Commitf5fd995

committed

Allow 'sslkey' and 'sslcert' in postgres_fdw user mappings

This allows different users to authenticate with different certificates.Author: Craig Ringer

1 parent45223fd commitf5fd995Copy full SHA for f5fd995

File tree

+44

-2

lines changed

+44

-2

lines changed

Lines changed: 12 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -174,6 +174,18 @@ WARNING: extension "bar" is not installed`
`174`	`174`	`ALTER SERVER testserver1 OPTIONS (DROP extensions);`
`175`	`175`	`ALTER USER MAPPING FOR public SERVER testserver1`
`176`	`176`	`OPTIONS (DROP user, DROP password);`
	`177`	`+-- Attempt to add a valid option that's not allowed in a user mapping`
	`178`	`+ALTER USER MAPPING FOR public SERVER testserver1`
	`179`	`+OPTIONS (ADD sslmode 'require');`
	`180`	`+ERROR: invalid option "sslmode"`
	`181`	`+HINT: Valid options in this context are: user, password, sslpassword, password_required, sslcert, sslkey`
	`182`	`+-- But we can add valid ones fine`
	`183`	`+ALTER USER MAPPING FOR public SERVER testserver1`
	`184`	`+OPTIONS (ADD sslpassword 'dummy');`
	`185`	`+-- Ensure valid options we haven't used in a user mapping yet are`
	`186`	`+-- permitted to check validation.`
	`187`	`+ALTER USER MAPPING FOR public SERVER testserver1`
	`188`	`+OPTIONS (ADD sslkey 'value', ADD sslcert 'value');`
`177`	`189`	`ALTER FOREIGN TABLE ft1 OPTIONS (schema_name 'S 1', table_name 'T 1');`
`178`	`190`	`ALTER FOREIGN TABLE ft2 OPTIONS (schema_name 'S 1', table_name 'T 1');`
`179`	`191`	`ALTER FOREIGN TABLE ft1 ALTER COLUMN c1 OPTIONS (column_name 'C 1');`

Lines changed: 9 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -194,6 +194,15 @@ InitPgFdwOptions(void)`
`194`	`194`	`{"fetch_size",ForeignServerRelationId, false},`
`195`	`195`	`{"fetch_size",ForeignTableRelationId, false},`
`196`	`196`	`{"password_required",UserMappingRelationId, false},`
	`197`	`+/*`
	`198`	`+ * sslcert and sslkey are in fact libpq options, but we repeat them`
	`199`	`+ * here to allow them to appear in both foreign server context`
	`200`	`+ * (when we generate libpq options) and user mapping context`
	`201`	`+ * (from here).`
	`202`	`+ */`
	`203`	`+{"sslcert",UserMappingRelationId, true},`
	`204`	`+{"sslkey",UserMappingRelationId, true},`
	`205`	`+`
`197`	`206`	`{NULL,InvalidOid, false}`
`198`	`207`	`};`
`199`	`208`

Lines changed: 13 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -188,6 +188,19 @@ ALTER SERVER testserver1 OPTIONS (DROP extensions);`
`188`	`188`	`ALTERUSER MAPPING FOR public SERVER testserver1`
`189`	`189`	`OPTIONS (DROP user, DROP password);`
`190`	`190`
	`191`	`+-- Attempt to add a valid option that's not allowed in a user mapping`
	`192`	`+ALTERUSER MAPPING FOR public SERVER testserver1`
	`193`	`+OPTIONS (ADD sslmode'require');`
	`194`	`+`
	`195`	`+-- But we can add valid ones fine`
	`196`	`+ALTERUSER MAPPING FOR public SERVER testserver1`
	`197`	`+OPTIONS (ADD sslpassword'dummy');`
	`198`	`+`
	`199`	`+-- Ensure valid options we haven't used in a user mapping yet are`
	`200`	`+-- permitted to check validation.`
	`201`	`+ALTERUSER MAPPING FOR public SERVER testserver1`
	`202`	`+OPTIONS (ADD sslkey'value', ADD sslcert'value');`
	`203`	`+`
`191`	`204`	`ALTER FOREIGN TABLE ft1 OPTIONS (schema_name'S 1', table_name'T 1');`
`192`	`205`	`ALTER FOREIGN TABLE ft2 OPTIONS (schema_name'S 1', table_name'T 1');`
`193`	`206`	`ALTER FOREIGN TABLE ft1 ALTER COLUMN c1 OPTIONS (column_name'C 1');`

Lines changed: 10 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -107,13 +107,13 @@`
`107`	`107`	`A foreign server using the <filename>postgres_fdw</filename> foreign data wrapper`
`108`	`108`	`can have the same options that <application>libpq</application> accepts in`
`109`	`109`	`connection strings, as described in <xref linkend="libpq-paramkeywords"/>,`
`110`		`- except that these options are not allowed:`
	`110`	`+ except that these options are not allowed or have special handling:`
`111`	`111`
`112`	`112`	`<itemizedlist spacing="compact">`
`113`	`113`	`<listitem>`
`114`	`114`	`<para>`
`115`	`115`	`<literal>user</literal>, <literal>password</literal> and <literal>sslpassword</literal> (specify these`
`116`		`- in a user mapping, instead)`
	`116`	`+ in a user mapping, instead, or use a service file)`
`117`	`117`	`</para>`
`118`	`118`	`</listitem>`
`119`	`119`	`<listitem>`
`@@ -128,6 +128,14 @@`
`128`	`128`	`<literal>postgres_fdw</literal>)`
`129`	`129`	`</para>`
`130`	`130`	`</listitem>`
	`131`	`+ <listitem>`
	`132`	`+ <para>`
	`133`	`+ <literal>sslkey</literal> and <literal>sslpassword</literal> - these may`
	`134`	`+ appear in <emphasis>either or both</emphasis> a connection and a user`
	`135`	`+ mapping. If both are present, the user mapping setting overrides the`
	`136`	`+ connection setting.`
	`137`	`+ </para>`
	`138`	`+ </listitem>`
`131`	`139`	`</itemizedlist>`
`132`	`140`	`</para>`
`133`	`141`

Comments

(0)