Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 10 additions & 4 deletions api/proto/teleport/legacy/types/types.proto
Original file line number Diff line number Diff line change
Expand Up @@ -362,11 +362,17 @@ message DatabaseAdminUser {
string DefaultDatabase = 2 [(gogoproto.jsontag) = "default_database"];
}

// OracleOptions contains information about privileged database user used
// for database audit.
// OracleOptions contains Oracle-specific configuration options.
message OracleOptions {
// AuditUser is the Oracle database user privilege to access internal Oracle audit trail.
string AuditUser = 1 [(gogoproto.jsontag) = "audit_user"];
// AuditUser is the name of the Oracle database user that should be used to access
// the internal audit trail.
string AuditUser = 1 [(gogoproto.jsontag) = "audit_user,omitempty"];
// RetryCount is the maximum number of times to retry connecting to a
// host upon failure. If not specified it defaults to 2, for a total of 3 connection attempts.
int32 RetryCount = 2 [(gogoproto.jsontag) = "retry_count,omitempty"];
// ShuffleHostnames, when true, randomizes the order of hosts to connect to from
// the provided list.
bool ShuffleHostnames = 3 [(gogoproto.jsontag) = "shuffle_hostnames,omitempty"];
}

// DatabaseStatusV3 contains runtime information about the database.
Expand Down
4 changes: 3 additions & 1 deletion api/types/derived.gen.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4,402 changes: 2,236 additions & 2,166 deletions api/types/types.pb.go

Large diffs are not rendered by default.

Original file line number Diff line number Diff line change
Expand Up @@ -234,7 +234,9 @@ resource, which you can apply after installing the Teleport Kubernetes operator.

|Field|Type|Description|
|---|---|---|
|audit_user|string|AuditUser is the Oracle database user privilege to access internal Oracle audit trail.|
|audit_user|string|AuditUser is the name of the Oracle database user that should be used to access the internal audit trail.|
|retry_count|integer|RetryCount is the maximum number of times to retry connecting to a host upon failure. If not specified it defaults to 2, for a total of 3 connection attempts.|
|shuffle_hostnames|boolean|ShuffleHostnames, when true, randomizes the order of hosts to connect to from the provided list.|

### spec.tls

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -261,7 +261,9 @@ Optional:

Optional:

- `audit_user` (String) AuditUser is the Oracle database user privilege to access internal Oracle audit trail.
- `audit_user` (String) AuditUser is the name of the Oracle database user that should be used to access the internal audit trail.
- `retry_count` (Number) RetryCount is the maximum number of times to retry connecting to a host upon failure. If not specified it defaults to 2, for a total of 3 connection attempts.
- `shuffle_hostnames` (Boolean) ShuffleHostnames, when true, randomizes the order of hosts to connect to from the provided list.


### Nested Schema for `spec.tls`
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -282,7 +282,9 @@ Optional:

Optional:

- `audit_user` (String) AuditUser is the Oracle database user privilege to access internal Oracle audit trail.
- `audit_user` (String) AuditUser is the name of the Oracle database user that should be used to access the internal audit trail.
- `retry_count` (Number) RetryCount is the maximum number of times to retry connecting to a host upon failure. If not specified it defaults to 2, for a total of 3 connection attempts.
- `shuffle_hostnames` (Boolean) ShuffleHostnames, when true, randomizes the order of hosts to connect to from the provided list.


### Nested Schema for `spec.tls`
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -368,9 +368,19 @@ spec:
description: Oracle is an additional Oracle configuration options.
properties:
audit_user:
description: AuditUser is the Oracle database user privilege to
access internal Oracle audit trail.
description: AuditUser is the name of the Oracle database user
that should be used to access the internal audit trail.
type: string
retry_count:
description: RetryCount is the maximum number of times to retry
connecting to a host upon failure. If not specified it defaults
to 2, for a total of 3 connection attempts.
format: int32
type: integer
shuffle_hostnames:
description: ShuffleHostnames, when true, randomizes the order
of hosts to connect to from the provided list.
type: boolean
type: object
protocol:
description: 'Protocol is the database protocol: postgres, mysql,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -368,9 +368,19 @@ spec:
description: Oracle is an additional Oracle configuration options.
properties:
audit_user:
description: AuditUser is the Oracle database user privilege to
access internal Oracle audit trail.
description: AuditUser is the name of the Oracle database user
that should be used to access the internal audit trail.
type: string
retry_count:
description: RetryCount is the maximum number of times to retry
connecting to a host upon failure. If not specified it defaults
to 2, for a total of 3 connection attempts.
format: int32
type: integer
shuffle_hostnames:
description: ShuffleHostnames, when true, randomizes the order
of hosts to connect to from the provided list.
type: boolean
type: object
protocol:
description: 'Protocol is the database protocol: postgres, mysql,
Expand Down
100 changes: 95 additions & 5 deletions integrations/terraform/tfschema/types_terraform.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 3 additions & 1 deletion lib/config/configuration.go
Original file line number Diff line number Diff line change
Expand Up @@ -1910,7 +1910,9 @@ func applyDatabasesConfig(fc *FileConfig, cfg *servicecfg.Config) error {

func convOracleOptions(o DatabaseOracle) servicecfg.OracleOptions {
return servicecfg.OracleOptions{
AuditUser: o.AuditUser,
AuditUser: o.AuditUser,
RetryCount: o.RetryCount,
ShuffleHostnames: o.ShuffleHostnames,
}
}

