Merge pull request #13678 from ramiro/add-encrypt-mssql-ds-option

Add encrypt setting to MSSQL data source.

Merge pull request #13678 from ramiro/add-encrypt-mssql-ds-option
Add encrypt setting to MSSQL data source.
3612a1c0 · Marcus Efraimsson · GitHub · a825f42a · 49a3bd30 · 3612a1c0
Commit 3612a1c0 authored Oct 16, 2018 by Marcus Efraimsson Committed by GitHub Oct 16, 2018
6 changed files
--- a/docs/sources/administration/provisioning.md
+++ b/docs/sources/administration/provisioning.md
@@ -166,6 +166,7 @@ Since not all datasources have the same configuration settings we only have the 
 | tsdbVersion | string | OpenTSDB | Version |
 | tsdbResolution | string | OpenTSDB | Resolution |
 | sslmode | string | PostgreSQL | SSLmode. 'disable', 'require', 'verify-ca' or 'verify-full' |
+| encrypt | string | MSSQL | Connection SSL encryption handling. 'disable', 'false' or 'true' |
 | postgresVersion | number | PostgreSQL | Postgres version as a number (903/904/905/906/1000) meaning v9.3, v9.4, ..., v10 |
 | timescaledb | boolean | PostgreSQL | Enable usage of TimescaleDB extension |
 | maxOpenConns | number | MySQL, PostgreSQL & MSSQL | Maximum number of open connections to the database (Grafana v5.4+) |

--- a/docs/sources/features/datasources/mssql.md
+++ b/docs/sources/features/datasources/mssql.md
@@ -32,6 +32,7 @@ Name | Description
 *Database* | Name of your MSSQL database.
 *User* | Database user's login/username
 *Password* | Database user's password
+*Encrypt* | This option determines whether or to which extent a secure SSL TCP/IP connection will be negotiated with the server, default `false` (Grafana v5.4+).
 *Max open* | The maximum number of open connections to the database, default `unlimited` (Grafana v5.4+).
 *Max idle* | The maximum number of connections in the idle connection pool, default `2` (Grafana v5.4+).
 *Max lifetime* | The maximum amount of time in seconds a connection may be reused, default `14400`/4 hours (Grafana v5.4+).
@@ -72,8 +73,8 @@ Make sure the user does not get any unwanted privileges from the public role.

 ### Known Issues

-MSSQL 2008 and 2008 R2 engine cannot handle login records when SSL encryption is not disabled. Due to this you may receive an `Login error: EOF` error when trying to create your datasource.
-To fix MSSQL 2008 R2 issue, install MSSQL 2008 R2 Service Pack 2. To fix MSSQL 2008 issue, install Microsoft MSSQL 2008 Service Pack 3 and Cumulative update package 3 for MSSQL 2008 SP3.
+If you're using an older version of Microsoft SQL Server like 2008 and 2008R2 you may need to disable encryption to be able to connect.
+If possible, we recommend you to use the latest service pack available for optimal compatibility.

 ## Query Editor


--- a/pkg/tsdb/mssql/mssql.go
+++ b/pkg/tsdb/mssql/mssql.go
@@ -52,13 +52,18 @@ func generateConnectionString(datasource *models.DataSource) string {
 	}

 	server, port := hostParts[0], hostParts[1]
-	return fmt.Sprintf("server=%s;port=%s;database=%s;user id=%s;password=%s;",
+	encrypt := datasource.JsonData.Get("encrypt").MustString("false")
+	connStr := fmt.Sprintf("server=%s;port=%s;database=%s;user id=%s;password=%s;",
 		server,
 		port,
 		datasource.Database,
 		datasource.User,
 		password,
 	)
+	if encrypt != "false" {
+		connStr += fmt.Sprintf("encrypt=%s;", encrypt)
+	}
+	return connStr
 }

 type mssqlRowTransformer struct {

--- a/public/app/plugins/datasource/mssql/config_ctrl.ts
+++ b/public/app/plugins/datasource/mssql/config_ctrl.ts
+export class MssqlConfigCtrl {
+  static templateUrl = 'partials/config.html';
+
+  current: any;
+
+  /** @ngInject */
+  constructor($scope) {
+    this.current.jsonData.encrypt = this.current.jsonData.encrypt || 'false';
+  }
+}
--- a/public/app/plugins/datasource/mssql/module.ts
+++ b/public/app/plugins/datasource/mssql/module.ts
 import { MssqlDatasource } from './datasource';
 import { MssqlQueryCtrl } from './query_ctrl';
-
-class MssqlConfigCtrl {
-  static templateUrl = 'partials/config.html';
-}
+import { MssqlConfigCtrl } from './config_ctrl';

 const defaultQuery = `SELECT
    <time_column> as time,

--- a/public/app/plugins/datasource/mssql/partials/config.html
+++ b/public/app/plugins/datasource/mssql/partials/config.html
@@ -27,6 +27,22 @@
 			<a class="btn btn-secondary gf-form-btn" href="#" ng-click="ctrl.current.secureJsonFields.password = false">reset</a>
 		</div>
 	</div>
+
+	<div class="gf-form">
+		<label class="gf-form-label width-7">Encrypt</label>
+		<div class="gf-form-select-wrapper max-width-15 gf-form-select-wrapper--has-help-icon">
+			<select class="gf-form-input" ng-model="ctrl.current.jsonData.encrypt" ng-options="mode for mode in ['disable', 'false', 'true']" ng-init="ctrl.current.jsonData.encrypt"></select>
+			<info-popover mode="right-absolute">
+				Determines whether or to which extent a secure SSL TCP/IP connection will be negotiated with the server.
+				<ul>
+					<li><i>disable</i> - Data sent between client and server is not encrypted.</li>
+					<li><i>false</i> - Data sent between client and server is not encrypted beyond the login packet. (default)</li>
+					<li><i>true</i> - Data sent between client and server is encrypted.</li>
+				</ul>
+				If you're using an older version of Microsoft SQL Server like 2008 and 2008R2 you may need to disable encryption to be able to connect.
+			</info-popover>
+		</div>
+	</div>
 </div>

 <b>Connection limits</b>