artin/sourcegraph
1
0
Fork 0
mirror of https://github.com/sourcegraph/sourcegraph.git synced 2026-02-06 19:51:50 +00:00
Code Issues Packages Projects Releases Wiki Activity
e85028b8bd
sourcegraph/dev/sg/cloudsqlproxy
History
Robert Lin 1704ea2bd7
sg msp pg: UX improvements (#61358) 
More feedback from recent `sg msp pg` usage, starting with https://sourcegraph.slack.com/archives/C05GJPTSZCZ/p1710932987694719?thread_ts=1709911173.644899&cid=C05GJPTSZCZ:

1. **operationdocs**: Stronger wording on first-time `managed-services` repo and tooling setup, in particular saying you're going to need to clone the repo.
2. **operationdocs**: Note that write-access Entitle is required even for read-only database connection (both cases require IAM impersonation, which _can_ grant write access, so it's gated behind the write-access request)
3. **sg msp**: Throw special error when additional args are provided in commands that don't expect it, reminding users that flags need to be placed before args.
4. **sg msp**: Render warning with link to generated docs if permissions-related error is detected in `cloud-sql-proxy` output.

## Test plan

```
sg msp pg connect sourcegraph-accounts prod --session.timeout foobar
 got unexpected additional arguments "--session.timeout foobar" - note that flags must be placed BEFORE arguments, i.e. '<flags> <arguments>'
```

```
  [cloud-sql-proxy] 2024/03/25 08:06:36 [sourcegraph-accounts-prod-csvc:us-central1:postgresql-e6bc] failed to connect to instance: failed to get instance: Refresh error: failed to get instance metadata (connection name = "sourcegraph-accounts-prod-csvc:us-central1:postgresql-e6bc"): Get "https://sqladmin.googleapis.com/sql/v1beta4/projects/sourcegraph-accounts-prod-csvc/instances/postgresql-e6bc/connectSettings?alt=json&prettyPrint=false": impersonate: status code 403: {
  [cloud-sql-proxy]   "error": {
  [cloud-sql-proxy]     "code": 403,
  [cloud-sql-proxy]     "message": "Permission 'iam.serviceAccounts.getAccessToken' denied on resource (or it may not exist).",
  [cloud-sql-proxy]     "status": "PERMISSION_DENIED",
  [cloud-sql-proxy]     "details": [
  [cloud-sql-proxy]       {
  [cloud-sql-proxy]         "@type": "type.googleapis.com/google.rpc.ErrorInfo",
  [cloud-sql-proxy]         "reason": "IAM_PERMISSION_DENIED",
  [cloud-sql-proxy]         "domain": "iam.googleapis.com",
  [cloud-sql-proxy]         "metadata": {
  [cloud-sql-proxy]           "permission": "iam.serviceAccounts.getAccessToken"
  [cloud-sql-proxy]         }
  [cloud-sql-proxy]       }
  [cloud-sql-proxy]     ]
  [cloud-sql-proxy]   }
  [cloud-sql-proxy] }
⚠️ Permissions error detected - do you have the prerequisite Entitle permissions grant? See go/msp-ops/sourcegraph-accounts#prod for more details.
```

https://github.com/sourcegraph/handbook/pull/8767 updates the handbook with the new output
2024-03-25 20:50:33 +09:00
..
binary.go sg msp: improve cloudsqlproxy installation UX (#60984) 2024-03-11 15:06:32 +00:00
BUILD.bazel sg msp pg: UX improvements (#61358) 2024-03-25 20:50:33 +09:00
cloudsqlproxy.go sg msp pg: UX improvements (#61358) 2024-03-25 20:50:33 +09:00