rust/neon
1
0
Fork 0
mirror of https://github.com/neondatabase/neon.git synced 2026-05-23 08:00:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

support TLS for sql-over-http

Browse Source
This commit is contained in:
Conrad Ludgate
2024-12-18 12:17:31 +00:00
parent 90ce4f3002
commit a4a72c8075
2 changed files with 10 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
proxy/src/serverless/backend.rs
View File

@@ -30,6 +30,7 @@ use crate::control_plane::locks::ApiLocks;
use crate::control_plane::CachedNodeInfo;
use crate::error::{ErrorKind, ReportableError, UserFacingError};
use crate::intern::EndpointIdInt;
use crate::postgres_rustls::MakeRustlsConnect;
use crate::proxy::connect_compute::ConnectMechanism;
use crate::proxy::retry::{CouldRetry, ShouldRetryWakeCompute};
use crate::rate_limiter::EndpointRateLimiter;
@@ -514,7 +515,9 @@ impl ConnectMechanism for TokioMechanism {
.connect_timeout(compute_config.timeout);
let pause = ctx.latency_timer_pause(crate::metrics::Waiting::Compute);
let res = config.connect(postgres_client::NoTls).await;
let res = config
.connect(MakeRustlsConnect::new(&compute_config.tls))
.await;
drop(pause);
let (client, connection) = permit.release_result(res)?;
@@ -560,6 +563,10 @@ impl ConnectMechanism for HyperMechanism {
let pause = ctx.latency_timer_pause(crate::metrics::Waiting::Compute);
let port = node_info.config.get_port();
// TODO(conrad): how would we roll-out TLS for these connections?
// Postgres has negotiation, but no such thing for HTTP.
// Assume https, fall back to http (on the same port)?
let res = connect_http2(&host, port, config.timeout).await;
drop(pause);
let (client, connection) = permit.release_result(res)?;

4
proxy/src/serverless/conn_pool.rs
View File

@@ -5,7 +5,6 @@ use std::task::{ready, Poll};
use futures::future::poll_fn;
use futures::Future;
use postgres_client::tls::NoTlsStream;
use postgres_client::AsyncMessage;
use smallvec::SmallVec;
use tokio::net::TcpStream;
@@ -26,6 +25,7 @@ use super::conn_pool_lib::{
use crate::context::RequestContext;
use crate::control_plane::messages::MetricsAuxInfo;
use crate::metrics::Metrics;
use crate::postgres_rustls::RustlsStream;
#[derive(Debug, Clone)]
pub(crate) struct ConnInfoWithAuth {
@@ -58,7 +58,7 @@ pub(crate) fn poll_client<C: ClientInnerExt>(
ctx: &RequestContext,
conn_info: ConnInfo,
client: C,
mut connection: postgres_client::Connection<TcpStream, NoTlsStream>,
mut connection: postgres_client::Connection<TcpStream, RustlsStream<tokio::net::TcpStream>>,
conn_id: uuid::Uuid,
aux: MetricsAuxInfo,
) -> Client<C> {