differentiate discovered resource names #28845
Conversation
GavinFrazar
changed the base branch from
master
to
gavinfrazar/tsh-resource-selection-ux
GavinFrazar
force-pushed
the
gavinfrazar/differentiate-discovered-databases
branch
2 times, most recently
from
36d881d
to
7a0a16d
Compare
GavinFrazar
force-pushed
the
gavinfrazar/tsh-resource-selection-ux
branch
from
88c5196
to
0abf7a0
Compare
GavinFrazar
force-pushed
the
gavinfrazar/differentiate-discovered-databases
branch
from
7a0a16d
to
e1d07b2
Compare
GavinFrazar
changed the base branch from
master
to
gavinfrazar/move-discovery-added-labels-into-constants
GavinFrazar
force-pushed
the
gavinfrazar/differentiate-discovered-databases
branch
from
e1d07b2
to
74271f7
Compare
GavinFrazar
force-pushed
the
gavinfrazar/differentiate-discovered-databases
branch
from
74271f7
to
88d0c5c
Compare
github-actions
bot
added
database-access
[skip ci]
[skip ci]
lib/srv/discovery/common/renaming.go
Outdated
| suffix := makeAWSDiscoverySuffix(databaseNameValidator, | ||
| db.GetName(), | ||
| matcherType, | ||
| meta.Region, | ||
| meta.AccountID, | ||
| ) |
There was a problem hiding this comment.
does this guarantee the name is unique? For e.g. an RDS instance and an RDS aroura cluster with same name in same region, same account? Similarly, Azure Redis vs Azure Redis enterprise.
There was a problem hiding this comment.
ah, thanks for pointing this out!
For Azure: Redis vs Redis Enterprise names must be unique because of the way Azure sets up DNS. I double checked that Azure enforces this just now.
Redis: <name>.redis.cache.windows.net
SQL Server: <name>.database.windows.net
Postgres: <name.postgres.database.azure.com
MySQL: <name>.mysql.database.azure.com
After experimenting some more in aws console, within a region database instance name must be unique amongst other instances (regardless of whether mysql or postgres), and Aurora cluster name must be unique amongst clusters (regardless of whether mysql or postgres). Since we group these under the single matcher type "rds", it won't be guaranteed to be unique :( I'll have to figure out some way to handle this
There was a problem hiding this comment.
I believe Redis enterprise uses a different suffix:
teleport/api/utils/azure/endpoints.go
Lines 123 to 130 in 2b15263
But regardless, we may have a problem when multiple fetchers share a matcher.
There was a problem hiding this comment.
@greedy52 coming back to this:
We are already renaming Aurora cluster dbs with a suffix: -custom, or -reader, but we use the aurora cluster identifier as the first part of the name, not the individual instances' names.
Therefore, I think we just need to distinguish between cluster dbs and instance dbs to get (most likely) unique naming for RDS/Aurora dbs.
- changed the suffix to use either
rdsorrds-aurora.
For Redis, I tested the naming incorrectly in Azure when I tried, you're right that the names can overlap:
- changed the suffix to use either
redisorredis-enterprise
The others are not an issue due to naming uniqueness rules in Azure. Even SQL server vs managed SQL instance.
commit: 09d6033
and 3163807
[skip ci]
public-teleport-github-review-bot
bot
removed the request for review
from capnspacehook
After merging #28845, the cluster name is different and the test failed. Since the AWS E2E tests are not required, the merge happened and broke all tests. Signed-off-by: Tiago Silva <tiago.silva@goteleport.com>
After merging #28845, the cluster name is different and the test failed. Since the AWS E2E tests are not required, the merge happened and broke all tests. Signed-off-by: Tiago Silva <tiago.silva@goteleport.com>
|
for future reference - a lot of the changes from this PR will be backported to make backporting other changes possible. The renaming functionality itself is not being backported though, and only v14+ discovery service will rename discovered resources. |
* backport #28845 to branch/v13 * remove renaming of discovered resources for backport
* backport #28845 to branch/v13 * remove renaming of discovered resources for backport Co-authored-by: Gavin Frazar <gavin.frazar@goteleport.com>
This PR implements discovery resource (database/kube cluster) renaming for RFD 129:
TODO followup PRs:
tsh kube/appUX updatestctlUX updateRelated issue:
Changelog: Teleport Discovery Service will automatically rename database and kube cluster resources to add a suffix consisting of additional distinguishing metadata. This change is intended to avoid resource name collisions where multiple resources have the same name across regions, accounts, clouds, etc.