mirror of
https://github.com/neondatabase/neon.git
synced 2026-01-15 01:12:56 +00:00
Add stub for auth info cache
This commit is contained in:
Dmitry Ivanov
committed by
Vadim Kharitonov
Vadim Kharitonov
parent
2b60ad0285
commit
f7e9ec49be
@@ -2,7 +2,7 @@ use super::AuthSuccess;
|
||||
use crate::{
|
||||
auth::{self, AuthFlow, ClientCredentials},
|
||||
compute::{self, ComputeNode, Password},
|
||||
console::{self, AuthInfo, ConsoleReqExtra},
|
||||
console::{self, AuthInfo, CachedAuthInfo, ConsoleReqExtra},
|
||||
sasl, scram,
|
||||
stream::PqStream,
|
||||
};
|
||||
@@ -21,18 +21,19 @@ pub(super) async fn authenticate(
|
||||
// prevent malicious probing (possible due to missing protocol steps).
|
||||
// This mocked secret will never lead to successful authentication.
|
||||
info!("authentication info not found, mocking it");
|
||||
AuthInfo::Scram(scram::ServerSecret::mock(creds.user, rand::random()))
|
||||
let info = scram::ServerSecret::mock(creds.user, rand::random());
|
||||
CachedAuthInfo::new_uncached(AuthInfo::Scram(info))
|
||||
});
|
||||
|
||||
let flow = AuthFlow::new(client);
|
||||
let keys = match info {
|
||||
let keys = match &*info {
|
||||
AuthInfo::Md5(_) => {
|
||||
info!("auth endpoint chooses MD5");
|
||||
return Err(auth::AuthError::bad_auth_method("MD5"));
|
||||
}
|
||||
AuthInfo::Scram(secret) => {
|
||||
info!("auth endpoint chooses SCRAM");
|
||||
let scram = auth::Scram(&secret);
|
||||
let scram = auth::Scram(secret);
|
||||
let client_key = match flow.begin(scram).await?.authenticate().await? {
|
||||
sasl::Outcome::Success(key) => key,
|
||||
sasl::Outcome::Failure(reason) => {
|
||||
|
||||
@@ -6,7 +6,9 @@ pub mod messages;
|
||||
|
||||
/// Wrappers for console APIs and their mocks.
|
||||
pub mod provider;
|
||||
pub use provider::{errors, Api, AuthInfo, CachedNodeInfo, ConsoleReqExtra, NodeInfo};
|
||||
pub use provider::{errors, Api, ConsoleReqExtra};
|
||||
pub use provider::{AuthInfo, NodeInfo};
|
||||
pub use provider::{CachedAuthInfo, CachedNodeInfo};
|
||||
|
||||
/// Various cache-related types.
|
||||
pub mod caches {
|
||||
|
||||
@@ -166,6 +166,9 @@ pub struct NodeInfo {
|
||||
pub type NodeInfoCache = TimedLru<Box<str>, NodeInfo>;
|
||||
pub type CachedNodeInfo = Cached<NodeInfo>;
|
||||
|
||||
pub type AuthInfoCache = TimedLru<Box<str>, AuthInfo>;
|
||||
pub type CachedAuthInfo = Cached<AuthInfo>;
|
||||
|
||||
/// This will allocate per each call, but the http requests alone
|
||||
/// already require a few allocations, so it should be fine.
|
||||
#[async_trait]
|
||||
@@ -175,7 +178,7 @@ pub trait Api {
|
||||
&self,
|
||||
extra: &ConsoleReqExtra<'_>,
|
||||
creds: &ClientCredentials<'_>,
|
||||
) -> Result<Option<AuthInfo>, errors::GetAuthInfoError>;
|
||||
) -> Result<Option<CachedAuthInfo>, errors::GetAuthInfoError>;
|
||||
|
||||
/// Wake up the compute node and return the corresponding connection info.
|
||||
async fn wake_compute(
|
||||
|
||||
@@ -2,8 +2,10 @@
|
||||
|
||||
use super::{
|
||||
errors::{ApiError, GetAuthInfoError, WakeComputeError},
|
||||
AuthInfo, CachedNodeInfo, ConsoleReqExtra, NodeInfo, PgEndpoint,
|
||||
ConsoleReqExtra, PgEndpoint,
|
||||
};
|
||||
use super::{AuthInfo, NodeInfo};
|
||||
use super::{CachedAuthInfo, CachedNodeInfo};
|
||||
use crate::{auth::ClientCredentials, error::io_error, scram, url::ApiUrl};
|
||||
use async_trait::async_trait;
|
||||
use futures::TryFutureExt;
|
||||
@@ -102,8 +104,9 @@ impl super::Api for Api {
|
||||
&self,
|
||||
_extra: &ConsoleReqExtra<'_>,
|
||||
creds: &ClientCredentials<'_>,
|
||||
) -> Result<Option<AuthInfo>, GetAuthInfoError> {
|
||||
self.do_get_auth_info(creds).await
|
||||
) -> Result<Option<CachedAuthInfo>, GetAuthInfoError> {
|
||||
let res = self.do_get_auth_info(creds).await?;
|
||||
Ok(res.map(CachedAuthInfo::new_uncached))
|
||||
}
|
||||
|
||||
#[tracing::instrument(skip_all)]
|
||||
@@ -112,9 +115,8 @@ impl super::Api for Api {
|
||||
_extra: &ConsoleReqExtra<'_>,
|
||||
_creds: &ClientCredentials<'_>,
|
||||
) -> Result<CachedNodeInfo, WakeComputeError> {
|
||||
self.do_wake_compute()
|
||||
.map_ok(CachedNodeInfo::new_uncached)
|
||||
.await
|
||||
let res = self.do_wake_compute().await?;
|
||||
Ok(CachedNodeInfo::new_uncached(res))
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -3,8 +3,10 @@
|
||||
use super::{
|
||||
super::messages::{ConsoleError, GetRoleSecret, WakeCompute},
|
||||
errors::{ApiError, GetAuthInfoError, WakeComputeError},
|
||||
ApiCaches, AuthInfo, CachedNodeInfo, ConsoleReqExtra, NodeInfo,
|
||||
ApiCaches, ConsoleReqExtra,
|
||||
};
|
||||
use super::{AuthInfo, NodeInfo};
|
||||
use super::{CachedAuthInfo, CachedNodeInfo};
|
||||
use crate::{auth::ClientCredentials, http, scram};
|
||||
use async_trait::async_trait;
|
||||
use futures::TryFutureExt;
|
||||
@@ -110,8 +112,10 @@ impl super::Api for Api {
|
||||
&self,
|
||||
extra: &ConsoleReqExtra<'_>,
|
||||
creds: &ClientCredentials<'_>,
|
||||
) -> Result<Option<AuthInfo>, GetAuthInfoError> {
|
||||
self.do_get_auth_info(extra, creds).await
|
||||
) -> Result<Option<CachedAuthInfo>, GetAuthInfoError> {
|
||||
// FIXME: add cache!
|
||||
let res = self.do_get_auth_info(extra, creds).await?;
|
||||
Ok(res.map(CachedAuthInfo::new_uncached))
|
||||
}
|
||||
|
||||
#[tracing::instrument(skip_all)]
|
||||
|
||||
Reference in New Issue
Block a user