mirror of
https://github.com/gravitational/teleport
synced 2024-10-19 16:53:57 +00:00
Require flag for dynamic resources matching "tsh db configure create" (#20966)
* Require a new flag for enabling dynamic resources matching for "tsh db configure create" * rename flag to --dynamic-resources-labels * make naming more consistent
This commit is contained in:
parent
aba69dfd99
commit
8c53757aac
|
@ -103,21 +103,26 @@ $ teleport db configure create \
|
|||
| - | - |
|
||||
| `--proxy` | Teleport Proxy Service address to connect to. Default: `0.0.0.0:3080`. |
|
||||
| `--token` | Invitation token to register with the Auth Service. Default: none. |
|
||||
| `--rds-discovery` | List of AWS regions in which the Database Service will discover RDS/Aurora instances. |
|
||||
| `--redshift-discovery` | List of AWS regions in which the Database Service will discover Redshift instances. |
|
||||
| `--elasticache-discovery` | List of AWS regions in which the Database Service will discover ElastiCache Redis clusters. |
|
||||
| `--memorydb-discovery` | List of AWS regions in which the Database Service will discover MemoryDB clusters. |
|
||||
| `--rds-discovery` | List of AWS regions in which the agent will discover RDS/Aurora instances. |
|
||||
| `--rdsproxy-discovery` | List of AWS regions in which the agent will discover RDS Proxies. |
|
||||
| `--redshift-discovery` | List of AWS regions in which the agent will discover Redshift instances. |
|
||||
| `--redshift-serverless-discovery` | List of AWS regions in which the agent will discover Redshift Serverless instances. |
|
||||
| `--elasticache-discovery` | List of AWS regions in which the agent will discover ElastiCache Redis clusters. |
|
||||
| `--aws-tags` | (Only for AWS discoveries) Comma-separated list of AWS resource tags to match, for example env=dev,dept=it |
|
||||
| `--memorydb-discovery` | List of AWS regions in which the agent will discover MemoryDB clusters. |
|
||||
| `--azure-mysql-discovery` | List of Azure regions in which the agent will discover MySQL servers. |
|
||||
| `--azure-postgres-discovery` | List of Azure regions in which the agent will discover Postgres servers. |
|
||||
| `--azure-redis-discovery` | List of Azure regions in which the agent will discover Azure Cache For Redis servers. |
|
||||
| `--azure-subscription` | List of Azure subscription IDs for Azure discoveries. Default is "*". |
|
||||
| `--azure-resource-group` | List of Azure resource groups for Azure discoveries. Default is "*". |
|
||||
| `--azure-tags` | (Only for Azure discoveries) Comma-separated list of Azure resource tags to match, for example env=dev,dept=it |
|
||||
| `--ca-pin` | CA pin to validate the Auth Service (can be repeated for multiple pins). |
|
||||
| `--name` | Name of the proxied database. |
|
||||
| `--protocol` | Proxied database protocol. Supported are: `[postgres mysql mongodb cockroachdb redis sqlserver snowflake]`. |
|
||||
| `--uri` | Address the proxied database is reachable at. |
|
||||
| `--labels` | Comma-separated list of labels for the database, for example env=dev,dept=it |
|
||||
| `-o/--output` | Write to stdout with `-o=stdout`, the default config file with `-o=file`, or a custom path with `-o=file:///path` |
|
||||
| `--dynamic-resources-labels` | Comma-separated list(s) of labels to match dynamic resources, for example env=dev,dept=it. Required to enable dynamic resources matching. |
|
||||
|
||||
## teleport db configure bootstrap
|
||||
|
||||
|
|
|
@ -2,7 +2,13 @@ db_service:
|
|||
# Enables the Database Service.
|
||||
enabled: "yes"
|
||||
|
||||
# Matchers for database resources created with "tctl create" command.
|
||||
# Matchers for database resources created with "tctl create" command or by the
|
||||
# discovery service.
|
||||
#
|
||||
# All database resources have a predefined "teleport.dev/origin" label with
|
||||
# one of the following values:
|
||||
# "dynamic": database resources created with "tctl create" command
|
||||
# "cloud": database resources created by the discovery service
|
||||
resources:
|
||||
- labels:
|
||||
"*": "*"
|
||||
|
|
|
@ -55,11 +55,16 @@ teleport:
|
|||
{{- end }}
|
||||
db_service:
|
||||
enabled: "yes"
