-
Notifications
You must be signed in to change notification settings - Fork 7
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
docs: document auto IAM authn in README (#211)
- Loading branch information
1 parent
165b059
commit c72192c
Showing
1 changed file
with
39 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -25,6 +25,11 @@ Using an AlloyDB Connector provides the following benefits: | |
| * **Convenience:** removes the requirement to use and distribute SSL | ||
| certificates, as well as manage firewalls or source/destination IP addresses. | ||
|
|
||
| * (optionally) **IAM DB Authentication:** provides support for | ||
| [AlloyDB’s automatic IAM DB AuthN][iam-db-authn] feature. | ||
|
|
||
| [iam-db-authn]: https://cloud.google.com/alloydb/docs/manage-iam-authn | ||
|
|
||
| The AlloyDB Python Connector is a package to be used alongside a database driver. | ||
| Currently supported drivers are: | ||
|
|
||
|
|
@@ -326,6 +331,40 @@ async def main(): | |
| await pool.dispose() | ||
| ``` | ||
|
|
||
| ### Automatic IAM Database Authentication | ||
|
|
||
| The Python Connector supports [Automatic IAM database authentication][]. | ||
|
|
||
| Make sure to [configure your AlloyDB Instance to allow IAM authentication][configure-iam-authn] | ||
| and [add an IAM database user][add-iam-user]. | ||
|
|
||
| A `Connector` or `AsyncConnector` can be configured to connect to an AlloyDB instance using | ||
| automatic IAM database authentication with the `enable_iam_auth` argument set to `True`. | ||
|
|
||
| When configuring the `connector.connect` call for IAM authentication, the `password` field can be | ||
| omitted and the `user` field should be formatted as follows: | ||
|
|
||
| * For an IAM user account, this is the user's email address. | ||
| * For a service account, it is the service account's email without the | ||
| `.gserviceaccount.com` domain suffix. | ||
|
|
||
| For example, to connect with IAM authentication using the | ||
| `[email protected]` service account: | ||
|
|
||
| ```python | ||
| connector.connect( | ||
| "projects/<YOUR_PROJECT>/locations/<YOUR_REGION>/clusters/<YOUR_CLUSTER>/instances/<YOUR_INSTANCE>", | ||
| "pg8000", # asyncpg for AsyncConnector | ||
| user="[email protected]", | ||
| db="my-db-name", | ||
| enable_iam_auth=True, | ||
| ) | ||
| ``` | ||
|
|
||
| [Automatic IAM database authentication]: https://cloud.google.com/alloydb/docs/manage-iam-authn | ||
| [configure-iam-authn]: https://cloud.google.com/alloydb/docs/manage-iam-authn#enable | ||
| [add-iam-user]: https://cloud.google.com/alloydb/docs/manage-iam-authn#create-user | ||
|
|
||
| ## Support policy | ||
|
|
||
| ### Major version lifecycle | ||
|
|
||