Add extra connection host for AWS RDS IAM token #489
Conversation
|
@jcarvalho could you please take a look? |
|
or shall I ping @cyrilgdn ? |
|
@sichenzhao Seems good to me but even with the associated issue, I'm not sure I got the point of this? Could you just explain a bit more the use case please? |
|
To explain, for people use tailscale for example, we will have different VPN hostname for postgresSQL connection. That's a different url than url AWS can take for AWS API related calls. Thus, people would benefit from this PR which gives an option to differ these two. |
|
kindly ping @cyrilgdn to see if my answer above makes sense. Thank you! |
There was a problem hiding this comment.
I'm also interested in getting this feature merged and released!
I left a comment that might clarify the use case of the new parameter. I'd also be happy to submit an alternate PR if you've moved on from this @sichenzhao
postgresql/provider.go
Outdated
| DefaultFunc: schema.EnvDefaultFunc("PGHOST", nil), | ||
| Description: "Name of PostgreSQL server address", | ||
| }, | ||
| "connection_host": { |
There was a problem hiding this comment.
I am also in need of this feature 😄
As a potential user, I think I would find the stated difference between host and connection_host a bit confusing. As far as I know, the problem we're trying to solve is specific to the RDS IAM auth. I think it'd be more clear if the new provider option was prefixed with aws_rds_iam_ like the other options below (i.e. aws_rds_iam_hostname). Then we could clearly document that it should be the internal hostname of the RDS instance, used to generate an IAM token, which might not be the same address used to connect to the instance if connecting over a VPN / tunnel
There was a problem hiding this comment.
Thanks for the reasonable comments! I am thinking about how I should update this PR.
IAM specific host is going to be the default host name though, and the connection host is the host through VPN/Tunnel. Not everyone uses VPN/Tunnel, but mostly every uses the host to get IAM token.
If I add a new IAM one, when not specified, we will use the default host to get the token, and when specified, we will use the default host to connect (VPN/Tunnel one), and use iam one to get the token. Sounds like a plan?
sichenzhao
changed the title
| @@ -248,7 +249,7 @@ func (c *Config) connParams() []string { | |||
| } | |||
|
|
|||
| func (c *Config) connStr(database string) string { | |||
| host := c.Host | |||
| host = c.Host | |||
There was a problem hiding this comment.
Would revert this change, it must now be overwriting some top-level host variable
| @@ -43,7 +44,7 @@ func Provider() *schema.Provider { | |||
| Type: schema.TypeString, | |||
| Optional: true, | |||
| DefaultFunc: schema.EnvDefaultFunc("PGHOST", nil), | |||
| Description: "Name of PostgreSQL server address to connect to", | |||
| Description: "Name of PostgreSQL server address", | |||
There was a problem hiding this comment.
Would revert this change, I feel "to connect to" is useful in distinguishing the difference between the options
#317
Add a different aws_rds_iam_token_host parameter, so that we can use one hostname to get AWS RDS database token, and use another hostname when do psql connect.