Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AspNetCore.HealthChecks.NpgSql (Postgres) health check and Managed Identity on Azure #1813

Closed
steingran opened this issue May 4, 2023 · 5 comments · Fixed by #1832
Closed

AspNetCore.HealthChecks.NpgSql (Postgres) health check and Managed Identity on Azure #1813

steingran opened this issue May 4, 2023 · 5 comments · Fixed by #1832

Comments

@steingran
Copy link

The current health check for Postgres (AspNetCore.HealthChecks.NpgSql, version 6.0.2) does not support Azure Managed Identity tokens as far as I can see.

Are there any workarounds for this, or any plans on adding support for Managed Identity tokens?

Using Managed Identity tokens is increasingly normal to use, so supporting this scenario would be great.
@sungam3r
Copy link
Collaborator

sungam3r commented May 5, 2023

What kind of support are you talking about? Could you provide example?

@steingran
Copy link
Author

It is basically this scenario: https://learn.microsoft.com/en-us/azure/app-service/tutorial-connect-msi-azure-database?tabs=sqldatabase%2Csystemassigned%2Cnetfx%2Cwindowsclient

So we are using PostgreSQL on Azure, and do not want to use username/password as authentication, but rather Azure Managed Identity.

@rob-baldwin
Copy link
Contributor

Hi @steingran, what failures are you getting? As far as I can see, the healtcheck supports a connection string, and the managed identity is just a way of creating the credentials for the connectionstring without the need for storing the credentials, e.g.

var credential = new DefaultAzureCredential();

var token = credential.GetToken(new Azure.Core.TokenRequestContext(new[] { "https://ossrdbms-aad.database.windows.net/.default" }));

string postgresqlUser;
if (String.IsNullOrEmpty(Environment.GetEnvironmentVariable("IDENTITY_ENDPOINT")))
    postgresqlUser = "<aad-user-name>@<server-name>";
else postgresqlUser = "<postgresql-user-name>@<server-name>";

var connectionString = "Server=<server-name>.postgres.database.azure.com;" + 
    "Port=5432;" + 
    "Database=<database-name>;" + 
    "User Id=" + postgresqlUser + ";" +
    "Password="+ token.Token;

services.AddHealthChecks().AddNpgSql(connectionString);

(Majority of the code was copied from the tutorial you linked)

@michaelmairegger
Copy link
Contributor

The issue with this is that the token has an expiration time. After that the connectionString is not valid anymore

@michaelmairegger
Copy link
Contributor

I have some working code for this issue. I will provide a PR for that issue. There shouln't be any breaking changes for existings code

michaelmairegger added a commit to michaelmairegger/AspNetCore.Diagnostics.HealthChecks that referenced this issue May 31, 2023
@michaelmairegger
Replace ConnectionString property with DbDataSource to support https:…
60b0b47 
…//www.npgsql.org/efcore/release-notes/7.0.html#support-for-dbdatasource

closes Xabaril#1813
@michaelmairegger michaelmairegger mentioned this issue May 31, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

PR To support DbDataSource for Postgresql michaelmairegger/AspNetCore.Diagnostics.HealthChecks
4 participants
@rob-baldwin @michaelmairegger @sungam3r @steingran