You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
One of the advantages of using terraform is the ability to seamlessly integrate between different types of resources, allowing them to dynamically pass values from one to another. In our environment, we often will create modules which may create a database server, then connect to it via a tunnel and provision database credentials and grants within that server.
One thing we noticed the provider was lacking which would be very useful is a datasource that would allow us to connect to a database (e.g. by issuing sdm connect) and then outputting the port number, which we could then use to configure downstream providers to tunnel via strongDM and avoid having to store credentials or use a separate SSH tunnel for those operations.
In the meantime, I've implemented a basic external datasource that allows us to do this (source code included below in case you're interested):
The datasource definition:
data"external""sdm_client" {
program=[
"sh",
"${path.module}/scripts/client.sh"
]
query={
datasource ="<name of strongDM datasource to connect to>"
}
}
Here's the source for the shell script that it's calling:
QUERY="`dd 2>/dev/null`"
export DATASOURCE="`echo $QUERY | sed -e 's/^.*\"datasource\": *\"//' -e 's/\".*$//g'`"
OUTPUT="`sdm connect $DATASOURCE -v | head -n 1`"
#output an error if it is not successful
case "$OUTPUT" in
*connected*)
#grab the port number to use
PORTNUMBER="`echo $OUTPUT | sed 's/^.*on port //g'`"
echo "{\"portnumber\": \"$PORTNUMBER\"}"
;;
*)
exit 1
;;
esac
We can then configure the downstream mysql provider to use the datasource to perform provisioning operations like this:
Unfortunately, the API key pairs that control public API access (and therefore terraform as well) are not currently allowed to posses permissions to connect to or execute commands against resources in StrongDM.
This can be considered as a feature request, but it will be complicated, as it would be unusual for a terraform provider or SDK to assume the existence of and interface with a locally hosted StrongDM listener or client running on the machine executing the terraform job. Additionally, the ability to execute queries against a resource is a permission that opens up billing questions.
If this feature request is still of interest, please reference this issue in a message to support@strongdm.com.
One of the advantages of using terraform is the ability to seamlessly integrate between different types of resources, allowing them to dynamically pass values from one to another. In our environment, we often will create modules which may create a database server, then connect to it via a tunnel and provision database credentials and grants within that server.
One thing we noticed the provider was lacking which would be very useful is a datasource that would allow us to connect to a database (e.g. by issuing
sdm connect
) and then outputting the port number, which we could then use to configure downstream providers to tunnel via strongDM and avoid having to store credentials or use a separate SSH tunnel for those operations.In the meantime, I've implemented a basic external datasource that allows us to do this (source code included below in case you're interested):
The datasource definition:
Here's the source for the shell script that it's calling:
We can then configure the downstream
mysql
provider to use the datasource to perform provisioning operations like this:The text was updated successfully, but these errors were encountered: