From 4d9fe05f5a0a4a4ae204d64a88fd54f79e87e9fb Mon Sep 17 00:00:00 2001 From: Garrett Delfosse Date: Wed, 20 Mar 2024 13:14:43 -0400 Subject: [PATCH] feat: add awsiamrds db auth driver (#12566) --- cli/server.go | 29 +++++-- cli/server_createadminuser.go | 20 ++++- cli/testdata/coder_server_--help.golden | 3 + ...der_server_create-admin-user_--help.golden | 3 + cli/testdata/server-config.yaml.golden | 3 + coderd/apidoc/docs.go | 3 + coderd/apidoc/swagger.json | 3 + coderd/database/awsiamrds/awsiamrds.go | 84 +++++++++++++++++++ coderd/database/awsiamrds/awsiamrds_test.go | 50 +++++++++++ codersdk/deployment.go | 22 +++++ docs/api/general.md | 1 + docs/api/schemas.md | 3 + docs/cli/server.md | 11 +++ docs/cli/server_create-admin-user.md | 10 +++ docs/cli/server_dbcrypt_decrypt.md | 10 +++ docs/cli/server_dbcrypt_delete.md | 10 +++ docs/cli/server_dbcrypt_rotate.md | 10 +++ enterprise/cli/server_dbcrypt.go | 74 +++++++++++++--- .../cli/testdata/coder_server_--help.golden | 3 + ...der_server_create-admin-user_--help.golden | 3 + ...coder_server_dbcrypt_decrypt_--help.golden | 3 + .../coder_server_dbcrypt_delete_--help.golden | 3 + .../coder_server_dbcrypt_rotate_--help.golden | 3 + go.mod | 31 +++---- go.sum | 62 +++++++------- site/src/api/typesGenerated.ts | 5 ++ 26 files changed, 400 insertions(+), 62 deletions(-) create mode 100644 coderd/database/awsiamrds/awsiamrds.go create mode 100644 coderd/database/awsiamrds/awsiamrds_test.go diff --git a/cli/server.go b/cli/server.go index f371c30156..f2178d470a 100644 --- a/cli/server.go +++ b/cli/server.go @@ -64,6 +64,7 @@ import ( "github.com/coder/coder/v2/coderd/autobuild" "github.com/coder/coder/v2/coderd/batchstats" "github.com/coder/coder/v2/coderd/database" + "github.com/coder/coder/v2/coderd/database/awsiamrds" "github.com/coder/coder/v2/coderd/database/dbmem" "github.com/coder/coder/v2/coderd/database/dbmetrics" "github.com/coder/coder/v2/coderd/database/dbpurge" @@ -668,12 +669,7 @@ func (r *RootCmd) Server(newAPI func(context.Context, *coderd.Options) (*coderd. options.Database = dbmem.New() options.Pubsub = pubsub.NewInMemory() } else { - dbURL, err := escapePostgresURLUserInfo(vals.PostgresURL.String()) - if err != nil { - return xerrors.Errorf("escaping postgres URL: %w", err) - } - - sqlDB, err := ConnectToPostgres(ctx, logger, sqlDriver, dbURL) + sqlDB, dbURL, err := getPostgresDB(ctx, logger, vals.PostgresURL.String(), codersdk.PostgresAuth(vals.PostgresAuth), sqlDriver) if err != nil { return xerrors.Errorf("connect to postgres: %w", err) } @@ -2556,3 +2552,24 @@ func signalNotifyContext(ctx context.Context, inv *serpent.Invocation, sig ...os } return inv.SignalNotifyContext(ctx, sig...) } + +func getPostgresDB(ctx context.Context, logger slog.Logger, postgresURL string, auth codersdk.PostgresAuth, sqlDriver string) (*sql.DB, string, error) { + dbURL, err := escapePostgresURLUserInfo(postgresURL) + if err != nil { + return nil, "", xerrors.Errorf("escaping postgres URL: %w", err) + } + + if auth == codersdk.PostgresAuthAWSIAMRDS { + sqlDriver, err = awsiamrds.Register(ctx, sqlDriver) + if err != nil { + return nil, "", xerrors.Errorf("register aws rds iam auth: %w", err) + } + } + + sqlDB, err := ConnectToPostgres(ctx, logger, sqlDriver, dbURL) + if err != nil { + return nil, "", xerrors.Errorf("connect to postgres: %w", err) + } + + return sqlDB, dbURL, nil +} diff --git a/cli/server_createadminuser.go b/cli/server_createadminuser.go index 2444018b11..278ecafb06 100644 --- a/cli/server_createadminuser.go +++ b/cli/server_createadminuser.go @@ -13,6 +13,7 @@ import ( "cdr.dev/slog/sloggers/sloghuman" "github.com/coder/coder/v2/cli/cliui" "github.com/coder/coder/v2/coderd/database" + "github.com/coder/coder/v2/coderd/database/awsiamrds" "github.com/coder/coder/v2/coderd/database/dbtime" "github.com/coder/coder/v2/coderd/gitsshkey" "github.com/coder/coder/v2/coderd/httpapi" @@ -25,6 +26,7 @@ import ( func (r *RootCmd) newCreateAdminUserCommand() *serpent.Command { var ( newUserDBURL string + newUserPgAuth string newUserSSHKeygenAlgorithm string newUserUsername string newUserEmail string @@ -62,7 +64,15 @@ func (r *RootCmd) newCreateAdminUserCommand() *serpent.Command { newUserDBURL = url } - sqlDB, err := ConnectToPostgres(ctx, logger, "postgres", newUserDBURL) + sqlDriver := "postgres" + if codersdk.PostgresAuth(newUserPgAuth) == codersdk.PostgresAuthAWSIAMRDS { + sqlDriver, err = awsiamrds.Register(inv.Context(), sqlDriver) + if err != nil { + return xerrors.Errorf("register aws rds iam auth: %w", err) + } + } + + sqlDB, err := ConnectToPostgres(ctx, logger, sqlDriver, newUserDBURL) if err != nil { return xerrors.Errorf("connect to postgres: %w", err) } @@ -243,6 +253,14 @@ func (r *RootCmd) newCreateAdminUserCommand() *serpent.Command { Description: "URL of a PostgreSQL database. If empty, the built-in PostgreSQL deployment will be used (Coder must not be already running in this case).", Value: serpent.StringOf(&newUserDBURL), }, + serpent.Option{ + Name: "Postgres Connection Auth", + Description: "Type of auth to use when connecting to postgres.", + Flag: "postgres-connection-auth", + Env: "CODER_PG_CONNECTION_AUTH", + Default: "password", + Value: serpent.EnumOf(&newUserPgAuth, codersdk.PostgresAuthDrivers...), + }, serpent.Option{ Env: "CODER_SSH_KEYGEN_ALGORITHM", Flag: "ssh-keygen-algorithm", diff --git a/cli/testdata/coder_server_--help.golden b/cli/testdata/coder_server_--help.golden index a19d9e91b2..f7ba3b2f80 100644 --- a/cli/testdata/coder_server_--help.golden +++ b/cli/testdata/coder_server_--help.golden @@ -44,6 +44,9 @@ OPTIONS: Separate multiple experiments with commas, or enter '*' to opt-in to all available experiments. + --postgres-auth password|awsiamrds, $CODER_PG_AUTH (default: password) + Type of auth to use when connecting to postgres. + --postgres-url string, $CODER_PG_CONNECTION_URL URL of a PostgreSQL database. If empty, PostgreSQL binaries will be downloaded from Maven (https://repo1.maven.org/maven2) and store all diff --git a/cli/testdata/coder_server_create-admin-user_--help.golden b/cli/testdata/coder_server_create-admin-user_--help.golden index e600132a97..8988557cfa 100644 --- a/cli/testdata/coder_server_create-admin-user_--help.golden +++ b/cli/testdata/coder_server_create-admin-user_--help.golden @@ -7,6 +7,9 @@ USAGE: it to every organization. OPTIONS: + --postgres-connection-auth password|awsiamrds, $CODER_PG_CONNECTION_AUTH (default: password) + Type of auth to use when connecting to postgres. + --email string, $CODER_EMAIL The email of the new user. If not specified, you will be prompted via stdin. diff --git a/cli/testdata/server-config.yaml.golden b/cli/testdata/server-config.yaml.golden index 83b2a770c4..f70d8b8825 100644 --- a/cli/testdata/server-config.yaml.golden +++ b/cli/testdata/server-config.yaml.golden @@ -411,6 +411,9 @@ cacheDir: [cache dir] # Controls whether data will be stored in an in-memory database. # (default: , type: bool) inMemoryDatabase: false +# Type of auth to use when connecting to postgres. +# (default: password, type: enum[password\|awsiamrds]) +pgAuth: password # The algorithm to use for generating ssh keys. Accepted values are "ed25519", # "ecdsa", or "rsa4096". # (default: ed25519, type: string) diff --git a/coderd/apidoc/docs.go b/coderd/apidoc/docs.go index 22f113f732..2e8e5c5d74 100644 --- a/coderd/apidoc/docs.go +++ b/coderd/apidoc/docs.go @@ -9597,6 +9597,9 @@ const docTemplate = `{ "oidc": { "$ref": "#/definitions/codersdk.OIDCConfig" }, + "pg_auth": { + "type": "string" + }, "pg_connection_url": { "type": "string" }, diff --git a/coderd/apidoc/swagger.json b/coderd/apidoc/swagger.json index f0f55d7f6b..8d6e7ccd6b 100644 --- a/coderd/apidoc/swagger.json +++ b/coderd/apidoc/swagger.json @@ -8582,6 +8582,9 @@ "oidc": { "$ref": "#/definitions/codersdk.OIDCConfig" }, + "pg_auth": { + "type": "string" + }, "pg_connection_url": { "type": "string" }, diff --git a/coderd/database/awsiamrds/awsiamrds.go b/coderd/database/awsiamrds/awsiamrds.go new file mode 100644 index 0000000000..1d4ded8ac2 --- /dev/null +++ b/coderd/database/awsiamrds/awsiamrds.go @@ -0,0 +1,84 @@ +package awsiamrds + +import ( + "context" + "database/sql" + "database/sql/driver" + "fmt" + "net/url" + + "github.com/aws/aws-sdk-go-v2/aws" + "github.com/aws/aws-sdk-go-v2/config" + "github.com/aws/aws-sdk-go-v2/feature/rds/auth" + "golang.org/x/xerrors" +) + +type awsIamRdsDriver struct { + parent driver.Driver + cfg aws.Config +} + +var _ driver.Driver = &awsIamRdsDriver{} + +// Register initializes and registers our aws iam rds wrapped database driver. +func Register(ctx context.Context, parentName string) (string, error) { + cfg, err := config.LoadDefaultConfig(ctx) + if err != nil { + return "", err + } + + db, err := sql.Open(parentName, "") + if err != nil { + return "", err + } + + // create a new aws iam rds driver + d := newDriver(db.Driver(), cfg) + name := fmt.Sprintf("%s-awsiamrds", parentName) + sql.Register(fmt.Sprintf("%s-awsiamrds", parentName), d) + + return name, nil +} + +// newDriver will create a new *AwsIamRdsDriver using the environment aws session. +func newDriver(parentDriver driver.Driver, cfg aws.Config) *awsIamRdsDriver { + return &awsIamRdsDriver{ + parent: parentDriver, + cfg: cfg, + } +} + +// Open creates a new connection to the database using the provided name. +func (d *awsIamRdsDriver) Open(name string) (driver.Conn, error) { + // set password with signed aws authentication token for the rds