CODEWITHSUNDEEP
oracle-databasegokubernetes
kujiy
kujiy

Reputation: 6147

Why Godror make Oracle ACL recognizes the program name as `main@<hostname> (TNS V1-V3)`?

I am working on a Go project that connects to an Oracle database using the godror driver. The Oracle DB has an ACL that includes the program name. However, the K8s pods with some replicas cannot fix the hostname to a unique value, which prevents registering a unique program name on the ACL.

The program name, the Oracle DB recognizes

<go-init-name>@<hostname> (TNS V1-V3)

I have set the program name using the ALTER SESSION SET commands, but Oracle ACL does not recognize it.

params.SetSessionParamOnInit("CLIENT_INFO", "main")
params.SetSessionParamOnInit("MODULE", "main")
params.SetSessionParamOnInit("ACTION", "main")
params.SetSessionParamOnInit("PROGRAM", "main")

ChatGPT guided option strings, but it seems godror does not support it.

url := os.Getenv("ORACLE_URL") + "?appname=main&module=main&program=main&connectionClass=main&standaloneConnection=1"

I have checked the godror repo and found that the (TNS V1-V3) part is not explicitly set in the code. It seems to be automatically inserted by the Oracle client library.

Questions:

  1. What is causing Oracle to recognize the program name as main@<hostname> (TNS V1-V3)?
  2. How can I ensure that Oracle ACL recognizes the program name as main without the (TNS V1-V3) suffix?

Any insights or solutions would be greatly appreciated. Thank you!

Upvotes: 0

Views: 44

Answers (1)

Christopher Jones
Christopher Jones

Reputation: 10661

Godror sits on ODPI-C which uses Oracle Call Interface. OCI does not provide an API to change the PROGRAM, HOST or similar values. I expect that the original Oracle designers intended those columns to be immutable so that DBAs could properly track what was connecting - even recently DBAs have mentioned this as a concern.

At some stage JDBC thin mode and now python-oracledb thin mode and node-oracledb thin mode have allowed these additional values to be set. Currently, general OCI-based solutions are to fiddle with the application binary names (e.g. node --title xxx with node-oracledb thick mode) but the (TNS V1-V3) will likely be appended internally by OCI. Or you can make use of another attribute.

You could open an request on the Godror repo to make DriverName be settable since this will be passed to OCI as the CLIENT_DRIVER of the V$SESSION_CONNECT_INFO view.

Upvotes: 1

Related Questions