merge with crossplane-contrib#166

Author: bakito

.gitignore

@@ -8,3 +8,4 @@
 .work
 _output
 __debug_bin
+deploy

apis/mssql/v1alpha1/user_types.go

@@ -22,6 +22,12 @@ import (
 	xpv1 "github.com/crossplane/crossplane-runtime/apis/common/v1"
 )
 
+// UserTypes
+const (
+	UserTypeLocal = "Local"
+	UserTypeAD    = "AD"
+)
+
 // A UserSpec defines the desired state of a Database.
 type UserSpec struct {
 	xpv1.ResourceSpec `json:",inline"`
@@ -56,6 +62,7 @@ type UserParameters struct {
 	LoginDatabaseRef *xpv1.Reference `json:"loginDatabaseRef,omitempty"`
 	// DatabaseSelector allows you to use selector constraints to select a Database to be used to create the user LOGIN in (normally master).
 	LoginDatabaseSelector *xpv1.Selector `json:"loginDatabaseSelector,omitempty"`
+	Type                  *string        `json:"type,omitempty"`
 }
 
 // A UserObservation represents the observed state of a MSSQL user.

cmd/provider/main.go

@@ -23,6 +23,7 @@ import (
 	_ "github.com/go-sql-driver/mysql"
 	_ "github.com/lib/pq"
 	_ "github.com/microsoft/go-mssqldb"
+	_ "github.com/microsoft/go-mssqldb/azuread"
 
 	"gopkg.in/alecthomas/kingpin.v2"
 	ctrl "sigs.k8s.io/controller-runtime"
@@ -34,6 +35,9 @@ import (
 
 	"github.com/crossplane-contrib/provider-sql/apis"
 	"github.com/crossplane-contrib/provider-sql/pkg/controller"
+
+	azlog "github.com/Azure/azure-sdk-for-go/sdk/azcore/log"
+	azidentity "github.com/Azure/azure-sdk-for-go/sdk/azidentity"
 )
 
 func main() {
@@ -53,6 +57,14 @@ func main() {
 		// *very* verbose even at info level, so we only provide it a real
 		// logger when we're running in debug mode.
 		ctrl.SetLogger(zl)
+
+		// print log output to stdout
+		azlog.SetListener(func(event azlog.Event, s string) {
+			log.Debug(s) //fmt.Println(s)
+		})
+
+		// include only azidentity credential logs
+		azlog.SetEvents(azidentity.EventAuthentication)
 	}
 
 	log.Debug("Starting", "sync-period", syncPeriod.String())

go.mod

@@ -5,6 +5,8 @@ go 1.21
 toolchain go1.21.11
 
 require (
+	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.1
+	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1
 	github.com/DATA-DOG/go-sqlmock v1.5.0
 	github.com/crossplane/crossplane-runtime v1.16.0
 	github.com/crossplane/crossplane-tools v0.0.0-20240522174801-1ad3d4c87f21
@@ -23,6 +25,8 @@ require (
 
 require (
 	dario.cat/mergo v1.0.0 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.1 // indirect
+	github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1 // indirect
 	github.com/alecthomas/kingpin/v2 v2.4.0 // indirect
 	github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751 // indirect
 	github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137 // indirect
@@ -43,6 +47,7 @@ require (
 	github.com/go-openapi/swag v0.22.3 // indirect
 	github.com/gobuffalo/flect v1.0.2 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang-jwt/jwt/v5 v5.2.0 // indirect
 	github.com/golang-sql/civil v0.0.0-20220223132316-b832511892a9 // indirect
 	github.com/golang-sql/sqlexp v0.1.0 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
@@ -54,13 +59,15 @@ require (
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/kylelemons/godebug v1.1.0 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
+	github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
 	github.com/prometheus/client_golang v1.18.0 // indirect
 	github.com/prometheus/client_model v0.5.0 // indirect
 	github.com/prometheus/common v0.45.0 // indirect

go.sum

@@ -37,6 +37,8 @@ github.com/dave/jennifer v1.7.0/go.mod h1:nXbxhEmQfOZhWml3D1cDK5M1FLnMSozpbFN/m3
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI=
+github.com/dnaeon/go-vcr v1.2.0/go.mod h1:R4UdLID7HZT3taECzJs4YgbbH6PIGXB6W/sc5OLb6RQ=
 github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g=
 github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
 github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U=
@@ -219,6 +221,7 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4=
 golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=

package/crds/mssql.sql.crossplane.io_users.yaml

@@ -253,6 +253,8 @@ spec:
                     - name
                     - namespace
                     type: object
+                  type:
+                    type: string
                 type: object
               managementPolicies:
                 default:

pkg/clients/mssql/mssql.go

@@ -32,22 +32,26 @@ import (
 )
 
 const (
-	driverName = "sqlserver"
+	schema        = "sqlserver"
+	stdDriverName = "sqlserver"
+	azDriverName  = "azuresql"
 
 	errNotSupported = "%s not supported by MSSQL client"
+	fedauth         = "fedauth"
 )
 
 type mssqlDB struct {
 	dsn      string
 	endpoint string
 	port     string
+	driver   string
 }
 
 // New returns a new mssql database client.
 func New(creds map[string][]byte, database string) xsql.DB {
 	endpoint := string(creds[xpv1.ResourceCredentialsSecretEndpointKey])
 	port := string(creds[xpv1.ResourceCredentialsSecretPortKey])
-
+	driver := stdDriverName
 	host := endpoint
 	if port != "" {
 		host = fmt.Sprintf("%s:%s", endpoint, port)
@@ -57,16 +61,39 @@ func New(creds map[string][]byte, database string) xsql.DB {
 	if database != "" {
 		query.Add("database", database)
 	}
-	u := &url.URL{
-		Scheme:   driverName,
-		User:     url.UserPassword(string(creds[xpv1.ResourceCredentialsSecretUserKey]), string(creds[xpv1.ResourceCredentialsSecretPasswordKey])),
-		Host:     host,
-		RawQuery: query.Encode(),
+	var u *url.URL
+	if val, ok := creds[fedauth]; ok {
+		authType := string(val)
+		query.Add(fedauth, authType)
+		// var user *url.Userinfo
+		if authType == "ActiveDirectoryServicePrincipal" || authType == "ActiveDirectoryApplication" || authType == "ActiveDirectoryPassword" {
+			query.Add("password", string(creds[xpv1.ResourceCredentialsSecretPasswordKey]))
+		}
+		if val, ok := creds[xpv1.ResourceCredentialsSecretUserKey]; ok {
+			// user = url.User(string(val[:]))
+			query.Add("user id", string(val))
+		}
+		u = &url.URL{
+			Scheme: schema,
+			// User:     user,
+			Host:     host,
+			RawQuery: query.Encode(),
+		}
+		driver = azDriverName
+	} else {
+
+		u = &url.URL{
+			Scheme:   schema,
+			User:     url.UserPassword(string(creds[xpv1.ResourceCredentialsSecretUserKey]), string(creds[xpv1.ResourceCredentialsSecretPasswordKey])),
+			Host:     host,
+			RawQuery: query.Encode(),
+		}
 	}
 	return mssqlDB{
 		dsn:      u.String(),
 		endpoint: endpoint,
 		port:     port,
+		driver:   driver,
 	}
 }
 
@@ -77,7 +104,7 @@ func (c mssqlDB) ExecTx(_ context.Context, _ []xsql.Query) error {
 
 // Exec the supplied query.
 func (c mssqlDB) Exec(ctx context.Context, q xsql.Query) error {
-	d, err := sql.Open(driverName, c.dsn)
+	d, err := sql.Open(c.driver, c.dsn)
 	if err != nil {
 		return err
 	}
@@ -89,7 +116,7 @@ func (c mssqlDB) Exec(ctx context.Context, q xsql.Query) error {
 
 // Query the supplied query.
 func (c mssqlDB) Query(ctx context.Context, q xsql.Query) (*sql.Rows, error) {
-	d, err := sql.Open(driverName, c.dsn)
+	d, err := sql.Open(c.driver, c.dsn)
 	if err != nil {
 		return nil, err
 	}
@@ -100,7 +127,7 @@ func (c mssqlDB) Query(ctx context.Context, q xsql.Query) (*sql.Rows, error) {
 
 // Scan the results of the supplied query into the supplied destination.
 func (c mssqlDB) Scan(ctx context.Context, q xsql.Query, dest ...interface{}) error {
-	db, err := sql.Open(driverName, c.dsn)
+	db, err := sql.Open(c.driver, c.dsn)
 	if err != nil {
 		return err
 	}

pkg/controller/mssql/user/reconciler.go

@@ -145,8 +145,21 @@ func (c *external) Observe(ctx context.Context, mg resource.Managed) (managed.Ex
 	}
 
