DBIx::Class::Schema::Config - Credential Management for DBIx::Class
DBIx::Class::Schema::Config is a subclass of DBIx::Class::Schema that allows the loading of credentials & configuration from a file. The actual code itself would only need to know about the name used in the configuration file. This aims to make it simpler for operations teams to manage database credentials.
A simple tutorial that compliments this documentation and explains converting an existing DBIx::Class Schema to use this software to manage credentials can be found at http://www.symkat.com/credential-management-in-dbix-class
/etc/dbic.yaml MY_DATABASE: dsn: "dbi:Pg:host=localhost;database=blog" user: "TheDoctor" password: "dnoPydoleM" TraceLevel: 1 package My::Schema use warnings; use strict; use base 'DBIx::Class::Schema::Config'; __PACKAGE__->load_namespaces; package My::Code; use warnings; use strict; use My::Schema; my $schema = My::Schema->connect('MY_DATABASE'); # arbitrary config access from anywhere in your $app my $level = My::Schema->config->{TraceLevel};
This module will load the files in the following order if they exist:
$ENV{DBIX_CONFIG_DIR} . '/dbic',
$ENV{DBIX_CONFIG_DIR}
$ENV{DBIX_CONFIG_DIR} can be configured at run-time, for instance:
DBIX_CONFIG_DIR="/var/local/" ./my_program.pl
./dbic.*
~/.dbic.*
/etc/dbic.*
The files should have an extension that Config::Any recognizes, for example /etc/dbic.yaml.
NOTE: The first available credential will be used. Therefore DATABASE in ~/.dbic.yaml will only be looked at if it was not found in ./dbic.yaml. If there are duplicates in one file (such that DATABASE is listed twice in ~/.dbic.yaml,) the first configuration will be used.
Use __PACKAGE__->config_paths([( '/file/stub', '/var/www/etc/dbic')]); to change the paths that are searched. For example:
__PACKAGE__->config_paths([( '/file/stub', '/var/www/etc/dbic')]);
package My::Schema use warnings; use strict; use base 'DBIx::Class::Schema::Config'; __PACKAGE__->config_paths([( '/var/www/secret/dbic', '/opt/database' )]);
The above code would have /var/www/secret/dbic.* and /opt/database.* searched, in that order. As above, the first credentials found would be used. This will replace the files originally searched for, not add to them.
If you would rather explicitly state the configuration files you want loaded, you can use the class accessor config_files instead.
config_files
package My::Schema use warnings; use strict; use base 'DBIx::Class::Schema::Config'; __PACKAGE__->config_files([( '/var/www/secret/dbic.yaml', '/opt/database.yaml' )]);
This will check the files, /var/www/secret/dbic.yaml, and /opt/database.yaml in the same way as config_paths, however it will only check the specific files, instead of checking for each extension that Config::Any supports. You MUST use the extension that corresponds to the file type you are loading. See Config::Any for information on supported file types and extension mapping.
/var/www/secret/dbic.yaml
/opt/database.yaml
config_paths
The config file is stored via the __PACKAGE__->config accessor, which can be called as both a class and instance method:
__PACKAGE__->config
The above code would have /var/www/secret/dbic.* and /opt/database.* searched, in that order. As above, the first credentials found would be used. This will replace the files origionally searched for, not add to them.
The API has been designed to be simple to override if you have additional needs in loading DBIC configurations.
Override this function if you want to change the loaded credentials before they are passed to DBIC. This is useful for use-cases that include decrypting encrypted passwords or making programmatic changes to the configuration before using it.
sub filter_loaded_credentials { my ( $class, $loaded_credentials, $connect_args ) = @_; ... return $loaded_credentials; }
$loaded_credentials is the structure after it has been loaded from the configuration file. In this case, $loaded_credentials->{user} eq WalterWhite and $loaded_credentials->{dsn} eq DBI:mysql:database=students;host=%s;port=3306.
$loaded_credentials
$loaded_credentials->{user}
$loaded_credentials->{dsn}
$connect_args is the structure originally passed on ->connect() after it has been turned into a hash. For instance, ->connect('DATABASE', 'USERNAME') will result in $connect_args->{dsn} eq DATABASE and $connect_args->{user} eq USERNAME.
$connect_args
->connect()
->connect('DATABASE', 'USERNAME')
$connect_args->{dsn}
$connect_args->{user}
Additional parameters can be added by appending a hashref, to the connection call, as an example, ->connect( 'CONFIG', { hostname => "db.foo.com" } ); will give $connect_args a structure like { dsn => 'CONFIG', hostname => "db.foo.com" }.
->connect( 'CONFIG', { hostname => "db.foo.com" } );
{ dsn => 'CONFIG', hostname => "db.foo.com" }
For instance, if you want to use hostnames when you make the initial connection to DBIC and are using the configuration primarily for usernames, passwords and other configuration data, you can create a config like the following:
DATABASE: dsn: "DBI:mysql:database=students;host=%s;port=3306" user: "WalterWhite" password: "relykS"
In your Schema class, you could include the following:
package My::Schema use warnings; use strict; use base 'DBIx::Class::Schema::Config'; sub filter_loaded_credentials { my ( $class, $loaded_credentials, $connect_args ) = @_; if ( $loaded_credentials->{dsn} =~ /\%s/ ) { $loaded_credentials->{dsn} = sprintf( $loaded_credentials->{dsn}, $connect_args->{hostname}); } } __PACKAGE__->load_classes; 1;
Then the connection could be done with $Schema->connect('DATABASE', { hostname = 'my.hostname.com' });>
$Schema->connect('DATABASE', { hostname =
See "load_credentials" for more complex changes that require changing how the configuration itself is loaded.
Override this function to change the way that DBIx::Class::Schema::Config loads credentials. The function takes the class name, as well as a hashref.
If you take the route of having ->connect('DATABASE') used as a key for whatever configuration you are loading, DATABASE would be $config->{dsn}
->connect('DATABASE')
$config->{dsn}
Some::Schema->connect( "SomeTarget", "Yuri", "Yawny", { TraceLevel => 1 } );
Would result in the following data structure as $config in load_credentials($class, $config):
load_credentials($class, $config)
{ dsn => "SomeTarget", user => "Yuri", password => "Yawny", TraceLevel => 1, }
Currently, load_credentials will NOT be called if the first argument to ->connect() looks like a valid DSN. This is determined by match the DSN with /^dbi:/i.
/^dbi:/i
The function should return the same structure. For instance:
package My::Schema use warnings; use strict; use base 'DBIx::Class::Schema::Config'; use LWP::Simple; use JSON # Load credentials from internal web server. sub load_credentials { my ( $class, $config ) = @_; return decode_json( get( "http://someserver.com/v1.0/database?key=somesecret&db=" . $config->{dsn} )); } __PACKAGE__->load_classes;
Kaitlyn Parkhurst (SymKat) <symkat@symkat.com> ( Blog: http://symkat.com/ )
Matt S. Trout (mst) <mst@shadowcat.co.uk>
Peter Rabbitson (ribasushi) <ribasushi@cpan.org>
Christian Walde (Mihtaldu) <walde.christian@googlemail.com>
Dagfinn Ilmari Mannsåker (ilmari) <ilmari@ilmari.org>
Matthew Phillips (mattp) <mattp@cpan.org>
This library is free software and may be distributed under the same terms as perl itself.
The latest version of this software is available at https://github.com/symkat/DBIx-Class-Schema-Config
To install DBIx::Class::Schema::Config, copy and paste the appropriate command in to your terminal.
cpanm
cpanm DBIx::Class::Schema::Config
CPAN shell
perl -MCPAN -e shell install DBIx::Class::Schema::Config
For more information on module installation, please visit the detailed CPAN module installation guide.