Skip to content
This repository has been archived by the owner on Nov 14, 2020. It is now read-only.

Support for connections via SSH bastion host #80

Draft
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

dominik-lekse
Copy link

This pull requests adds support for connecting to PostgreSQL instances via a SSH bastion host.

This is a draft pull request and not complete yet. Due to time limitations, I will not be able to complete this pull requests. Therefore, I want to share the current state (refer to tasks) and want to call for collaborators. I am happy to provide write permissions to the forked repository from which this PR originates.

Notes

Tasks

  • Connection via SSH bastion host
  • Provider configuration schema
  • Test case TestAccPostgresqlSsh_Connect
  • Test case TestAccPostgresqlSshDatabase_Basic
  • Additional test cases to cover possible bastion configurations
  • Clarify testing of code originating
  • Clarify questions left in comments in the code
  • Documentation
  • Code Cleanup

Example provider configuration with SSH bastion host

provider "postgresql" {
  host     = "postgres"
  port     = 5432
  database = "example-db"
  username = "user"
  password = "password"
  
  connection {
    "bastion_host" = "bastion-host"
    "bastion_port" = 22
    "bastion_user" = "sshuser"
  }
}

References

@ghost ghost added the size/XL label May 24, 2019
@dominik-lekse dominik-lekse changed the title Draft: Support for connections via via SSH bastion host Support for connections via SSH bastion host May 24, 2019
@mavogel
Copy link
Contributor

mavogel commented May 26, 2019

Nice work @dominik-lekse !

  • Maybe the setup of an example will help you for a test setup on AWS. You need to add the Postgres of course but I am also curious how we could test it on docker locally.
  • Maybe also the library https://github.com/mavogel/go-ssh-forward will be an option instead of copying the code from tf-core or we could also wrap it all into the library. I quick-hacked it back in the time, which was not satisfying but the POC worked.

Let's get it cleanly working here, because I also would like to add it to the docker provider

@dleske
Copy link

dleske commented Jun 6, 2019

Geez, what kind of crazy name is "lekse"? ;)

This is an excellent addition; I have been using Terraform with OpenStack but do not want my database server exposed globally, and I was thinking I would have to run Terraform within the tenant or something. For me this addition greatly increases the value of the PostgreSQL provider.

@voltechs
Copy link

Any update on this? This would be a major boon for myself and my team, and I know a lot of other people are eager for this as well.

@RobRoseKnows
Copy link

Nice work @dominik-lekse !

  • Maybe the setup of an example will help you for a test setup on AWS. You need to add the Postgres of course but I am also curious how we could test it on docker locally.
  • Maybe also the library https://github.com/mavogel/go-ssh-forward will be an option instead of copying the code from tf-core or we could also wrap it all into the library. I quick-hacked it back in the time, which was not satisfying but the POC worked.

Let's get it cleanly working here, because I also would like to add it to the docker provider

It may be worthwhile to move the code from tf-core into a library simply because there are other providers (MySQL, etc) that could probably use this same code.

Either way, what's this waiting on? I'm not too familiar with Go, but I'd really like to get this working, if you definitive tasks that need to be done, I could contribute.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants