Skip to content

Machine ID: Database Tunnel service#39880

Merged
strideynet merged 13 commits intomasterfrom
strideynet/tbot-db-tunnel
Apr 3, 2024
Merged

Machine ID: Database Tunnel service#39880
strideynet merged 13 commits intomasterfrom
strideynet/tbot-db-tunnel

Conversation

@strideynet
Copy link
Copy Markdown
Contributor

@strideynet strideynet commented Mar 27, 2024
edited
Loading

Part of #36291

Adds a service to tbot which opens an authenticated database access tunnel without needing to run a separate process as previously.

Benefits:

  • Supports rotating credentials
  • Supports listening on a non-loopback interface
  • Avoids needing a second process and systemd service
  • Avoids writing credentials to disk as was previously required

Example config:

version: v2
auth_server: "leaf.tele.ottr.sh:443"
onboarding:
  token: "redacted"
  join_method: "token"

storage:
  type: directory
  path: /Users/noah/code/gravitational/teleport-scratch/configs/tbot/storage

services:
- type: database-tunnel
  listen: tcp://127.0.0.1:25432
  service: postgres-docker
  database: postgres
  username: postgres

changelog: Adds the database-tunnel service to tbot which allows an authenticated database tunnel to be opened by tbot. This is an improvement over the original technique of using tbot proxy db.

@strideynet strideynet marked this pull request as ready for review March 28, 2024 13:54
@github-actions github-actions Bot requested review from gzdunek and probakowski March 28, 2024 13:54
@strideynet strideynet requested a review from timothyb89 March 28, 2024 16:53
gzdunek
gzdunek approved these changes Apr 3, 2024
View reviewed changes
Comment thread lib/tbot/tbot.go Outdated
@public-teleport-github-review-bot public-teleport-github-review-bot Bot removed the request for review from timothyb89 April 3, 2024 07:51
@strideynet strideynet enabled auto-merge April 3, 2024 08:15
@strideynet strideynet added this pull request to the merge queue Apr 3, 2024
@github-merge-queue github-merge-queue Bot removed this pull request from the merge queue due to failed status checks Apr 3, 2024
@strideynet strideynet added this pull request to the merge queue Apr 3, 2024
@github-merge-queue github-merge-queue Bot removed this pull request from the merge queue due to failed status checks Apr 3, 2024
@strideynet strideynet added this pull request to the merge queue Apr 3, 2024
Merged via the queue into master with commit 60da3a1 Apr 3, 2024
@strideynet strideynet deleted the strideynet/tbot-db-tunnel branch April 3, 2024 09:16
@public-teleport-github-review-bot
Copy link
Copy Markdown

public-teleport-github-review-bot Bot commented Apr 3, 2024

@strideynet See the table below for backport results.

Branch Result
branch/v14 Failed
branch/v15 Create PR

@strideynet strideynet mentioned this pull request Apr 3, 2024
Merged
strideynet added a commit that referenced this pull request Apr 3, 2024
@strideynet
Machine ID: Database Tunnel service (#39880)
ea73293 
* Add Database Tunnel service config

* Start putting together the alpnproxy

* Further flesh out database tunnel service

* Reorganize and tidy

* Rearrange to avoid state on struct

* Tidy up logging

* Cache proxypings better

* Spell Cancel the american way

* Remove unnecessary change to client credential output

* Add integration test for db access tunnel

* Fix mistakenley renamed trace

* Fix test panicking

* Remove unnecessary boolean field
@strideynet strideynet mentioned this pull request Apr 3, 2024
Merged
github-merge-queue Bot pushed a commit that referenced this pull request Apr 3, 2024
@strideynet
[v14] Machine ID: Database Tunnel service (#39880) (#40160)
e2c329f 
* Machine ID: Database Tunnel service (#39880)

* Add Database Tunnel service config

* Start putting together the alpnproxy

* Further flesh out database tunnel service

* Reorganize and tidy

* Rearrange to avoid state on struct

* Tidy up logging

* Cache proxypings better

* Spell Cancel the american way

* Remove unnecessary change to client credential output

* Add integration test for db access tunnel

* Fix mistakenley renamed trace

* Fix test panicking

* Remove unnecessary boolean field

* Fix test
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@probakowski probakowski probakowski approved these changes

@gzdunek gzdunek gzdunek approved these changes

Assignees

No one assigned

Labels

machine-id size/lg

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@strideynet @probakowski @gzdunek