instance + nURL, err := getAuthenticatedURL(d.cfg, name) + if err != nil { + return nil, xerrors.Errorf("assigning authentication token to url: %w", err) + } + + // make connection + conn, err := d.parent.Open(nURL) + if err != nil { + return nil, xerrors.Errorf("opening connection with %s: %w", nURL, err) + } + + return conn, nil +} + +func getAuthenticatedURL(cfg aws.Config, dbURL string) (string, error) { + nURL, err := url.Parse(dbURL) + if err != nil { + return "", xerrors.Errorf("parsing dbURL: %w", err) + } + + // generate a new rds session auth tokenized URL + rdsEndpoint := fmt.Sprintf("%s:%s", nURL.Hostname(), nURL.Port()) + token, err := auth.BuildAuthToken(context.Background(), rdsEndpoint, cfg.Region, nURL.User.Username(), cfg.Credentials) + if err != nil { + return "", xerrors.Errorf("building rds auth token: %w", err) + } + // set token as user password + nURL.User = url.UserPassword(nURL.User.Username(), token) + + return nURL.String(), nil +} diff --git a/coderd/database/awsiamrds/awsiamrds_test.go b/coderd/database/awsiamrds/awsiamrds_test.go new file mode 100644 index 0000000000..d4a1ce1930 --- /dev/null +++ b/coderd/database/awsiamrds/awsiamrds_test.go @@ -0,0 +1,50 @@ +package awsiamrds_test + +import ( + "context" + "os" + "testing" + + "github.com/stretchr/testify/require" + + "cdr.dev/slog/sloggers/slogtest" + + "github.com/coder/coder/v2/cli" + awsrdsiam "github.com/coder/coder/v2/coderd/database/awsiamrds" + "github.com/coder/coder/v2/testutil" +) + +func TestDriver(t *testing.T) { + t.Parallel() + // Be sure to set AWS_DEFAULT_REGION to the database region as well. + // Example: + // export AWS_DEFAULT_REGION=us-east-2; + // export DBAWSIAMRDS_TEST_URL="postgres://user@host:5432/dbname"; + url := os.Getenv("DBAWSIAMRDS_TEST_URL") + if url == "" { + t.Skip() + } + + ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitShort) + defer cancel() + + sqlDriver, err := awsrdsiam.Register(ctx, "postgres") + require.NoError(t, err) + + db, err := cli.ConnectToPostgres(ctx, slogtest.Make(t, nil), sqlDriver, url) + require.NoError(t, err) + defer func() { + _ = db.Close() + }() + + i, err := db.QueryContext(ctx, "select 1;") + require.NoError(t, err) + defer func() { + _ = i.Close() + }() + + require.True(t, i.Next()) + var one int + require.NoError(t, i.Scan(&one)) + require.Equal(t, 1, one) +} diff --git a/codersdk/deployment.go b/codersdk/deployment.go index 512e1fd24c..9f387f7b0f 100644 --- a/codersdk/deployment.go +++ b/codersdk/deployment.go @@ -135,6 +135,18 @@ func (c *Client) Entitlements(ctx context.Context) (Entitlements, error) { return ent, json.NewDecoder(res.Body).Decode(&ent) } +type PostgresAuth string + +const ( + PostgresAuthPassword PostgresAuth = "password" + PostgresAuthAWSIAMRDS PostgresAuth = "awsiamrds" +) + +var PostgresAuthDrivers = []string{ + string(PostgresAuthPassword), + string(PostgresAuthAWSIAMRDS), +} + // DeploymentValues is the central configuration values the coder server. type DeploymentValues struct { Verbose serpent.Bool `json:"verbose,omitempty"` @@ -154,6 +166,7 @@ type DeploymentValues struct { CacheDir serpent.String `json:"cache_directory,omitempty" typescript:",notnull"` InMemoryDatabase serpent.Bool `json:"in_memory_database,omitempty" typescript:",notnull"` PostgresURL serpent.String `json:"pg_connection_url,omitempty" typescript:",notnull"` + PostgresAuth string `json:"pg_auth,omitempty" typescript:",notnull"` OAuth2 OAuth2Config `json:"oauth2,omitempty" typescript:",notnull"` OIDC OIDCConfig `json:"oidc,omitempty" typescript:",notnull"` Telemetry TelemetryConfig `json:"telemetry,omitempty" typescript:",notnull"` @@ -1630,6 +1643,15 @@ when required by your organization's security policy.`, Annotations: serpent.Annotations{}.Mark(annotationSecretKey, "true"), Value: &c.PostgresURL, }, + { + Name: "Postgres Auth", + Description: "Type of auth to use when connecting to postgres.", + Flag: "postgres-auth", + Env: "CODER_PG_AUTH", + Default: "password", + Value: serpent.EnumOf(&c.PostgresAuth, PostgresAuthDrivers...), + YAML: "pgAuth", + }, { Name: "Secure Auth Cookie", Description: "Controls if the 'Secure' property is set on browser session cookies.", diff --git a/docs/api/general.md b/docs/api/general.md index b21adb8acf..69f57b9a99 100644 --- a/docs/api/general.md +++ b/docs/api/general.md @@ -304,6 +304,7 @@ curl -X GET http://coder-server:8080/api/v2/deployment/config \ "user_roles_default": ["string"], "username_field": "string" }, + "pg_auth": "string", "pg_connection_url": "string", "pprof": { "address": { diff --git a/docs/api/schemas.md b/docs/api/schemas.md index 02cba3ec2c..60722a0ab9 100644 --- a/docs/api/schemas.md +++ b/docs/api/schemas.md @@ -2517,6 +2517,7 @@ AuthorizationObject can