css-test/scripts/mssql_probe.py

"""Quick SQL Server connectivity probe using SQLAlchemy + Kerberos (integrated auth).

Prereqs on the host:
  - krb5-workstation installed and /etc/krb5.conf configured
  - A valid TGT in the cache pointed to by $KRB5CCNAME
      e.g. KRB5CCNAME=FILE:/var/lib/recon-ranger/krb5_ccache
  - Microsoft ODBC Driver 18 for SQL Server (msodbcsql18) + unixODBC
  - Python packages: sqlalchemy, pyodbc

Usage:
    MSSQL_HOST=sql01.prod.example MSSQL_DB=ReconRanger \
        python scripts/mssql_probe.py
"""

from __future__ import annotations

import os
import sys
from urllib.parse import quote_plus

from sqlalchemy import create_engine, text


def build_url() -> str:
    host = os.environ["MSSQL_HOST"]
    database = os.environ["MSSQL_DB"]
    port = os.environ.get("MSSQL_PORT", "1433")
    driver = os.environ.get("MSSQL_ODBC_DRIVER", "ODBC Driver 18 for SQL Server")

    odbc = (
        f"DRIVER={{{driver}}};"
        f"SERVER={host},{port};"
        f"DATABASE={database};"
        "Trusted_Connection=yes;"
        "Encrypt=yes;"
        "TrustServerCertificate=yes;"
    )
    return f"mssql+pyodbc:///?odbc_connect={quote_plus(odbc)}"


def main() -> int:
    engine = create_engine(build_url(), pool_pre_ping=True)
    with engine.connect() as conn:
        row = conn.execute(
            text("SELECT SUSER_SNAME() AS login, DB_NAME() AS db, @@VERSION AS version")
        ).one()
        print(f"Logged in as : {row.login}")
        print(f"Database     : {row.db}")
        print(f"Server       : {row.version.splitlines()[0]}")
    return 0


if __name__ == "__main__":
    sys.exit(main())