crowdsec/pkg/csconfig/database.go

package csconfig

import (
	"fmt"
	"time"

	"entgo.io/ent/dialect"
	log "github.com/sirupsen/logrus"

	"github.com/crowdsecurity/go-cs-lib/ptr"
)

const (
	DEFAULT_MAX_OPEN_CONNS  = 100
	defaultDecisionBulkSize = 1000
	// we need an upper bound due to the sqlite limit of 32k variables in a query
	// we have 15 variables per decision, so 32768/15 = 2184.5333
	maxDecisionBulkSize = 2000
)

type DatabaseCfg struct {
	User             string      `yaml:"user"`
	Password         string      `yaml:"password"`
	DbName           string      `yaml:"db_name"`
	Sslmode          string      `yaml:"sslmode"`
	Host             string      `yaml:"host"`
	Port             int         `yaml:"port"`
	DbPath           string      `yaml:"db_path"`
	Type             string      `yaml:"type"`
	Flush            *FlushDBCfg `yaml:"flush"`
	LogLevel         *log.Level  `yaml:"log_level"`
	MaxOpenConns     *int        `yaml:"max_open_conns,omitempty"`
	UseWal           *bool       `yaml:"use_wal,omitempty"`
	DecisionBulkSize int         `yaml:"decision_bulk_size,omitempty"`
}

type AuthGCCfg struct {
	Cert                  *string `yaml:"cert,omitempty"`
	CertDuration          *time.Duration
	Api                   *string `yaml:"api_key,omitempty"`
	ApiDuration           *time.Duration
	LoginPassword         *string `yaml:"login_password,omitempty"`
	LoginPasswordDuration *time.Duration
}

type FlushDBCfg struct {
	MaxItems   *int       `yaml:"max_items,omitempty"`
	MaxAge     *string    `yaml:"max_age,omitempty"`
	BouncersGC *AuthGCCfg `yaml:"bouncers_autodelete,omitempty"`
	AgentsGC   *AuthGCCfg `yaml:"agents_autodelete,omitempty"`
}

func (c *Config) LoadDBConfig() error {
	if c.DbConfig == nil {
		return fmt.Errorf("no database configuration provided")
	}

	if c.Cscli != nil {
		c.Cscli.DbConfig = c.DbConfig
	}

	if c.API != nil && c.API.Server != nil {
		c.API.Server.DbConfig = c.DbConfig
	}

	if c.DbConfig.MaxOpenConns == nil {
		c.DbConfig.MaxOpenConns = ptr.Of(DEFAULT_MAX_OPEN_CONNS)
	}

	if c.DbConfig.DecisionBulkSize == 0 {
		log.Tracef("No decision_bulk_size value provided, using default value of %d", defaultDecisionBulkSize)
		c.DbConfig.DecisionBulkSize = defaultDecisionBulkSize
	}

	if c.DbConfig.DecisionBulkSize > maxDecisionBulkSize {
		log.Warningf("decision_bulk_size too high (%d), setting to the maximum value of %d", c.DbConfig.DecisionBulkSize, maxDecisionBulkSize)
		c.DbConfig.DecisionBulkSize = maxDecisionBulkSize
	}

	if c.DbConfig.Type == "sqlite" {
		if c.DbConfig.UseWal == nil {
			log.Warning("You are using sqlite without WAL, this can have a performance impact. If you do not store the database in a network share, set db_config.use_wal to true. Set explicitly to false to disable this warning.")
		}
	}

