diff --git a/aws/security_plugins/README.md b/aws/security_plugins/README.md index 3c00f6a..f860af0 100644 --- a/aws/security_plugins/README.md +++ b/aws/security_plugins/README.md @@ -1,13 +1,13 @@ -/***************************************************************************** +***************************************************************************** * README for AWS Security Plugin -* + * Last Update: January 2024 -* + * Security plugins, in general can be used to replace or extend the * mechanisms that DB2 uses to authenticate users and obtain their * group memberships. This AWS IAM security plugin is designed to authenticate * AWS Cognito users using ACCESSTOKEN to connect to Db2. -* + * For information on developing, building and deploying this security plugin, * see the [README](db2-aws-iam/README.md). Refer [`AWS_cognito.md`](AWS_cognito.md) * to know one can setup AWS cognito, create users and groups, and retrieve token to be diff --git a/aws/security_plugins/db2-aws-iam/Dockerfile b/aws/security_plugins/db2-aws-iam/Dockerfile index ea80a70..e6b2e72 100644 --- a/aws/security_plugins/db2-aws-iam/Dockerfile +++ b/aws/security_plugins/db2-aws-iam/Dockerfile @@ -1,8 +1,7 @@ # Use Db2U RHEL8 base image as the base docker image -# FROM us.icr.io/db2oncloud_dev/db2u.base@sha256:40d23c50c5a68d8490cee3634693e6e2a0735234b5c0ca75ce1d37c057cbbd4e + FROM ibmcom/db2 -LABEL description="IBM Db2 AWS IAM Security Plugin" -LABEL maintainers.author1="Andrew Hilden" +LABEL description="AWS Db2 AWS IAM Security Plugin" ARG OPENSSL_VER=1 ENV OPENSSL_VER=$OPENSSL_VER @@ -16,10 +15,6 @@ RUN echo "jenk ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers # Build the source code # RUN ./build -WORKDIR /tmp/ -WORKDIR /mnt/blumeta0/db2_config/ -COPY src/gss/users.json /mnt/blumeta0/db2_config/ -RUN chmod -R u+rwX,go+rwX /mnt/blumeta0/ WORKDIR /mnt/db2-aws-iam/src/ RUN chmod -R u+rwX,go+rwX /mnt/db2-aws-iam/ diff --git a/aws/security_plugins/db2-aws-iam/README.md b/aws/security_plugins/db2-aws-iam/README.md index 11c7a51..56950c9 100644 --- a/aws/security_plugins/db2-aws-iam/README.md +++ b/aws/security_plugins/db2-aws-iam/README.md @@ -116,7 +116,7 @@ docker exec -ti mydb2 bash sudo cp /usr/local/lib64/libaws-cpp-sdk-cognito-idp.so /opt/ibm/db2/V11.5/lib64/awssdk/RHEL/8.1/ ``` -Create symlinks for above library in /opt/ibm/db2/V11.5/lib64/ +Create symlink for above library in /opt/ibm/db2/V11.5/lib64/ ```shell cd /opt/ibm/db2/V11.5/lib64 sudo ln -s awssdk/RHEL/8.1/libaws-cpp-sdk-cognito-idp.so libaws-cpp-sdk-cognito-idp.so diff --git a/aws/security_plugins/db2-aws-iam/build.sh b/aws/security_plugins/db2-aws-iam/build.sh index af8836c..25de06c 100755 --- a/aws/security_plugins/db2-aws-iam/build.sh +++ b/aws/security_plugins/db2-aws-iam/build.sh @@ -4,10 +4,6 @@ OPENSSL_VER=$1 # Install the dependent packages sh $PWD/install_packages.sh $OPENSSL_VER -export INSTALLED_OPENSSL=$(openssl version | awk '{print $2}' | sed -e 's/[a-z]-*.*//' | awk -F. '{ print $1$2$3 }') - -export INSTALLED_JSON_C=$(yum info installed json-c | grep Version | sed -e 's/Version\s*: //g' | awk -F. '{ print $1$2$3 }') - sh $PWD/build_aws_sdk.sh $OPENSSL_VER make clean && make diff --git a/aws/security_plugins/db2-aws-iam/src/Makefile b/aws/security_plugins/db2-aws-iam/src/Makefile index f6b3031..1ab4d2c 100755 --- a/aws/security_plugins/db2-aws-iam/src/Makefile +++ b/aws/security_plugins/db2-aws-iam/src/Makefile @@ -37,8 +37,6 @@ _dummy := $(shell mkdir -p $(OUTPUTDIR)) _dummy := $(shell mkdir -p $(PLUGINDIR)/server) _dummy := $(shell mkdir -p $(PLUGINDIR)/client) _dummy := $(shell mkdir -p $(PLUGINDIR)/group) -#_dummy := $(shell chown -R bin:bin $(PLUGINDIR)) - .DEFAULT_GOAL := all @@ -166,24 +164,6 @@ tail: tailf ~/sqllib/db2dump/db2diag.log | grep AWSIAMauth -$(TEST_DIR)/unit_apikey.o: $(TEST_DIR)/unit_apikey.cpp - g++ $(CFLAGS) $(LIBS) -c -o $@ $< - - -# Command line example -$(TEST_DIR)/unit-main.o: $(TEST_DIR)/unit_main.cpp - g++ $(CFLAGS) $(LIBS) -c -o $@ $< - - -$(TEST_DIR)/unit_test_apikey: $(TEST_DIR)/unit-main.o $(TEST_DIR)/unit_apikey.o - g++ $(CFLAGS) $(LIBS) -o $@ $(TEST_DIR)/unit-main.o $(TEST_DIR)/unit_apikey.o ${GSSAPI_SERVER_MODULE} - -unit_test: $(UNIT_TEST) - ./test/$(UNIT_TEST) - -$(UNIT_TEST): $(UNIT_OBJ) $(GSSAPI_OBJ) - $(CXX) -g $(CFLAGS) $^ $(LIBS) -o $@ - .PHONY: cleanum DB2PATH = $(HOME)/sqllib ERASE = rm -f diff --git a/aws/security_plugins/db2-aws-iam/src/gss/users.json b/aws/security_plugins/db2-aws-iam/src/gss/users.json deleted file mode 100644 index 7dc1dfa..0000000 --- a/aws/security_plugins/db2-aws-iam/src/gss/users.json +++ /dev/null @@ -1,40 +0,0 @@ -{ - "iamusers": { - "IBMid-1900097PYX": "dv_ibmid_1900097pyx" - }, - "policies": { - "default": { - "max_attempts": "5", - "lock_duration": "900" - }, - "db2inst1_policy": { - "max_attempts": "5", - "lock_duration": "0" - } - }, - "groups": { - "BLUUSERS": { - "desc": "Non-Admin Group" - }, - "DB2IADM1": { - "desc": "SYSADM group" - }, - "BLUADMIN": { - "desc": "Admin Group" - } - }, - "users": { - "dv_ibmid_1900097pyx": { - "username": "dv_ibmid_1900097pyx", - "role": "DV_ADMIN", - "email": "json.test@ibm.com", - "policyname": "default", - "locked": false, - "locked_count": 0, - "locked_time": 0, - "password": "{SHA2}VK2P5JkVuB8RHZ2gDJFQ60sj3iHmetRr2oD\/92NKvuYwSSpLpICEqQ==", - "group": "bluusers" - } - }, - "rev": 0 -}