Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support Service Account Impersonation #392

Closed
hessjcg opened this issue Jul 18, 2023 · 3 comments · Fixed by #445 or #474
Closed

Support Service Account Impersonation #392

hessjcg opened this issue Jul 18, 2023 · 3 comments · Fixed by #445 or #474
Assignees
@hessjcg
Labels
priority: p1 Important issue which blocks shipping the next release. Will be fixed prior to next release. type: feature request ‘Nice-to-have’ improvement, new feature or different behavior or design.

Comments

@hessjcg
Copy link
Collaborator

hessjcg commented Jul 18, 2023

Add support for configuring the proxy's Service Account Impersonation flag --impersonate-service-account
@hessjcg hessjcg added type: feature request ‘Nice-to-have’ improvement, new feature or different behavior or design. priority: p1 Important issue which blocks shipping the next release. Will be fixed prior to next release. labels Jul 18, 2023
@hessjcg hessjcg mentioned this issue Jul 18, 2023
Closed
hessjcg added a commit that referenced this issue Jul 19, 2023
@hessjcg
Merge branch 'main' into gh-392-service-acct-impersonation
3fa1136
@enocom
Copy link
Member

enocom commented Aug 16, 2023

I think we should hold off on this until there's compelling user interest. Closing for now.

@enocom enocom closed this as completed Aug 16, 2023
@hessjcg hessjcg mentioned this issue Sep 20, 2023
Merged
@enocom enocom reopened this Oct 20, 2023
@jadenlemmon
Copy link

@enocom Answering question from here.

Our use case is we have a pod that needs access to GCP services such as Cloud Storage. This same pod also needs to access Cloud SQL. We access Cloud SQL via an IAM user added as a user on the instance. We don't want to add the pod service account as an IAM user on the Cloud SQL instance but prefer to access via service account impersonation.

This is so we can maintain simplicity at the Postgres level itself by only managing one user but can grant access to the Cloud SQL instance by granting impersonation rights to other acting service accounts.

@enocom
Copy link
Member

enocom commented Oct 20, 2023

Sounds totally legitimate. Thanks for the info. We'll get this feature merged.

hessjcg added a commit that referenced this issue Oct 24, 2023
@hessjcg
Merge branch 'main' into gh-392-service-acct-impersonation
e49c485
hessjcg added a commit that referenced this issue Oct 24, 2023
@hessjcg
Merge branch 'main' into gh-392-service-acct-impersonation
996951f
hessjcg added a commit that referenced this issue Oct 24, 2023
@hessjcg
feat: Add support for Service Account Impersonation. (#445)
4d8e277 
Now users can configure the proxy's --service-account-impersonation parameter.

Fixes #392
@release-please release-please bot mentioned this issue Oct 24, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hessjcg hessjcg

Labels
priority: p1 Important issue which blocks shipping the next release. Will be fixed prior to next release. type: feature request ‘Nice-to-have’ improvement, new feature or different behavior or design.
Projects
None yet
Milestone
No milestone
3 participants
@enocom @jadenlemmon @hessjcg