File tree Expand file tree Collapse file tree 1 file changed +41
-1
lines changed
Expand file tree Collapse file tree 1 file changed +41
-1
lines changed Original file line number Diff line number Diff line change 1- # STACKIT Database ACL Validation
1+ # STACKIT Database ACL Validation
2+
3+ A GitHub Action to validate the ACL configuration of all postgres databases in a STACKIT Organisation or Project. This
4+ makes sure that the databases are only accessible via the cluster.
5+
6+ ## Usage
7+
8+ ### Validate all DBs in an organisation
9+
10+ The action will fail as soon as at least one database has other ACLs than the cluster egress CIDR range. The output will
11+ contain more details about what project and what database is causing the problem.
12+
13+ ``` yaml
14+ jobs :
15+ db-validation :
16+ name : " STACKIT DB ACL Validation"
17+ runs-on : ubuntu-latest
18+ steps :
19+ - name : " Run validation"
20+ uses : digitalservicebund/stackit-database-validation@main
21+ with :
22+ organisation_id : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
23+ stackit_service_account_key : ${{ secrets.STACKIT_SERVICE_ACCOUNT_KEY }}
24+ ` ` `
25+
26+ ### Validate all DBs in a project
27+
28+ ` ` ` yaml
29+ jobs :
30+ db-validation :
31+ name : " STACKIT DB ACL Validation"
32+ runs-on : ubuntu-latest
33+ steps :
34+ - name : " Run validation"
35+ uses : digitalservicebund/stackit-database-validation@main
36+ with :
37+ project_id : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
38+ prod_egress_range : 10.0.0.0/32 # get this from the platfrom team
39+ non_prod_egress_range : 10.0.0.1/32 # get this from the platfrom team
40+ stackit_service_account_key : ${{ secrets.STACKIT_SERVICE_ACCOUNT_KEY }}
41+ ` ` `
You can’t perform that action at this time.
0 commit comments