Add implicit authentication to Azure Storage & KMS #96972
Assignees
Labels
A-disaster-recovery
C-enhancement
Solution expected to add code/behavior + preserve backward-compat (pg compat issues are exception)
T-disaster-recovery
Comments
benbardin
added
C-enhancement
|
cc @cockroachdb/disaster-recovery |
craig bot
pushed a commit
that referenced
this issue
Feb 15, 2023
96825: pkg/cloud: Add implicit authentication to Azure Storage & KMS r=benbardin a=benbardin This enables users to authenticate to Azure Storage and KeyVault with the Azure Default Credential, described here: https://learn.microsoft.com/en-us/azure/developer/go/azure-sdk-authentication. This supports environmental variable authentication, and also authentication via managed identity if CRDB is running on an Azure platform. The Azure documentation describes which environment variables to set (Tenant ID, Client ID, Client Secret) for RBAC. Once selected, appropriate permissions must still be granted to the authenticating Client to use requested Azure resources. These permissions are described in #96459. Release note (enterprise change): Add support for implicit authentication to Azure Storage and KMS using Azure RBAC. Informs: #96972 97182: storage,sql: add separated value iteration stats to ScanStats r=ericharmeling a=sumeerbhola execinfrapb.ScanStats and execstats.ScanStats have these new fields. The intention here is for traces to show these stats and not to complete the plumbing to expose these in the fingerprint stats table. Informs cockroachdb/pebble#1170 Epic: CRDB-20378 Release note: None 97186: server: reduce logs from pgwire cancel r=erikgrinaker a=rafiss fixes #91386 Now we avoid logging a full stack trace, and also only log if the rate limit was exceeded. This is an indication that someone may be maliciously spamming the query cancel protocol. Release note: None 97191: sqlsmith: skip crdb_internal.fingerprint r=mgartner a=mgartner `crdb_internal.fingerprint` is a recently added builtin function that produces internal errors for some valid inputs. This commit adds it to the sqlsmith skip list until it is fixed. Informs #97097 Epic: None Release note: None 97202: roachtest: add flaky test to activerecord ignore list r=rafiss a=andyyang890 Fixes #97163 Release note: None Co-authored-by: Ben Bardin <bardin@cockroachlabs.com> Co-authored-by: sumeerbhola <sumeer@cockroachlabs.com> Co-authored-by: Rafi Shamim <rafi@cockroachlabs.com> Co-authored-by: Marcus Gartner <marcus@cockroachlabs.com> Co-authored-by: Andy Yang <yang@cockroachlabs.com>
|
@benbardin any release notes to add here for documentation? |
|
Not here, but Kathryn says the commit message/PR description is best anyway, and they are there! #96825 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This is needed to support managed identities on Azure
Jira issue: CRDB-24440
Epic CRDB-18954
The text was updated successfully, but these errors were encountered: