Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Migration job and deployment use the same service account #95

Open
evankanderson opened this issue Jan 3, 2024 · 1 comment · May be fixed by #98
Open

Migration job and deployment use the same service account #95

evankanderson opened this issue Jan 3, 2024 · 1 comment · May be fixed by #98
Labels
enhancement New feature or request migration

Comments

@evankanderson
Copy link

While the migration job probably needs schema update permissions, it seems like the OpenFGA deployment would only need data select, insert, update and delete permissions.

We'd like to be able to use separate ServiceAccounts and database URIs for the migration job and the deployment; we're using AWS with IAM RDS authentication (Postgres), so we'd want to be able to set PGPASSFILE and define the ServiceAccount externally to line up with the assumed IAM role.

@evankanderson
Copy link
Author

In addition to separating the ServiceAccounts and URLs, we'd also want the ability to specify extra volumes, volume mounts, and environment variables for the migration job.

(I'm willing to bring code)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request migration
Projects
None yet
2 participants