Add SSH Tunnel support
agutoli opened this issue · comments
Hello, firstly I want to thank you for this excellent provider. I'm evaluating using this to manage Redash data sources, and I realised it doesn't have SSH tunnel support. Do you guys have a plan to implement, or is it not on roadmap?
Reference:
https://redash.io/help/user-guide/integrations-and-api/ssh-tunnel-api
{
"name": "My Sample Database",
"type": "pg",
"options": {
"host": "private.address.in.my.domain.xyz",
"port": 5432,
"database": "sampledb",
"user": "redash-db-user",
"password": "-------------------",
"ssh_tunnel": {
"ssh_username": "redash-tunnel",
"ssh_port": 22,
"ssh_host": "bastion.my.domain.xyz"
}
}
}
I've implemented SSH tunnel support. I'm not terraform provider expert, so probably will need some more polishing (eventually).
Hey @agutoli no we didn't have any plans to add this support - we only really use Redshift, BigQuery and SnowflakeDB internally so not very high demand for this.
How would this work in a non SaaS deployment? Can you configure the private key portion anywhere or is that something you need to do on the host to have Redash use a particular private key when pushing a connection out?
Hey @jbeemster, how are you doing? I've done some work to implement it, as you probably have seen. We want to use that provider with our Redshift, but it was missing support to SSH tunnel, as I mentioned above. You can read more about how to setup SSH tunnel here.
The API only allows us to specify ssh_username, ssh_port and ssh_port in the options section, any additional options should be possible setup by implementing ssh_tunnel_auth method in dynamic_settings.py here.
dynamic_settings.py
https://github.com/getredash/redash/blob/master/redash/settings/dynamic_settings.py#L39
def ssh_tunnel_auth():
"""
To enable data source connections via SSH tunnels, provide your
SSH authentication pkey here. Return a string pointing at your **private**
key's path (which will be used to extract the public key), or a
`paramiko.pkey.PKey` instance holding your **public** key.
"""
return {
'ssh_private_key': '/app/redash/.ssh/ssh-bastion.pem'
}Redshift paylaod example
{
"name": "My Sample Database",
"type": "pg",
"options": {
"host": "private.address.in.my.domain.xyz",
"port": 5432,
"database": "sampledb",
"user": "redash-db-user",
"password": "-------------------",
"ssh_tunnel": {
"ssh_username": "redash-tunnel",
"ssh_port": 22,
"ssh_host": "bastion.my.domain.xyz"
}
}
}Do you see any chance to my PR's be merged soon? I mean, after you guys reviewing it?
BTW, my implementation looks like:
resource "redash_data_source" "redshift" {
name = "Redshift - Demo"
type = "redshift"
options {
host = "my-domain.com"
port = 5439
dbname = "my-db"
user = "..."
password = "..."
sslmode = "prefer"
// THIS IS THE NEW BLOCK
ssh_tunnel {
ssh_port = 22
ssh_username = "ec2-user"
ssh_host = "my-bastion-address.com"
}
}
}
Thank you @agutoli, great work!
The PR overall looks solid, but we just need to do some formal testing before merging/deploying a new release. Shouldn't take too long as it's a fairly simple change, but just wanted to give you a quick update on where this is at.
PR merged:
#15