	return nil
}

func (d *DatabaseCfg) ConnectionString() string {
	connString := ""
	switch d.Type {
	case "sqlite":
		var sqliteConnectionStringParameters string
		if d.UseWal != nil && *d.UseWal {
			sqliteConnectionStringParameters = "_busy_timeout=100000&_fk=1&_journal_mode=WAL"
		} else {
			sqliteConnectionStringParameters = "_busy_timeout=100000&_fk=1"
		}
		connString = fmt.Sprintf("file:%s?%s", d.DbPath, sqliteConnectionStringParameters)
	case "mysql":
		if d.isSocketConfig() {
			connString = fmt.Sprintf("%s:%s@unix(%s)/%s?parseTime=True", d.User, d.Password, d.DbPath, d.DbName)
		} else {
			connString = fmt.Sprintf("%s:%s@tcp(%s:%d)/%s?parseTime=True", d.User, d.Password, d.Host, d.Port, d.DbName)
		}
	case "postgres", "postgresql", "pgx":
		if d.isSocketConfig() {
			connString = fmt.Sprintf("host=%s user=%s dbname=%s password=%s", d.DbPath, d.User, d.DbName, d.Password)
		} else {
			connString = fmt.Sprintf("host=%s port=%d user=%s dbname=%s password=%s sslmode=%s", d.Host, d.Port, d.User, d.DbName, d.Password, d.Sslmode)
		}
	}
	return connString
}

func (d *DatabaseCfg) ConnectionDialect() (string, string, error) {
	switch d.Type {
	case "sqlite":
		return "sqlite3", dialect.SQLite, nil
	case "mysql":
		return "mysql", dialect.MySQL, nil
	case "pgx", "postgresql", "postgres":
		if d.Type != "pgx" {
			log.Debugf("database type '%s' is deprecated, switching to 'pgx' instead", d.Type)
		}
		return "pgx", dialect.Postgres, nil
	}
	return "", "", fmt.Errorf("unknown database type '%s'", d.Type)
}

func (d *DatabaseCfg) isSocketConfig() bool {
	return d.Host == "" && d.Port == 0 && d.DbPath != ""
}
local api (#482) Co-authored-by: AlteredCoder Co-authored-by: erenJag 2020-11-30 09:37:17 +00:00			`package csconfig`

Refactor configuration management (#698) 2021-03-24 17:16:17 +00:00			`import (`
			`"fmt"`
Add support for certificate authentication for agents and bouncers (#1428) 2022-06-08 14:05:52 +00:00			`"time"`
Refactor configuration management (#698) 2021-03-24 17:16:17 +00:00
Add postgres socket support, clean some code (#1926) 2022-12-12 16:08:19 +00:00			`"entgo.io/ent/dialect"`
Refactor configuration management (#698) 2021-03-24 17:16:17 +00:00			`log "github.com/sirupsen/logrus"`
dependencies: replaced function calls to pkg/types, errors.Wrap (#2235) we now use a generic pointer function, and slowly remove the deprecated pkg/errors 2023-06-01 14:31:56 +00:00
update dependency on go-cs-lib; drop the pkg/ part (#2393) 2023-07-28 14:35:08 +00:00			`"github.com/crowdsecurity/go-cs-lib/ptr"`
Refactor configuration management (#698) 2021-03-24 17:16:17 +00:00			`)`
local api (#482) Co-authored-by: AlteredCoder Co-authored-by: erenJag 2020-11-30 09:37:17 +00:00
refactor alert/decisions insert/update to avoid database locking in bulk operations (#2446) 2023-09-04 12:21:45 +00:00			`const (`
Refact pkg/csconfig tests (#2526) * remove unused method * whitespace, redundant comments * use test helpers * move DumpConsoleConfig() from pkg/csconfig to cscli * package doc header * var -> const * rename ./tests -> ./testdata * shorter tests with more error checks * lint/formatting * use helpers; fix tests that didn't actually test * lint; rename expectedResult -> expected 2023-10-09 09:10:51 +00:00			`DEFAULT_MAX_OPEN_CONNS = 100`
refactor alert/decisions insert/update to avoid database locking in bulk operations (#2446) 2023-09-04 12:21:45 +00:00			`defaultDecisionBulkSize = 1000`
			`// we need an upper bound due to the sqlite limit of 32k variables in a query`
			`// we have 15 variables per decision, so 32768/15 = 2184.5333`
Refact pkg/csconfig tests (#2526) * remove unused method * whitespace, redundant comments * use test helpers * move DumpConsoleConfig() from pkg/csconfig to cscli * package doc header * var -> const * rename ./tests -> ./testdata * shorter tests with more error checks * lint/formatting * use helpers; fix tests that didn't actually test * lint; rename expectedResult -> expected 2023-10-09 09:10:51 +00:00			`maxDecisionBulkSize = 2000`
refactor alert/decisions insert/update to avoid database locking in bulk operations (#2446) 2023-09-04 12:21:45 +00:00			`)`
option db_client.decision_bulk_size (#2440) 2023-08-25 15:05:17 +00:00
local api (#482) Co-authored-by: AlteredCoder Co-authored-by: erenJag 2020-11-30 09:37:17 +00:00			`type DatabaseCfg struct {`
option db_client.decision_bulk_size (#2440) 2023-08-25 15:05:17 +00:00			User string `yaml:"user"`
			Password string `yaml:"password"`
			DbName string `yaml:"db_name"`
			Sslmode string `yaml:"sslmode"`
			Host string `yaml:"host"`
			Port int `yaml:"port"`
			DbPath string `yaml:"db_path"`
			Type string `yaml:"type"`
			Flush *FlushDBCfg `yaml:"flush"`
			LogLevel *log.Level `yaml:"log_level"`
			MaxOpenConns *int `yaml:"max_open_conns,omitempty"`
			UseWal *bool `yaml:"use_wal,omitempty"`
			DecisionBulkSize int `yaml:"decision_bulk_size,omitempty"`
local api (#482) Co-authored-by: AlteredCoder Co-authored-by: erenJag 2020-11-30 09:37:17 +00:00			`}`

