Added support for IAM token based authentication for AWS RDS or Azure DB. #3491

2025-02-25 18:55:31 -06:00 · 2022-10-15 11:19:04 +02:00
parent 25be215180
commit a62fc2fbff
10 changed files with 176 additions and 5 deletions
--- a/web/pgadmin/utils/driver/psycopg2/connection.py
+++ b/web/pgadmin/utils/driver/psycopg2/connection.py
@@ -300,6 +300,8 @@ class Connection(BaseConnection):
        # if it's present then we will use it
        if not password and not encpass and not passfile:
            passfile = manager.passfile if manager.passfile else None
+            if manager.passexec:
+                password = manager.passexec.get()

        try:
            database = self.db
--- a/web/pgadmin/utils/driver/psycopg2/server_manager.py
+++ b/web/pgadmin/utils/driver/psycopg2/server_manager.py
@@ -13,6 +13,7 @@ Implementation of ServerManager
 import os
 import datetime
 import config
+import logging
 from flask import current_app, session
 from flask_security import current_user
 from flask_babel import gettext
@@ -27,6 +28,7 @@ from pgadmin.utils.exception import ConnectionLost, SSHTunnelConnectionLost,\
    CryptKeyMissing
 from pgadmin.utils.master_password import get_crypt_key
 from pgadmin.utils.exception import ObjectGone
+from pgadmin.utils.passexec import PasswordExec

 if config.SUPPORT_SSH_TUNNEL:
    from sshtunnel import SSHTunnelForwarder, BaseSSHTunnelForwarderError
@@ -77,6 +79,9 @@ class ServerManager(object):
        self.server_types = None
        self.db_res = server.db_res
        self.passfile = server.passfile
+        self.passexec = \
+            PasswordExec(server.passexec_cmd, server.passexec_expiration) \
+            if server.passexec_cmd else None
        self.sslcert = server.sslcert
        self.sslkey = server.sslkey
        self.sslrootcert = server.sslrootcert
@@ -567,20 +572,28 @@ WHERE db.oid = {0}""".format(did))
        try:
            # If authentication method is 1 then it uses identity file
            # and password
+            ssh_logger = None
+            if current_app.debug:
+                ssh_logger = logging.getLogger('sshtunnel')
+                ssh_logger.setLevel(logging.DEBUG)
+                for h in current_app.logger.handlers:
+                    ssh_logger.addHandler(h)
            if self.tunnel_authentication == 1:
                self.tunnel_object = SSHTunnelForwarder(
                    (self.tunnel_host, int(self.tunnel_port)),
                    ssh_username=self.tunnel_username,
                    ssh_pkey=get_complete_file_path(self.tunnel_identity_file),
                    ssh_private_key_password=tunnel_password,
-                    remote_bind_address=(self.host, self.port)
+                    remote_bind_address=(self.host, self.port),
+                    logger=ssh_logger
                )
            else:
                self.tunnel_object = SSHTunnelForwarder(
                    (self.tunnel_host, int(self.tunnel_port)),
                    ssh_username=self.tunnel_username,
                    ssh_password=tunnel_password,
-                    remote_bind_address=(self.host, self.port)
+                    remote_bind_address=(self.host, self.port),
+                    logger=ssh_logger
                )
            # flag tunnel threads in daemon mode to fix hang issue.
            self.tunnel_object.daemon_forward_servers = True