andreasf / cf-mysql-plugin Goto Github PK

View Code? Open in Web Editor NEW

33.0 4.0 17.0 171 KB

Cloud Foundry CLI MySQL Plugin

License: Apache License 2.0

Go 97.34% Shell 2.66%

mysql cloudfoundry cf-cli cf-cli-plugin

cf-mysql-plugin's People

Contributors

Stargazers

Watchers

Forkers

waterlink z4ce boyang9527 sandeepmlr sdruva brightzheng100 jaecktec nhone06 sumitatdigital orange-cloudfoundry koekj elliott-neal siropolive kinlux deorbit sumonst21

cf-mysql-plugin's Issues

'mysqldump' not found in PATH

I'm trying to run cf mysqldump <service-name> but am getting a "not found in PATH" error. I can run cf mysql <service-name> to connect, so it sees the mysql-plugin located at ~/.cf/plugins. Here is my config.json as well. Any idea what I'm doing wrong?

{
  "Plugins": {
    "mysql": {
      "Name": "mysql",
      "Location": "/home/mtvann/.cf/plugins/mysql",
      "Version": {
        "Major": 2,
        "Minor": 0,
        "Build": 0
      },
      "LibraryVersion": {
        "Major": 0,
        "Minor": 0,
        "Build": 0
      },
      "Commands": [
        {
          "Name": "mysql",
          "Alias": "",
          "HelpText": "Connect to a MySQL database service",
          "UsageDetails": {
            "Usage": "Open a mysql client to a database:\n   cf mysql \u003cservice-name\u003e [mysql args...]",
            "Options": null
          }
        },
        {
          "Name": "mysqldump",
          "Alias": "",
          "HelpText": "Dump a MySQL database",
          "UsageDetails": {
            "Usage": "Dump all tables in a database:\n   cf mysqldump \u003cservice-name\u003e [mysqldump args...]\n   Dump specific tables in a database:\n   cf mysqldump \u003cservice-name\u003e [tables...] [mysqldump args...]",
            "Options": null
          }
        }
      ]
    }
  }

CF API client doesn't traverse paginated list

In orgs with many service instances and bindings, the plugin might not list all available services because it doesn't follow next_url in the paginated API response.

Quick mitigation: query instances and bindings for the current space only
Proper fix: follow next_url

Feature Request: Automatically re-establish SSH tunnel on "Connection reset by peer"

Currently, given sufficient amount of time, or after workstation has gone to sleep, the SSH tunnel is disconnected. When this happens, we have to re-run cf mysql <name> command.

How to restore a mysql DB?

The README makes a comment about how this plugin can be used to dump and restore databases, however it does not appear to offer guidance on how to restore a DB using the plugin.

Is it possible to use this plugin to restore a mysql db? e.g., given a mysql dump, could this plugin be used to upload/restore it to a mysql service?

No MySQL databases available.

In my space I have two databases connected to a go app, which is called test-app.

Dbs:

Both are bound to the test-app. Env of app looks like:

System-Provided:
{
 "VCAP_SERVICES": {
  "mysql-dev": [
   {
    "credentials": {
     "hostname": "someHostname",
     "jdbcUrl": "jdbc:mysql://someHostname:3306/cf_xxxxx?user=xxxx\u0026password=xxxx",
     "name": "xxxx",
     "password": "xxxx",
     "port": 3306,
     "uri": "mysql://xxxx:xxxxx@someHostname:3306/dbname?reconnect=true",
     "username": "xxxx"
    },
    "label": "mysql-dev",
    "name": "db",
    "plan": "shared",
    "provider": null,
    "syslog_drain_url": null,
    "tags": [
     "mysql",
     "aws",
     "rds",
     "shared",
     "development"
    ],
    "volume_mounts": []
   }
  ]
 }
}

cf mysqldump debug-mysql (unable to get the dump, get ssh tunnel failed error)

Believe this requires ssh tunnelling enabled. Any thoughts on this / alternates on how to get this done.

