Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add CockroachDB support #8505

Merged
merged 4 commits into from
Oct 12, 2021
Merged

Add CockroachDB support #8505

merged 4 commits into from
Oct 12, 2021

Conversation

r0mant
Copy link
Collaborator

@r0mant r0mant commented Oct 7, 2021

CockroachDB uses Postgres wire protocol so it's pretty much supported out-of-the-box (with client certificate auth) but this PR implements a few updates for better integration and to account for some differences in auth:

  • Update tctl auth sign command to support --format=cockroachdb which produces secrets in Cockroach-friendly format. That includes filenames (Cockroach expects them to be node.crt, node.key, ca.crt) and mandatory CN=node for the node certs. See their docs for more details if interested.

  • Add protocol: cockroachdb for database configuration. Technically this is the same as protocol: postgres on the backend, but it is used e.g. to pick appropriate client to connect with.

  • Related to the above, update tsh db connect to use native cockroach CLI client to connect to CockroachDB. It falls back to psql (which is compatible) if cockroach isn't found.

  • For authorization, do not use db_names for RBAC. Only db_users are enforced, similar to MySQL. This is because, unlike Postgres, in Cockroach you can switch database at any time without reconnecting and cross-database queries are allowed so limiting db_names on Teleport side would be pointless.

The guide will be coming in a separate PR.

@r0mant r0mant added the database-access Database access related issues and PRs label Oct 7, 2021
@r0mant r0mant self-assigned this Oct 7, 2021
@r0mant r0mant requested a review from nklaassen October 11, 2021 23:36
nklaassen
nklaassen approved these changes Oct 12, 2021
View reviewed changes
Copy link
Contributor

@nklaassen nklaassen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

russjones
russjones approved these changes Oct 12, 2021
View reviewed changes
Copy link
Contributor

@russjones russjones left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bot.

@r0mant r0mant enabled auto-merge (squash) October 12, 2021 21:08
@r0mant r0mant merged commit 36998cf into master Oct 12, 2021
@r0mant r0mant deleted the roman/roach branch October 12, 2021 21:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@russjones russjones russjones approved these changes

@nklaassen nklaassen nklaassen approved these changes

@smallinsky smallinsky smallinsky approved these changes

@timothyb89 timothyb89 Awaiting requested review from timothyb89

@klizhentas klizhentas Awaiting requested review from klizhentas

Assignees

@r0mant r0mant

Labels
database-access Database access related issues and PRs
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@r0mant @russjones @nklaassen @smallinsky