feat(db): support AlloyDB integration

Teleport db service implementation for GCP CloudSQL is not that far from AlloyDB. The GCP auth token requested by the DB proxy to GCP IAM just needs an additionnal `scope` to make it work with AlloyDB.
backmarket-oss · Feb 1, 2024 · 41829ff · 41829ff
1 parent 542fbb0
commit 41829ff
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/lib/srv/db/common/auth.go b/lib/srv/db/common/auth.go
@@ -334,6 +334,7 @@ func (a *dbAuth) GetCloudSQLAuthToken(ctx context.Context, sessionCtx *Session)
 			//   https://developers.google.com/identity/protocols/oauth2/scopes#sqladmin
 			Scope: []string{
 				"https://www.googleapis.com/auth/sqlservice.admin",
+				"https://www.googleapis.com/auth/alloydb.login",
 			},
 		})
 	if err != nil {