Add support for certificate authentication for agents and bouncers (#1428) 2022-06-08 14:05:52 +00:00			`type AuthGCCfg struct {`
			Cert *string `yaml:"cert,omitempty"`
			`CertDuration *time.Duration`
			Api *string `yaml:"api_key,omitempty"`
			`ApiDuration *time.Duration`
			LoginPassword *string `yaml:"login_password,omitempty"`
			`LoginPasswordDuration *time.Duration`
			`}`

local api (#482) Co-authored-by: AlteredCoder Co-authored-by: erenJag 2020-11-30 09:37:17 +00:00			`type FlushDBCfg struct {`
Add support for certificate authentication for agents and bouncers (#1428) 2022-06-08 14:05:52 +00:00			MaxItems *int `yaml:"max_items,omitempty"`
			MaxAge *string `yaml:"max_age,omitempty"`
			BouncersGC *AuthGCCfg `yaml:"bouncers_autodelete,omitempty"`
			AgentsGC *AuthGCCfg `yaml:"agents_autodelete,omitempty"`
local api (#482) Co-authored-by: AlteredCoder Co-authored-by: erenJag 2020-11-30 09:37:17 +00:00			`}`
Refactor configuration management (#698) 2021-03-24 17:16:17 +00:00
			`func (c *Config) LoadDBConfig() error {`
			`if c.DbConfig == nil {`
			`return fmt.Errorf("no database configuration provided")`
			`}`

			`if c.Cscli != nil {`
			`c.Cscli.DbConfig = c.DbConfig`
			`}`

			`if c.API != nil && c.API.Server != nil {`
			`c.API.Server.DbConfig = c.DbConfig`
			`}`

Improve LAPI performance when under high load (#1273) 2022-02-17 16:52:04 +00:00			`if c.DbConfig.MaxOpenConns == nil {`
dependencies: replaced function calls to pkg/types, errors.Wrap (#2235) we now use a generic pointer function, and slowly remove the deprecated pkg/errors 2023-06-01 14:31:56 +00:00			`c.DbConfig.MaxOpenConns = ptr.Of(DEFAULT_MAX_OPEN_CONNS)`
Improve LAPI performance when under high load (#1273) 2022-02-17 16:52:04 +00:00			`}`
fix #1860 : Only repeat the WAL warning once (#1863) * fix #1860 2022-11-07 15:36:39 +00:00
option db_client.decision_bulk_size (#2440) 2023-08-25 15:05:17 +00:00			`if c.DbConfig.DecisionBulkSize == 0 {`
			`log.Tracef("No decision_bulk_size value provided, using default value of %d", defaultDecisionBulkSize)`
			`c.DbConfig.DecisionBulkSize = defaultDecisionBulkSize`
			`}`

refactor alert/decisions insert/update to avoid database locking in bulk operations (#2446) 2023-09-04 12:21:45 +00:00			`if c.DbConfig.DecisionBulkSize > maxDecisionBulkSize {`
			`log.Warningf("decision_bulk_size too high (%d), setting to the maximum value of %d", c.DbConfig.DecisionBulkSize, maxDecisionBulkSize)`
			`c.DbConfig.DecisionBulkSize = maxDecisionBulkSize`
			`}`

fix #1860 : Only repeat the WAL warning once (#1863) * fix #1860 2022-11-07 15:36:39 +00:00			`if c.DbConfig.Type == "sqlite" {`
			`if c.DbConfig.UseWal == nil {`
Typos, grammar (#1905) 2022-12-06 14:55:27 +00:00			`log.Warning("You are using sqlite without WAL, this can have a performance impact. If you do not store the database in a network share, set db_config.use_wal to true. Set explicitly to false to disable this warning.")`
fix #1860 : Only repeat the WAL warning once (#1863) * fix #1860 2022-11-07 15:36:39 +00:00			`}`
			`}`

Refactor configuration management (#698) 2021-03-24 17:16:17 +00:00			`return nil`
			`}`
Add postgres socket support, clean some code (#1926) 2022-12-12 16:08:19 +00:00
			`func (d *DatabaseCfg) ConnectionString() string {`
			`connString := ""`
			`switch d.Type {`
			`case "sqlite":`
			`var sqliteConnectionStringParameters string`
			`if d.UseWal != nil && *d.UseWal {`
			`sqliteConnectionStringParameters = "_busy_timeout=100000&_fk=1&_journal_mode=WAL"`
			`} else {`
			`sqliteConnectionStringParameters = "_busy_timeout=100000&_fk=1"`
			`}`
			`connString = fmt.Sprintf("file:%s?%s", d.DbPath, sqliteConnectionStringParameters)`
			`case "mysql":`
			`if d.isSocketConfig() {`
			`connString = fmt.Sprintf("%s:%s@unix(%s)/%s?parseTime=True", d.User, d.Password, d.DbPath, d.DbName)`
			`} else {`
			`connString = fmt.Sprintf("%s:%s@tcp(%s:%d)/%s?parseTime=True", d.User, d.Password, d.Host, d.Port, d.DbName)`
			`}`
			`case "postgres", "postgresql", "pgx":`
			`if d.isSocketConfig() {`
			`connString = fmt.Sprintf("host=%s user=%s dbname=%s password=%s", d.DbPath, d.User, d.DbName, d.Password)`
			`} else {`
			`connString = fmt.Sprintf("host=%s port=%d user=%s dbname=%s password=%s sslmode=%s", d.Host, d.Port, d.User, d.DbName, d.Password, d.Sslmode)`
			`}`
			`}`
			`return connString`
			`}`

			`func (d *DatabaseCfg) ConnectionDialect() (string, string, error) {`
			`switch d.Type {`
			`case "sqlite":`
			`return "sqlite3", dialect.SQLite, nil`
			`case "mysql":`
			`return "mysql", dialect.MySQL, nil`
Only support pgx driver for postgresql (#2118) 2023-03-16 10:02:31 +00:00			`case "pgx", "postgresql", "postgres":`
			`if d.Type != "pgx" {`
			`log.Debugf("database type '%s' is deprecated, switching to 'pgx' instead", d.Type)`
			`}`
Add postgres socket support, clean some code (#1926) 2022-12-12 16:08:19 +00:00			`return "pgx", dialect.Postgres, nil`
			`}`
			`return "", "", fmt.Errorf("unknown database type '%s'", d.Type)`
			`}`

			`func (d *DatabaseCfg) isSocketConfig() bool {`
			`return d.Host == "" && d.Port == 0 && d.DbPath != ""`
			`}`