Skip to content

Commit

Permalink
Add some errors and validation for group_rules and coroutine_stack_si…
Browse files Browse the repository at this point in the history 
…ze with ldap (#692)

* check group rule settings are defined

* add group_rules to config-validation test

* add coroutine_stack_size validation if ldap is used

* change coroutine_stack_size with ldap error text

* rules.c fmt
  • Loading branch information
@aidekqz
aidekqz authored Jan 13, 2025
1 parent 40d95ad commit e363981
Show file tree
Hide file tree
Showing 9 changed files with 197 additions and 0 deletions.
30 changes: 30 additions & 0 deletions docker/config-validation/configs/coroutine_stack_size/invalid/odyssey-test5.conf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
coroutine_stack_size 8

log_format "%p %t %l [%i %s] (%c) %m\n"

listen {
host "*"
}

storage "postgres_server" {
type "remote"
host "*"
}

ldap_endpoint "ldap" {
ldapserver "127.0.0.1"
ldapport 389
ldapscheme "ldap"
ldapbasedn "dc=local"
ldapbinddn "dc=local"
ldapbindpasswd "pass"
}

database "db" {
user "user" {
storage "postgres_server"
pool "session"
authentication "none"
ldap_endpoint_name "ldap"
}
}
30 changes: 30 additions & 0 deletions docker/config-validation/configs/coroutine_stack_size/valid/odyssey-test3.conf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
coroutine_stack_size 16

log_format "%p %t %l [%i %s] (%c) %m\n"

listen {
host "*"
}

storage "postgres_server" {
type "remote"
host "*"
}

ldap_endpoint "ldap" {
ldapserver "127.0.0.1"
ldapport 389
ldapscheme "ldap"
ldapbasedn "dc=local"
ldapbinddn "dc=local"
ldapbindpasswd "pass"
}

database "db" {
user "user" {
storage "postgres_server"
pool "session"
authentication "none"
ldap_endpoint_name "ldap"
}
}
22 changes: 22 additions & 0 deletions docker/config-validation/configs/group_rules/invalid/odyssey-test1.conf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
unix_socket_dir "/tmp"
unix_socket_mode "0644"

log_format "%p %t %l [%i %s] (%c) %m\n"

listen {
host "*"
}

storage "postgres_server" {
type "remote"
}

database "db" {
group "group1" {
storage "postgres_server"
pool "session"
authentication "none"
group_query_user "group_query_user"
group_query_db "group_query_db"
}
}
22 changes: 22 additions & 0 deletions docker/config-validation/configs/group_rules/invalid/odyssey-test2.conf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
unix_socket_dir "/tmp"
unix_socket_mode "0644"

log_format "%p %t %l [%i %s] (%c) %m\n"

listen {
host "*"
}

storage "postgres_server" {
type "remote"
}

database "db" {
group "group1" {
storage "postgres_server"
pool "session"
authentication "none"
group_query "SELECT rolname FROM pg_roles WHERE pg_has_role(rolname, 'group1', 'member')"
group_query_db "group_query_db"
}
}
23 changes: 23 additions & 0 deletions docker/config-validation/configs/group_rules/invalid/odyssey-test3.conf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
unix_socket_dir "/tmp"
unix_socket_mode "0644"

log_format "%p %t %l [%i %s] (%c) %m\n"

listen {
host "*"
}

storage "postgres_server" {
type "remote"
}

database "db" {
group "group1" {
storage "postgres_server"
pool "session"
authentication "none"
group_query "SELECT rolname FROM pg_roles WHERE pg_has_role(rolname, 'group1', 'member')"
group_query_user "group_query_user"
}
}

23 changes: 23 additions & 0 deletions docker/config-validation/configs/group_rules/valid/odyssey-test1.conf
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
unix_socket_dir "/tmp"
unix_socket_mode "0644"

log_format "%p %t %l [%i %s] (%c) %m\n"

listen {
host "*"
}

storage "postgres_server" {
type "remote"
}

database "db" {
group "group1" {
storage "postgres_server"
pool "session"
authentication "none"
group_query "SELECT rolname FROM pg_roles WHERE pg_has_role(rolname, 'group1', 'member')"
group_query_user "group_query_user"
group_query_db "group_query_db"
}
}
1 change: 1 addition & 0 deletions docker/config-validation/pkg/main.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,7 @@ func runTests() {
"authentication",
"auth_query",
"rules_empty",
"group_rules",
}

for _, test := range tests {
Expand Down
4 changes: 4 additions & 0 deletions sources/config.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,10 @@
* Scalable PostgreSQL connection pooler.
*/

#ifdef LDAP_FOUND
#define LDAP_MIN_COROUTINE_STACK_SIZE 16
#endif

typedef struct od_config_listen od_config_listen_t;
typedef struct od_config od_config_t;

Expand Down
42 changes: 42 additions & 0 deletions sources/rules.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1638,6 +1638,48 @@ int od_rules_validate(od_rules_t *rules, od_config_t *config,
return -1;
}
}

/* group */
if (rule->group) {
if (rule->group->group_query == NULL) {
od_error(
logger, "rules", NULL, NULL,
"rule '%s.%s %s': group_query is not set",
rule->db_name, rule->user_name,
rule->address_range.string_value);
return -1;
}
if (rule->group->group_query_user == NULL) {
od_error(
logger, "rules", NULL, NULL,
"rule '%s.%s %s': group_query_user is not set",
rule->db_name, rule->user_name,
rule->address_range.string_value);
return -1;
}
if (rule->group->group_query_db == NULL) {
od_error(
logger, "rules", NULL, NULL,
"rule '%s.%s %s': group_query_db is not set",
rule->db_name, rule->user_name,
rule->address_range.string_value);
return -1;
}
}

#ifdef LDAP_FOUND
if (rule->ldap_endpoint != NULL &&
config->coroutine_stack_size <
LDAP_MIN_COROUTINE_STACK_SIZE) {
od_error(
logger, "rules", NULL, NULL,
"rule '%s.%s %s' use ldap_endpoint. coroutine_stack_size must be >= %d",
rule->db_name, rule->user_name,
rule->address_range.string_value,
LDAP_MIN_COROUTINE_STACK_SIZE);
return -1;
}
#endif
}

return 0;
Expand Down

0 comments on commit e363981

Please sign in to comment.