terraform-provider-postgresql
terraform-provider-postgresql copied to clipboard
hashicorp
Support for connections via SSH bastion host
This pull requests adds support for connecting to PostgreSQL instances via a SSH bastion host.
This is a draft pull request and not complete yet. Due to time limitations, I will not be able to complete this pull requests. Therefore, I want to share the current state (refer to tasks) and want to call for collaborators. I am happy to provide write permissions to the forked repository from which this PR originates.
Notes
- For the provider configuration schema, the idea is to keep close to the ssh bastion host configuration of the SSH provisioner in Terraform. Ideally, users can just copy the
connectionblock. - The provider arguments to configure the ssh tunnel are "inspired" by the ssh provisioner arguments (https://www.terraform.io/docs/provisioners/connection.html#connecting-through-a-bastion-host-with-ssh). Mostly, the code in
ssh.gohas been copied from the Terraform Core provisioner implementation.
Tasks
- [x] Connection via SSH bastion host
- [x] Provider configuration schema
- [x] Test case
TestAccPostgresqlSsh_Connect - [x] Test case
TestAccPostgresqlSshDatabase_Basic - [ ] Additional test cases to cover possible bastion configurations
- [ ] Clarify testing of code originating
- [ ] Clarify questions left in comments in the code
- [ ] Documentation
- [ ] Code Cleanup
Example provider configuration with SSH bastion host
provider "postgresql" {
host = "postgres"
port = 5432
database = "example-db"
username = "user"
password = "password"
connection {
"bastion_host" = "bastion-host"
"bastion_port" = 22
"bastion_user" = "sshuser"
}
}
References
- https://github.com/terraform-providers/terraform-provider-postgresql/issues/42
Nice work @dominik-lekse !
- Maybe the setup of an example will help you for a test setup on AWS. You need to add the Postgres of course but I am also curious how we could test it on docker locally.
- Maybe also the library https://github.com/mavogel/go-ssh-forward will be an option instead of copying the code from tf-core or we could also wrap it all into the library. I quick-hacked it back in the time, which was not satisfying but the POC worked.
Let's get it cleanly working here, because I also would like to add it to the docker provider
Geez, what kind of crazy name is "lekse"? ;)
This is an excellent addition; I have been using Terraform with OpenStack but do not want my database server exposed globally, and I was thinking I would have to run Terraform within the tenant or something. For me this addition greatly increases the value of the PostgreSQL provider.
Any update on this? This would be a major boon for myself and my team, and I know a lot of other people are eager for this as well.
Nice work @dominik-lekse !
- Maybe the setup of an example will help you for a test setup on AWS. You need to add the Postgres of course but I am also curious how we could test it on docker locally.
- Maybe also the library https://github.com/mavogel/go-ssh-forward will be an option instead of copying the code from tf-core or we could also wrap it all into the library. I quick-hacked it back in the time, which was not satisfying but the POC worked.
Let's get it cleanly working here, because I also would like to add it to the docker provider
It may be worthwhile to move the code from tf-core into a library simply because there are other providers (MySQL, etc) that could probably use this same code.
Either way, what's this waiting on? I'm not too familiar with Go, but I'd really like to get this working, if you definitive tasks that need to be done, I could contribute.
