tsdb/postgres: Support Unix socket for host (#25778)

* tsdb/postgres: Support Unix socket for host Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * Fix host regex Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * Fix host regex Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * Remove panic Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * Fix host parsing; add tests Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * Add test Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * Use strings.HasPrefix to detect Unix socket host Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * Remove debug logging Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * Escape single quotes and backslashes Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * Test generateConnectionString as requested in review Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com> * Add test case for SSL mode Signed-off-by: Arve Knudsen <arve.knudsen@gmail.com>
2025-07-30 06:42:21 +08:00 · 2020-07-09 14:57:09 +02:00
parent 9948e9298f
commit 9285595c50
3 changed files with 134 additions and 17 deletions
--- a/pkg/tsdb/postgres/postgres.go
+++ b/pkg/tsdb/postgres/postgres.go
@ -3,11 +3,11 @@ package postgres
 import (
 	"database/sql"
 	"fmt"
-	"net/url"
 	"strconv"
 	"strings"

 	"github.com/grafana/grafana/pkg/setting"
+	"github.com/grafana/grafana/pkg/util/errutil"

 	"github.com/grafana/grafana/pkg/infra/log"
 	"github.com/grafana/grafana/pkg/models"
@ -47,20 +47,51 @@ func newPostgresQueryEndpoint(datasource *models.DataSource) (tsdb.TsdbQueryEndp
 	timescaledb := datasource.JsonData.Get("timescaledb").MustBool(false)

 	endpoint, err := sqleng.NewSqlQueryEndpoint(&config, &queryResultTransformer, newPostgresMacroEngine(timescaledb), logger)
-	if err == nil {
-		logger.Debug("Successfully connected to Postgres")
-	} else {
+	if err != nil {
 		logger.Debug("Failed connecting to Postgres", "err", err)
+		return nil, err
 	}
+
+	logger.Debug("Successfully connected to Postgres")
 	return endpoint, err
 }

+// escape single quotes and backslashes in Postgres connection string parameters.
+func escape(input string) string {
+	return strings.Replace(strings.Replace(input, `\`, `\\`, -1), "'", `\'`, -1)
+}
+
 func generateConnectionString(datasource *models.DataSource, logger log.Logger) (string, error) {
 	sslMode := strings.TrimSpace(strings.ToLower(datasource.JsonData.Get("sslmode").MustString("verify-full")))
 	isSSLDisabled := sslMode == "disable"

-	// Always pass SSL mode
-	sslOpts := fmt.Sprintf("sslmode=%s", url.QueryEscape(sslMode))
+	var host string
+	var port int
+	if strings.HasPrefix(datasource.Url, "/") {
+		host = datasource.Url
+		logger.Debug("Generating connection string with Unix socket specifier", "socket", host)
+	} else {
+		sp := strings.SplitN(datasource.Url, ":", 2)
+		host = sp[0]
+		if len(sp) > 1 {
+			var err error
+			port, err = strconv.Atoi(sp[1])
+			if err != nil {
+				return "", errutil.Wrapf(err, "invalid port in host specifier %q", sp[1])
+			}
+
+			logger.Debug("Generating connection string with network host/port pair", "host", host, "port", port)
+		} else {
+			logger.Debug("Generating connection string with network host", "host", host)
+		}
+	}
+
+	connStr := fmt.Sprintf("user='%s' password='%s' host='%s' dbname='%s' sslmode='%s'",
+		escape(datasource.User), escape(datasource.DecryptedPassword()), escape(host), escape(datasource.Database),
+		escape(sslMode))
+	if port > 0 {
+		connStr += fmt.Sprintf(" port=%d", port)
+	}
 	if isSSLDisabled {
 		logger.Debug("Postgres SSL is disabled")
 	} else {
@ -69,7 +100,7 @@ func generateConnectionString(datasource *models.DataSource, logger log.Logger)
 		// Attach root certificate if provided
 		if sslRootCert := datasource.JsonData.Get("sslRootCertFile").MustString(""); sslRootCert != "" {
 			logger.Debug("Setting server root certificate", "sslRootCert", sslRootCert)
-			sslOpts = fmt.Sprintf("%s&sslrootcert=%s", sslOpts, url.QueryEscape(sslRootCert))
+			connStr += fmt.Sprintf(" sslrootcert='%s'", sslRootCert)
 		}

 		// Attach client certificate and key if both are provided
@ -77,20 +108,14 @@ func generateConnectionString(datasource *models.DataSource, logger log.Logger)
 		sslKey := datasource.JsonData.Get("sslKeyFile").MustString("")
 		if sslCert != "" && sslKey != "" {
 			logger.Debug("Setting SSL client auth", "sslCert", sslCert, "sslKey", sslKey)
-			sslOpts = fmt.Sprintf("%s&sslcert=%s&sslkey=%s", sslOpts, url.QueryEscape(sslCert), url.QueryEscape(sslKey))
+			connStr += fmt.Sprintf(" sslcert='%s' sslkey='%s'", sslCert, sslKey)
 		} else if sslCert != "" || sslKey != "" {
 			return "", fmt.Errorf("SSL client certificate and key must both be specified")
 		}
 	}

-	u := &url.URL{
-		Scheme: "postgres",
-		User:   url.UserPassword(datasource.User, datasource.DecryptedPassword()),
-		Host:   datasource.Url, Path: datasource.Database,
-		RawQuery: sslOpts,
-	}
-
-	return u.String(), nil
+	logger.Debug("Generated Postgres connection string successfully")
+	return connStr, nil
 }

 type postgresQueryResultTransformer struct {