PROD Environment: cf mysqldump debug-mysql (unable to get the dump, get ssh error)

panic: SSH tunnel failed: Error opening SSH connection: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none password], no supported methods remain

goroutine 58 [running]:
github.com/andreasf/cf-mysql-plugin/cfmysql.(*sshRunner).OpenSshTunnel(0xa9ac90, 0x879240, 0xc42016c370, 0x7ffc289d6ae3, 0x10, 0xc420204680, 0x3b, 0xc420166ef0, 0x4, 0xc420186f00, ...)
/home/travis/gopath/src/github.com/andreasf/cf-mysql-plugin/cfmysql/ssh_runner.go:25 +0x260
created by github.com/andreasf/cf-mysql-plugin/cfmysql.(*cfService).OpenSshTunnel
/home/travis/gopath/src/github.com/andreasf/cf-mysql-plugin/cfmysql/cf_service.go:61 +0x107

Unable to retrieve services

Unable to retrieve services: Unable to retrieve service instances: Get https://api.sys.pikes.pal.pivotal.io/v2/service_instances: dial tcp 35.201.107.13:443: connectex: No connection could be made because the target machine actively refused it.

When I trace the call it shows...

$ CF_TRACE=1 cf mysql

REQUEST: [2017-12-07T14:47:48-07:00]
POST /oauth/token HTTP/1.1
Host: login.sys.pikes.pal.pivotal.io
Accept: application/json
Authorization: [PRIVATE DATA HIDDEN]
Connection: close
Content-Type: application/x-www-form-urlencoded
User-Agent: go-cli 6.33.0+a345ea34d.2017-11-20 / windows

grant_type=refresh_token&refresh_token=eyJhbGciOiJSUzI1NiIsImtpZCI6ImtleS0xIiwidHlwIjoiSldUIn0.eyJqdGkiOiI0M2FjZWI4ZjA3NjE0YTI0OGYwZTZjMmZjZTEyZWYyMi1yIiwic3ViIjoiYjYyZDkxMTQtZTNkYS00MDFkLWE3MDAtZWEwMzI5NDkyYWE3Iiwic2NvcGUiOlsib3BlbmlkIiwidWFhLnVzZXIiLCJjbG91ZF9jb250cm9sbGVyLnJlYWQiLCJwYXNzd29yZC53cml0ZSIsImNsb3VkX2NvbnRyb2xsZXIud3JpdGUiXSwiaWF0IjoxNTExODA0NzgzLCJleHAiOjE1MTMwMTQzODMsImNpZCI6ImNmIiwiY2xpZW50X2lkIjoiY2YiLCJpc3MiOiJodHRwczovL3VhYS5zeXMucGlrZXMucGFsLnBpdm90YWwuaW8vb2F1dGgvdG9rZW4iLCJ6aWQiOiJ1YWEiLCJncmFudF90eXBlIjoicGFzc3dvcmQiLCJ1c2VyX25hbWUiOiJtaWNoYWVsLnJ1bXBmQHQtc3lzdGVtcy5jb20iLCJvcmlnaW4iOiJ1YWEiLCJ1c2VyX2lkIjoiYjYyZDkxMTQtZTNkYS00MDFkLWE3MDAtZWEwMzI5NDkyYWE3IiwicmV2X3NpZyI6ImVhZjVkY2IyIiwiYXVkIjpbImNsb3VkX2NvbnRyb2xsZXIiLCJwYXNzd29yZCIsImNmIiwidWFhIiwib3BlbmlkIl19.YKcUvsSBFdlWB8axV5s06H6vmMpTD1AyZfDp3ii9Tj8OHKNXtKAF6jNq_QgivpMlEsdOGae2m4GBRlzWR9YkeRo-CszHJ_dco1ZA6VrppE4XWW7khiO5XSJp4qwAOxbopcFmm9_6yIwS7hDom_xHQE-woxMa5Dw93au8MzArpYgI7ISOfGWva3hFY0xPFcJCkjh8qTVtMTXDyp9aSFsam3iduGsMpuHUmL3clbeNTUBVIVBlyF09g7K507LeIocxM-fFwi_k3o9nbQlXphH-07bXYl_YM-YY6J9ti_4R__qcCxI77uzk0RopVPrTTlDdVEOud3jXyTqxjAC-RKU9_w&scope=

