IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

MySQL: Add option to allow cleartext passwords (#63232)

Browse Source 
* Add "Allow Cleartext Passwords" checkbox to MySQL connection settings

* Fix lint issues

* Add docs

* Add line break and bold text

---------

Co-authored-by: Zoltán Bedi <zoltan.bedi@gmail.com>
This commit is contained in:
enginecan
2023-05-26 03:33:55 -07:00
committed by GitHub
parent 7f7b03d794
commit 6758fd4888
5 changed files with 65 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
docs/sources/datasources/mysql/_index.md
View File

@@ -35,19 +35,20 @@ Administrators can also [configure the data source via YAML]({{< relref "#provis
1. Set the data source's basic configuration options. 1. Set the data source's basic configuration options.
| Name | Description | | Name | Description |
| -------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | ----------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Name** | The data source name. This is how you refer to the data source in panels and queries. | | **Name** | The data source name. This is how you refer to the data source in panels and queries. |
| **Default** | Default data source means that it will be pre-selected for new panels. | | **Default** | Default data source means that it will be pre-selected for new panels. |
| **Host** | The IP address/hostname and optional port of your MySQL instance. | | **Host** | The IP address/hostname and optional port of your MySQL instance. |
| **Database** | Name of your MySQL database. | | **Database** | Name of your MySQL database. |
| **User** | Database user's login/username | | **User** | Database user's login/username |
| **Password** | Database user's password | | **Password** | Database user's password |
| **Session Timezone** | Specify the time zone used in the database session, such as `Europe/Berlin` or `+02:00`. This is necessary, if the timezone of the database (or the host of the database) is set to something other than UTC. Set the value used in the session with `SET time_zone='...'`. If you leave this field empty, then the time zone is not updated. For more information, refer to the [MySQL documentation](https://dev.mysql.com/doc/refman/8.0/en/time-zone-support.html). | | **Session Timezone** | Specify the time zone used in the database session, such as `Europe/Berlin` or `+02:00`. This is necessary, if the timezone of the database (or the host of the database) is set to something other than UTC. Set the value used in the session with `SET time_zone='...'`. If you leave this field empty, then the time zone is not updated. For more information, refer to the [MySQL documentation](https://dev.mysql.com/doc/refman/8.0/en/time-zone-support.html). |
| **Max open** | The maximum number of open connections to the database, default `100` (Grafana v5.4+). | | **Max open** | The maximum number of open connections to the database, default `100` (Grafana v5.4+). |
| **Max idle** | The maximum number of connections in the idle connection pool, default `100` (Grafana v5.4+). | | **Max idle** | The maximum number of connections in the idle connection pool, default `100` (Grafana v5.4+). |
| **Auto (max idle)** | If set will set the maximum number of idle connections to the number of maximum open connections (Grafana v9.5.1+). Default is `true`. | | **Auto (max idle)** | If set will set the maximum number of idle connections to the number of maximum open connections (Grafana v9.5.1+). Default is `true`. |
| **Max lifetime** | The maximum amount of time in seconds a connection may be reused, default `14400`/4 hours. This should always be lower than configured [wait_timeout](https://dev.mysql.com/doc/refman/8.0/en/server-system-variables.html#sysvar_wait_timeout) in MySQL (Grafana v5.4+). | | **Allow cleartext passwords** | Allows using the [cleartext client side plugin](https://dev.mysql.com/doc/en/cleartext-pluggable-authentication.html) if required by an account, such as one defined with the [PAM authentication plugin](http://dev.mysql.com/doc/en/pam-authentication-plugin.html). <br />**Sending passwords in clear text may be a security problem in some configurations**. To avoid problems if there is any possibility that the password would be intercepted, clients should connect to MySQL Server using a method that protects the password. Possibilities include [TLS / SSL](https://github.com/go-sql-driver/mysql#tls), IPsec, or a private network. Default is `false`. |
| **Max lifetime** | The maximum amount of time in seconds a connection may be reused, default `14400`/4 hours. This should always be lower than configured [wait_timeout](https://dev.mysql.com/doc/refman/8.0/en/server-system-variables.html#sysvar_wait_timeout) in MySQL (Grafana v5.4+). |
### Min time interval ### Min time interval

13
pkg/tsdb/mysql/mysql.go
View File

@@ -51,10 +51,11 @@ func ProvideService(cfg *setting.Cfg, httpClientProvider httpclient.Provider) *S
func newInstanceSettings(cfg *setting.Cfg, httpClientProvider httpclient.Provider) datasource.InstanceFactoryFunc { func newInstanceSettings(cfg *setting.Cfg, httpClientProvider httpclient.Provider) datasource.InstanceFactoryFunc {
return func(settings backend.DataSourceInstanceSettings) (instancemgmt.Instance, error) { return func(settings backend.DataSourceInstanceSettings) (instancemgmt.Instance, error) {
jsonData := sqleng.JsonData{ jsonData := sqleng.JsonData{
MaxOpenConns: cfg.SqlDatasourceMaxOpenConnsDefault, MaxOpenConns: cfg.SqlDatasourceMaxOpenConnsDefault,
MaxIdleConns: cfg.SqlDatasourceMaxIdleConnsDefault, MaxIdleConns: cfg.SqlDatasourceMaxIdleConnsDefault,
ConnMaxLifetime: cfg.SqlDatasourceMaxConnLifetimeDefault, ConnMaxLifetime: cfg.SqlDatasourceMaxConnLifetimeDefault,
SecureDSProxy: false, SecureDSProxy: false,
AllowCleartextPasswords: false,
} }
err := json.Unmarshal(settings.JSONData, &jsonData) err := json.Unmarshal(settings.JSONData, &jsonData)
@@ -101,6 +102,10 @@ func newInstanceSettings(cfg *setting.Cfg, httpClientProvider httpclient.Provide
characterEscape(dsInfo.Database, "?"), characterEscape(dsInfo.Database, "?"),
) )
if dsInfo.JsonData.AllowCleartextPasswords {
cnnstr += "&allowCleartextPasswords=true"
}
opts, err := settings.HTTPClientOptions() opts, err := settings.HTTPClientOptions()
if err != nil { if err != nil {
return nil, err return nil, err

