rust/neon
1
0
Fork 0
mirror of https://github.com/neondatabase/neon.git synced 2026-01-14 00:42:54 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add pg_tenant_only_auth_public_key_path check to safekeeper authentication

Browse Source 
Co-Authored-By: John Spray <john@neon.tech>
This commit is contained in:
Devin AI
2025-04-10 13:49:18 +00:00
parent a55e0192dc
commit 7cdb292b37
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
safekeeper/src/bin/safekeeper.rs
View File

@@ -349,9 +349,10 @@ async fn main() -> anyhow::Result<()> {
if !args.dev {
let http_auth_enabled = args.http_auth_public_key_path.is_some();
let pg_auth_enabled = args.pg_auth_public_key_path.is_some();
if !http_auth_enabled || !pg_auth_enabled {
let pg_tenant_only_auth_enabled = args.pg_tenant_only_auth_public_key_path.is_some();
if !http_auth_enabled || !pg_auth_enabled || !pg_tenant_only_auth_enabled {
bail!(
"Safekeeper refuses to start with HTTP or PostgreSQL API authentication disabled.\n\
"Safekeeper refuses to start with HTTP, PostgreSQL, or tenant-only PostgreSQL API authentication disabled.\n\
Run with --dev to allow running without authentication.\n\
This is insecure and should only be used in development environments."
);