New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for automatic database users for Postgres #25614
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
First round. Will test it out next round.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
First pass.
@smallinsky @greedy52 I've addressed your feedback folks, mind taking another look? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
tested with RDS today and this feature is awesome!
One small nit on a corner case, when admin user is not setup properly, message from tsh is not very obvious what's wrong sometimes:
$ tsh db connect --db-user STeve --db-name test postgres-rds
psql: error: connection to server at "localhost" (::1), port 58348 failed: Connection refused
Is the server running on that host and accepting TCP/IP connections?
connection to server at "localhost" (127.0.0.1), port 58348 failed: FATAL: password authentication failed for user "not-found"
ERROR: exit status 2
if db.GetAdminUser() != "" && username == "" { | ||
log.Debugf("Defaulting to Teleport username %q as database username.", tc.Username) | ||
username = tc.Username | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
a common problem where Teleport Connect code base may require extra changes.
@smallinsky PTAL? |
ed4f7a6
to
9717c48
Compare
Implements RFD 113.
A couple of minor optional things mentioned in the RFD are missing from the implementation (like auditing activate/deactivate queries). I'll add them later while doing more testing during review or as a follow up.