35
pkg/tsdb/sqleng/sql_engine.go
View File

@@ -54,23 +54,24 @@ var NewXormEngine = func(driverName string, connectionString string) (*xorm.Engi
} }
type JsonData struct { type JsonData struct {
MaxOpenConns int `json:"maxOpenConns"` MaxOpenConns int `json:"maxOpenConns"`
MaxIdleConns int `json:"maxIdleConns"` MaxIdleConns int `json:"maxIdleConns"`
ConnMaxLifetime int `json:"connMaxLifetime"` ConnMaxLifetime int `json:"connMaxLifetime"`
ConnectionTimeout int `json:"connectionTimeout"` ConnectionTimeout int `json:"connectionTimeout"`
Timescaledb bool `json:"timescaledb"` Timescaledb bool `json:"timescaledb"`
Mode string `json:"sslmode"` Mode string `json:"sslmode"`
ConfigurationMethod string `json:"tlsConfigurationMethod"` ConfigurationMethod string `json:"tlsConfigurationMethod"`
TlsSkipVerify bool `json:"tlsSkipVerify"` TlsSkipVerify bool `json:"tlsSkipVerify"`
RootCertFile string `json:"sslRootCertFile"` RootCertFile string `json:"sslRootCertFile"`
CertFile string `json:"sslCertFile"` CertFile string `json:"sslCertFile"`
CertKeyFile string `json:"sslKeyFile"` CertKeyFile string `json:"sslKeyFile"`
Timezone string `json:"timezone"` Timezone string `json:"timezone"`
Encrypt string `json:"encrypt"` Encrypt string `json:"encrypt"`
Servername string `json:"servername"` Servername string `json:"servername"`
TimeInterval string `json:"timeInterval"` TimeInterval string `json:"timeInterval"`
Database string `json:"database"` Database string `json:"database"`
SecureDSProxy bool `json:"enableSecureSocksProxy"` SecureDSProxy bool `json:"enableSecureSocksProxy"`
AllowCleartextPasswords bool `json:"allowCleartextPasswords"`
} }
type DataSourceInfo struct { type DataSourceInfo struct {

22
public/app/plugins/datasource/mysql/configuration/ConfigurationEditor.tsx
View File

@@ -48,7 +48,7 @@ export const ConfigurationEditor = (props: DataSourcePluginOptionsEditorProps<My
}; };
const WIDTH_SHORT = 15; const WIDTH_SHORT = 15;
const WIDTH_MEDIUM = 22; const WIDTH_MEDIUM = 25;
const WIDTH_LONG = 40; const WIDTH_LONG = 40;
return ( return (
@@ -150,6 +150,26 @@ export const ConfigurationEditor = (props: DataSourcePluginOptionsEditorProps<My
value={jsonData.tlsSkipVerify || false} value={jsonData.tlsSkipVerify || false}
></InlineSwitch> ></InlineSwitch>
</InlineField> </InlineField>
<InlineField
labelWidth={WIDTH_MEDIUM}
tooltip={
<span>
Allows using the cleartext client side plugin if required by an account, such as one defined with the PAM
authentication plugin. Sending passwords in clear text may be a security problem in some configurations.
To avoid problems if there is any possibility that the password would be intercepted, clients should
connect to MySQL Server using a method that protects the password. Possibilities include TLS / SSL, IPsec,
or a private network.
</span>
}
htmlFor="allowCleartextPasswords"
label="Allow Cleartext Passwords"
>
<InlineSwitch
id="allowCleartextPasswords"
onChange={onSwitchChanged('allowCleartextPasswords')}
value={jsonData.allowCleartextPasswords || false}
></InlineSwitch>
</InlineField>
</FieldSet> </FieldSet>
{config.secureSocksDSProxyEnabled && ( {config.secureSocksDSProxyEnabled && (

4
public/app/plugins/datasource/mysql/types.ts
View File

@@ -1,5 +1,7 @@
import { SQLOptions, SQLQuery } from 'app/features/plugins/sql/types'; import { SQLOptions, SQLQuery } from 'app/features/plugins/sql/types';
export interface MySQLOptions extends SQLOptions {} export interface MySQLOptions extends SQLOptions {
allowCleartextPasswords?: boolean;
}
export interface MySQLQuery extends SQLQuery {} export interface MySQLQuery extends SQLQuery {}