Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for automatic database users for Postgres #25614

Merged
merged 1 commit into from May 18, 2023
Merged

Add support for automatic database users for Postgres #25614

merged 1 commit into from May 18, 2023

Conversation

r0mant
Copy link
Collaborator

@r0mant r0mant commented May 4, 2023
edited

Implements RFD 113.

A couple of minor optional things mentioned in the RFD are missing from the implementation (like auditing activate/deactivate queries). I'll add them later while doing more testing during review or as a follow up.

@r0mant r0mant requested review from greedy52 and smallinsky May 4, 2023 03:33
@github-actions github-actions bot added database-access Database access related issues and PRs size/lg labels May 4, 2023
greedy52
greedy52 reviewed May 4, 2023
View reviewed changes
Copy link
Contributor

@greedy52 greedy52 left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

First round. Will test it out next round.

api/constants/constants.go Outdated Show resolved Hide resolved
lib/srv/db/common/role/role.go Outdated Show resolved Hide resolved
lib/srv/db/postgres/users.go Show resolved Hide resolved
lib/services/role.go Show resolved Hide resolved
lib/srv/db/postgres/users.go Show resolved Hide resolved
smallinsky
smallinsky reviewed May 5, 2023
View reviewed changes
Copy link
Contributor

@smallinsky smallinsky left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

First pass.

lib/config/fileconf.go Show resolved Hide resolved
lib/service/servicecfg/database.go Show resolved Hide resolved
lib/srv/db/common/interfaces.go Outdated Show resolved Hide resolved
lib/srv/db/common/autousers.go Outdated Show resolved Hide resolved
lib/srv/db/postgres/engine.go Show resolved Hide resolved
@smallinsky smallinsky self-requested a review May 5, 2023 13:12
@r0mant
Copy link
Collaborator Author

r0mant commented May 10, 2023

@smallinsky @greedy52 I've addressed your feedback folks, mind taking another look?

@r0mant r0mant requested a review from greedy52 May 10, 2023 23:59
greedy52
greedy52 reviewed May 11, 2023
View reviewed changes
lib/auth/auth.go Outdated Show resolved Hide resolved
greedy52
greedy52 approved these changes May 11, 2023
View reviewed changes
Copy link
Contributor

@greedy52 greedy52 left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

tested with RDS today and this feature is awesome!

One small nit on a corner case, when admin user is not setup properly, message from tsh is not very obvious what's wrong sometimes:

$ tsh db connect --db-user STeve --db-name test postgres-rds
psql: error: connection to server at "localhost" (::1), port 58348 failed: Connection refused
	Is the server running on that host and accepting TCP/IP connections?
connection to server at "localhost" (127.0.0.1), port 58348 failed: FATAL:  password authentication failed for user "not-found"
ERROR: exit status 2

tool/tsh/db.go
Comment on lines +872 to +880
if db.GetAdminUser() != "" && username == "" {
log.Debugf("Defaulting to Teleport username %q as database username.", tc.Username)
username = tc.Username
}
Copy link
Contributor

@greedy52 greedy52 May 11, 2023
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

a common problem where Teleport Connect code base may require extra changes.

@r0mant r0mant requested a review from smallinsky May 16, 2023 00:45
@r0mant
Copy link
Collaborator Author

r0mant commented May 16, 2023

@smallinsky PTAL?

@r0mant r0mant force-pushed the roman/dbuser branch 8 times, most recently from ed4f7a6 to 9717c48 Compare May 18, 2023 18:27
@r0mant r0mant added this pull request to the merge queue May 18, 2023
Merged via the queue into master with commit 79b54d8 May 18, 2023
32 checks passed
@r0mant r0mant deleted the roman/dbuser branch May 18, 2023 23:39
@public-teleport-github-review-bot
Copy link

@r0mant See the table below for backport results.

Branch Result
branch/v13 Failed

r0mant added a commit that referenced this pull request May 19, 2023
@r0mant
Add support for automatic database users for Postgres (#25614)
0b70838
@r0mant r0mant mentioned this pull request May 19, 2023
Merged
@r0mant r0mant mentioned this pull request May 26, 2023
Merged
@r0mant r0mant mentioned this pull request Jun 2, 2023
Open
@webvictim webvictim mentioned this pull request Jul 19, 2023
Closed
@greedy52 greedy52 mentioned this pull request Oct 11, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@greedy52 greedy52 greedy52 approved these changes

@smallinsky smallinsky smallinsky approved these changes

Assignees
No one assigned
Labels
backport/branch/v13 database-access Database access related issues and PRs size/lg
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@r0mant @greedy52 @smallinsky