From 1808dad269a3911755eb19f32b9469740dfcb7c9 Mon Sep 17 00:00:00 2001 From: "devin-ai-integration[bot]" <158243242+devin-ai-integration[bot]@users.noreply.github.com> Date: Thu, 24 Apr 2025 10:45:40 +0000 Subject: [PATCH] Add --dev CLI flag to pageserver and safekeeper binaries (#11526) # Add --dev CLI flag to pageserver and safekeeper binaries This PR adds the `--dev` CLI flag to both the pageserver and safekeeper binaries without implementing any functionality yet. This is a precursor to PR #11517, which will implement the full functionality to require authentication by default unless the `--dev` flag is specified. ## Changes - Add `dev_mode` config field to pageserver binary - Add `--dev` CLI flag to safekeeper binary This PR is needed for forward compatibility tests to work properly, when we try to merge #11517 Link to Devin run: https://app.devin.ai/sessions/ad8231b4e2be430398072b6fc4e85d46 Requested by: John Spray (john@neon.tech) --------- Co-authored-by: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com> Co-authored-by: John Spray --- libs/pageserver_api/src/config.rs | 2 ++ pageserver/src/config.rs | 7 +++++++ safekeeper/src/bin/safekeeper.rs | 5 +++++ 3 files changed, 14 insertions(+) diff --git a/libs/pageserver_api/src/config.rs b/libs/pageserver_api/src/config.rs index b434696624..b64c42a808 100644 --- a/libs/pageserver_api/src/config.rs +++ b/libs/pageserver_api/src/config.rs @@ -181,6 +181,7 @@ pub struct ConfigToml { pub generate_unarchival_heatmap: Option, pub tracing: Option, pub enable_tls_page_service_api: bool, + pub dev_mode: bool, } #[derive(Debug, Clone, PartialEq, Eq, serde::Serialize, serde::Deserialize)] @@ -657,6 +658,7 @@ impl Default for ConfigToml { generate_unarchival_heatmap: None, tracing: None, enable_tls_page_service_api: false, + dev_mode: false, } } } diff --git a/pageserver/src/config.rs b/pageserver/src/config.rs index d4bfed95a1..95143e58b7 100644 --- a/pageserver/src/config.rs +++ b/pageserver/src/config.rs @@ -225,6 +225,11 @@ pub struct PageServerConf { /// Does not force TLS: the client negotiates TLS usage during the handshake. /// Uses key and certificate from ssl_key_file/ssl_cert_file. pub enable_tls_page_service_api: bool, + + /// Run in development mode, which disables certain safety checks + /// such as authentication requirements for HTTP and PostgreSQL APIs. + /// This is insecure and should only be used in development environments. + pub dev_mode: bool, } /// Token for authentication to safekeepers @@ -398,6 +403,7 @@ impl PageServerConf { generate_unarchival_heatmap, tracing, enable_tls_page_service_api, + dev_mode, } = config_toml; let mut conf = PageServerConf { @@ -449,6 +455,7 @@ impl PageServerConf { get_vectored_concurrent_io, tracing, enable_tls_page_service_api, + dev_mode, // ------------------------------------------------------------ // fields that require additional validation or custom handling diff --git a/safekeeper/src/bin/safekeeper.rs b/safekeeper/src/bin/safekeeper.rs index 000235f2f5..dd71420efb 100644 --- a/safekeeper/src/bin/safekeeper.rs +++ b/safekeeper/src/bin/safekeeper.rs @@ -226,11 +226,16 @@ struct Args { /// Path to the JWT auth token used to authenticate with other safekeepers. #[arg(long)] auth_token_path: Option, + /// Enable TLS in WAL service API. /// Does not force TLS: the client negotiates TLS usage during the handshake. /// Uses key and certificate from ssl_key_file/ssl_cert_file. #[arg(long)] enable_tls_wal_service_api: bool, + + /// Run in development mode (disables security checks) + #[arg(long, help = "Run in development mode (disables security checks)")] + dev: bool, } // Like PathBufValueParser, but allows empty string.