README
¶
Language : 🇺🇸 | 🇨🇳
Tencent Cloud DBAuth SDK
Welcome to the Tencent Cloud DBAuth SDK, which provides developers with supporting development tools to access the Tencent Cloud Database CAM verification service, simplifying the access process of the Tencent Cloud Database CAM verification service.
Dependency Environment
- Dependency Environment: Go 1.17 and above.
- Before use, CAM verification must be enabled on the Tencent Cloud console.
- On the Tencent Cloud console, view the account APPID on the account information page, and obtain the SecretID and SecretKey on the access management page.
USAGE
go get -v -u github.com/tencentcloud/dbauth-sdk-go
Indirect Dependencies
For tencentcloud-sdk-go v1.0.1015 and above.
Example - Connect to a Database Instance
package main
import (
"database/sql"
"fmt"
"os"
"time"
_ "github.com/go-sql-driver/mysql"
"github.com/sirupsen/logrus"
"github.com/tencentcloud/dbauth-sdk-go/dbauth"
"github.com/tencentcloud/dbauth-sdk-go/dbauth/model"
"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common"
"github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common/profile"
)
func init() {
logrus.SetOutput(os.Stdout)
logrus.SetFormatter(&logrus.TextFormatter{FullTimestamp: true})
logrus.SetLevel(logrus.InfoLevel)
}
func main() {
// Define parameters for Authentication Token
region := "ap-guangzhou"
instanceId := "cdb-123456"
userName := "camtest"
host := "gz-cdb-123456.sql.tencentcdb.com"
port := 3306
dbName := "test"
ak := os.Getenv("TENCENTCLOUD_SECRET_ID")
sk := os.Getenv("TENCENTCLOUD_SECRET_KEY")
// Get the connection
connection, err := getDBConnectionUsingCam(ak, sk, region, instanceId, userName, host, port, dbName)
if err != nil {
logrus.Error("Failed to get connection:", err)
return
}
// Verify the connection is successful
stmt, err := connection.Query("SELECT 'Success!';")
if err != nil {
logrus.Error("Failed to execute query:", err)
return
}
for stmt.Next() {
var result string
stmt.Scan(&result)
logrus.Info(result) // Success!
}
// Close the connection
if err := stmt.Close(); err != nil {
logrus.Error("Failed to close statement:", err)
}
if err := connection.Close(); err != nil {
logrus.Error("Failed to close connection:", err)
}
}
// Get a database connection using CAM Database Authentication
func getDBConnectionUsingCam(secretId, secretKey, region, instanceId, userName, host string, port int, dbName string) (*sql.DB, error) {
credential := common.NewCredential(secretId, secretKey)
maxAttempts := 3
var lastErr error
for attempt := 1; attempt <= maxAttempts; attempt++ {
// Get the authentication token using the credentials
authToken, err := getAuthToken(region, instanceId, userName, credential)
if err != nil {
return nil, err
}
connectionUrl := fmt.Sprintf("%s:%s@tcp(%s:%d)/%s", userName, authToken, host, port, dbName)
db, err := sql.Open("mysql", connectionUrl)
if err != nil {
lastErr = err
logrus.Warnf("Open connection failed. Attempt %d failed.", attempt)
time.Sleep(5 * time.Second)
continue
}
if err = db.Ping(); err != nil {
lastErr = err
logrus.Warnf("Ping failed. Attempt %d failed.", attempt)
time.Sleep(5 * time.Second)
continue
}
return db, nil
}
logrus.Error("All attempts failed. error:", lastErr)
return nil, lastErr
}
// Get an authentication token
func getAuthToken(region, instanceId, userName string, credential *common.Credential) (string, error) {
// Instantiate a client profile, optional, can be skipped if there are no special requirements
cpf := profile.NewClientProfile()
cpf.HttpProfile.Endpoint = "cam.tencentcloudapi.com"
// Create a GenerateAuthenticationTokenRequest object, ClientProfile is optional
tokenRequest, err := model.NewGenerateAuthenticationTokenRequest(region, instanceId, userName, credential, cpf)
if err != nil {
logrus.Errorf("Failed to create GenerateAuthenticationTokenRequest: %v", err)
return "", err
}
return dbauth.GenerateAuthenticationToken(tokenRequest)
}
Error Codes
Refer to the error code document for more information.
Limitations
There are some limitations when you use CAM database authentication. The following is from the CAM authentication documentation.
When you use CAM database authentication, your application must generate an CAM authentication token. Your application then uses that token to connect to the DB instance or cluster.
We recommend the following:
- Use CAM database authentication as a mechanism for temporary, personal access to databases.
- Use CAM database authentication only for workloads that can be easily retried.
Directories
¶
| Path | Synopsis |
|---|---|
|
Package dbauth provides functionalities for database authentication.
|
Package dbauth provides functionalities for database authentication. |
|
internal/constants
Package constants contains constant values used throughout the application.
|
Package constants contains constant values used throughout the application. |
|
internal/errorcode
Package errorcode provides functions to handle error codes and determine if user notification is required.
|
Package errorcode provides functions to handle error codes and determine if user notification is required. |
|
internal/parser
Package parser provides functions to parse and decrypt authentication tokens.
|
Package parser provides functions to parse and decrypt authentication tokens. |
|
internal/signer
Package signer provides structures and functions for generating authentication tokens.
|
Package signer provides structures and functions for generating authentication tokens. |
|
internal/timer
Package timer provides structures and functions for managing timers.
|
Package timer provides structures and functions for managing timers. |
|
internal/token
Package token provides structures and functions for managing authentication tokens.
|
Package token provides structures and functions for managing authentication tokens. |
|
internal/utils
Package utils provides utility functions for the dbauth package.
|
Package utils provides utility functions for the dbauth package. |
|
model
Package model contains the data structures for the dbauth package.
|
Package model contains the data structures for the dbauth package. |
Click to show internal directories.
Click to hide internal directories.