Add Azure SQL Database Dynamic Secret #4578
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
🎉 Snyk checks have passed. No issues have been found so far.✅ security/snyk check is complete. No issues have been found. (View Details) |
|
@greptile review this |
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
There was a problem hiding this comment.
Greptile Overview
Summary
This PR adds Azure SQL Database dynamic secret support to Infisical, extending the existing SQL database capabilities with Azure-specific dual database connection handling.
Key Changes
- Backend Provider: Implements
AzureSqlDatabaseProviderwith master/target database separation for Azure SQL Database's unique architecture - Schema Validation: Adds
DynamicSecretAzureSqlDBSchemawith proper validation for Azure-specific fields likemasterDatabase - Frontend Forms: Creates React components for creating and editing Azure SQL Database dynamic secrets with comprehensive UI controls
- Documentation: Provides detailed documentation explaining Azure SQL Database authentication model and setup process
Technical Implementation
The implementation correctly handles Azure SQL Database's two-tier system:
- Creates logins in the master database using
masterCreationStatement - Creates users in target databases using
creationStatement - Properly routes cleanup operations during revocation
The code includes proper error handling, credential sanitization, and supports both gateway and direct connections with SSL/TLS encryption.
Confidence Score: 4/5
- This PR is safe to merge with minimal risk
- Score reflects well-implemented Azure SQL Database provider with proper security practices and minimal validation issues
- Frontend forms need username template validation fixes before merge
Important Files Changed
File Analysis
| Filename | Score | Overview |
|---|---|---|
| backend/src/ee/services/dynamic-secret/providers/azure-sql-database.ts | 4/5 | Implements Azure SQL Database provider with dual database connection handling and proper error sanitization |
| frontend/src/pages/secret-manager/SecretDashboardPage/components/ActionBar/CreateDynamicSecretForm/AzureSqlDatabaseInputForm.tsx | 3/5 | React form component for creating Azure SQL Database dynamic secrets, missing username template validation |
| frontend/src/pages/secret-manager/SecretDashboardPage/components/DynamicSecretListView/EditDynamicSecretForm/EditDynamicSecretAzureSqlDatabaseForm.tsx | 3/5 | React form component for editing Azure SQL Database dynamic secrets, missing username template validation |
Sequence Diagram
sequenceDiagram
participant User as User/System
participant Provider as AzureSqlDatabaseProvider
participant Master as Master Database
participant Target as Target Database
participant Gateway as Gateway (Optional)
User->>Provider: create(credentials, expireAt, template)
alt Gateway Enabled
Provider->>Gateway: establishProxy(targetHost, port)
Gateway-->>Provider: localProxyPort
end
Provider->>Provider: generateUsername(template)
Provider->>Provider: generatePassword(requirements)
Provider->>Master: connect(masterDatabase)
Provider->>Master: CREATE LOGIN [username] WITH PASSWORD
Master-->>Provider: login created
Provider->>Master: disconnect()
Provider->>Target: connect(targetDatabase)
Provider->>Target: CREATE USER [username] FOR LOGIN [username]
Provider->>Target: GRANT permissions TO [username]
Target-->>Provider: user created
Provider->>Target: disconnect()
Provider-->>User: {entityId: username, data: {DB_USERNAME, DB_PASSWORD}}
User->>Provider: revoke(entityId)
Provider->>Target: connect(targetDatabase)
Provider->>Target: DROP USER [username]
Target-->>Provider: user dropped
Provider->>Target: disconnect()
Provider->>Master: connect(masterDatabase)
Provider->>Master: DROP LOGIN [username]
Master-->>Provider: login dropped
Provider->>Master: disconnect()
Provider-->>User: {entityId: username}
12 files reviewed, 2 comments
...cretDashboardPage/components/ActionBar/CreateDynamicSecretForm/AzureSqlDatabaseInputForm.tsx
Show resolved
Hide resolved
...onents/DynamicSecretListView/EditDynamicSecretForm/EditDynamicSecretAzureSqlDatabaseForm.tsx
Show resolved
Hide resolved
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description 📣
Add new option to manage Dynamic Secrets on Azure SQL Databases, pretty similar to MS SQL connection but with the particularity of having two different connections to different databases. Azure forces to manage users on a separated master database, and only then users can be added to the rest of the user databases.
Type ✨
Tests 🛠️
# Here's some code block to paste some code snippets