Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added PSC Private Service Connect for GCP CloudSQL #27889

Open
wants to merge 14 commits into
base: main
Choose a base branch
from
+41 −10
Open

Added PSC Private Service Connect for GCP CloudSQL #27889

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
49d9118
Added PSC Private Service Connect for GCP CloudSQL
shinji62 Jul 29, 2024
b90ab8d
Added changelog
shinji62 Jul 29, 2024
acac415
Merge branch 'main' into feature/add_psc_google_database
shinji62 Jul 29, 2024
c5fdb98
Merge branch 'main' into feature/add_psc_google_database
shinji62 Aug 1, 2024
6743547
Merge branch 'main' into feature/add_psc_google_database
shinji62 Aug 8, 2024
1c1e6ae
Merge branch 'main' into feature/add_psc_google_database
shinji62 Aug 14, 2024
b6f8f77
Update changelog
shinji62 Aug 14, 2024
4b26678
Value need to be exported or will be false
shinji62 Aug 14, 2024
d862d0b
Exported variablee for MySQL as well
shinji62 Aug 14, 2024
1cc6299
Merge branch 'main' into feature/add_psc_google_database
shinji62 Aug 30, 2024
9bdcb44
Merge branch 'main' into feature/add_psc_google_database
shinji62 Oct 15, 2024
b377760
Merge branch 'main' into feature/add_psc_google_database
shinji62 Nov 11, 2024
16b564d
Merge branch 'main' into feature/add_psc_google_database
shinji62 Dec 4, 2024
f3c8579
Merge branch 'main' into feature/add_psc_google_database
shinji62 Jan 20, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 4 additions & 1 deletion changelog/27889.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,6 @@
```release-note:improvement
secrets/database: Add PSC support for GCP CloudSQL MySQL and Postgresql also add PrivateIP support for MySQL
secrets/database: Add PSC support for GCP CloudSQL MySQL and Postgresql
```
```release-note:improvement
secrets/database: Add PrivateIP support for MySQL
```
15 changes: 8 additions & 7 deletions plugins/database/mysql/connection_producer.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,8 +37,6 @@
Password string `json:"password" mapstructure:"password" structs:"password"`
AuthType string `json:"auth_type" mapstructure:"auth_type" structs:"auth_type"`
ServiceAccountJSON string `json:"service_account_json" mapstructure:"service_account_json" structs:"service_account_json"`
usePrivateIP bool `json:"use_private_ip" mapstructure:"use_private_ip" structs:"use_private_ip"`
usePSC bool `json:"use_psc" mapstructure:"use_psc" structs:"use_psc"`
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we still want these fields for mysql?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, I havee tested them as well.


TLSCertificateKeyData []byte `json:"tls_certificate_key" mapstructure:"tls_certificate_key" structs:"-"`
TLSCAData []byte `json:"tls_ca" mapstructure:"tls_ca" structs:"-"`
Expand Down Expand Up @@ -125,8 +123,11 @@
}

// validate auth_type if provided
if ok := connutil.ValidateAuthType(c.AuthType); !ok {
return nil, fmt.Errorf("invalid auth_type: %s", c.AuthType)
authType := c.AuthType
if authType != "" {
if ok := connutil.ValidateAuthType(authType); !ok {
return nil, fmt.Errorf("invalid auth_type %s provided", authType)
}
}

if c.AuthType == connutil.AuthTypeGCPIAM {
Expand All @@ -139,7 +140,7 @@
// however, the driver might store a credentials file, in which case the state stored by the driver is in
// fact critical to the proper function of the connection. So it needs to be registered here inside the
// ConnectionProducer init.
dialerCleanup, err := registerDriverMySQL(c.cloudDriverName, c.ServiceAccountJSON, c.usePrivateIP, c.usePSC)
dialerCleanup, err := registerDriverMySQL(c.cloudDriverName, c.ServiceAccountJSON)
if err != nil {
return nil, err
}
Expand Down Expand Up @@ -320,8 +321,8 @@
return config.FormatDSN(), nil
}

func registerDriverMySQL(driverName, credentials string, usePrivateIP bool, usePSC bool) (cleanup func() error, err error) {
opts, err := connutil.GetCloudSQLAuthOptions(credentials, usePrivateIP, usePSC)
func registerDriverMySQL(driverName, credentials string) (cleanup func() error, err error) {
opts, err := connutil.GetCloudSQLAuthOptions(credentials, false)