|
||||
# Matchers for database resources created with "tctl create" command.
|
||||
# For more information: https://goteleport.com/docs/database-access/guides/dynamic-registration/
|
||||
# Matchers for database resources created with "tctl create" command or by the discovery service.
|
||||
# For more information about dynamic registration: https://goteleport.com/docs/database-access/guides/dynamic-registration/
|
||||
resources:
|
||||
{{- range $index, $resourceLabel := .DynamicResourcesLabels }}
|
||||
- labels:
|
||||
"*": "*"
|
||||
{{- range $name, $value := $resourceLabel }}
|
||||
"{{ $name }}": "{{ $value }}"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- if or .RDSDiscoveryRegions .RDSProxyDiscoveryRegions .RedshiftDiscoveryRegions .RedshiftServerlessDiscoveryRegions .ElastiCacheDiscoveryRegions .MemoryDBDiscoveryRegions}}
|
||||
# Matchers for registering AWS-hosted databases.
|
||||
aws:
|
||||
|
@ -416,6 +421,10 @@ proxy_service:
|
|||
|
||||
// DatabaseSampleFlags specifies configuration parameters for a database agent.
|
||||
type DatabaseSampleFlags struct {
|
||||
// DynamicResourcesRawLabels is the "raw" list of labels for dynamic "resources".
|
||||
DynamicResourcesRawLabels []string
|
||||
// DynamicResourcesLabels is the list of labels for dynamic "resources".
|
||||
DynamicResourcesLabels []map[string]string
|
||||
// StaticDatabaseName static database name provided by the user.
|
||||
StaticDatabaseName string
|
||||
// StaticDatabaseProtocol static databse protocol provided by the user.
|
||||
|
@ -551,6 +560,15 @@ func (f *DatabaseSampleFlags) CheckAndSetDefaults() error {
|
|||
}
|
||||
}
|
||||
|
||||
// Labels for "resources" section.
|
||||
for i := range f.DynamicResourcesRawLabels {
|
||||
labels, err := client.ParseLabelSpec(f.DynamicResourcesRawLabels[i])
|
||||
if err != nil {
|
||||
return trace.Wrap(err)
|
||||
}
|
||||
f.DynamicResourcesLabels = append(f.DynamicResourcesLabels, labels)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
|
|
|
@ -21,6 +21,7 @@ import (
|
|||
|
||||
"github.com/stretchr/testify/require"
|
||||
|
||||
"github.com/gravitational/teleport/api/types"
|
||||
apiutils "github.com/gravitational/teleport/api/utils"
|
||||
)
|
||||
|
||||
|
@ -241,6 +242,37 @@ func TestMakeDatabaseConfig(t *testing.T) {
|
|||
|
||||
})
|
||||
})
|
||||
|
||||
t.Run("resource matchers", func(t *testing.T) {
|
||||
t.Run("empty", func(t *testing.T) {
|
||||
flags := DatabaseSampleFlags{}
|
||||
databases := generateAndParseConfig(t, flags)
|
||||
require.Len(t, databases.ResourceMatchers, 0)
|
||||
})
|
||||
|
||||
t.Run("multiple labels", func(t *testing.T) {
|
||||
flags := DatabaseSampleFlags{
|
||||
DynamicResourcesRawLabels: []string{
|
||||
"env=dev",
|
||||
"env=prod,name=my-name",
|
||||
},
|
||||
}
|
||||
databases := generateAndParseConfig(t, flags)
|
||||
require.Equal(t, []ResourceMatcher{
|
||||
{
|
||||
Labels: types.Labels{
|
||||
"env": apiutils.Strings{"dev"},
|
||||
},
|
||||
},
|
||||
{
|
||||
Labels: types.Labels{
|
||||
"name": apiutils.Strings{"my-name"},
|
||||
"env": apiutils.Strings{"prod"},
|
||||
},
|
||||
},
|
||||
}, databases.ResourceMatchers)
|
||||
})
|
||||
})
|
||||
}
|
||||
|
||||
// generateAndParse generetes config using provided flags, parse them using
|
||||
|
|
|
@ -289,6 +289,7 @@ func Run(options Options) (app *kingpin.Application, executedCommand string, con
|
|||
dbConfigureCreate.Flag("output",
|
||||
"Write to stdout with -o=stdout, default config file with -o=file or custom path with -o=file:///path").Short('o').Default(
|
||||
teleport.SchemeStdout).StringVar(&dbConfigCreateFlags.output)
|
||||
dbConfigureCreate.Flag("dynamic-resources-labels", "Comma-separated list(s) of labels to match dynamic resources, for example env=dev,dept=it. Required to enable dynamic resources matching.").StringsVar(&dbConfigCreateFlags.DynamicResourcesRawLabels)
|
||||
dbConfigureCreate.Alias(dbCreateConfigExamples) // We're using "alias" section to display usage examples.
|
||||
|
||||
dbConfigureBootstrap := dbConfigure.Command("bootstrap", "Bootstrap the necessary configuration for the database agent. It reads the provided agent configuration to determine what will be bootstrapped.")
|
||||
|
|
Loading…
Reference in a new issue