Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ability to set database's user authorization for allowing access to specific tables #171

Open
maZahaca opened this issue Jan 25, 2021 · 2 comments
Open

Ability to set database's user authorization for allowing access to specific tables #171

maZahaca opened this issue Jan 25, 2021 · 2 comments

Comments

@maZahaca
Copy link

Vitess topic described in here: https://vitess.io/docs/user-guides/configuration-advanced/authorization/

I was unable to find a description for vitess-operator to do that.
@prime-minister-of-fun
Copy link

prime-minister-of-fun commented May 20, 2021
edited
Loading

Because there isn't one. AFAICT, there are two keys, EXTRAVOLUMES and EXTRAVOLUMEMOUNTS to mount a flat file that stores the permissions. But, this doesn't seem to work and not sure if it's logging the failed key/value action somewhere.

In pkg/apis/planetscale/v2/vitessshard_types.go it reads like extravolumes and extravolumemounts can appear at the same indentation as datavolumeclaimtemplate.

In theory, this should work?

            extraVolumes:
             - name: acl-config
                configMapKeyRef:
                   name: acl-json
                   key: acl.json
            extraVolumeMounts:
             - name: acl-config
                mountPath: /conf

None of the pods end up having a /conf directory with the configmap in it. the configMap's name is acl-json with key acl.json.

Maybe I am missing it because I am new to Kubernetes.

@prime-minister-of-fun
Copy link

prime-minister-of-fun commented May 21, 2021
edited
Loading

I finally figured this out because the answer was in the vitess slack channel. You should probably subscribe to it if you want to speed up figuring this system out.

This works for a configMap with a single key:

            extraVolumes:
            - name: acl-config
              configMap:
                name: "acl"

            extraVolumeMounts:
            - name: acl-config
              mountPath: /conf

There are options for selecting specific keys that are documented on the Kubernettes side. I spent enough time on it, already.

Here's an example using secrets. The indents might be wrong.

            extraVolumes:
            - name: acl-config
               secret:
                items:
                - path: acl.json
                  key: acl.json
                secretName: vitess-configs

            extraVolumeMounts:
            - name: acl-config
              mountPath: /conf

The next part is to add the options to the vttablet section of the deployment.yaml file so vttablet reads the file.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@maZahaca @prime-minister-of-fun