Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Add ability to enable a managed identity to have access to specified SQL database #977

Merged
merged 26 commits into from
May 8, 2020
Merged

Add ability to enable a managed identity to have access to specified SQL database #977

merged 26 commits into from
May 8, 2020

Conversation

jananivMS
Copy link
Contributor

@jananivMS jananivMS commented Apr 21, 2020
edited
Loading

Closes #966

This is a customer ask to enable the specified managed identity as a DB user for the specified database.

The assumption here based on the customer's suggestion is that the SQL server specified will already have configured as the AAD admin, the managed identity that is used to run the operator as.

What this PR does / why we need it:

  • Creates a new CRD and controller for the new AzureSQLManagedUser
  • Logs to the database using the managed identity that the operator is running as
  • Executes the command to enable specified managed identity as the DB user

Special notes for your reviewer:

  1. Will need to deploy the operator using managed identity IM1)
  2. Configure this managed identity (M1) as the AAD admin for the SQL server
  3. Then create another managed identity (M2) and specify this identity's name and object ID in the YAML to enable as db user
  4. The only way I was able to test this was to redeploy operator as M2 and then try to enable some other Managed user. If the operator is able to successfully login and connect to DB it means the user was successfully enabled in step 3
  5. Notice secrets created

How does this PR make you feel:
gif

If applicable:

  • this PR contains documentation
  • this PR contains tests

@jananivMS jananivMS changed the title WIP: Add ability to enable a managed identity to have access to specified SQL database Add ability to enable a managed identity to have access to specified SQL database Apr 27, 2020
@frodopwns frodopwns self-requested a review April 28, 2020 16:11
frodopwns
frodopwns previously requested changes Apr 30, 2020
View reviewed changes
Copy link
Contributor

@frodopwns frodopwns left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

one change worth making at least

@jananivMS jananivMS dismissed frodopwns’s stale review May 1, 2020 21:38

Dismissing as I am re-requesting a review

@jananivMS jananivMS requested a review from frodopwns May 1, 2020 21:38
frodopwns
frodopwns approved these changes May 8, 2020
View reviewed changes
Copy link
Contributor

@frodopwns frodopwns left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@jananivMS jananivMS merged commit 6c4a399 into Azure:master May 8, 2020
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@frodopwns frodopwns frodopwns approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Task: Add support to enable managed identity specified as a Azure SQL DB user
2 participants
@jananivMS @frodopwns