feat: add awsiamrds db auth driver #12566
Conversation
802993c to
9816fe5
Compare
My tests are failing over at coder/coder#12566, enums are failing to marshal correctly, and this patch is what made it work on my branch when it was `clibase`.
12db064 to
c256df3
Compare
| @@ -154,6 +166,7 @@ type DeploymentValues struct { | |||
| CacheDir serpent.String `json:"cache_directory,omitempty" typescript:",notnull"` | |||
| InMemoryDatabase serpent.Bool `json:"in_memory_database,omitempty" typescript:",notnull"` | |||
| PostgresURL serpent.String `json:"pg_connection_url,omitempty" typescript:",notnull"` | |||
| PostgresAuth string `json:"pg_auth,omitempty" typescript:",notnull"` | |||
There was a problem hiding this comment.
Is there a specific string format the connection has when connecting via AWS IAM? I think it'd be preferred to check for that over adding a new server option.
There was a problem hiding this comment.
Just a missing password field, maybe an AWS domain in the URL, but I don't think there's anything that's enough to make an inference.
There was a problem hiding this comment.
One thing that might be possible is if we detected the URL scheme and had people set awsiamrds://... instead of postgres://, or add a query param? It is unforunate we need a new flag just for aws auth, but it's probable we would exapand this in the future. My only worry is that just detecting it in the connection string would be non-obvious, since I haven't really seen it anywhere else, but to be fair I haven't really done much research.
There was a problem hiding this comment.
Yeah I wouldn't wanna change the protocol because that kinda implies it's not speaking postgres protocol. I think given we may have other auth schemes in the future we need to support, a flag seems fine to me and better than any parsing options I can think of.
Closes #11669
Closes https://github.com/coder/customers/issues/413