feat(authentication): suport ldap over unix socket (#5397)

This adds support for LDAP unix sockets using the ldapi scheme. In addition it improves all of the address related parsing significantly deprecating old options.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>

3 files changed, 6 insertions, 30 deletions

diff --git a/internal/storage/const.go b/internal/storage/const.go
index 286d39620..2dec1b5e4 100644
--- a/internal/storage/const.go
+++ b/internal/storage/const.go
@@ -82,11 +82,6 @@ func (s OAuth2SessionType) Table() string {
 }
 
 const (
-	sqlNetworkTypeTCP        = "tcp"
-	sqlNetworkTypeUnixSocket = "unix"
-)
-
-const (
 	encryptionNameCheck = "check"
 )
 
diff --git a/internal/storage/sql_provider_backend_mysql.go b/internal/storage/sql_provider_backend_mysql.go
index 32cc7de16..5ff2e531a 100644
--- a/internal/storage/sql_provider_backend_mysql.go
+++ b/internal/storage/sql_provider_backend_mysql.go
@@ -2,8 +2,6 @@ package storage
 
 import (
 	"crypto/x509"
-	"fmt"
-	"path"
 	"time"
 
 	"github.com/go-sql-driver/mysql"
@@ -35,17 +33,8 @@ func NewMySQLProvider(config *schema.Configuration, caCertPool *x509.CertPool) (
 func dsnMySQL(config *schema.MySQLStorageConfiguration, caCertPool *x509.CertPool) (dataSourceName string) {
 	dsnConfig := mysql.NewConfig()
 
-	switch {
-	case path.IsAbs(config.Host):
-		dsnConfig.Net = sqlNetworkTypeUnixSocket
-		dsnConfig.Addr = config.Host
-	case config.Port == 0:
-		dsnConfig.Net = sqlNetworkTypeTCP
-		dsnConfig.Addr = fmt.Sprintf("%s:%d", config.Host, 3306)
-	default:
-		dsnConfig.Net = sqlNetworkTypeTCP
-		dsnConfig.Addr = fmt.Sprintf("%s:%d", config.Host, config.Port)
-	}
+	dsnConfig.Net = config.Address.Network()
+	dsnConfig.Addr = config.Address.NetworkAddress()
 
 	if config.TLS != nil {
 		_ = mysql.RegisterTLSConfig("storage", utils.NewTLSConfig(config.TLS, caCertPool))
@@ -53,13 +42,6 @@ func dsnMySQL(config *schema.MySQLStorageConfiguration, caCertPool *x509.CertPoo
 		dsnConfig.TLSConfig = "storage"
 	}
 
-	switch config.Port {
-	case 0:
-		dsnConfig.Addr = config.Host
-	default:
-		dsnConfig.Addr = fmt.Sprintf("%s:%d", config.Host, config.Port)
-	}
-
 	dsnConfig.DBName = config.Database
 	dsnConfig.User = config.Username
 	dsnConfig.Passwd = config.Password
diff --git a/internal/storage/sql_provider_backend_postgres.go b/internal/storage/sql_provider_backend_postgres.go
index 252ec3e0e..ef7054951 100644
--- a/internal/storage/sql_provider_backend_postgres.go
+++ b/internal/storage/sql_provider_backend_postgres.go
@@ -6,7 +6,6 @@ import (
 	"errors"
 	"fmt"
 	"os"
-	"path"
 
 	"github.com/jackc/pgx/v5"
 	"github.com/jackc/pgx/v5/stdlib"
@@ -136,8 +135,8 @@ func NewPostgreSQLProvider(config *schema.Configuration, caCertPool *x509.CertPo
 func dsnPostgreSQL(config *schema.PostgreSQLStorageConfiguration, globalCACertPool *x509.CertPool) (dsn string) {
 	dsnConfig, _ := pgx.ParseConfig("")
 
-	dsnConfig.Host = config.Host
-	dsnConfig.Port = uint16(config.Port)
+	dsnConfig.Host = config.Address.SocketHostname()
+	dsnConfig.Port = uint16(config.Address.Port())
 	dsnConfig.Database = config.Database
 	dsnConfig.User = config.Username
 	dsnConfig.Password = config.Password
@@ -147,7 +146,7 @@ func dsnPostgreSQL(config *schema.PostgreSQLStorageConfiguration, globalCACertPo
 		"search_path": config.Schema,
 	}
 
-	if dsnConfig.Port == 0 && !path.IsAbs(dsnConfig.Host) {
+	if dsnConfig.Port == 0 && config.Address.IsUnixDomainSocket() {
 		dsnConfig.Port = 5432
 	}
 
@@ -190,7 +189,7 @@ func loadPostgreSQLTLSConfig(config *schema.PostgreSQLStorageConfiguration, glob
 			tlsConfig.VerifyPeerCertificate = newPostgreSQLVerifyCAFunc(tlsConfig)
 		case config.SSL.Mode == "verify-full":
 			tlsConfig.InsecureSkipVerify = false
-			tlsConfig.ServerName = config.Host
+			tlsConfig.ServerName = config.Address.Hostname()
 		}
 	}