MySQL for GCP Cloud SQL support #7146
Labels
database-access
Database access related issues and PRs
db/mysql
MySQL related database access issues
feature-request
Used for new features in Teleport, improvements to current should be #enhancements
Comments
r0mant
added
feature-request
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What
Teleport database access currently doesn't support GCP-hosted MySQL databases.
The reason is that we use IAM authentication with databases which MySQL engine doesn't support (only Postgres does). The only auth method Cloud SQL MySQL supports is username/password. There's also no indication from GCP folks when or whether IAM support for MySQL will become available.
As such, we might need to come up with alternative way to authenticate to GCP-hosted MySQL databases.
How
GCP has an API for updating database user's password:
https://cloud.google.com/sql/docs/mysql/create-manage-users#changing_a_user_password
https://pkg.go.dev/google.golang.org/[email protected]/sqladmin/v1beta4#UsersService.Update
https://cloud.google.com/sql/docs/mysql/admin-api/rest/v1beta4/users/update
See if we can use it to implement short-lived throw-away tokens for database users - i.e. update the user's password to a random value before each connect and use it as a password to connect.
One thing to keep in mind is how to handle clients connecting concurrently as the same database account?
Why
To support MySQL in GCP.
Workaround
None.
The text was updated successfully, but these errors were encountered: