Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WIP: maestro azure postgres entra auth #900

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

WIP: maestro azure postgres entra auth #900

wants to merge 2 commits into from
+24 −5

Conversation

geoberle
Copy link
Collaborator

@geoberle geoberle commented Nov 27, 2024
edited
Loading

What this PR does

leverage entra auth for postgres access

befor merging:

  • revert changes to personal-dev DB settings
  • introduce DB settings to dev and cs-pr settings
  • update maestro image to an official one that supports entra auth

Jira: https://issues.redhat.com/browse/ARO-8831
Link to demo recording:

Special notes for your reviewer

@geoberle
tmp config changes
7194741 
Signed-off-by: Gerd Oberlechner <[email protected]>
janboll
janboll reviewed Nov 27, 2024
View reviewed changes
dev-infrastructure/modules/postgres/postgres-access.bicep
Comment on lines +41 to 44
'GRANT ALL ON SCHEMA public TO "${newUserName}";'
'GRANT USAGE ON SCHEMA public TO "${newUserName}";'
'GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO "${newUserName}";'
]
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

copy & paste error?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

no that was me trying to figure out what permissions are required for PG 15+ auth to work. i can most likely clean up the stuff before \c DB but i need to test if that breaks something for CS which is still on PG 12 right now

janboll
janboll reviewed Nov 27, 2024
View reviewed changes
maestro/server/Makefile
@@ -21,5 +22,7 @@ deploy:
--set image.base=${IMAGE_BASE} \
--set image.tag=${IMAGE_TAG} \
--set database.containerizedDb=${USE_CONTAINERIZED_DB} \
--set database.ssl='${USE_DATABASE_SSL}'
--set database.ssl='${USE_DATABASE_SSL}' \
$(if $(filter false,$(USE_CONTAINERIZED_DB)),--set database.host=$${DATABASE_HOST}) \
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this some fallback for other environments?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@janboll janboll janboll left review comments

@bennerv bennerv Awaiting requested review from bennerv bennerv is a code owner

@weinong weinong Awaiting requested review from weinong weinong is a code owner

@whober0521 whober0521 Awaiting requested review from whober0521 whober0521 is a code owner

@tony-schndr tony-schndr Awaiting requested review from tony-schndr tony-schndr is a code owner

@jmelis jmelis Awaiting requested review from jmelis jmelis is a code owner

@jonathan34c jonathan34c Awaiting requested review from jonathan34c jonathan34c is a code owner

@niontive niontive Awaiting requested review from niontive niontive is a code owner

@nwnt nwnt Awaiting requested review from nwnt nwnt is a code owner

@SudoBrendan SudoBrendan Awaiting requested review from SudoBrendan SudoBrendan is a code owner

@UlrichSchlueter UlrichSchlueter Awaiting requested review from UlrichSchlueter UlrichSchlueter is a code owner

@jharrington22 jharrington22 Awaiting requested review from jharrington22 jharrington22 is a code owner

@zgalor zgalor Awaiting requested review from zgalor zgalor is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@geoberle @janboll