backend: Feature - enable kerberos with forked go-mysql-driver

[briangann]

What is this feature?

Replaces #38663

Switches to a fork of go-mysql-driver/mysql with krb5 support added
to use mysql with kerberos, the keytab for the authentication user needs to be set with the "standard" env variable KRB5_CLIENT_KTNAME before starting grafana-server.

using grafana with mysql as backing storage + kerberos, use the url option, and increase max_idle_conn to 10.

url = mysql://kirby@myhost.grafana.com:3306/grafanacore
max_idle_conn = 10

building requires additional libraries, and the build-ci container needs some modifications that are included for gssapi

NOTE: this also updates the ci-build toolchain (but not drone.yml), we can separate this into another PR, builds will still fail until drone is updated and the new docker image is pushed

Why do we need this feature?

Allows Grafana to communicate with MySQL Enterprise servers running under kerberos. Datasources and Grafana itself can use kerberos with this option.

Who is this feature for?

Users of MySQL Enterprise that can only use kerberos auth.

Which issue(s) does this PR fix?:

Special notes for your reviewer:

Drone build failure is expected since it will require adding additional packages to the docker image.

Please check that:

• It works as expected from a user's perspective.
• If this is a pre-GA feature, it is behind a feature toggle.
• The docs are updated, and if this is a notable improvement, it's added to our What's New doc.
• There are no known compatibility issues with older supported versions of Grafana, or plugins.
• It passes the Hosted Grafana feature readiness review for observability, scalability, performance, and security.

[grafanabot]

This pull request has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in 2 weeks if no further activity occurs. Please feel free to give a status update now, ping for review, or re-open when it's ready. Thank you for your contributions!

[grafanabot]

This pull request has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in 2 weeks if no further activity occurs. Please feel free to give a status update now, ping for review, or re-open when it's ready. Thank you for your contributions!

[grafanabot]

This pull request has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in 2 weeks if no further activity occurs. Please feel free to give a status update now, ping for review, or re-open when it's ready. Thank you for your contributions!

[github-actions]

This pull request has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in 2 weeks if no further activity occurs. Please feel free to give a status update now, ping for review, or re-open when it's ready. Thank you for your contributions!

[github-actions]

This pull request has been automatically closed because it has not had activity in the last 2 weeks. Please feel free to give a status update now, ping for review, or re-open when it's ready. Thank you for your contributions!

[sympatheticmoose]

@zoltanbedi is this still being looked at? afaik theres nothing more that plugins platform would be doing so have removed it from our board.

[zoltanbedi]

Hi @sympatheticmoose,
yes thanks we still need to follow up on this. @grafana/oss-big-tent

[aangelisc]

Is it a requirement to add these on separate lines instead of all in one?