 	var name string
-
-	query := "SELECT name FROM sys.database_principals WHERE type = 'S' AND name = @p1"
+	var query string
+	var userType string
+	if cr.Spec.ForProvider.Type == nil {
+		userType = v1alpha1.UserTypeLocal
+	} else {
+		userType = *cr.Spec.ForProvider.Type
+	}
+	switch userType {
+	case v1alpha1.UserTypeAD:
+		query = "SELECT name FROM sys.database_principals WHERE type IN ('E','X') AND name = @p1"
+	case v1alpha1.UserTypeLocal:
+		query = "SELECT name FROM sys.database_principals WHERE type = 'S' AND name = @p1"
+	default:
+		return managed.ExternalObservation{}, errors.Errorf("Type '%s' is not valid", *cr.Spec.ForProvider.Type)
+	}
 	err := c.userDB.Scan(ctx, xsql.Query{
 		String: query, Parameters: []interface{}{
 			meta.GetExternalName(cr),
@@ -177,30 +190,44 @@ func (c *external) Create(ctx context.Context, mg resource.Managed) (managed.Ext
 	if !ok {
 		return managed.ExternalCreation{}, errors.New(errNotUser)
 	}
-
-	pw, _, err := c.getPassword(ctx, cr)
-	if err != nil {
-		return managed.ExternalCreation{}, err
+	var loginQuery string
+	var pw string
+	userType := v1alpha1.UserTypeLocal
+	if cr.Spec.ForProvider.Type != nil {
+		userType = *cr.Spec.ForProvider.Type
 	}
-	if pw == "" {
-		pw, err = password.Generate()
+	switch userType {
+	case v1alpha1.UserTypeAD:
+		loginQuery = fmt.Sprintf("CREATE USER %s FROM EXTERNAL PROVIDER", mssql.QuoteIdentifier(meta.GetExternalName(cr)))
+	case v1alpha1.UserTypeLocal:
+		var err error
+		pw, _, err = c.getPassword(ctx, cr)
 		if err != nil {
 			return managed.ExternalCreation{}, err
 		}
+		if pw == "" {
+			pw, err = password.Generate()
+			if err != nil {
+				return managed.ExternalCreation{}, err
+			}
+		}
+		loginQuery = fmt.Sprintf("CREATE LOGIN %s WITH PASSWORD=%s", mssql.QuoteIdentifier(meta.GetExternalName(cr)), mssql.QuoteValue(pw))
+	default:
+		return managed.ExternalCreation{}, errors.Errorf("Type '%s' is not valid", *cr.Spec.ForProvider.Type)
 	}
-
-	loginQuery := fmt.Sprintf("CREATE LOGIN %s WITH PASSWORD=%s", mssql.QuoteIdentifier(meta.GetExternalName(cr)), mssql.QuoteValue(pw))
 	if err := c.loginDB.Exec(ctx, xsql.Query{
 		String: loginQuery,
 	}); err != nil {
 		return managed.ExternalCreation{}, errors.Wrapf(err, errCreateLogin, meta.GetExternalName(cr))
 	}
+	if userType != v1alpha1.UserTypeAD {
 
-	userQuery := fmt.Sprintf("CREATE USER %s FOR LOGIN %s", mssql.QuoteIdentifier(meta.GetExternalName(cr)), mssql.QuoteIdentifier(meta.GetExternalName(cr)))
-	if err := c.userDB.Exec(ctx, xsql.Query{
-		String: userQuery,
-	}); err != nil {
-		return managed.ExternalCreation{}, errors.Wrapf(err, errCreateUser, meta.GetExternalName(cr))
+		userQuery := fmt.Sprintf("CREATE USER %s FOR LOGIN %s", mssql.QuoteIdentifier(meta.GetExternalName(cr)), mssql.QuoteIdentifier(meta.GetExternalName(cr)))
+		if err := c.userDB.Exec(ctx, xsql.Query{
+			String: userQuery,
+		}); err != nil {
+			return managed.ExternalCreation{}, errors.Wrapf(err, errCreateUser, meta.GetExternalName(cr))
+		}
 	}
 
 	return managed.ExternalCreation{
@@ -213,23 +240,34 @@ func (c *external) Update(ctx context.Context, mg resource.Managed) (managed.Ext
 	if !ok {
 		return managed.ExternalUpdate{}, errors.New(errNotUser)
 	}
+	if t := cr.Spec.ForProvider.Type; t == nil || *t == v1alpha1.UserTypeLocal {
 
-	pw, changed, err := c.getPassword(ctx, cr)
-	if err != nil {
-		return managed.ExternalUpdate{}, err
-	}
-
-	if changed {
-		query := fmt.Sprintf("ALTER LOGIN %s WITH PASSWORD=%s", mssql.QuoteIdentifier(meta.GetExternalName(cr)), mssql.QuoteValue(pw))
-		if err := c.loginDB.Exec(ctx, xsql.Query{
-			String: query,
-		}); err != nil {
-			return managed.ExternalUpdate{}, errors.Wrap(err, errUpdateUser)
+		pw, changed, err := c.getPassword(ctx, cr)
+		if err != nil {
+			return managed.ExternalUpdate{}, err
 		}
 
-		return managed.ExternalUpdate{
-			ConnectionDetails: c.userDB.GetConnectionDetails(meta.GetExternalName(cr), pw),
-		}, nil
+		if changed {
+			query := fmt.Sprintf("ALTER LOGIN %s WITH PASSWORD=%s", mssql.QuoteIdentifier(meta.GetExternalName(cr)), mssql.QuoteValue(pw))
+			if err := c.userDB.Exec(ctx, xsql.Query{
+				String: query,
+			}); err != nil {
+				return managed.ExternalUpdate{}, errors.Wrap(err, errUpdateUser)
+			}
+
+			if changed {
+				query := fmt.Sprintf("ALTER USER %s WITH PASSWORD=%s", mssql.QuoteIdentifier(meta.GetExternalName(cr)), mssql.QuoteValue(pw))
+				if err := c.userDB.Exec(ctx, xsql.Query{
+					String: query,
+				}); err != nil {
+					return managed.ExternalUpdate{}, errors.Wrap(err, errUpdateUser)
+				}
+
+				return managed.ExternalUpdate{
+					ConnectionDetails: c.userDB.GetConnectionDetails(meta.GetExternalName(cr), pw),
+				}, nil
+			}
+		}
 	}
 	return managed.ExternalUpdate{}, nil
 }