Mssql integrated security (#30369)

* update go-mssqldb package * mssql: support for Windows integrated security Adds a dropdown to the config page to choose between SQL Server auth and Windows auth. If the login/username is empty then the go-mssqldb driver will use single sign on (Windows integrated security) if on Windows. * mssql: update ds - don't ignore the user column

Mssql integrated security (#30369)
* update go-mssqldb package * mssql: support for Windows integrated security Adds a dropdown to the config page to choose between SQL Server auth and Windows auth. If the login/username is empty then the go-mssqldb driver will use single sign on (Windows integrated security) if on Windows. * mssql: update ds - don't ignore the user column
b39df225 · Daniel Lee · GitHub · 1d689888 · b39df225 · b39df225
Commit b39df225 authored Jan 20, 2021 by Daniel Lee Committed by GitHub Jan 20, 2021
Showing with 38 additions and 12 deletions

docs/sources/datasources/mssql.md
+0 -0

go.mod
+1 -1

pkg/services/sqlstore/datasource.go
+1 -0

public/app/plugins/datasource/mssql/config_ctrl.ts
+13 -0

public/app/plugins/datasource/mssql/partials/config.html
+23 -11

No files found.
--- a/docs/sources/datasources/mssql.md
+++ b/docs/sources/datasources/mssql.md
--- a/go.mod
+++ b/go.mod
@@ -23,7 +23,7 @@ require (
 	github.com/cortexproject/cortex v1.4.1-0.20201022071705-85942c5703cf
 	github.com/crewjam/saml v0.4.6-0.20201227203850-bca570abb2ce
 	github.com/davecgh/go-spew v1.1.1
-	github.com/denisenkom/go-mssqldb v0.0.0-20200620013148-b91950f658ec
+	github.com/denisenkom/go-mssqldb v0.0.0-20200910202707-1e08a3fab204
 	github.com/facebookgo/ensure v0.0.0-20160127193407-b4ab57deab51 // indirect
 	github.com/facebookgo/inject v0.0.0-20180706035515-f23751cae28b
 	github.com/facebookgo/stack v0.0.0-20160209184415-751773369052 // indirect

--- a/pkg/services/sqlstore/datasource.go
+++ b/pkg/services/sqlstore/datasource.go
@@ -243,6 +243,7 @@ func UpdateDataSource(cmd *models.UpdateDataSourceCommand) error {
 		// plain text fields to SecureJsonData.
 		sess.MustCols("password")
 		sess.MustCols("basic_auth_password")
+		sess.MustCols("user")

 		var updateSession *xorm.Session
 		if cmd.Version != 0 {

--- a/public/app/plugins/datasource/mssql/config_ctrl.ts
+++ b/public/app/plugins/datasource/mssql/config_ctrl.ts
@@ -10,11 +10,24 @@ export class MssqlConfigCtrl {
  current: any;
  onPasswordReset: ReturnType<typeof createResetHandler>;
  onPasswordChange: ReturnType<typeof createChangeHandler>;
+  showUserCredentials: boolean;

  /** @ngInject */
  constructor($scope: any) {
    this.current.jsonData.encrypt = this.current.jsonData.encrypt || 'false';
+    this.current.jsonData.authenticationType = this.current.jsonData.authenticationType || 'SQL Server Authentication';
    this.onPasswordReset = createResetHandler(this, PasswordFieldEnum.Password);
    this.onPasswordChange = createChangeHandler(this, PasswordFieldEnum.Password);
+    this.showUserCredentials = this.current.jsonData.authenticationType !== 'Windows Authentication';
+  }
+
+  onAuthenticationTypeChange() {
+    // This is using the fallback in https://github.com/denisenkom/go-mssqldb to use Windows Auth if login/user id is empty.
+    if (this.current.jsonData.authenticationType === 'Windows Authentication') {
+      this.current.user = '';
+      this.current.password = '';
+    }
+
+    this.showUserCredentials = this.current.jsonData.authenticationType !== 'Windows Authentication';
  }
 }
--- a/public/app/plugins/datasource/mssql/partials/config.html
+++ b/public/app/plugins/datasource/mssql/partials/config.html
@@ -12,21 +12,33 @@
 		<input type="text" class="gf-form-input" style="width: 352px" ng-model='ctrl.current.database' placeholder="database name" required></input>
 	</div>

-	<div class="gf-form-inline">
+	<div class="gf-form">
+		<label class="gf-form-label width-7">Authentication</label>
+		<div class="gf-form-select-wrapper max-width-15 gf-form-select-wrapper--has-help-icon">
+			<select class="gf-form-input" ng-model="ctrl.current.jsonData.authenticationType" ng-options="mode for mode in ['Windows Authentication', 'SQL Server Authentication']" ng-init="ctrl.current.jsonData.authenticationType" ng-change="ctrl.onAuthenticationTypeChange()"></select>
+			<info-popover mode="right-absolute">
+				<ul>
+					<li><i>SQL Server Authentication</i> This is the default mechanism to connect to MS SQL Server. Enter the SQL Server Authentication login or the Windows Authentication login in the DOMAIN\User format.</li>
+					<li><i>Windows Authentication</i> Windows Integrated Security - single sign on for users who are already logged onto Windows and have enabled this option for MS SQL Server.</li>
+				</ul>
+			</info-popover>
+		</div>
+	</div>
+	<div class="gf-form-inline" ng-show="ctrl.showUserCredentials">
 		<div class="gf-form max-width-15">
 			<span class="gf-form-label width-7">User</span>
 			<input type="text" class="gf-form-input" ng-model='ctrl.current.user' placeholder="user"></input>
 		</div>
-    <div class="gf-form">
-      <secret-form-field
-        isConfigured="ctrl.current.secureJsonFields.password"
-        value="ctrl.current.secureJsonData.password"
-        on-reset="ctrl.onPasswordReset"
-        on-change="ctrl.onPasswordChange"
-        labelWidth="7"
-        inputWidth="7"
-      />
-    </div>
+		<div class="gf-form">
+			<secret-form-field
+				isConfigured="ctrl.current.secureJsonFields.password"
+				value="ctrl.current.secureJsonData.password"
+				on-reset="ctrl.onPasswordReset"
+				on-change="ctrl.onPasswordChange"
+				labelWidth="7"
+				inputWidth="7"
+			/>
+		</div>
 	</div>

 	<div class="gf-form">