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / artifacts / (linux, amd64) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / Run Go tests / test-go (0) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / Run Go tests / test-go (0) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / Run Go tests tagged with testonly / test-go (0) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / Run Go tests tagged with testonly / test-go (0) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / Run Go tests / test-go (3) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / Run Go tests / test-go (3) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / Run Go tests / test-go (3) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / Run Go tests / test-go (3) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / Run Go tests tagged with testonly / test-go (1) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / Run Go tests tagged with testonly / test-go (1) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / Run Go tests / test-go (5) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / Run Go tests / test-go (5) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / Run Go tests / test-go (12) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / Run Go tests / test-go (12) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / Run Go tests / test-go (6) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / Run Go tests / test-go (6) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / Run Go tests / test-go (10) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / Run Go tests / test-go (10) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / Run Go tests / test-go (8) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / Run Go tests / test-go (8) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / Run Go tests / test-go (2) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / Run Go tests / test-go (2) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / Run Go tests / test-go (1) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / Run Go tests / test-go (1) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / Run Go tests / test-go (9) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / Run Go tests / test-go (9) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / Run Go tests / test-go (13) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / Run Go tests / test-go (13) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / Run Go tests / test-go (15) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / Run Go tests / test-go (15) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / Run Go tests / test-go (16) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / Run Go tests with data race detection / test-go (1) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / Run Go tests with data race detection / test-go (1) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / Run Go tests with data race detection / test-go (6) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / Run Go tests with data race detection / test-go (6) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / Run Go tests / test-go (11) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / Run Go tests / test-go (11) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / Run Go tests with data race detection / test-go (0) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / Run Go tests with data race detection / test-go (0) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / Run Go tests / test-go (14) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / Run Go tests / test-go (14) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / Run Go tests with data race detection / test-go (3) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / Run Go tests with data race detection / test-go (3) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / Run Go tests with data race detection / test-go (2) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / Run Go tests with data race detection / test-go (2) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / Run Go tests with data race detection / test-go (4) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / Run Go tests with data race detection / test-go (4) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / Run Go tests with data race detection / test-go (8) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / Run Go tests with data race detection / test-go (8) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / Run Go tests / test-go (7) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / Run Go tests / test-go (7) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / Run Go tests with data race detection / test-go (14) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / Run Go tests with data race detection / test-go (14) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / Run Go tests with data race detection / test-go (9) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / Run Go tests with data race detection / test-go (9) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / Run Go tests with data race detection / test-go (13) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / Run Go tests with data race detection / test-go (13) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / Run Go tests with data race detection / test-go (12) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / Run Go tests with data race detection / test-go (12) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / Run Go tests / test-go (4) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / Run Go tests / test-go (4) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / Run Go tests with data race detection / test-go (11) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / Run Go tests with data race detection / test-go (11) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / Run Go tests with data race detection / test-go (5) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / Run Go tests with data race detection / test-go (5) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / Run Go tests with data race detection / test-go (5) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / Run Go tests with data race detection / test-go (5) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / Run Go tests with data race detection / test-go (7) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / Run Go tests with data race detection / test-go (7) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / Run Go tests with data race detection / test-go (15) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / Run Go tests with data race detection / test-go (15) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / Run Go tests with data race detection / test-go (10) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions

Check failure on line 325 in plugins/database/mysql/connection_producer.go

View workflow job for this annotation

GitHub Actions / Run Go tests with data race detection / test-go (10) 

not enough arguments in call to connutil.GetCloudSQLAuthOptions
if err != nil {
return nil, err
}
Expand Down
6 changes: 3 additions & 3 deletions sdk/database/helper/connutil/sql.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,8 +45,8 @@ type SQLConnectionProducer struct {
MaxIdleConnections int `json:"max_idle_connections" mapstructure:"max_idle_connections" structs:"max_idle_connections"`
MaxConnectionLifetimeRaw interface{} `json:"max_connection_lifetime" mapstructure:"max_connection_lifetime" structs:"max_connection_lifetime"`
DisableEscaping bool `json:"disable_escaping" mapstructure:"disable_escaping" structs:"disable_escaping"`
usePrivateIP bool `json:"use_private_ip" mapstructure:"use_private_ip" structs:"use_private_ip"`
usePSC bool `json:"use_psc" mapstructure:"use_psc" structs:"use_psc"`
UsePrivateIP bool `json:"use_private_ip" mapstructure:"use_private_ip" structs:"use_private_ip"`
UsePSC bool `json:"use_psc" mapstructure:"use_psc" structs:"use_psc"`
Comment on lines +56 to +57
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These will be returned in the READ response for all database plugins that embed this SQLConnectionProducer struct. That is not ideal, since they are only relevant to a small subset of database plugins. It might be better to implement this per-plugin similar to mysql. Maybe there is some common code that could be reused by each plugin?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

But this is already the case for

	AuthType           string `json:"auth_type" mapstructure:"auth_type" structs:"auth_type"`
	ServiceAccountJSON string `json:"service_account_json" mapstructure:"service_account_json" structs:"service_account_json"`

Which is only supported for Postgresql, but still field is available for hana, mssql, redshift

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh actually I was able to remove from the read path, when auth_type is not gcp_iam

Test (did the same test with mysql as well)
Postgresql
Write and read using auth_typegcp_iam

vault write database/config/my-postgresql-database-psc \ 
         plugin_name="postgresql-database-plugin" \
        allowed_roles="my-role" \
connection_url="host=sej-tools-hashicorp:asia-northeast1:psc-enabled-main-instance [email protected] dbname=postgres sslmode=disable" \
        auth_type="gcp_iam" 
        use_psc=true
Success! Data written to: database/config/my-postgresql-database-psc

vault read database/config/my-postgresql-database-psc
Key                                   Value
---                                   -----
allowed_roles                         [my-role]
connection_details                    map[auth_type:gcp_iam connection_url:host=sej-tools-hashicorp:asia-northeast1:psc-enabled-main-instance [email protected] dbname=postgres sslmode=disable use_psc:true]
password_policy                       n/a
plugin_name                           postgresql-database-plugin
plugin_version                        n/a
root_credentials_rotate_statements    []

Write and read using normal plugin and normal auth

vault write database/config/my-postgresql-database-psc-ip      \
         plugin_name=postgresql-database-plugin \
         connection_url="postgresql://{{username}}:{{password}}@127.0.0.1/postgres?sslmode=disable"   \
         allowed_roles=readonly \
         username="admin"  \
         password="XXXXXx"
Success! Data written to: database/config/my-postgresql-database-psc-ip


vault read database/config/my-postgresql-database-psc-ip
Key                                   Value
---                                   -----
allowed_roles                         [readonly]
connection_details                    map[connection_url:postgresql://{{username}}:{{password}}@127.0.0.1/postgres?sslmode=disable username:admin]
password_policy                       n/a
plugin_name                           postgresql-database-plugin
plugin_version                        n/a
root_credentials_rotate_statements    []

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was wrong about this. See my comment here https://github.com/hashicorp/vault/pull/27889/files#r1720329947


// Username/Password is the default auth type when AuthType is not set
Username string `json:"username" mapstructure:"username" structs:"username"`
Expand Down Expand Up @@ -152,7 +152,7 @@ func (c *SQLConnectionProducer) Init(ctx context.Context, conf map[string]interf
// however, the driver might store a credentials file, in which case the state stored by the driver is in
// fact critical to the proper function of the connection. So it needs to be registered here inside the
// ConnectionProducer init.
dialerCleanup, err := c.registerDrivers(c.cloudDriverName, c.ServiceAccountJSON, c.usePrivateIP, c.usePSC)
dialerCleanup, err := c.registerDrivers(c.cloudDriverName, c.ServiceAccountJSON, c.UsePrivateIP, c.UsePSC)
if err != nil {
return nil, err
}
Expand Down
Loading