REQUEST: [2017-12-07T14:47:48-07:00]
POST /oauth/token HTTP/1.1
Host: login.sys.pikes.pal.pivotal.io
Accept: application/json
Authorization: [PRIVATE DATA HIDDEN]
Connection: close
Content-Type: application/x-www-form-urlencoded
User-Agent: go-cli 6.33.0+a345ea34d.2017-11-20 / windows

grant_type=refresh_token&refresh_token=eyJhbGciOiJSUzI1NiIsImtpZCI6ImtleS0xIiwidHlwIjoiSldUIn0.eyJqdGkiOiI0M2FjZWI4ZjA3NjE0YTI0OGYwZTZjMmZjZTEyZWYyMi1yIiwic3ViIjoiYjYyZDkxMTQtZTNkYS00MDFkLWE3MDAtZWEwMzI5NDkyYWE3Iiwic2NvcGUiOlsib3BlbmlkIiwidWFhLnVzZXIiLCJjbG91ZF9jb250cm9sbGVyLnJlYWQiLCJwYXNzd29yZC53cml0ZSIsImNsb3VkX2NvbnRyb2xsZXIud3JpdGUiXSwiaWF0IjoxNTExODA0NzgzLCJleHAiOjE1MTMwMTQzODMsImNpZCI6ImNmIiwiY2xpZW50X2lkIjoiY2YiLCJpc3MiOiJodHRwczovL3VhYS5zeXMucGlrZXMucGFsLnBpdm90YWwuaW8vb2F1dGgvdG9rZW4iLCJ6aWQiOiJ1YWEiLCJncmFudF90eXBlIjoicGFzc3dvcmQiLCJ1c2VyX25hbWUiOiJtaWNoYWVsLnJ1bXBmQHQtc3lzdGVtcy5jb20iLCJvcmlnaW4iOiJ1YWEiLCJ1c2VyX2lkIjoiYjYyZDkxMTQtZTNkYS00MDFkLWE3MDAtZWEwMzI5NDkyYWE3IiwicmV2X3NpZyI6ImVhZjVkY2IyIiwiYXVkIjpbImNsb3VkX2NvbnRyb2xsZXIiLCJwYXNzd29yZCIsImNmIiwidWFhIiwib3BlbmlkIl19.YKcUvsSBFdlWB8axV5s06H6vmMpTD1AyZfDp3ii9Tj8OHKNXtKAF6jNq_QgivpMlEsdOGae2m4GBRlzWR9YkeRo-CszHJ_dco1ZA6VrppE4XWW7khiO5XSJp4qwAOxbopcFmm9_6yIwS7hDom_xHQE-woxMa5Dw93au8MzArpYgI7ISOfGWva3hFY0xPFcJCkjh8qTVtMTXDyp9aSFsam3iduGsMpuHUmL3clbeNTUBVIVBlyF09g7K507LeIocxM-fFwi_k3o9nbQlXphH-07bXYl_YM-YY6J9ti_4R__qcCxI77uzk0RopVPrTTlDdVEOud3jXyTqxjAC-RKU9_w&scope=

RESPONSE: [2017-12-07T14:47:50-07:00]
HTTP/1.1 200 OK
Connection: close
Transfer-Encoding: chunked
Alt-Svc: clear
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Type: application/json;charset=UTF-8
Date: Thu, 07 Dec 2017 21:47:49 GMT
Expires: 0
Pragma: no-cache
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Via: 1.1 google
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Vcap-Request-Id: 4cd0e120-5a22-43b0-6684-3353f7c9e284
X-Xss-Protection: 1; mode=block

9a2
{"access_token":"[PRIVATE DATA HIDDEN]","token_type":"[PRIVATE DATA HIDDEN]","refresh_token":"[PRIVATE DATA HIDDEN]","expires_in":7199,"scope":"cloud_controller.read password.write cloud_controller.write openid uaa.user","jti":"00f78b84c8dd43819a9e1be71d0ae171"}
0



