A GitHub Action to validate the ACL configuration of all postgres databases in a STACKIT Organisation or Project. This makes sure that the databases are only accessible via the cluster.
The action will fail as soon as at least one database has other ACLs than the cluster egress CIDR range. The output will contain more details about what project and what database is causing the problem.
It's recommended to run this regularly or on every push on the main branch.
jobs: db-validation: name: "STACKIT DB ACL Validation" runs-on: ubuntu-latest steps: - name: "Run validation" uses: digitalservicebund/stackit-database-validation@main with: organisation_id: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx stackit_service_account_key: ${{ secrets.STACKIT_SERVICE_ACCOUNT_KEY }}jobs: db-validation: name: "STACKIT DB ACL Validation" runs-on: ubuntu-latest steps: - name: "Run validation" uses: digitalservicebund/stackit-database-validation@main with: project_id: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx prod_egress_range: 10.0.0.0/32 # get this from the platfrom team non_prod_egress_range: 10.0.0.1/32 # get this from the platfrom team stackit_service_account_key: ${{ secrets.STACKIT_SERVICE_ACCOUNT_KEY }}