Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MySQL auto-user provisioning support for Aurora and version check #32685

Merged
merged 2 commits into from Oct 2, 2023
Merged

MySQL auto-user provisioning support for Aurora and version check #32685

merged 2 commits into from Oct 2, 2023

Conversation

greedy52
Copy link
Contributor

@greedy52 greedy52 commented Sep 27, 2023
edited

Related:

Changes:

  • Added supported version check
  • Changed defaultSchema to teleport to support Aurora (Unlike RDS instance, Aurora doesn't allow procedure on built-in mysql database)

To create admin-user teleport-admin:

CREATE DATABASE IF NOT EXISTS teleport;
CREATE USER 'teleport-admin' IDENTIFIED WITH AWSAuthenticationPlugin AS 'RDS';
GRANT SELECT ON mysql.role_edges TO 'teleport-admin' ;
GRANT PROCESS, ROLE_ADMIN, CREATE USER ON *.* TO 'teleport-admin' ;
GRANT ALTER ROUTINE, CREATE ROUTINE, EXECUTE ON teleport.* TO 'teleport-admin' ;

@greedy52 greedy52 self-assigned this Sep 27, 2023
@github-actions github-actions bot added database-access Database access related issues and PRs size/sm labels Sep 27, 2023
Tener
Tener approved these changes Sep 28, 2023
View reviewed changes
Copy link
Contributor

@Tener Tener left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should add the ability to override the defaultSchema() value; maybe through labels on the db? Given the problems with Aurora, this may be handy in some other setups too.

lib/srv/db/mysql/autousers.go Outdated Show resolved Hide resolved
@greedy52
Copy link
Contributor Author

I think we should add the ability to override the defaultSchema() value; maybe through labels on the db? Given the problems with Aurora, this may be handy in some other setups too.

Yes. I am planning to add it when implementing MariaDB. Will backport MySQl/MariaDB together to v14 once its done.

@public-teleport-github-review-bot public-teleport-github-review-bot bot removed the request for review from kimlisa October 2, 2023 06:16
@greedy52 greedy52 added this pull request to the merge queue Oct 2, 2023
Merged via the queue into master with commit c334f4e Oct 2, 2023
25 checks passed
@greedy52 greedy52 deleted the STeve/27323_aurora_auto_user branch October 2, 2023 14:52
@greedy52 greedy52 mentioned this pull request Oct 5, 2023
Merged
7 tasks
greedy52 added a commit that referenced this pull request Oct 12, 2023
@greedy52
MySQL auto-user provisioning support for Aurora and version check (#3…
825b9ff 
…2685)

* MySQL auto-user provisioning support for Aurora

* fix typo
@greedy52 greedy52 mentioned this pull request Oct 12, 2023
Merged
github-merge-queue bot pushed a commit that referenced this pull request Oct 16, 2023
@greedy52
[v14] Database Automatic User Provisioning support for MySQL (#33379)
b2e5431 
* Database Automatic User Provisioning support for MySQL (#31902)

* RDS MySQL auto user provisioning

* add UT

* let go code manage procedure version

* Add reporting.

* fix lint

* change hash and use prepare stmt

* check same Teleport user

* fix UT

* Compare user roles if active connections

* fix typos

* MySQL auto-user provisioning support for Aurora and version check (#32685)

* MySQL auto-user provisioning support for Aurora

* fix typo
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Tener Tener Tener approved these changes

@gabrielcorado gabrielcorado gabrielcorado approved these changes

@smallinsky smallinsky smallinsky approved these changes

Assignees

@greedy52 greedy52

Labels
backport/branch/v14 database-access Database access related issues and PRs size/sm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@greedy52 @Tener @gabrielcorado @smallinsky