Skip to content
This repository was archived by the owner on Jul 28, 2025. It is now read-only.

Add support for using a managed identity to connect to Azure Database for PostgreSQL #294

Draft
wants to merge 25 commits into
base: main
Choose a base branch
from
Draft

Add support for using a managed identity to connect to Azure Database for PostgreSQL #294

wants to merge 25 commits into from

Conversation

@MattMcL4475
Copy link
Contributor

@MattMcL4475 MattMcL4475 commented Jul 18, 2023
edited
Loading

To use managed identity:

  1. In https://github.com/broadinstitute/cromwhelm/blob/main/coa-helm/templates/tes.yaml, set:
TesPostgreSql__DatabaseUserPassword=""
TesPostgreSql__UseManagedIdentity="true"

If UseManagedIdentity is true, an exception will be thrown if DatabaseUserPassword is NOT empty.

  1. Enable "Microsoft Entra authentication" on the PostgreSQL database
  2. Add a "Microsoft Entra Admin" and select the managed identity
  3. Using the original admin, you must run:
GRANT ALL PRIVILEGES ON DATABASE tes_db TO "CLIENT_ID";
GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO "CLIENT_ID";
GRANT ALL PRIVILEGES ON SCHEMA public TO "CLIENT_ID";

Where CLIENT_ID is the user-assigned managed identity's client ID.

TODO: create the database with an Azure AAD admin user in the deployer, then create an AAD user
TODO: provide script for creating a new AAD user after creating the AAD admin and using that instead

Reference:

https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-configure-sign-in-azure-ad-authentication
https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-azure-ad-authentication
https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-connect-with-managed-identity

#346

@MattMcL4475 MattMcL4475 changed the title update nuget packages and initial code implementation Add support for Managed Identity for Postgres Jul 18, 2023
@MattMcL4475 MattMcL4475 changed the title Add support for Managed Identity for Postgres Add support for using a managed identity to connect to Azure Database for PostgreSQL Jul 18, 2023
@BMurri BMurri added the Needs Issue PR needs at least one associated issue label Jul 19, 2023
@MattMcL4475 MattMcL4475 removed the Needs Issue PR needs at least one associated issue label Aug 9, 2023
@MattMcL4475 MattMcL4475 requested a review from a team August 15, 2023 17:14
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@MattMcL4475 @BMurri