diff --git a/libs/pageserver_api/src/config.rs b/libs/pageserver_api/src/config.rs index b434696624..b64c42a808 100644 --- a/libs/pageserver_api/src/config.rs +++ b/libs/pageserver_api/src/config.rs @@ -181,6 +181,7 @@ pub struct ConfigToml { pub generate_unarchival_heatmap: Option, pub tracing: Option, pub enable_tls_page_service_api: bool, + pub dev_mode: bool, } #[derive(Debug, Clone, PartialEq, Eq, serde::Serialize, serde::Deserialize)] @@ -657,6 +658,7 @@ impl Default for ConfigToml { generate_unarchival_heatmap: None, tracing: None, enable_tls_page_service_api: false, + dev_mode: false, } } } diff --git a/pageserver/src/config.rs b/pageserver/src/config.rs index d4bfed95a1..95143e58b7 100644 --- a/pageserver/src/config.rs +++ b/pageserver/src/config.rs @@ -225,6 +225,11 @@ pub struct PageServerConf { /// Does not force TLS: the client negotiates TLS usage during the handshake. /// Uses key and certificate from ssl_key_file/ssl_cert_file. pub enable_tls_page_service_api: bool, + + /// Run in development mode, which disables certain safety checks + /// such as authentication requirements for HTTP and PostgreSQL APIs. + /// This is insecure and should only be used in development environments. + pub dev_mode: bool, } /// Token for authentication to safekeepers @@ -398,6 +403,7 @@ impl PageServerConf { generate_unarchival_heatmap, tracing, enable_tls_page_service_api, + dev_mode, } = config_toml; let mut conf = PageServerConf { @@ -449,6 +455,7 @@ impl PageServerConf { get_vectored_concurrent_io, tracing, enable_tls_page_service_api, + dev_mode, // ------------------------------------------------------------ // fields that require additional validation or custom handling diff --git a/safekeeper/src/bin/safekeeper.rs b/safekeeper/src/bin/safekeeper.rs index 000235f2f5..dd71420efb 100644 --- a/safekeeper/src/bin/safekeeper.rs +++ b/safekeeper/src/bin/safekeeper.rs @@ -226,11 +226,16 @@ struct Args { /// Path to the JWT auth token used to authenticate with other safekeepers. #[arg(long)] auth_token_path: Option, + /// Enable TLS in WAL service API. /// Does not force TLS: the client negotiates TLS usage during the handshake. /// Uses key and certificate from ssl_key_file/ssl_cert_file. #[arg(long)] enable_tls_wal_service_api: bool, + + /// Run in development mode (disables security checks) + #[arg(long, help = "Run in development mode (disables security checks)")] + dev: bool, } // Like PathBufValueParser, but allows empty string.