RESPONSE: [2017-12-07T14:47:50-07:00]
HTTP/1.1 200 OK
Connection: close
Transfer-Encoding: chunked
Alt-Svc: clear
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Type: application/json;charset=UTF-8
Date: Thu, 07 Dec 2017 21:47:49 GMT
Expires: 0
Pragma: no-cache
Strict-Transport-Security: max-age=31536000 ; includeSubDomains
Via: 1.1 google
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Vcap-Request-Id: 8b4eb640-4e01-4d97-5b69-7323cdd1d394
X-Xss-Protection: 1; mode=block

9a2
{"access_token":"[PRIVATE DATA HIDDEN]","token_type":"[PRIVATE DATA HIDDEN]","refresh_token":"[PRIVATE DATA HIDDEN]","expires_in":7199,"scope":"cloud_controller.read password.write cloud_controller.write openid uaa.user","jti":"51c003b7f90d4fdf91765f831a271baa"}
0


Unable to retrieve services: Unable to retrieve service instances: Get https://api.sys.pikes.pal.pivotal.io/v2/service_instances: dial tcp 35.201.107.13:443: connectex: No connection could be made because the target machine actively refused it.

The call is done on a corporate machine with no direct access to the internet.

Feature Request: Use TLS when a CA is provided in the binding

Recent versions of MySQL v2 allow the Operator to enable TLS on the server side. This is expressed to the user in that the bindings for both app binding and service keys will have an additional entry, a TLS certificate authority.

If that's present in the binding, then it would be great if the mysql plugin would attempt to connect to the database over TLS. This is better because it means that the network path between the Diego container and the database is additionally encrypted, whereas the current implementation only encrypts traffic between the desktop client and the container.

SSH to foundations which require CAPI v3 fails

On PWS, old CAPI v2 cf ssh doesn't work anymore, I forget why.

Now, to ssh to a service instance, you have to use the cf v3-ssh command.

Here's how the current implementation fails:

→ cf mysql clickpointDB --execute='show databases;'
Creating new service key cf-mysql for clickpointDB...
panic: SSH tunnel failed: Error opening SSH connection: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none password], no supported methods remain

goroutine 13 [running]:
github.com/andreasf/cf-mysql-plugin/cfmysql.(*sshRunner).OpenSshTunnel(0x16963a0, 0x1476380, 0xc42014e870, 0x7ffeefbff8f9, 0xc, 0xc4204738c0, 0x1c, 0xc42052e2f8, 0x4, 0xc42048cd20, ...)
	/home/travis/gopath/src/github.com/andreasf/cf-mysql-plugin/cfmysql/ssh_runner.go:25 +0x260
created by github.com/andreasf/cf-mysql-plugin/cfmysql.(*cfService).OpenSshTunnel
	/home/travis/gopath/src/github.com/andreasf/cf-mysql-plugin/cfmysql/cf_service.go:61 +0x107

panic: SSH tunnel failed: Error: EOF

I just downloaded v1.3.5 of the plugin and attempted to use it on one of my services:

❯ cf mysql my-service
panic: SSH tunnel failed: Error: EOF

goroutine 83 [running]:
panic(0x35a660, 0xc420498680)
	/home/travis/.gimme/versions/go1.7.linux.amd64/src/runtime/panic.go:500 +0x1a1
github.com/andreasf/cf-mysql-plugin/cfmysql.(*CfSshRunner).OpenSshTunnel(0x610b88, 0x56c0c0, 0xc420011dc0, 0xc4201a8510, 0xc, 0x0, 0x0, 0xc420127e60, 0x1c, 0xc4201a8b00, ...)
	/home/travis/gopath/src/github.com/andreasf/cf-mysql-plugin/cfmysql/ssh_runner.go:21 +0x254
created by github.com/andreasf/cf-mysql-plugin/cfmysql.(*CfServiceImpl).OpenSshTunnel
	/home/travis/gopath/src/github.com/andreasf/cf-mysql-plugin/cfmysql/cf_service.go:93 +0xc5

Secure binding credentials breaks mysql plugin

When service instances are deployed using secure binding credentials, the credentials are no longer available via cf env or even when cf ssh into a container:

$ cf env trivial-js
Getting env variables for app trivial-js in org system / space pivotal-services as admin...
OK

System-Provided:
{
 "VCAP_SERVICES": {
  "p.mysql": [
   {
    "binding_name": null,
    "credentials": {
     "credhub-ref": "/c/548966e5-e333-4d65-8773-7b4e3bb6ca97/52f2a8d2-e9d3-4358-8f00-6c5bd64f0d09/2dd37dff-35a2-4cf3-8acb-5ca760bef861/credentials"
    },
...

This causes the following sad behavior:

$ cf services
Getting services in org system / space pivotal-services as admin...

name       service   plan     bound apps   last operation
acceptDB   p.mysql   plan-1   trivial-js   create succeeded

$ cf mysql
No MySQL databases available. Please bind your database services to a started app to make them available to 'cf mysql'.

cf install-plugin fails on MacOS

On MacOS 13.3.1 (a), cf install-plugin fails.

Here's the error on an x86 machine:

Starting download of plugin binary from repository CF-Community...
 10.42 MiB / 10.42 MiB [============================================] 100.00% 1s
 fatal error: runtime: bsdthread_register error

runtime stack:
runtime.throw(0x142f264, 0x21)
	/home/travis/.gimme/versions/go1.10.linux.amd64/src/runtime/panic.go:619 +0x81 fp=0x7ff7bfeff578 sp=0x7ff7bfeff558 pc=0x1029401
runtime.goenvs()
	/home/travis/.gimme/versions/go1.10.linux.amd64/src/runtime/os_darwin.go:129 +0x83 fp=0x7ff7bfeff5a8 sp=0x7ff7bfeff578 pc=0x1026f83
runtime.schedinit()
	/home/travis/.gimme/versions/go1.10.linux.amd64/src/runtime/proc.go:496 +0xa4 fp=0x7ff7bfeff600 sp=0x7ff7bfeff5a8 pc=0x102bcc4
runtime.rt0_go(0x7ff7bfeff630, 0x3, 0x7ff7bfeff630, 0x1000000, 0x3, 0x7ff7bfeff848, 0x7ff7bfeff87d, 0x7ff7bfeff883, 0x0, 0x7ff7bfeff890, ...)
	/home/travis/.gimme/versions/go1.10.linux.amd64/src/runtime/asm_amd64.s:252 +0x1f4 fp=0x7ff7bfeff608 sp=0x7ff7bfeff600 pc=0x1052544
exit status 2
File is not a valid cf CLI plugin binary.
FAILED

Here's the error on an M1 machine:

Starting download of plugin binary from repository CF-Community...
 10.42 MiB / 10.42 MiB [===========================================================================] 100.00% 0s
signal: segmentation fault
File is not a valid cf CLI plugin binary.
FAILED

Does not use current space

Hello.
When I am in an organisation with multiple spaces, and I execute
cf mysql
I get an overview with all databases instead just the databases in my space, I am currently in.

Same issue with using commands with a database name, appearing in two spaces.

panic: SSH tunnel failed:

Hello,

my mysql connexion works , but suddenly it doesn't work,

all mysql connexion of an org don't work , on a other org it's ok
my ssh connexion is ok

version driver mysql-plugin: 2.0.0

my error:
**cf mysql forum-oft-aero-OMFRED-mysql
panic: SSH tunnel failed: Erreur lors de l'ouverture de la connexion SSH : ssh: handshake failed: ssh: unable to authenticate, attempted methods [none password], no supported methods remain

goroutine 37 [running]:
github.com/andreasf/cf-mysql-plugin/cfmysql.(sshRunner).OpenSshTunnel(0xaabd30, 0x88b900, 0xc04210e840, 0xc04200a860, 0x1b, 0xc04211a490, 0xe, 0xc04211a500, 0x4, 0xc0422264e0, ...)
/home/travis/gopath/src/github.com/andreasf/cf-mysql-plugin/cfmysql/ssh_runner.go:25 +0x267
created by github.com/andreasf/cf-mysql-plugin/cfmysql.(cfService).OpenSshTunnel
/home/travis/gopath/src/github.com/andreasf/cf-mysql-plugin/cfmysql/cf_service.go:61 +0x10e

Feature request: work with a cf foundation with self-signed cert

currently i can't use cf mysql with a cf foundation that uses self-signed certs. would be great if i could turn off certificate validation. thanks.