Expand Down
9 changes: 8 additions & 1 deletion lib/config/fileconf.go
Original file line number Diff line number Diff line change
Expand Up @@ -2011,8 +2011,15 @@ type DatabaseMySQL struct {

// DatabaseOracle are an additional Oracle database options.
type DatabaseOracle struct {
// AuditUser is the Oracle database user privilege to access internal Oracle audit trail.
// AuditUser is the name of the Oracle database user that should be used to access
// the internal audit trail.
AuditUser string `yaml:"audit_user,omitempty"`
// RetryCount is the maximum number of times to retry connecting to a
// host upon failure.
RetryCount int32 `yaml:"retry_count,omitempty"`
// ShuffleHostnames, when true, randomizes the order of hosts to connect to from
// the provided list.
ShuffleHostnames bool `yaml:"shuffle_hostnames,omitempty"`
}

// SecretStore contains settings for managing secrets.
Expand Down
13 changes: 11 additions & 2 deletions lib/service/servicecfg/database.go
Original file line number Diff line number Diff line change
Expand Up @@ -87,8 +87,15 @@ type DatabaseAdminUser struct {

// OracleOptions are additional Oracle options.
type OracleOptions struct {
// AuditUser is the Oracle database user privilege to access internal Oracle audit trail.
// AuditUser is the name of the Oracle database user that should be used to access
// the internal audit trail.
AuditUser string
// RetryCount is the maximum number of times to retry connecting to a
// host upon failure.
RetryCount int32
// ShuffleHostnames, when true, randomizes the order of hosts to connect to from
// the provided list.
ShuffleHostnames bool
}

// CheckAndSetDefaults validates the database proxy configuration.
Expand Down Expand Up @@ -195,7 +202,9 @@ func (d *Database) ToDatabase() (types.Database, error) {

func convOracleOptions(o OracleOptions) types.OracleOptions {
return types.OracleOptions{
AuditUser: o.AuditUser,
AuditUser: o.AuditUser,
RetryCount: o.RetryCount,
ShuffleHostnames: o.ShuffleHostnames,
}
}

Expand Down
18 changes: 18 additions & 0 deletions lib/services/database.go
Original file line number Diff line number Diff line change
Expand Up @@ -143,6 +143,10 @@ func ValidateDatabase(db types.Database) error {
if err := validateMongoDB(db); err != nil {
return trace.Wrap(err)
}
} else if db.GetProtocol() == defaults.ProtocolOracle {
if err := validateOracleURI(db.GetURI()); err != nil {
return trace.BadParameter("invalid Oracle database %q address: %q, error: %v", db.GetName(), db.GetURI(), err)
}
} else if db.GetProtocol() == defaults.ProtocolRedis {
_, err := connection.ParseRedisAddress(db.GetURI())
if err != nil {
Expand Down Expand Up @@ -363,6 +367,20 @@ func ValidateSQLServerURI(uri string) error {
return nil
}

func validateOracleURI(uri string) error {
parts := strings.Split(uri, ",")
for _, part := range parts {
if strings.TrimSpace(part) == "" {
return trace.BadParameter("invalid empty part of URI %q", uri)
}
_, _, err := net.SplitHostPort(part)
if err != nil {
return trace.Wrap(err)
}
}
return nil
}

func isDNSError(err error) bool {
if err == nil {
return false
Expand Down
42 changes: 42 additions & 0 deletions lib/services/database_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -557,6 +557,48 @@ func TestValidateSQLServerDatabaseURI(t *testing.T) {
}
}

func TestValidateOracleURI(t *testing.T) {
tests := []struct {
name string
uri string
wantErr string
}{
{
name: "single",
uri: "host1:2484",
},
{
name: "multiple",
uri: "host1:2484,host2:2484",
},
{
name: "invalid empty",
uri: "",
wantErr: `invalid empty part of URI ""`,
},
{
name: "invalid one of",
uri: "host1:2484,host2,host3:1234",
wantErr: `address host2: missing port in address`,
},
{
name: "empty one of",
uri: "host1:2484,,",
wantErr: `invalid empty part of URI "host1:2484,,"`,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
err := validateOracleURI(tt.uri)
if tt.wantErr == "" {
require.NoError(t, err)
} else {
require.ErrorContains(t, err, tt.wantErr)
}
})
}
}

// indent returns the string where each line is indented by the specified
// number of spaces.
func indent(s string, spaces int) string {
Expand Down
4 changes: 1 addition & 3 deletions tool/tsh/common/tsh_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -4363,9 +4363,7 @@ func TestSerializeDatabases(t *testing.T) {
"docdb": {}
},
"mysql": {},
"oracle": {
"audit_user": ""
},
"oracle": {},
"gcp": {
"alloydb": {}
},
Expand Down
Loading