Skip to content

[BB-906] baton-sql-server: add user deprovisioning #28

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Bencheng21 merged 2 commits into from
Jun 20, 2025
Merged

[BB-906] baton-sql-server: add user deprovisioning #28

Bencheng21 merged 2 commits into from
Jun 20, 2025

Conversation

@Bencheng21
Copy link
Contributor

@Bencheng21 Bencheng21 commented Jun 18, 2025
edited by atlassian bot
Loading

Description.

Follow doc to add account deprovisioning.

As BB-906 described, account deprovisioning could be disable user login, so Delete() function is used to disable user.

Test.

  1. Before account deprovisioning
image
  1. Run the delete command
image 3. Check if the user is diabled. image

MarcusGoldschmidt
MarcusGoldschmidt reviewed Jun 18, 2025
View reviewed changes
pkg/mssqldb/server.go
Comment on lines +39 to +40
query := fmt.Sprintf(`
ALTER LOGIN [%s] DISABLE;`, userName)
Copy link
Contributor

@MarcusGoldschmidt MarcusGoldschmidt Jun 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Needs to sanitize the username to prevent sql injection

MarcusGoldschmidt
MarcusGoldschmidt reviewed Jun 18, 2025
View reviewed changes
pkg/connector/server_user.go Outdated
if err != nil {
return nil, err
}
return nil, err
Copy link
Contributor

@MarcusGoldschmidt MarcusGoldschmidt Jun 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
return nil, err
return nil, nil

MarcusGoldschmidt
MarcusGoldschmidt reviewed Jun 18, 2025
View reviewed changes
pkg/connector/server_user.go
"go.uber.org/zap"
)

var _ connectorbuilder.ResourceDeleter = (*userPrincipalSyncer)(nil)
Copy link
Contributor

@MarcusGoldschmidt MarcusGoldschmidt Jun 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do we need this line?

Copy link
Contributor Author

@Bencheng21 Bencheng21 Jun 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This one can check if userPrincipalSyncer implements all the methods in ResourceDeleter`. If not, an error is thrown in compile time.

It acts as a safety check, any changes in ResourceDeleter requires us to change baton-sql-server.
It's good for migration, IMO

Copy link
Contributor

@MarcusGoldschmidt MarcusGoldschmidt Jun 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great

Bencheng21
Bencheng21 commented Jun 20, 2025
View reviewed changes
pkg/mssqldb/server.go
}

func (c *Client) DisableUserFromServer(ctx context.Context, userName string) error {
if strings.ContainsAny(userName, "[]\"';") {
Copy link
Contributor Author

@Bencheng21 Bencheng21 Jun 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sanitize the username here.

@Bencheng21 Bencheng21 merged commit 963fcbd into main Jun 20, 2025
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@MarcusGoldschmidt MarcusGoldschmidt MarcusGoldschmidt approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Bencheng21 @MarcusGoldschmidt