-
-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: add IAM authentication support to normal Postgres (i.e. for AWS RDS Postgres) #1514
base: master
Are you sure you want to change the base?
feat: add IAM authentication support to normal Postgres (i.e. for AWS RDS Postgres) #1514
Conversation
modified: apps/studio/src/background/NativeMenuBuilder.ts
…keeper-studio into ndom91/add-general-iamoptions
Okay I see why TS was not setup correctly 😅 I just spent ~1hr fixing all the TS errors, its all in that last commit. I understand if you're not comfortable pushing all that in this one PR though, I can revert that last commit and disable TS/eslint again if you prefer. I did do a good deal of clicking around and testing things though and it does all seem to still work. Many of the ts errors were related to misuse of |
@ndom91 Thanks for the PR and for fixing a big issue with our dev setup. Can I ask a favor - can you split this into 2 PRs? 1 to fix the IAM issue, and the other to fix eslint and tsconfig? That way I can better manage the large changeset with my other devs. |
Also - is there a way to avoid these types of template changes? This is a stylistic change that I think just makes it harder to merge: Totally happy to merge a PR or lint and typescript fixes without the style stuff. I don't even mind the style stuff, but it's just going to make our outstanding feature branches totally broken. |
Yeah I was nervous about y'all declining these changes haha, but afaik they were just the default vue formatting rules yall had setup being applied again. I can take a look though. In regard to splitting it up, yeah no problem. Makes sense 👍 |
This reverts commit e788722.
@rathboma okay so I've cleaned up and split all the TS/ESLint changes into their own PR. However, I'm travelling currently for the next few days and only have my M1 MBP on me. I wasn't able to get beekeeper-studio to build or even install locally due to node-gyp / binary errors relating to Anyway, so I wasn't abel to thoroughly test these two PRs atm, but they shuold be good to go. Can you give them a shot? Or I can do it next weekend when I'm back home on my x86 desktop 👍 |
This looks amazing! I need to figure out how to set up my aws credentials to test it :-). if you have the link to a guide for setting up an rds instance with iam auth that would be very helpful! |
@rathboma This doc https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.IAMDBAuth.html does a good job walking you through it I think. Enumerating out the steps / subsections from that is:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think that you should have a dropdown on both the redshift and postgres pages (and this would be true also for mysql in the future) that when using AWS IAM, you can either:
- Use a profile
- Use credentials
Both the RedshiftClient
that underlies redshift auth and the Signer
that underlies postgres support the credentials being passed as an object with access key and secret access key, as well as support receiving credentials loaded via fromIni
.
Yeah good point. I actually initially tried to use the nodeCredentualsProvider which iterates through all aws auth options (env vars, ini, etc.) but the import wasn't working for some reason. See my first PR (can dig out the link tmr). If you can get that working that'd be great. Also I tried to rename the I think both of those could be nice follow-up PRs though once the initial support is in! |
@rathboma looks like you can setup an RDS instance with an AWS free tier account! https://repost.aws/knowledge-center/free-tier-rds-launch (Note: this PR is for postgres only, right, so that guide needs a bit of modification ^^) |
I'm going to pick this back up and get it tested and updated over the next month or so, along with changes for Redshift. |
Is there anything we could do to help land this PR? |
@SebastiaanSafeguard Yeah I'm going to have someone on the team look into this issue in the next cycle. We're updating all the drivers right now to a more managable format, so we'll probably just rewrite some of this. |
Changes
~/.aws/credentials
profiles for RDS Postgres.redshiftOptions
toiamOptions
to make it more general, but had issues with the migration on the sqlite db in relation to detecting if a column exists and has a certain name and only if thats true, rename it. So I just (mis)usedredshiftOptions
directly for this Postgres IAM auth as well 😅@aws-sdk/*
to vue'stranspileDependencies
because newer features like nulllish coalescing inside those packages was breaking the build, I guess this electron version is on a slightly older version of node(?)Notes
Screenshot