represent a "set" of objects, such as: all workspaces in "user_roles_default": ["string"], "username_field": "string" }, + "pg_auth": "string", "pg_connection_url": "string", "pprof": { "address": { @@ -2886,6 +2887,7 @@ AuthorizationObject can represent a "set" of objects, such as: all workspaces in "user_roles_default": ["string"], "username_field": "string" }, + "pg_auth": "string", "pg_connection_url": "string", "pprof": { "address": { @@ -3028,6 +3030,7 @@ AuthorizationObject can represent a "set" of objects, such as: all workspaces in | `metrics_cache_refresh_interval` | integer | false | | | | `oauth2` | [codersdk.OAuth2Config](#codersdkoauth2config) | false | | | | `oidc` | [codersdk.OIDCConfig](#codersdkoidcconfig) | false | | | +| `pg_auth` | string | false | | | | `pg_connection_url` | string | false | | | | `pprof` | [codersdk.PprofConfig](#codersdkpprofconfig) | false | | | | `prometheus` | [codersdk.PrometheusConfig](#codersdkprometheusconfig) | false | | | diff --git a/docs/cli/server.md b/docs/cli/server.md index 7bba3086d0..2a793c6faf 100644 --- a/docs/cli/server.md +++ b/docs/cli/server.md @@ -907,6 +907,17 @@ The directory to cache temporary files. If unspecified and $CACHE_DIRECTORY is s URL of a PostgreSQL database. If empty, PostgreSQL binaries will be downloaded from Maven (https://repo1.maven.org/maven2) and store all data in the config root. Access the built-in database with "coder server postgres-builtin-url". +### --postgres-auth + +| | | +| ----------- | -------------------------------------- | +| Type | enum[password\|awsiamrds] | +| Environment | $CODER_PG_AUTH | +| YAML | pgAuth | +| Default | password | + +Type of auth to use when connecting to postgres. + ### --secure-auth-cookie | | | diff --git a/docs/cli/server_create-admin-user.md b/docs/cli/server_create-admin-user.md index 72d754efd1..18088395b1 100644 --- a/docs/cli/server_create-admin-user.md +++ b/docs/cli/server_create-admin-user.md @@ -21,6 +21,16 @@ coder server create-admin-user [flags] URL of a PostgreSQL database. If empty, the built-in PostgreSQL deployment will be used (Coder must not be already running in this case). +### --postgres-connection-auth + +| | | +| ----------- | -------------------------------------- | +| Type | enum[password\|awsiamrds] | +| Environment | $CODER_PG_CONNECTION_AUTH | +| Default | password | + +Type of auth to use when connecting to postgres. + ### --ssh-keygen-algorithm | | | diff --git a/docs/cli/server_dbcrypt_decrypt.md b/docs/cli/server_dbcrypt_decrypt.md index 26ff69919b..e6bae7a29c 100644 --- a/docs/cli/server_dbcrypt_decrypt.md +++ b/docs/cli/server_dbcrypt_decrypt.md @@ -21,6 +21,16 @@ coder server dbcrypt decrypt [flags] The connection URL for the Postgres database. +### --postgres-connection-auth + +| | | +| ----------- | -------------------------------------- | +| Type | enum[password\|awsiamrds] | +| Environment | $CODER_PG_CONNECTION_AUTH | +| Default | password | + +Type of auth to use when connecting to postgres. + ### --keys | | | diff --git a/docs/cli/server_dbcrypt_delete.md b/docs/cli/server_dbcrypt_delete.md index ed81a77603..ff8128f884 100644 --- a/docs/cli/server_dbcrypt_delete.md +++ b/docs/cli/server_dbcrypt_delete.md @@ -25,6 +25,16 @@ coder server dbcrypt delete [flags] The connection URL for the Postgres database. +### --postgres-connection-auth + +| | | +| ----------- | -------------------------------------- | +| Type | enum[password\|awsiamrds] | +| Environment | $CODER_PG_CONNECTION_AUTH | +| Default | password | + +Type of auth to use when connecting to postgres. + ### -y, --yes | | | diff --git a/docs/cli/server_dbcrypt_rotate.md b/docs/cli/server_dbcrypt_rotate.md index 86b40edff6..b54903afc7 100644 --- a/docs/cli/server_dbcrypt_rotate.md +++ b/docs/cli/server_dbcrypt_rotate.md @@ -21,6 +21,16 @@ coder server dbcrypt rotate [flags] The connection URL for the Postgres database. +### --postgres-connection-auth + +| | | +| ----------- | -------------------------------------- | +| Type | enum[password\|awsiamrds] | +| Environment | $CODER_PG_CONNECTION_AUTH | +| Default | password | + +Type of auth to use when connecting to postgres. + ### --new-key | | | diff --git a/enterprise/cli/server_dbcrypt.go b/enterprise/cli/server_dbcrypt.go index 30c358dd12..148303f854 100644 --- a/enterprise/cli/server_dbcrypt.go +++ b/enterprise/cli/server_dbcrypt.go @@ -12,6 +12,8 @@ import ( "cdr.dev/slog/sloggers/sloghuman" "github.com/coder/coder/v2/cli" "github.com/coder/coder/v2/cli/cliui" + "github.com/coder/coder/v2/coderd/database/awsiamrds" + "github.com/coder/coder/v2/codersdk" "github.com/coder/coder/v2/enterprise/dbcrypt" "github.com/coder/serpent" @@ -88,7 +90,15 @@ func (*RootCmd) dbcryptRotateCmd() *serpent.Command { return err } - sqlDB, err := cli.ConnectToPostgres(inv.Context(), logger, "postgres", flags.PostgresURL) + sqlDriver := "postgres" + if codersdk.PostgresAuth(flags.PostgresAuth) == codersdk.PostgresAuthAWSIAMRDS { + sqlDriver, err = awsiamrds.Register(inv.Context(), sqlDriver) + if err != nil { + return xerrors.Errorf("register aws rds iam auth: %w", err) + } + } + + sqlDB, err := cli.ConnectToPostgres(inv.Context(), logger, sqlDriver, flags.PostgresURL) if err != nil { return xerrors.Errorf("connect to postgres: %w", err) } @@ -145,7 +155,15 @@ func (*RootCmd) dbcryptDecryptCmd() *serpent.Command { return err } - sqlDB, err := cli.ConnectToPostgres(inv.Context(), logger, "postgres", flags.PostgresURL) + sqlDriver := "postgres" + if codersdk.PostgresAuth(flags.PostgresAuth) == codersdk.PostgresAuthAWSIAMRDS { + sqlDriver, err = awsiamrds.Register(inv.Context(), sqlDriver) + if err != nil { + return xerrors.Errorf("register aws rds iam auth: %w", err) + } + } + + sqlDB, err := cli.ConnectToPostgres(inv.Context(), logger, sqlDriver, flags.PostgresURL) if err != nil { return xerrors.Errorf("connect to postgres: %w", err) } @@ -192,7 +210,16 @@ Are you sure you want to continue?` return err } - sqlDB, err := cli.ConnectToPostgres(inv.Context(), logger, "postgres", flags.PostgresURL) + var err error + sqlDriver := "postgres" + if codersdk.PostgresAuth(flags.PostgresAuth) == codersdk.PostgresAuthAWSIAMRDS { + sqlDriver, err = awsiamrds.Register(inv.Context(), sqlDriver) + if err != nil { + return xerrors.Errorf("register aws rds iam auth: %w", err) + } + } + + sqlDB, err := cli.ConnectToPostgres(inv.Context(), logger, sqlDriver, flags.PostgresURL) if err != nil { return xerrors.Errorf("connect to postgres: %w", err) } @@ -212,9 +239,10 @@ Are you sure you want to continue?` } type rotateFlags struct { - PostgresURL string - New string - Old []string + PostgresURL string + PostgresAuth string + New string + Old []string } func (f *rotateFlags) attach(opts *serpent.OptionSet) { @@ -226,6 +254,14 @@ func (f *rotateFlags) attach(opts *serpent.OptionSet) { Description: "The connection URL for the Postgres database.", Value: serpent.StringOf(&f.PostgresURL), }, + serpent.Option{ + Name: "Postgres Connection Auth", + Description: "Type of auth to use when connecting to postgres.", + Flag: "postgres-connection-auth", + Env: "CODER_PG_CONNECTION_AUTH", + Default: "password", + Value: serpent.EnumOf(&f.PostgresAuth, codersdk.PostgresAuthDrivers...), + }, serpent.Option{ Flag: "new-key", Env: "CODER_EXTERNAL_TOKEN_ENCRYPTION_ENCRYPT_NEW_KEY", @@ -274,8 +310,9 @@ func (f *rotateFlags) valid() error { } type decryptFlags struct { - PostgresURL string - Keys []string + PostgresURL string + PostgresAuth string + Keys []string } func (f *decryptFlags) attach(opts *serpent.OptionSet) { @@ -287,6 +324,14 @@ func (f *decryptFlags) attach(opts *serpent.OptionSet) { Description: "The connection URL for the Postgres database.", Value: serpent.StringOf(&f.PostgresURL), }, + serpent.Option{ + Name: "Postgres Connection Auth", + Description: "Type of auth to use when connecting to postgres.", + Flag: "postgres-connection-auth", + Env: "CODER_PG_CONNECTION_AUTH", + Default: "password", + Value: serpent.EnumOf(&f.PostgresAuth, codersdk.PostgresAuthDrivers...), + }, serpent.Option{ Flag: "keys", Env: "CODER_EXTERNAL_TOKEN_ENCRYPTION_DECRYPT_KEYS", @@ -318,8 +363,9 @@ func (f *decryptFlags) valid() error { } type deleteFlags struct { - PostgresURL string - Confirm bool + PostgresURL string + PostgresAuth string + Confirm bool } func (f *deleteFlags) attach(opts *serpent.OptionSet) { @@ -331,6 +377,14 @@ func (f *deleteFlags) attach(opts *serpent.OptionSet) { Description: "The connection URL for the Postgres database.", Value: serpent.StringOf(&f.PostgresURL), }, + serpent.Option{ + Name: "Postgres Connection Auth", + Description: "Type of auth to use when connecting to postgres.", + Flag: "postgres-connection-auth", + Env: "CODER_PG_CONNECTION_AUTH", + Default: "password", + Value: serpent.EnumOf(&f.PostgresAuth, codersdk.PostgresAuthDrivers...), + }, cliui.SkipPromptOption(), ) } diff --git a/enterprise/cli/testdata/coder_server_--help.golden b/enterprise/cli/testdata/coder_server_--help.golden index 6e717b5735..50dfa3bdd4 100644 --- a/enterprise/cli/testdata/coder_server_--help.golden +++ b/enterprise/cli/testdata/coder_server_--help.golden @@ -45,6 +45,9 @@ OPTIONS: Separate multiple experiments with commas, or enter '*' to opt-in to all available experiments. + --postgres-auth password|awsiamrds, $CODER_PG_AUTH (default: password) + Type of auth to use when connecting to postgres. + --postgres-url string, $CODER_PG_CONNECTION_URL URL of a PostgreSQL database. If empty, PostgreSQL binaries will be downloaded from Maven (https://repo1.maven.org/maven2) and store all diff --git a/enterprise/cli/testdata/coder_server_create-admin-user_--help.golden b/enterprise/cli/testdata/coder_server_create-admin-user_--help.golden index e600132a97..8988557cfa 100644 --- a/enterprise/cli/testdata/coder_server_create-admin-user_--help.golden +++ b/enterprise/cli/testdata/coder_server_create-admin-user_--help.golden @@ -7,6 +7,9 @@ USAGE: it to every organization. OPTIONS: + --postgres-connection-auth password|awsiamrds, $CODER_PG_CONNECTION_AUTH (default: password) + Type of auth to use when connecting to postgres. + --email string, $CODER_EMAIL The email of the new user. If not specified, you will be prompted via stdin. diff --git a/enterprise/cli/testdata/coder_server_dbcrypt_decrypt_--help.golden b/enterprise/cli/testdata/coder_server_dbcrypt_decrypt_--help.golden index 270abf2a5f..8f621ab10a 100644 --- a/enterprise/cli/testdata/coder_server_dbcrypt_decrypt_--help.golden +++ b/enterprise/cli/testdata/coder_server_dbcrypt_decrypt_--help.golden @@ -6,6 +6,9 @@ USAGE: Decrypt a previously encrypted database. OPTIONS: + --postgres-connection-auth password|awsiamrds, $CODER_PG_CONNECTION_AUTH (default: password) + Type of auth to use when connecting to postgres. + --keys string-array, $CODER_EXTERNAL_TOKEN_ENCRYPTION_DECRYPT_KEYS Keys required to decrypt existing data. Must be a comma-separated list of base64-encoded keys. diff --git a/enterprise/cli/testdata/coder_server_dbcrypt_delete_--help.golden b/enterprise/cli/testdata/coder_server_dbcrypt_delete_--help.golden index c1a28dcfef..8d3eda851d 100644 --- a/enterprise/cli/testdata/coder_server_dbcrypt_delete_--help.golden +++ b/enterprise/cli/testdata/coder_server_dbcrypt_delete_--help.golden @@ -8,6 +8,9 @@ USAGE: Aliases: rm OPTIONS: + --postgres-connection-auth password|awsiamrds, $CODER_PG_CONNECTION_AUTH (default: password) + Type of auth to use when connecting to postgres. + --postgres-url string, $CODER_EXTERNAL_TOKEN_ENCRYPTION_POSTGRES_URL The connection URL for the Postgres database. diff --git a/enterprise/cli/testdata/coder_server_dbcrypt_rotate_--help.golden b/enterprise/cli/testdata/coder_server_dbcrypt_rotate_--help.golden index bd3adcb6af..5961ecebde 100644 --- a/enterprise/cli/testdata/coder_server_dbcrypt_rotate_--help.golden +++ b/enterprise/cli/testdata/coder_server_dbcrypt_rotate_--help.golden @@ -6,6 +6,9 @@ USAGE: Rotate database encryption keys. OPTIONS: + --postgres-connection-auth password|awsiamrds, $CODER_PG_CONNECTION_AUTH (default: password) + Type of auth to use when connecting to postgres. + --new-key string, $CODER_EXTERNAL_TOKEN_ENCRYPTION_ENCRYPT_NEW_KEY The new external token encryption key. Must be base64-encoded. diff --git a/go.mod b/go.mod index d8c98b20a6..3d46eb2c5f 100644 --- a/go.mod +++ b/go.mod @@ -82,7 +82,7 @@ require ( github.com/andybalholm/brotli v1.1.0 github.com/armon/circbuf v0.0.0-20190214190532-5111143e8da2 github.com/awalterschulze/gographviz v2.0.3+incompatible - github.com/aws/smithy-go v1.20.0 + github.com/aws/smithy-go v1.20.1 github.com/bgentry/speakeasy v0.1.1-0.20220910012023-760eaf8b6816 github.com/bramvdbogaerde/go-scp v1.3.0 github.com/briandowns/spinner v1.18.1 @@ -208,13 +208,13 @@ require go.uber.org/mock v0.4.0 require ( github.com/benbjohnson/clock v1.3.5 - github.com/coder/serpent v0.5.0 + github.com/coder/serpent v0.7.0 github.com/gomarkdown/markdown v0.0.0-20231222211730-1d6d20845b47 ) require ( github.com/DataDog/go-libddwaf/v2 v2.3.1 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.1 // indirect github.com/mitchellh/hashstructure v1.1.0 // indirect github.com/pion/transport/v2 v2.0.0 // indirect github.com/tdewolff/test v1.0.11-0.20240106005702-7de5f7df4739 // indirect @@ -247,18 +247,19 @@ require ( github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be // indirect github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect github.com/armon/go-radix v1.0.1-0.20221118154546-54df44f2176c // indirect - github.com/aws/aws-sdk-go-v2 v1.24.1 // indirect - github.com/aws/aws-sdk-go-v2/config v1.26.1 // indirect - github.com/aws/aws-sdk-go-v2/credentials v1.16.12 // indirect - github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.10 // indirect - github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10 // indirect - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10 // indirect - github.com/aws/aws-sdk-go-v2/internal/ini v1.7.2 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.9 // indirect - github.com/aws/aws-sdk-go-v2/service/ssm v1.44.5 // indirect - github.com/aws/aws-sdk-go-v2/service/sso v1.18.5 // indirect - github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.5 // indirect - github.com/aws/aws-sdk-go-v2/service/sts