-
Notifications
You must be signed in to change notification settings - Fork 470
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(aws iam): support aws iam auth for postgresql components #3324
Conversation
…eds automatically Signed-off-by: Samantha Coyle <sam@diagrid.io>
Signed-off-by: Samantha Coyle <sam@diagrid.io>
Signed-off-by: Samantha Coyle <sam@diagrid.io>
Signed-off-by: Samantha Coyle <sam@diagrid.io>
Signed-off-by: Samantha Coyle <sam@diagrid.io>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for this PR.
Please move all the code for authenticating with AWS IAM to a shared package. If it's specific for Postgres, it should be in one of the common packages we have for Postgres.
This way, you can also enable it for all PG components (not just the state store v1, but also the binding and configuration store)
Signed-off-by: Samantha Coyle <sam@diagrid.io>
…nts-contrib into feat-iam-auth-postgresql
Signed-off-by: Samantha Coyle <sam@diagrid.io>
Signed-off-by: Samantha Coyle <sam@diagrid.io>
…nts-contrib into feat-iam-auth-postgresql
Signed-off-by: Samantha Coyle <sam@diagrid.io>
Signed-off-by: Samantha Coyle <sam@diagrid.io>
Signed-off-by: Samantha Coyle <sam@diagrid.io>
Signed-off-by: Samantha Coyle <sam@diagrid.io>
Signed-off-by: Samantha Coyle <sam@diagrid.io>
Signed-off-by: Samantha Coyle <sam@diagrid.io>
Signed-off-by: Samantha Coyle <sam@diagrid.io>
Signed-off-by: Samantha Coyle <sam@diagrid.io>
Signed-off-by: Samantha Coyle <sam@diagrid.io>
Signed-off-by: Samantha Coyle <sam@diagrid.io>
Signed-off-by: Samantha Coyle <sam@diagrid.io>
Signed-off-by: Samantha Coyle <sam@diagrid.io>
Signed-off-by: Samantha Coyle <sam@diagrid.io>
Signed-off-by: Samantha Coyle <sam@diagrid.io>
Signed-off-by: Samantha Coyle <sam@diagrid.io>
Can I get help/advice on what y'all want for the dependencies pls? From what I see is that the certification tests go.mod dependencies are behind what the main module dependencies are for kit and dapr. However, the main module is using kit:
And contrib in main branch also has dependencies on dapr/dapr v1.13.2 bc of fields brought into
For:
How should I proceed with fixing? bc my cert tests still fail but the main module dependencies if I bump the cert tests to are incompatible... |
Signed-off-by: joshvanl <me@joshvanl.dev>
Update dapr/dapr to master in certification tests
Signed-off-by: Samantha Coyle <sam@diagrid.io>
this is ready pls |
@@ -50,7 +50,7 @@ const ( | |||
maxConcurrency = -1 | |||
enableMTLS = false | |||
sentryAddress = "" | |||
maxRequestBodySize = 4 | |||
maxRequestBodySize = 4 << 20 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
what does this magic number do?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
cc @JoshVanL pls lmk if I'm missing anything on the below 👇 . This is based on chatting with him on it previously.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That change Josh recommended we use to help standardize the unit of measurement of config options, so that number now represents bits or bytes copied from dapr/dapr#7546
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@berndverst lmk if you need further clarification
@sicoyle I mentioned a few times to remove the patch file from your PR please. The |
Signed-off-by: Samantha Coyle <sam@diagrid.io>
…nts-contrib into feat-iam-auth-postgresql
Fixes some bugs and other issues, including unnecessary metadata options and uneven info in `metadata.yaml` files, introduced in #3324
Fixes some bugs and other issues, including unnecessary metadata options and uneven info in `metadata.yaml` files, introduced in #3324 Signed-off-by: ItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com>
@holopin-bot @sicoyle Enjoy the Dapr components badge! |
Congratulations @sicoyle, you just earned a badge! Here it is: https://holopin.io/claim/clxj3qh3w50170ckwbxautinv This badge can only be claimed by you, so make sure that your GitHub account is linked to your Holopin account. You can manage those preferences here: https://holopin.io/account. |
Description
Allow for AWS IAM auth with postgres v2. These changes rotate the authentication token automatically before the 15 minute expiration on the authentication token.
Adding support for v1 and v2 postgres statestore and config and bindings postgres types.
Please note that I removed the master connection string setup I had initially. There is no reason to use aws iam enabled on postgres and a master connection string, as the dapr user could just use the regular postgres connection string auth for that. I now have it setup to where you just use an iam enabled username and the pwd is auto generated based on the aws config file or the secretkey/accesskey for the iam enabled user.
Issue reference
#3254
Checklist
Please make sure you've completed the relevant tasks for this PR, out of the following list: