SQL approval integration

2023-12-26 06:11:49  Updated

Background information

ODC V4.2.0 has a built-in SQL check process that implements database security control in team collaboration scenarios. The SQL check specifications are environment specific. That is, the data sources in the same environment are checked against the same set of SQL check specifications.

ODC V4.2.0 allows system administrators and users with external integration management permissions to configure integrations with external SQL review systems. You can reference the integration of an external SQL approval system on the SQL window specification tab. If the integration of the external SQL approval system is enabled on the SQL window specification tab, ODC calls APIs of the external SQL approval system for SQL statement check when SQL statements are executed in the SQL window.

This topic describes how to configure and manage SQL approval integration.

Execution process

1

  1. The ODC system administrator enables SQL approval integration and sets the API information for accessing the external SQL approval system based on the configuration template provided by ODC, and creates the SQL approval integration configuration.

  2. The ODC system administrator enables SQL approval integration on the SQL window specification tab.

  3. An ODC user executes an SQL statement in the SQL window. ODC calls the API of the external SQL approval system to initiate an SQL check request.

Configuration

Configuration method

Level-1 parameter Level-2 parameter Level-3 parameter Level-4 parameter Type Default value Description
http connectTimeoutSeconds - - Integer 5 The connection timeout period of the HTTP request. Unit: seconds.
http socketTimeoutSeconds - - Integer 30 The socket timeout period of the HTTP request. Unit: seconds.
api check (used to initiate an SQL check request to the external SQL review system) method - Enum POST The HTTP request method. Valid values: GET, POST, PUT, and PATCH.
api check (used to initiate an SQL check request to the external SQL review system) url - String <NULL> The HTTP request address.
api check (used to initiate an SQL check request to the external SQL review system) headers - Map<String, String> <NULL> The HTTP request header.
api check (used to initiate an SQL check request to the external SQL review system) queryParameters - Map<String, String> <NULL> The HTTP request parameter.
api check (used to initiate an SQL check request to the external SQL review system) body type ENUM <NULL> The format of the HTTP request body. Valid value: FORM_DATA.
api check (used to initiate an SQL check request to the external SQL review system) body content Object <NULL> The content of the HTTP request body.
api check (used to initiate an SQL check request to the external SQL review system) requestEncrypted - Boolean false Specifies whether the HTTP request body is encrypted.
api check (used to initiate an SQL check request to the external SQL review system) requestSuccessExpression - String <NULL> An expression that parses the response body and determines whether a request is successfully executed. The expression conforms to the SPEL syntax specification.
api check (used to initiate an SQL check request to the external SQL review system) inWhiteListExpression - String <NULL> An expression that parses the response body and determines whether the SQL statement to be executed is in the allowlist. The expression conforms to the Spring Expression Language (SPEL) syntax specification.
api check (used to initiate an SQL check request to the external SQL review system) inBlackListExpression - String <NULL> An expression that parses the response body and determines whether the SQL statement to be executed is in the blocklist. The expression conforms to the SpEL syntax specification.
api check (used to initiate an SQL check request to the external SQL review system) needReviewExpression - String <NULL> An expression that parses the response body and determines whether the SQL statement needs to be approved for execution. The expression conforms to the SpEL syntax specification.
api check (used to initiate an SQL check request to the external SQL review system) responseEncrypted - Boolean false Specifies whether the HTTP response body is encrypted.

Configuration template

# This is a template for integrating a custom SQL interceptor system.
# You must fill in the required fields according to the requirements to adapt to your SQL interceptor system.


# HTTP configurations
http:
  # HTTP connection timeout in seconds
  connectTimeoutSeconds: 5
  # HTTP socket timeout in seconds
  socketTimeoutSeconds: 30

# API configurations
api:
  # API configurations used to check the SQL content
  check:
    # The request method. Valid values: GET, POST, PUT, and PATCH.
    method: ~
    # Request URI
    url: ~
    # The request header in the <key: value> format.
    headers:
      # Sample of request headers
      Content-Type: application/json;charset=UTF-8
      Accept: application/json
    # Request query parameters in the <key: value> format.
    queryParameters: ~
    # Request body
    body:
      # The type of request body. Valid values: FORM_DATA and RAW.
      type: RAW
      # The content of request body in the <String> or <key: value> format. <String> is supported for the RAW type and <key: value> is supported for the FORM_DATA type.
      # Sample of request content in the RAW type
      content: |-
        {
          "sqlStatement":"${sql.content}"
        }
    # Mark whether the request body is encrypted
    requestEncrypted: false
    # Expression to judge whether the request is successful based on the response body analysis, using the SPEL syntax
    requestSuccessExpression: '[resultCode] == 0'
    # Mark whether the response body is encrypted
    responseEncrypted: false
    # Expression to judge whether the SQL to be executed is in the allowlist based on the response body analysis, using the SPEL syntax
    inWhiteListExpression: '[checkResult] == 1'
    # Expression to judge whether the SQL to be executed is in the blocklist based on the response body analysis, using the SPEL syntax
    inBlackListExpression: '[checkResult] == 2'
    # Expression to judge whether the SQL to be executed need review based on the response body analysis, using the SPEL syntax
    needReviewExpression: '[checkResult] == 3'

Prerequisites

You are the system administrator or have the external integration management permissions.

Create SQL approval integration

  1. In the project collaboration window, choose External Integration > SQL Approval Integration > Create SQL Approval Integration.

  2. In the Create Approval Integration panel, specify the following parameters.

    Parameter Description
    Name The name of the SQL approval integration configuration.
    Status Specifies whether to enable the SQL approval integration configuration.
    Settings Edit the YAML file online to configure approval integration. For more information, see Configuration.

  3. Click Save. The SQL approval integration configuration is created.

  4. In the SQL approval integration list, you can enable, view, edit, and delete the SQL approval integration settings.

  5. Reference the SQL approval integration configuration on the SQL window specification tab.

Manage SQL approval integration configurations

In the SQL approval integration list, click View, Edit, or Delete in the Actions column to view, edit, or delete information about the SQL approval integration configuration.

References

Last
Next

OceanBaseOceanBase

OceanBase, A Highly Scalable Database for Transactional, Analytical, and AI Workloads.

Company

About OceanBaseContact UsPartnerTrust Center

Product

OceanBase CloudOceanBase EnterpriseQuick StartDownloadPricing

Resources

DocsBlogWhite Paper

Follow us

LinkedInLinkedInDiscordDiscordTwitterTwitterYoutubeYoutubeForumForumGitHubGitHubStack OverflowStack Overflow

© OceanBase 2024. All rights reserved | Cloud Service Agreement | Privacy Policy | Legal | Security

Contact Us