feat: check that database version is supported (#44)

jackwotherspoon · web-flow · commit 18e3d42c3205 · 2021-11-05T13:00:10.000-03:00
* add request to get db version
diff --git a/app.py b/app.py
@@ -25,7 +25,11 @@
     grant_iam_group_role,
     UserService,
 )
-from iam_groups_authn.sql_admin import get_instance_users, add_missing_db_users
+from iam_groups_authn.sql_admin import (
+    get_instance_users,
+    add_missing_db_users,
+    InstanceConnectionName,
+)
 from iam_groups_authn.iam_admin import get_iam_users
 from iam_groups_authn.mysql import init_connection_engine, RoleService, mysql_username
 
@@ -34,6 +38,8 @@
     "https://www.googleapis.com/auth/admin.directory.group.member.readonly",
     "https://www.googleapis.com/auth/sqlservice.admin",
 ]
+# supported database types
+SUPPORTED_DATABASES = ["MYSQL_8_0"]
 
 app = Quart(__name__)
 
@@ -110,15 +116,31 @@ async def run_groups_authn():
 
     for instance in sql_instances:
         instance_task = asyncio.create_task(get_instance_users(user_service, instance))
-        instance_tasks[instance] = instance_task
+        database_version_task = asyncio.create_task(
+            user_service.get_database_version(
+                InstanceConnectionName(*instance.split(":"))
+            )
+        )
+        instance_tasks[instance] = (instance_task, database_version_task)
 
     # create pairings of iam groups and instances
     for group in iam_groups:
         for instance in sql_instances:
+
+            # get database version of instance and check if supported
+            database_version = await instance_tasks[instance][1]
+            if database_version not in SUPPORTED_DATABASES:
+                raise ValueError(
+                    f"Unsupported database version for instance `{instance}`. Current supported versions are: {SUPPORTED_DATABASES}"
+                )
+
             # add missing IAM group members to database
             add_users_task = asyncio.create_task(
                 add_missing_db_users(
-                    user_service, group_tasks[group], instance_tasks[instance], instance
+                    user_service,
+                    group_tasks[group],
+                    instance_tasks[instance][0],
+                    instance,
                 )
             )
 
diff --git a/iam_groups_authn/sync.py b/iam_groups_authn/sync.py
@@ -22,6 +22,7 @@
 import json
 from aiohttp import ClientSession
 from enum import Enum
+import logging
 
 # URI for OAuth2 credentials
 TOKEN_URI = "https://accounts.google.com/o/oauth2/token"
@@ -130,6 +131,40 @@ async def insert_db_user(self, user_email, instance_connection_name):
                 f"Error: Failed to add IAM user `{user_email}` to Cloud SQL database instance `{instance_connection_name.instance}`."
             ) from e
 
+    async def get_database_version(self, instance_connection_name):
+        """Get database version of a Cloud SQL instance.
+
+        Args:
+            instance_connection_name: InstanceConnectionName namedTuple.
+                (e.g. InstanceConnectionName(project='my-project', region='my-region',
+                instance='my-instance'))
+
+        Returns:
+            database_version: Database version of given Cloud SQL instance.
+        """
+        # build request to SQL Admin API
+        project = instance_connection_name.project
+        region = instance_connection_name.region
+        instance = instance_connection_name.instance
+        url = f"https://sqladmin.googleapis.com/sql/v1beta4/projects/{project}/instances/{instance}"
+
+        try:
+            # call the SQL Admin API
+            resp = await authenticated_request(
+                self.creds, url, self.client_session, RequestType.get
+            )
+            results = json.loads(await resp.text())
+            database_version = results.get("databaseVersion")
+            logging.debug(
+                "[%s:%s:%s] Database version found: %s"
+                % (project, region, instance, database_version)
+            )
+            return database_version
+        except Exception as e:
+            raise Exception(
+                f"Error: Failed to get the database version for `{instance_connection_name}`. Verify instance connection name and instance details."
+            ) from e
+
     def __del__(self):
         """Deconstructor for UserService to close ClientSession and have
         graceful exit.
