Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rotate SQL User credentials #856

Merged
merged 14 commits into from
Apr 7, 2020
Merged

Rotate SQL User credentials #856

merged 14 commits into from
Apr 7, 2020

Conversation

cnadolny
Copy link
Contributor

@cnadolny cnadolny commented Mar 31, 2020
edited
Loading

Closes #537

What this PR does / why we need it:
Currently there is a way to roll admin credentials to the SQL server, but not SQL Database user credentials. This extends SQL Action to add that functionality.

When checking if the user exists or not, the code was using the kube namespaced name exclusively, thus it would always come up as a negative if the secret client was Key Vault. Refactored logic around with dbUserCustomNamespace, put the check for the sql user secret key value into one function.

Special notes for your reviewer:
To test:

  • Create SQL Server + DB
  • Create Firewall rule
  • Create Create SQL User
  • Create SQL action with action rollusercreds. Specify SQL User from above. Observe in Key Vault that credentials have updated.

How does this PR make you feel:
gif

If applicable:

  • this PR contains documentation
  • this PR contains tests

@cnadolny cnadolny changed the title WIP: Rotate SQL User credentials Rotate SQL User credentials Apr 3, 2020
@cnadolny
Copy link
Contributor Author

cnadolny commented Apr 6, 2020

/azp run

@azure-pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@frodopwns frodopwns requested a review from jpflueger April 6, 2020 16:17
jpflueger
jpflueger previously approved these changes Apr 7, 2020
View reviewed changes
Copy link
Contributor

@jpflueger jpflueger left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code looks good to me and local test run worked great

jpflueger
jpflueger previously approved these changes Apr 7, 2020
View reviewed changes
Copy link
Contributor

@jpflueger jpflueger left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code looks good to me.

docs/azuresql/azuresql.md Outdated Show resolved Hide resolved
jpflueger
jpflueger approved these changes Apr 7, 2020
View reviewed changes
Copy link
Contributor

@jpflueger jpflueger left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM #3

@jpflueger jpflueger merged commit f661409 into Azure:master Apr 7, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jpflueger jpflueger jpflueger approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Task: Ability to rotate SQL DB user credentials
2 participants
@cnadolny @jpflueger