subzero pre-integration refactor (#12416)

## Problem integrating subzero requires a bit of refactoring. To make the integration PR a bit more manageable, the refactoring is done in this separate PR. ## Summary of changes * move common types/functions used in sql_over_http to errors.rs and http_util.rs * add the "Local" auth backend to proxy (similar to local_proxy), useful in local testing * change the Connect and Send type for the http client to allow for custom body when making post requests to local_proxy from the proxy --------- Co-authored-by: Ruslan Talpa <ruslan.talpa@databricks.com>
2026-05-24 00:20:37 +00:00 · 2025-07-03 14:04:08 +03:00
parent 1bc1eae5e8
commit 95e1011cd6
12 changed files with 581 additions and 412 deletions
--- a/proxy/src/serverless/backend.rs
+++ b/proxy/src/serverless/backend.rs
@@ -115,7 +115,8 @@ impl PoolingBackend {

        match &self.auth_backend {
            crate::auth::Backend::ControlPlane(console, ()) => {
-                self.config
+                let keys = self
+                    .config
                    .authentication_config
                    .jwks_cache
                    .check_jwt(
@@ -129,7 +130,7 @@ impl PoolingBackend {

                Ok(ComputeCredentials {
                    info: user_info.clone(),
-                    keys: crate::auth::backend::ComputeCredentialKeys::None,
+                    keys,
                })
            }
            crate::auth::Backend::Local(_) => {
@@ -256,6 +257,7 @@ impl PoolingBackend {
        &self,
        ctx: &RequestContext,
        conn_info: ConnInfo,
+        disable_pg_session_jwt: bool,
    ) -> Result<Client<postgres_client::Client>, HttpConnError> {
        if let Some(client) = self.local_pool.get(ctx, &conn_info)? {
            return Ok(client);
@@ -277,7 +279,7 @@ impl PoolingBackend {
                .expect("semaphore should never be closed");

            // check again for race
-            if !self.local_pool.initialized(&conn_info) {
+            if !self.local_pool.initialized(&conn_info) && !disable_pg_session_jwt {
                local_backend
                    .compute_ctl
                    .install_extension(&ExtensionInstallRequest {
@@ -313,14 +315,16 @@ impl PoolingBackend {
            .to_postgres_client_config();
        config
            .user(&conn_info.user_info.user)
-            .dbname(&conn_info.dbname)
-            .set_param(
+            .dbname(&conn_info.dbname);
+        if !disable_pg_session_jwt {
+            config.set_param(
                "options",
                &format!(
                    "-c pg_session_jwt.jwk={}",
                    serde_json::to_string(&jwk).expect("serializing jwk to json should not fail")
                ),
            );
+        }

        let pause = ctx.latency_timer_pause(crate::metrics::Waiting::Compute);
        let (client, connection) = config.connect(&postgres_client::NoTls).await?;
@@ -345,9 +349,11 @@ impl PoolingBackend {
            debug!("setting up backend session state");

            // initiates the auth session
-            if let Err(e) = client.batch_execute("select auth.init();").await {
-                discard.discard();
-                return Err(e.into());
+            if !disable_pg_session_jwt {
+                if let Err(e) = client.batch_execute("select auth.init();").await {
+                    discard.discard();
+                    return Err(e.into());
+                }
            }

            info!("backend session state initialized");