v1.26.5 // indirect + github.com/aws/aws-sdk-go-v2 v1.25.3 + github.com/aws/aws-sdk-go-v2/config v1.27.7 + github.com/aws/aws-sdk-go-v2/credentials v1.17.7 // indirect + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.15.3 // indirect + github.com/aws/aws-sdk-go-v2/feature/rds/auth v1.4.3 + github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.3 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.3 // indirect + github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.5 // indirect + github.com/aws/aws-sdk-go-v2/service/ssm v1.49.3 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.20.2 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.2 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.28.4 // indirect github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect github.com/aymerick/douceur v0.2.0 // indirect github.com/beorn7/perks v1.0.1 // indirect diff --git a/go.sum b/go.sum index a57a97c92d..4b2328caf3 100644 --- a/go.sum +++ b/go.sum @@ -92,34 +92,36 @@ github.com/armon/go-radix v1.0.1-0.20221118154546-54df44f2176c h1:651/eoCRnQ7YtS github.com/armon/go-radix v1.0.1-0.20221118154546-54df44f2176c/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= github.com/awalterschulze/gographviz v2.0.3+incompatible h1:9sVEXJBJLwGX7EQVhLm2elIKCm7P2YHFC8v6096G09E= github.com/awalterschulze/gographviz v2.0.3+incompatible/go.mod h1:GEV5wmg4YquNw7v1kkyoX9etIk8yVmXj+AkDHuuETHs= -github.com/aws/aws-sdk-go-v2 v1.24.1 h1:xAojnj+ktS95YZlDf0zxWBkbFtymPeDP+rvUQIH3uAU= -github.com/aws/aws-sdk-go-v2 v1.24.1/go.mod h1:LNh45Br1YAkEKaAqvmE1m8FUx6a5b/V0oAKV7of29b4= -github.com/aws/aws-sdk-go-v2/config v1.26.1 h1:z6DqMxclFGL3Zfo+4Q0rLnAZ6yVkzCRxhRMsiRQnD1o= -github.com/aws/aws-sdk-go-v2/config v1.26.1/go.mod h1:ZB+CuKHRbb5v5F0oJtGdhFTelmrxd4iWO1lf0rQwSAg= -github.com/aws/aws-sdk-go-v2/credentials v1.16.12 h1:v/WgB8NxprNvr5inKIiVVrXPuuTegM+K8nncFkr1usU= -github.com/aws/aws-sdk-go-v2/credentials v1.16.12/go.mod h1:X21k0FjEJe+/pauud82HYiQbEr9jRKY3kXEIQ4hXeTQ= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.10 h1:w98BT5w+ao1/r5sUuiH6JkVzjowOKeOJRHERyy1vh58= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.10/go.mod h1:K2WGI7vUvkIv1HoNbfBA1bvIZ+9kL3YVmWxeKuLQsiw= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10 h1:vF+Zgd9s+H4vOXd5BMaPWykta2a6Ih0AKLq/X6NYKn4= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10/go.mod h1:6BkRjejp/GR4411UGqkX8+wFMbFbqsUIimfK4XjOKR4= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10 h1:nYPe006ktcqUji8S2mqXf9c/7NdiKriOwMvWQHgYztw= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10/go.mod h1:6UV4SZkVvmODfXKql4LCbaZUpF7HO2BX38FgBf9ZOLw= -github.com/aws/aws-sdk-go-v2/internal/ini v1.7.2 h1:GrSw8s0Gs/5zZ0SX+gX4zQjRnRsMJDJ2sLur1gRBhEM= -github.com/aws/aws-sdk-go-v2/internal/ini v1.7.2/go.mod h1:6fQQgfuGmw8Al/3M2IgIllycxV7ZW7WCdVSqfBeUiCY= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 h1:/b31bi3YVNlkzkBrm9LfpaKoaYZUxIAj4sHfOTmLfqw= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4/go.mod h1:2aGXHFmbInwgP9ZfpmdIfOELL79zhdNYNmReK8qDfdQ= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.9 h1:Nf2sHxjMJR8CSImIVCONRi4g0Su3J+TSTbS7G0pUeMU= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.9/go.mod h1:idky4TER38YIjr2cADF1/ugFMKvZV7p//pVeV5LZbF0= -github.com/aws/aws-sdk-go-v2/service/ssm v1.44.5 h1:5SI5O2tMp/7E/FqhYnaKdxbWjlCi2yujjNI/UO725iU= -github.com/aws/aws-sdk-go-v2/service/ssm v1.44.5/go.mod h1:uXndCJoDO9gpuK24rNWVCnrGNUydKFEAYAZ7UU9S0rQ= -github.com/aws/aws-sdk-go-v2/service/sso v1.18.5 h1:ldSFWz9tEHAwHNmjx2Cvy1MjP5/L9kNoR0skc6wyOOM= -github.com/aws/aws-sdk-go-v2/service/sso v1.18.5/go.mod h1:CaFfXLYL376jgbP7VKC96uFcU8Rlavak0UlAwk1Dlhc= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.5 h1:2k9KmFawS63euAkY4/ixVNsYYwrwnd5fIvgEKkfZFNM= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.5/go.mod h1:W+nd4wWDVkSUIox9bacmkBP5NMFQeTJ/xqNabpzSR38= -github.com/aws/aws-sdk-go-v2/service/sts v1.26.5 h1:5UYvv8JUvllZsRnfrcMQ+hJ9jNICmcgKPAO1CER25Wg= -github.com/aws/aws-sdk-go-v2/service/sts v1.26.5/go.mod h1:XX5gh4CB7wAs4KhcF46G6C8a2i7eupU19dcAAE+EydU= -github.com/aws/smithy-go v1.20.0 h1:6+kZsCXZwKxZS9RfISnPc4EXlHoyAkm2hPuM8X2BrrQ= -github.com/aws/smithy-go v1.20.0/go.mod h1:uo5RKksAl4PzhqaAbjd4rLgFoq5koTsQKYuGe7dklGc= +github.com/aws/aws-sdk-go-v2 v1.25.3 h1:xYiLpZTQs1mzvz5PaI6uR0Wh57ippuEthxS4iK5v0n0= +github.com/aws/aws-sdk-go-v2 v1.25.3/go.mod h1:35hUlJVYd+M++iLI3ALmVwMOyRYMmRqUXpTtRGW+K9I= +github.com/aws/aws-sdk-go-v2/config v1.27.7 h1:JSfb5nOQF01iOgxFI5OIKWwDiEXWTyTgg1Mm1mHi0A4= +github.com/aws/aws-sdk-go-v2/config v1.27.7/go.mod h1:PH0/cNpoMO+B04qET699o5W92Ca79fVtbUnvMIZro4I= +github.com/aws/aws-sdk-go-v2/credentials v1.17.7 h1:WJd+ubWKoBeRh7A5iNMnxEOs982SyVKOJD+K8HIezu4= +github.com/aws/aws-sdk-go-v2/credentials v1.17.7/go.mod h1:UQi7LMR0Vhvs+44w5ec8Q+VS+cd10cjwgHwiVkE0YGU= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.15.3 h1:p+y7FvkK2dxS+FEwRIDHDe//ZX+jDhP8HHE50ppj4iI= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.15.3/go.mod h1:/fYB+FZbDlwlAiynK9KDXlzZl3ANI9JkD0Uhz5FjNT4= +github.com/aws/aws-sdk-go-v2/feature/rds/auth v1.4.3 h1:mfxA6HX/mla8BrjVHdVD0G49+0Z+xKel//NCPBk0qbo= +github.com/aws/aws-sdk-go-v2/feature/rds/auth v1.4.3/go.mod h1:PjvlBlYNNXPrMAGarXrnV+UYv1T9XyTT2Ono41NQjq8= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.3 h1:ifbIbHZyGl1alsAhPIYsHOg5MuApgqOvVeI8wIugXfs= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.3/go.mod h1:oQZXg3c6SNeY6OZrDY+xHcF4VGIEoNotX2B4PrDeoJI= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.3 h1:Qvodo9gHG9F3E8SfYOspPeBt0bjSbsevK8WhRAUHcoY= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.3/go.mod h1:vCKrdLXtybdf/uQd/YfVR2r5pcbNuEYKzMQpcxmeSJw= +github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 h1:hT8rVHwugYE2lEfdFE0QWVo81lF7jMrYJVDWI+f+VxU= +github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0/go.mod h1:8tu/lYfQfFe6IGnaOdrpVgEL2IrrDOf6/m9RQum4NkY= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.1 h1:EyBZibRTVAs6ECHZOw5/wlylS9OcTzwyjeQMudmREjE= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.1/go.mod h1:JKpmtYhhPs7D97NL/ltqz7yCkERFW5dOlHyVl66ZYF8= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.5 h1:K/NXvIftOlX+oGgWGIa3jDyYLDNsdVhsjHmsBH2GLAQ= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.5/go.mod h1:cl9HGLV66EnCmMNzq4sYOti+/xo8w34CsgzVtm2GgsY= +github.com/aws/aws-sdk-go-v2/service/ssm v1.49.3 h1:iT1/grX+znbCNKzF3nd54/5Zq6CYNnR5ZEHWnuWqULM= +github.com/aws/aws-sdk-go-v2/service/ssm v1.49.3/go.mod h1:loBAHYxz7JyucJvq4xuW9vunu8iCzjNYfSrQg2QEczA= +github.com/aws/aws-sdk-go-v2/service/sso v1.20.2 h1:XOPfar83RIRPEzfihnp+U6udOveKZJvPQ76SKWrLRHc= +github.com/aws/aws-sdk-go-v2/service/sso v1.20.2/go.mod h1:Vv9Xyk1KMHXrR3vNQe8W5LMFdTjSeWk0gBZBzvf3Qa0= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.2 h1:pi0Skl6mNl2w8qWZXcdOyg197Zsf4G97U7Sso9JXGZE= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.2/go.mod h1:JYzLoEVeLXk+L4tn1+rrkfhkxl6mLDEVaDSvGq9og90= +github.com/aws/aws-sdk-go-v2/service/sts v1.28.4 h1:Ppup1nVNAOWbBOrcoOxaxPeEnSFB2RnnQdguhXpmeQk= +github.com/aws/aws-sdk-go-v2/service/sts v1.28.4/go.mod h1:+K1rNPVyGxkRuv9NNiaZ4YhBFuyw2MMA9SlIJ1Zlpz8= +github.com/aws/smithy-go v1.20.1 h1:4SZlSlMr36UEqC7XOyRVb27XMeZubNcBNN+9IgEPIQw= +github.com/aws/smithy-go v1.20.1/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E= github.com/aymanbagabas/go-osc52 v1.0.3/go.mod h1:zT8H+Rk4VSabYN90pWyugflM3ZhpTZNC7cASDfUCdT4= github.com/aymanbagabas/go-osc52/v2 v2.0.1 h1:HwpRHbFMcZLEVr42D4p7XBqjyuxQH5SMiErDT4WkJ2k= github.com/aymanbagabas/go-osc52/v2 v2.0.1/go.mod h1:uYgXzlJ7ZpABp8OJ+exZzJJhRNQ2ASbcXHWsFqH8hp8= @@ -214,8 +216,8 @@ github.com/coder/pretty v0.0.0-20230908205945-e89ba86370e0 h1:3A0ES21Ke+FxEM8CXx github.com/coder/pretty v0.0.0-20230908205945-e89ba86370e0/go.mod h1:5UuS2Ts+nTToAMeOjNlnHFkPahrtDkmpydBen/3wgZc= github.com/coder/retry v1.5.1 h1:iWu8YnD8YqHs3XwqrqsjoBTAVqT9ml6z9ViJ2wlMiqc= github.com/coder/retry v1.5.1/go.mod h1:blHMk9vs6LkoRT9ZHyuZo360cufXEhrxqvEzeMtRGoY= -github.com/coder/serpent v0.5.0 h1:9p7u3BRYohQjkeN2T4nU4aQJcnDGz3rwezZG2EvH6yA= -github.com/coder/serpent v0.5.0/go.mod h1:REkJ5ZFHQUWFTPLExhXYZ1CaHFjxvGNRlLXLdsI08YA= +github.com/coder/serpent v0.7.0 h1:zGpD2GlF3lKIVkMjNGKbkip88qzd5r/TRcc30X/SrT0= +github.com/coder/serpent v0.7.0/go.mod h1:REkJ5ZFHQUWFTPLExhXYZ1CaHFjxvGNRlLXLdsI08YA= github.com/coder/ssh v0.0.0-20231128192721-70855dedb788 h1:YoUSJ19E8AtuUFVYBpXuOD6a/zVP3rcxezNsoDseTUw= github.com/coder/ssh v0.0.0-20231128192721-70855dedb788/go.mod h1:aGQbuCLyhRLMzZF067xc84Lh7JDs1FKwCmF1Crl9dxQ= github.com/coder/tailscale v1.1.1-0.20240214140224-3788ab894ba1 h1:A7dZHNidAVH6Kxn5D3hTEH+iRO8slnM0aRer6/cxlyE= diff --git a/site/src/api/typesGenerated.ts b/site/src/api/typesGenerated.ts index 22c3fee9bc..e4f2d1f386 100644 --- a/site/src/api/typesGenerated.ts +++ b/site/src/api/typesGenerated.ts @@ -481,6 +481,7 @@ export interface DeploymentValues { readonly cache_directory?: string; readonly in_memory_database?: boolean; readonly pg_connection_url?: string; + readonly pg_auth?: string; readonly oauth2?: OAuth2Config; readonly oidc?: OIDCConfig; readonly telemetry?: TelemetryConfig; @@ -2147,6 +2148,10 @@ export const OAuth2ProviderResponseTypes: OAuth2ProviderResponseType[] = [ "code", ]; +// From codersdk/deployment.go +export type PostgresAuth = "awsiamrds" | "password"; +export const PostgresAuths: PostgresAuth[] = ["awsiamrds", "password"]; + // From codersdk/provisionerdaemons.go export type ProvisionerJobStatus = | "canceled"