Skip to content

added environ credentials support for YDB #775

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
asmyasnikov wants to merge 10 commits into
base: main
Choose a base branch
from
Open

added environ credentials support for YDB #775

asmyasnikov wants to merge 10 commits into from
+1,289 −1

Conversation

@asmyasnikov
Copy link
Contributor

@asmyasnikov asmyasnikov commented May 23, 2024
edited
Loading

Supported environ credentials for YDB using parameter use_env_credentials in connection string.

Example with access token credentails:

export YDB_ACCESS_TOKEN_CREDENTIALS="my-secret-token"
goose ydb "grpcs://localhost:2135/local?use_env_credentials&go_query_mode=scripting&go_fake_tx=scripting&go_query_bind=declare,numeric" status

Example with yandex cloud service account key file credentials:

asmyasnikov@asmyasnikov-ox goose % YDB_SERVICE_ACCOUNT_KEY_FILE_CREDENTIALS=/Users/asmyasnikov/sa.key go run ./cmd/goose ydb "grpcs://ydb.serverless.yandexcloud.net:2135/ru-central1/b1ggoeimp4lontjmo81g/etn8p4ne5m3v7a5at514?us
e_env_credentials&go_query_mode=scripting&go_fake_tx=scripting&go_query_bind=declare,numeric" -dir testdata/ydb up
2025/11/26 14:08:29 OK   20251126110810_00002_add_column_password_hash_into_table_users.sql (232.8ms)
2025/11/26 14:08:29 goose: successfully migrated database to version: 20251126110810
asmyasnikov@asmyasnikov-ox goose % YDB_SERVICE_ACCOUNT_KEY_FILE_CREDENTIALS=/Users/asmyasnikov/sa.key go run ./cmd/goose ydb "grpcs://ydb.serverless.yandexcloud.net:2135/ru-central1/b1ggoeimp4lontjmo81g/etn8p4ne5m3v7a5at514?us
e_env_credentials&go_query_mode=scripting&go_fake_tx=scripting&go_query_bind=declare,numeric" -dir testdata/ydb down
2025/11/26 14:08:43 OK   20251126110810_00002_add_column_password_hash_into_table_users.sql (285.17ms)
asmyasnikov@asmyasnikov-ox goose % YDB_SERVICE_ACCOUNT_KEY_FILE_CREDENTIALS=/Users/asmyasnikov/sa.key go run ./cmd/goose ydb "grpcs://ydb.serverless.yandexcloud.net:2135/ru-central1/b1ggoeimp4lontjmo81g/etn8p4ne5m3v7a5at514?us
e_env_credentials&go_query_mode=scripting&go_fake_tx=scripting&go_query_bind=declare,numeric" -dir testdata/ydb up
2025/11/26 14:09:05 OK   20251126110810_00002_add_column_password_hash_into_table_users.sql (274.85ms)
2025/11/26 14:09:05 goose: successfully migrated database to version: 20251126110810
asmyasnikov@asmyasnikov-ox goose % YDB_SERVICE_ACCOUNT_KEY_FILE_CREDENTIALS=/Users/asmyasnikov/sa.key go run ./cmd/goose ydb "grpcs://ydb.serverless.yandexcloud.net:2135/ru-central1/b1ggoeimp4lontjmo81g/etn8p4ne5m3v7a5at514?us
e_env_credentials&go_query_mode=scripting&go_fake_tx=scripting&go_query_bind=declare,numeric" -dir testdata/ydb status
2025/11/26 14:09:09     Applied At                  Migration
2025/11/26 14:09:09     =======================================
2025/11/26 14:09:09     Wed Nov 26 14:07:21 2025 -- 20240112115229_00001_create_first_table.sql
2025/11/26 14:09:10     Wed Nov 26 14:09:05 2025 -- 20251126110810_00002_add_column_password_hash_into_table_users.sql

@asmyasnikov asmyasnikov force-pushed the master branch 5 times, most recently from 8bda2b8 to 3a4704e Compare May 23, 2024 18:11
@asmyasnikov asmyasnikov marked this pull request as ready for review May 24, 2024 19:11
@asmyasnikov asmyasnikov changed the title added ydb-go-sdk-auth-environ package blank import for use environment variables for create YDB credentials added environ credentials support for YDB Nov 26, 2025
@asmyasnikov
Copy link
Contributor Author

asmyasnikov commented Nov 26, 2025

@mfridman can you consider this enhancement?

@mfridman
Copy link
Collaborator

mfridman commented Nov 26, 2025

Sure, happy to take a look. Seems reasonable.

mfridman
mfridman reviewed Nov 26, 2025
View reviewed changes
go.sum
@@ -1,7 +1,518 @@
cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
Copy link
Collaborator

@mfridman mfridman Nov 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you need to run go mod tidy, the go.sum doesn't seem right.

Copy link
Contributor Author

@asmyasnikov asmyasnikov Nov 26, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

go mod tidy clear =/

asmyasnikov@asmyasnikov-ox goose % rm -f go.sum
asmyasnikov@asmyasnikov-ox goose % go mod tidy
asmyasnikov@asmyasnikov-ox goose % git status
Current branch: master
This branch corresponds to "origin/master".

there is nothing to commit (use the "-u" option to show untraceable files)

Copy link
Collaborator

@mfridman mfridman Nov 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wow, now that I'm thinking about it, this is why I didn't want to merge this. This adds an insane amount of entries to the go modules file and it's not something I want to maintain long-term.

In the upcoming /v4 version I'm going to split goose as a library from the CLI code, so they will have different go.mod. I.e., the deps required to build the goose binary are separate from the actual goose provider code.

Curious, is YDB using google cloud apis, or google apis just for the "common types" (e.g., here's a slimmed down version of googleapis https://buf.build/googleapis/googleapis)

Copy link
Collaborator

@mfridman mfridman Nov 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unless this is a bug in Go, I've never seen it add that many entries. 🤔

Copy link
Contributor Author

@asmyasnikov asmyasnikov Nov 27, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, YDB use google cloud apis only for the "common types" (duration, any, decriptor, empty, timestamp)

But fortunately googleapis doesn't make breaking changes. Never in my memory

@asmyasnikov asmyasnikov requested a review from mfridman November 26, 2025 16:33
asmyasnikov
asmyasnikov commented Nov 27, 2025
View reviewed changes
@asmyasnikov
Copy link
Contributor Author

asmyasnikov commented Nov 27, 2025

@mfridman CI broken because latest commits in github.com/mfridman/tparse incompatible:

Run go install github.com/mfridman/tparse@main
  go install github.com/mfridman/tparse@main
  shell: /usr/bin/bash -e {0}
  env:
    GOTOOLCHAIN: local
go: downloading github.com/mfridman/tparse v0.18.1-0.20251127013823-841410793c3d
go: github.com/mfridman/tparse@main: github.com/mfridman/[email protected] requires go >= 1.25.0 (running go 1.24.10; GOTOOLCHAIN=local)
Error: Process completed with exit code 1.

asmyasnikov
asmyasnikov commented Nov 27, 2025
View reviewed changes
@asmyasnikov
Copy link
Contributor Author

asmyasnikov commented Dec 3, 2025

@mfridman Whats a plan for this PR? Wait v4?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mfridman mfridman Awaiting requested review from mfridman

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@asmyasnikov @mfridman