You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
It is not clear how to achieve same behaviour as we have in pgbouncer when we avoid hardcode all db user to config and instead use auth query and auth user to check password and user name from db side. I read docs multiple times for pgcat and struggled to made it work
To Reproduce
Steps to reproduce the behavior:
Set config
[general]
host = "0.0.0.0"
port = 6433
[pools.staging]
pool_mode = "transaction"
default_role = "primary"
prepared_statements_cache_size = 0
query_parser_enabled = false
primary_reads_enabled = true
[pools.staging.users.0]
username = "pgbouncer" # user which check pg_shadow no?
password = "pass"
# same if we use server_username and server_password.
pool_size = 50
statement_timeout = 0
[pools.staging.shards.0]
servers = [
["127.0.0.1", 5432, "primary"]
]
database = "staging"
auth_query = "SELECT usename, passwd FROM user_search($1)"
auth_query_user = "pgbouncer" # duplicate it here since not clear
auth_query_password = "pass"
Run command to test connection psql -h 127.0.0.1 -p 6433 -U test_staging_rw staging
Expected behavior
pgcat takes user name and password from connection string, connect to db with a separate user and check in pg_shadow provided user and password from connection string.
Screenshots
not relevant
Desktop (please complete the following information):
not relevant
Smartphone (please complete the following information):
not relevant
Additional context
so far error but with WARN severity ))
I dug a bit into this so there are a few things needed to make this work, I highlighted them in comments on the suggested config
FIrst, you need to have your auth query settings directly under the pool settings not under [pools.pool_name.users] nor under [pools.pool_name.shards]
[pools.pool_name]
# Be sure that this view exists and you have single quotes around the placeholder $1
auth_query = "SELECT usename, passwd FROM user_search('$1')"
# Be sure to grant this user LOGIN on Postgres
auth_query_user = "auth_user"
auth_query_password = "auth_user_password"
[pools.pool_name.users.0]
# Auth passthru only works if this user's password is hashed in md5
# (It won't work with SCRAM-SHA-256 today)
# the user also needs to be granted LOGIN
username="targeted_user"
# password= <no password is necessary here>
Describe the bug
It is not clear how to achieve same behaviour as we have in pgbouncer when we avoid hardcode all db user to config and instead use auth query and auth user to check password and user name from db side. I read docs multiple times for pgcat and struggled to made it work
To Reproduce
Steps to reproduce the behavior:
psql -h 127.0.0.1 -p 6433 -U test_staging_rw staging
Expected behavior
pgcat takes user name and password from connection string, connect to db with a separate user and check in pg_shadow provided user and password from connection string.
Screenshots
not relevant
Desktop (please complete the following information):
not relevant
Smartphone (please complete the following information):
not relevant
Additional context
so far error but with WARN severity ))
The text was updated successfully, but these errors were encountered: