MsSql DataSource: Add possibility to use authorization via workload identity #80369
Comments
usmangt
added
area/auth
datasource/MySQL
area/datasource
triage/needs-confirmation
|
Hi @sbebrys, Thanks for opening this issue. I will forward this to our Engineers so that they can have a look and might be able to tell more details about it. |
usmangt
added
type/feature-request
datasource/MSSQL
alyssabull
changed the title
|
Thanks for raising this issue. I have added it to our backlog and our team will discuss/update accordingly. |
|
In case someone is self-hosting Grafana in AKS cluster. I could get it to work with some simple changes main changes needed: Etshawy1@e802934 the main requirement is to properly configure the workload identity and you double check that the env variables related to the workload identity are set |
|
This feature could also be added to PostgresSQL servers in Azure. |
|
Hi @usmangt , It's a very important feature to us. When will this pr be merged? Thanks! |
|
Hi @DilongWu , As @alyssabull updated in the comment, it needs to be discussed first with-in the teams if this can be done easily or needs additional resources (that can take some more time). You will get an update once they reach to a final decision |
Why is this needed:
MsSql data source for passwordless authentication has only possibility to use msi, which is limited to the tenant and identity used by grafana server and made solution less secured because access to set of sql servers cannot be controlled more precisely. Workload Identity could easily change that and open gradual access to specific clients (managed identities) within different tenants and also clouds.
What would you like to be added:
Add new auth type based on Workload Identity for MsSql data source, with possibility to choosing for each data source instance cloud, tenantId and clientId as similar requested and accepted change for Azure Monitor #76270.
To be consistent msi auth type should also get possibility to choosing clientId of used identity.
Who is this feature for?
Grafana data source administrator
The text was updated successfully, but these errors were encountered: