role-based credential mappings for PostgreSQL targets#1763
Closed
modanub wants to merge 2 commits intowarp-tech:mainfrom
Closed
role-based credential mappings for PostgreSQL targets#1763modanub wants to merge 2 commits intowarp-tech:mainfrom
modanub wants to merge 2 commits intowarp-tech:mainfrom
Conversation
…gets Allow mapping Warpgate roles to different PostgreSQL credentials per target. When a user connects to a PostgreSQL target, their Warpgate roles are checked against the configured credential mappings. The first matching role determines which database username/password is used for the upstream connection. If no role matches, the target's default credentials are used. This enables multi-tenant database access patterns where different user groups (e.g. admins, developers) connect through the same Warpgate target but authenticate to PostgreSQL with different privilege levels. Changes: - Add PostgresCredentialMapping struct to target config - Add get_user_roles() to ConfigProvider trait - Implement role-based credential selection in PostgreSQL session - Add credential mappings UI in admin panel target editor
Member
|
Thank you for the contribution! Unfortunately, this is not in the scope of the project. If any connection properties (such as target username) must change in response to the user roles, I prefer there to be multiple targets. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Allows configuring per-role database credentials on PostgreSQL targets. When a user connects, their Warpgate roles are matched against the target's credential mappings and the first match determines which upstream DB username/password is used. Falls back to the target's default credentials if nothing matches.
Use case: different user groups (admins, developers) connect through the same Warpgate target but get different PostgreSQL privilege levels without needing separate targets.
Changes:
PostgresCredentialMappingstruct in target config (role → username/password)get_user_roles()onConfigProvidertraitrun_authorizedflow