New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Azure Entra/AD Authentication to PostgreSQL Plugin #76638
Comments
@gabor curious if you guys would accept a PR implementing an approach similar to the one taken in the Postgres terraform provider (relevant docs here)? Specifically, Entra authentication on Azure does not require any fundamental change to the password authentication flow, but instead we just need to call an endpoint to get a token first which we then use as a normal password when connecting to postgres. Taken from terraform-provider-postgresql: func acquireAzureOauthToken(tenantId string) (string, error) {
credential, err := azidentity.NewDefaultAzureCredential(
&azidentity.DefaultAzureCredentialOptions{TenantID: tenantId})
if err != nil {
return "", err
}
token, err := credential.GetToken(context.Background(), policy.TokenRequestOptions{
Scopes: []string{"https://ossrdbms-aad.database.windows.net/.default"},
TenantID: tenantId,
})
if err != nil {
return "", err
}
return token.Token, nil
} Ideally I'd adjust the use of Might also be worth looking at how azure-data-explorer-datasource handles things... |
hi @jarpoole , thanks for the extra info 👍 . unfortunately, currently we are not planning to add this authentication method to the postgres datasource plugin. |
That is unfortunate but thank you for taking the time to respond! I was moreso hoping you'd accept a community contribution but didn't know what the vibe was for this project. |
@jarpoole i understand. in general community contributions are very welcome, but unless they are trivial small changes like bugfixes, it's best to ask before, because sometimes our plans do not align with the contribution. (I know you asked, thanks for that 👍 ). in this case, adding azure-ad-auth would mean that we take on also the responsibility to test this, and keep testing it in the future, also, what does this mean for mysql and other datasource plugins, and so on. there are simply a bunch of extra work involved here, and right now we are not planning to handle that. sorry. |
Why is this needed:
I'm currently working with a customer that mandates PostgreSQL database access via Azure AD Authentication. However, the current PostgreSQL plugin supports only username and password-based authentication.
What would you like to be added:
I'm requesting an enhancement that would enable the PostgreSQL Plugin to support Azure AD Authentication for logging in.
Who is this feature for?
This feature is primarily intended for Grafana users who need to access PostgreSQL data sources using Azure AD Authentication.
The text was updated successfully, but these errors were encountered: