mirror of
https://github.com/grafana/grafana.git
synced 2024-11-29 04:04:00 -06:00
MySQL: Add option to allow cleartext passwords (#63232)
* Add "Allow Cleartext Passwords" checkbox to MySQL connection settings * Fix lint issues * Add docs * Add line break and bold text --------- Co-authored-by: Zoltán Bedi <zoltan.bedi@gmail.com>
This commit is contained in:
parent
7f7b03d794
commit
6758fd4888
@ -36,7 +36,7 @@ Administrators can also [configure the data source via YAML]({{< relref "#provis
|
||||
1. Set the data source's basic configuration options.
|
||||
|
||||
| Name | Description |
|
||||
| -------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|
||||
| ----------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|
||||
| **Name** | The data source name. This is how you refer to the data source in panels and queries. |
|
||||
| **Default** | Default data source means that it will be pre-selected for new panels. |
|
||||
| **Host** | The IP address/hostname and optional port of your MySQL instance. |
|
||||
@ -47,6 +47,7 @@ Administrators can also [configure the data source via YAML]({{< relref "#provis
|
||||
| **Max open** | The maximum number of open connections to the database, default `100` (Grafana v5.4+). |
|
||||
| **Max idle** | The maximum number of connections in the idle connection pool, default `100` (Grafana v5.4+). |
|
||||
| **Auto (max idle)** | If set will set the maximum number of idle connections to the number of maximum open connections (Grafana v9.5.1+). Default is `true`. |
|
||||
| **Allow cleartext passwords** | Allows using the [cleartext client side plugin](https://dev.mysql.com/doc/en/cleartext-pluggable-authentication.html) if required by an account, such as one defined with the [PAM authentication plugin](http://dev.mysql.com/doc/en/pam-authentication-plugin.html). <br />**Sending passwords in clear text may be a security problem in some configurations**. To avoid problems if there is any possibility that the password would be intercepted, clients should connect to MySQL Server using a method that protects the password. Possibilities include [TLS / SSL](https://github.com/go-sql-driver/mysql#tls), IPsec, or a private network. Default is `false`. |
|
||||
| **Max lifetime** | The maximum amount of time in seconds a connection may be reused, default `14400`/4 hours. This should always be lower than configured [wait_timeout](https://dev.mysql.com/doc/refman/8.0/en/server-system-variables.html#sysvar_wait_timeout) in MySQL (Grafana v5.4+). |
|
||||
|
||||
### Min time interval
|
||||
|
@ -55,6 +55,7 @@ func newInstanceSettings(cfg *setting.Cfg, httpClientProvider httpclient.Provide
|
||||
MaxIdleConns: cfg.SqlDatasourceMaxIdleConnsDefault,
|
||||
ConnMaxLifetime: cfg.SqlDatasourceMaxConnLifetimeDefault,
|
||||
SecureDSProxy: false,
|
||||
AllowCleartextPasswords: false,
|
||||
}
|
||||
|
||||
err := json.Unmarshal(settings.JSONData, &jsonData)
|
||||
@ -101,6 +102,10 @@ func newInstanceSettings(cfg *setting.Cfg, httpClientProvider httpclient.Provide
|
||||
characterEscape(dsInfo.Database, "?"),
|
||||
)
|
||||
|
||||
if dsInfo.JsonData.AllowCleartextPasswords {
|
||||
cnnstr += "&allowCleartextPasswords=true"
|
||||
}
|
||||
|
||||
opts, err := settings.HTTPClientOptions()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
@ -71,6 +71,7 @@ type JsonData struct {
|
||||
TimeInterval string `json:"timeInterval"`
|
||||
Database string `json:"database"`
|
||||
SecureDSProxy bool `json:"enableSecureSocksProxy"`
|
||||
AllowCleartextPasswords bool `json:"allowCleartextPasswords"`
|
||||
}
|
||||
|
||||
type DataSourceInfo struct {
|
||||
|
@ -48,7 +48,7 @@ export const ConfigurationEditor = (props: DataSourcePluginOptionsEditorProps<My
|
||||
};
|
||||
|
||||
const WIDTH_SHORT = 15;
|
||||
const WIDTH_MEDIUM = 22;
|
||||
const WIDTH_MEDIUM = 25;
|
||||
const WIDTH_LONG = 40;
|
||||
|
||||
return (
|
||||
@ -150,6 +150,26 @@ export const ConfigurationEditor = (props: DataSourcePluginOptionsEditorProps<My
|
||||
value={jsonData.tlsSkipVerify || false}
|
||||
></InlineSwitch>
|
||||
</InlineField>
|
||||
<InlineField
|
||||
labelWidth={WIDTH_MEDIUM}
|
||||
tooltip={
|
||||
<span>
|
||||
Allows using the cleartext client side plugin if required by an account, such as one defined with the PAM
|
||||
authentication plugin. Sending passwords in clear text may be a security problem in some configurations.
|
||||
To avoid problems if there is any possibility that the password would be intercepted, clients should
|
||||
connect to MySQL Server using a method that protects the password. Possibilities include TLS / SSL, IPsec,
|
||||
or a private network.
|
||||
</span>
|
||||
}
|
||||
htmlFor="allowCleartextPasswords"
|
||||
label="Allow Cleartext Passwords"
|
||||
>
|
||||
<InlineSwitch
|
||||
id="allowCleartextPasswords"
|
||||
onChange={onSwitchChanged('allowCleartextPasswords')}
|
||||
value={jsonData.allowCleartextPasswords || false}
|
||||
></InlineSwitch>
|
||||
</InlineField>
|
||||
</FieldSet>
|
||||
|
||||
{config.secureSocksDSProxyEnabled && (
|
||||
|
@ -1,5 +1,7 @@
|
||||
import { SQLOptions, SQLQuery } from 'app/features/plugins/sql/types';
|
||||
|
||||
export interface MySQLOptions extends SQLOptions {}
|
||||
export interface MySQLOptions extends SQLOptions {
|
||||
allowCleartextPasswords?: boolean;
|
||||
}
|
||||
|
||||
export interface MySQLQuery extends SQLQuery {}
|
||||
|
Loading…
Reference in New Issue
Block a user