Open dudicoco opened 2 years ago
The rds_iam
role could not be referenced because of the unauthorized charater _
in the metadata.name
so impossible to grant the rds_iam
membership to a new role.
apiVersion: postgresql.sql.crossplane.io/v1alpha1
kind: Role
metadata:
name: rds_iam
spec:
forProvider:
privileges:
login: false
inherit: true
will fail with error
Role.postgresql.sql.crossplane.io "rds_iam" is invalid: metadata.name: Invalid value: "rds_iam": a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')
Hi,
I want to add the AWSAuthenticationPlugin
to MySQL.
Would someone be able to point me to / guide me? I'm good with GO but didn't contribute here yet :)
This works for RDS IAM auth:
apiVersion: postgresql.sql.crossplane.io/v1alpha1
kind: ProviderConfig
metadata:
name: default
spec:
defaultDatabase: example
sslMode: require
credentials:
source: PostgreSQLConnectionSecret
connectionSecretRef:
namespace: default
name: example-secret
---
apiVersion: postgresql.sql.crossplane.io/v1alpha1
kind: Role
metadata:
name: examplerole
annotations:
crossplane.io/external-name: "you_can_also_have_underscores_in_role_name"
spec:
forProvider:
privileges:
login: true
---
apiVersion: postgresql.sql.crossplane.io/v1alpha1
kind: Grant
metadata:
name: mainrole
spec:
forProvider:
memberOf: exampleuser
roleRef:
name: examplerole
---
apiVersion: postgresql.sql.crossplane.io/v1alpha1
kind: Grant
metadata:
name: iamrole
spec:
forProvider:
memberOf: rds_iam
roleRef:
name: examplerole
Hi,
It seems that currently RDS IAM authentication for mysql/postgresql users is not possible with the provider.
Here are the official docs: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.DBAccounts.html
For mysql it is necessary to set
AWSAuthenticationPlugin
when creating the user.For postgresql the user must be granted the
rds_iam
role.This possible with the Terraform providers: https://registry.terraform.io/providers/bangau1/mysql/latest/docs/resources/user https://registry.terraform.io/providers/cyrilgdn/postgresql/latest/docs/resources/postgresql_grant_role