Permalink
Browse files

Verify postgresql service's HBA

Change-Id: I6cf0d0943567cfd145cb06eb1db2b493371857c9
  • Loading branch information...
1 parent 568675c commit 73047ff7845a85f564c277ae27fe133c2a5bf81f Frank Lu committed Jan 21, 2013
Showing with 48 additions and 7 deletions.
  1. +48 −7 sinatra/app_sinatra_service/main.rb
@@ -118,10 +118,14 @@
end
get '/service/postgresql/:key' do
- client = load_postgresql
- value = client.query("select data_value from data_values where id = '#{params[:key]}'").first['data_value']
- client.close
- value
+ if validate_postgresql_hba
+ client = load_postgresql
+ value = client.query("select data_value from data_values where id = '#{params[:key]}'").first['data_value']
+ client.close
+ value
+ else
+ "error_postgresql_hba"
+ end
end
put '/service/postgresql/table/:table' do
@@ -234,13 +238,50 @@ def load_mongo
coll = db['data_values'] if db.authenticate(mongodb_service['username'], mongodb_service['password'])
end
-def load_postgresql
+def load_postgresql(opts={})
+ type = opts[:type] || "normal"
postgresql_service = load_service('postgresql')
- client = PGconn.open(postgresql_service['host'], postgresql_service['port'], :dbname => postgresql_service['name'], :user => postgresql_service['username'], :password => postgresql_service['password'])
- client.query("create table data_values (id varchar(20), data_value varchar(20));") if client.query("select * from pg_catalog.pg_class where relname = 'data_values';").num_tuples() < 1
+ # postgresql supports HBA authentication, must validate the HBA works
+ # bypass the auto-reconfiguration
+ open_method = :original_open
+ case type
+ when "fake"
+ postgresql_service['password'] = "fake#{postgresql_service['password']}"
+ when "nil"
+ postgresql_service['password'] = nil
+ else
+ open_method = :open
+ end
+ client = PGconn.send(open_method, postgresql_service['host'], postgresql_service['port'], :dbname => postgresql_service['name'], :user => postgresql_service['username'], :password => postgresql_service['password'])
+ client.query("create table data_values (id varchar(20), data_value varchar(20));") if client.query("select * from pg_catalog.pg_class where relname = 'data_values';").num_tuples() < 1 if type == "normal"
client
end
+def validate_postgresql_hba
+ client_fake = client_nil = nil
+ fake_pass = nil_pass = true
+
+ begin
+ client_fake = load_postgresql(:type => 'fake')
+ client_fake.query("select version()")
+ rescue => e
+ fake_pass = false
+ ensure
+ client_fake.close if client_fake
+ end
+
+ begin
+ client_nil = load_postgresql(:type => 'nil')
+ client_nil.query("select version()")
+ rescue => e
+ nil_pass = false
+ ensure
+ client_nil.close if client_nil
+ end
+
+ !(fake_pass || nil_pass)
+end
+
def load_vblob
vblob_service = load_service('blob')
AWS::S3::Base.establish_connection!(

0 comments on commit 73047ff

Please sign in to comment.