make wildcarded feature work on more patterns

[mga-chka]

Description

cf #249
the aim of this PR is to make the wildcarded feature work on usernames that matche one of the 3 following patterns

• [prefix][wildcard]
• [wildcard][suffix]
• [willdcard]

instead of having the feature working only for usernames that matches the pattern [prefix]_[wildcard]

Pull request type

Please check the type of change your PR introduces:

• Bugfix
• Feature
• Code style update (formatting, renaming)
• Refactoring (no functional changes, no api changes)
• Build related changes
• Documentation content changes
• Other (please describe):

Checklist

• Linter passes correctly
• Add tests which fail without the change (if possible)
• All tests passing
• Extended the README / documentation, if necessary

Does this introduce a breaking change?

• Yes
• No

Further comments

[render]

Your Render PR Server URL is https://chproxy-pr-250.onrender.com.

Follow its progress at https://dashboard.render.com/static/srv-cd652lsgqg418ep9ji3g.

[Blokje5]

What happens if we have the following wildcarded users:
business_*
*_analyst
*

And somebody queries with business_analyst? It seems it now depends on how rp.users is loaded for what user settings are used.

[mga-chka]

good point, I will add in the doc this behavior when the admin defines overlapping patterns

[Blokje5]

Small nitpick: We should extract the header names to const to avoid typo's in the tests.

[gontarzpawel]

Can you elaborate in the comment what are the security scenarios we're talking about? I'm going to forget it soon as I know myself 😄

[mga-chka]

if the clickhouse server is ill-configured and the default user is usable it's not a big deal currently since "external" users have to use chproxy which doesn't allow the default user unless the chproxy admin created a default user with no password.
But, with the wildcarded feature and more specifically the * case, an external user/hacker could try to connect to clickhouse using the usr/pwd "default"/"" and access data is not supposed to access.

[gontarzpawel]

Could you add that to the doc or comment?

[gontarzpawel]

Could we extract it out to dedicated function? This one gets biggy

[gontarzpawel]

Will it remain consistent for the same user? Meaning if analyst_john-UK is routed to analyst1 out user in first place, will it remain the same for the second query launched by him?

[mga-chka]

Technically, while chproxy is up then yes it will be consistent.
If chproxy is restarted, it should be consistent (but I'm not sure).
If we change something and the admin updates chproxy then the behavior is unknown.
This is why I decided to put "randomly" and don't dive into details so that chproxy admins are warned that they should be extra careful when the wildcarded users are overlapping

[gontarzpawel]

I don't know how to better name it but initial naming hides the fact that it relates to wildcarded users. Maybe we could completely extract wildcarded users logic away to a dedicated file with possibly dedicated struct if needed?

Suggested change

	func getUserInformations(rp *reverseProxy, user *user, name string, password string) (found bool, u *user, c *cluster, cu *clusterUser) {
	func (rp *reverseProxy) overrideWildcardedUser(user *user, name string, password string) (found bool, u *user, c *cluster, cu *clusterUser) {

[mga-chka]

I found a more explictit (but longer) name: generateWildcardedUserInformation
Regarding putting the wildcarded logic in a specfic file, I looked at the implementation and currently there are:

• 2 lines on config.go
• 37 lines of code in 2 specific function (I created a specific function like you ask) so I'm not sure it's worth creating a dedicated file. It would make sens if all the code was like that (for example if we were using a middleware pattern)

[gontarzpawel]

Can you explain why is it needed?

[mga-chka]

because the current implementation doesn't do a deepcopy and only modify the name & pwd of the cu user.
So, if analyst_john-UK & analyst_jane-UK are doing a query at the same time we can end-up in this situation:

• cu user name = john & password = pwd1
• cu user name = jane & password = pwd2
• the query of john is executed in clickhouse with the credentials jane/pwd2
• the query of jane is executed in clickhouse with the credentials jane/pwd2

[gontarzpawel]

I'd still make it a method receiver to reverseProxy, instead of a function accepting reverseProxy as parameter, but up to you the final choice

[mga-chka]

done