to NewPasswordSetter.
type PasswordClient ¶
type PasswordClient interface {
SetPassword(ctx context.Context, creds db.NewPassword) error
VerifyPassword(ctx context.Context, creds db.NewPassword) error
}
PasswordClient sets and verifies MySQL passwords. A PasswordSetter uses a Client to abstract away low-level MySQL communication.
PasswordClient implementations must be safe for concurrent use by multiple goroutines.
type PasswordSetter ¶
type PasswordSetter struct {
// contains filtered or unexported fields
}
PasswordSetter implements the db.PasswordSetter interface for RDS.
func NewPasswordSetter ¶
func NewPasswordSetter(cfg Config) *PasswordSetter
NewPasswordSetter creates a new PasswordSetter.
func (*PasswordSetter) Init ¶
Init calls RDS DescribeDBInstances to get all RDS instances. The user-provided filter func is called to filter out instances. The final list of instances is cached so RDS DescribeDBInstances is called only once.
func (*PasswordSetter) Rollback ¶
func (m *PasswordSetter) Rollback(ctx context.Context, creds db.NewPassword) error
Rollback sets the password on all RDS instances. For this implementation, it is identical to SetPassword.
func (*PasswordSetter) SetPassword ¶
func (m *PasswordSetter) SetPassword(ctx context.Context, creds db.NewPassword) error
SetPassword sets the password on all RDS instances.
func (*PasswordSetter) VerifyPassword ¶
func (m *PasswordSetter) VerifyPassword(ctx context.Context, creds db.NewPassword) error
VerifyPassword connects to all RDS to verify that the username and password work.
type RDSClient ¶
type RDSClient struct {
// contains filtered or unexported fields
}
RDSClient implements PasswordClient for RDS. It is safe for concurrent use by multiple goroutines. Retries are not supported. The caller is responsible for retrying on error.
TLS connections using the following RDS CA
- rds-ca-2019
- rds-ca-rsa2048-g1
The RDS CA is built-in; it does not need to be provided.
func NewRDSClient ¶
NewRDSClient creates a new RDSClient.
func (*RDSClient) SetPassword ¶
SetPassword connects as username on hostname and sets the password. Only the password for the given username is changed because the SQL query is "ALTER USER CURRENT_USER IDENTIFIED BY password".
A new database connection is made on each call. If configured for a dry run, the connection is made but the SQL query is not executed.
func (*RDSClient) VerifyPassword ¶
VerifyPassword connects as username on hostname with password. If the password is valid, the connection will be successful; else, an error is returned.
A new database connection is made on each call. Dry run does not affect this function.
Source Files