New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[YSQL] Add convenience GFlag to provide ident file mappings #18068
Closed
1 task done
Tracked by
#18069
Labels
2.18 Backport Required
area/ysql
Yugabyte SQL (YSQL)
kind/new-feature
This is a request for a completely new feature
priority/high
High Priority
Comments
dr0pdb
added
kind/new-feature
This is a request for a completely new feature
area/ysql
Yugabyte SQL (YSQL)
priority/high
High Priority
labels
Jul 4, 2023
3 tasks
dr0pdb
changed the title
[YSQL] Support User Name Maps
[YSQL] Add convenience GFlag to provide ident file mappings
Jul 10, 2023
asrinivasanyb
added a commit
that referenced
this issue
Jul 17, 2023
…nt_conf_csv for user name maps Summary: This introduces a new tserver convenience gFlag "ysql_ident_conf_csv". This is a preview flag. This flag is related to the user name maps feature that Postgres supports from PG11 (see https://www.postgresql.org/docs/11/auth-username-maps.html) The value for this flag should be a comma separated string. Each comma separated item will become a single line in the ysql_ident.conf file. The format of a single line for the identity mapping will be the same as that in PG. yb-ctl and yugabyted will also now support the specification of the "ysql_ident_conf_csv" gFlag Jira: DB-7112 Test Plan: Manual testing ./bin/yb-ctl start ./bin/yb-ctl start --ysql_ident_conf_csv='mapname1 Bob John,"mapname2 /^(.*)@yugabyte\.com$ \1",mapname3 db-india_group db-india' --tserver_flags="allowed_preview_flags_csv='ysql_ident_conf_csv'" ./bin/yb-ctl start --ysql_ident_conf_csv='mapname1 asrinivasanyb asrinivasan,"mapname2 /^(.*)@yugabyte\.com$ \1"' --ysql_hba_conf_csv='host all asrinivasan 127.0.0.1/0 ident map=mapname1,"host all all 0.0.0.0/0 trust"' --tserver_flags="allowed_preview_flags_csv='ysql_ident_conf_csv'" ./bin/yugabyted start --ui=false ./bin/yugabyted start --ui=false --tserver_flags=ysql_ident_conf_csv={'mapname1 Bob John,"mapname2 /^(.*)@yugabyte\.com$ \1",mapname3 db-india_group db-india'},allowed_preview_flags_csv=ysql_ident_conf_csv ./bin/yugabyted start --ui=false --tserver_flags=ysql_ident_conf_csv={'mapname1 asrinivasanyb asrinivasan'},ysql_hba_conf_csv={'host all asrinivasan 127.0.0.1/0 ident map=mapname1,"host all all 0.0.0.0/0 trust"'},allowed_preview_flags_csv=ysql_ident_conf_csv Tests for this will be added along with the JWT authentication mode support feature (#18069) Reviewers: stiwary, rvenkatesh, skumar, sgarg-yb, jason Reviewed By: stiwary, rvenkatesh, sgarg-yb Subscribers: jason, yql Differential Revision: https://phorge.dev.yugabyte.com/D26745
asrinivasanyb
added a commit
that referenced
this issue
Jul 24, 2023
… GFlag ysql_ident_conf_csv for user name maps Summary: Please see https://phorge.dev.yugabyte.com/D26745 for details about the feature. This following is specific to the backport to 2.18 - The support for defining preview flags (https://phorge.dev.yugabyte.com/D24743) is not present in 2.18. Hence, the ysql_ident_conf_csv flag is defined using the DEFINE_NON_RUNTIME_string macro. That is, ysql_ident_conf_csv will not be a preview flag in 2.18 as the concept of preview flags is not supported in 2.18 Jira: DB-7112 Test Plan: Manual testing the test cases do not include the "allowed_preview_flags_csv" as the support for defining preview flags is not part of 2.18 ./bin/yb-ctl start ./bin/yb-ctl start --ysql_ident_conf_csv='mapname1 asrinivasanyb asrinivasan,"mapname2 /^(.*)@yugabyte\.com$ \1"' --ysql_hba_conf_csv='host all asrinivasan 127.0.0.1/0 ident map=mapname1,"host all all 0.0.0.0/0 trust"' ./bin/yugabyted start --ui=false ./bin/yugabyted start --ui=false --tserver_flags=ysql_ident_conf_csv={'mapname1 Bob John,"mapname2 /^(.*)@yugabyte\.com$ \1",mapname3 db-india_group db-india'} ./bin/yugabyted start --ui=false --tserver_flags=ysql_ident_conf_csv={'mapname1 asrinivasanyb asrinivasan'},ysql_hba_conf_csv={'host all asrinivasan 127.0.0.1/0 ident map=mapname1,"host all all 0.0.0.0/0 trust"'} Reviewers: stiwary, rvenkatesh, skumar, sgarg-yb, jason Reviewed By: rvenkatesh, sgarg-yb Subscribers: yql, jason Differential Revision: https://phorge.dev.yugabyte.com/D27118
This was referenced Aug 7, 2023
asrinivasanyb
added a commit
that referenced
this issue
Aug 15, 2023
Summary: As part of #18068, a convenience GFlag ysql_ident_conf_csv was added to set ident configuration. This was backported to 2.18. The support for preview flags is not present in 2.18. Hence, in 2.18, the ysql_ident_conf_csv GFlag is not a preview flag. For consistency, the ysql_ident_conf_csv GFlag is now being made a non-preview flag in master also. Jira: DB-7585 Test Plan: 1) ./yb_build.sh --java-test 'org.yb.pgsql.TestJWTAuth' 2) Manual testing ./bin/yb-ctl start ./bin/yb-ctl start --ysql_ident_conf_csv='mapname1 asrinivasanyb asrinivasan,"mapname2 /^(.*)@yugabyte\.com$ \1"' --ysql_hba_conf_csv='host all asrinivasan 127.0.0\ .1/0 ident map=mapname1,"host all all 0.0.0.0/0 trust"' ./bin/yugabyted start --ui=false ./bin/yugabyted start --ui=false --tserver_flags=ysql_ident_conf_csv={'mapname1 asrinivasanyb asrinivasan'},ysql_hba_conf_csv={'host all asrinivasan 127.0.0.1/0 id\ ent map=mapname1,"host all all 0.0.0.0/0 trust"'} Reviewers: stiwary, skumar, mihnea Reviewed By: stiwary Subscribers: yql Differential Revision: https://phorge.dev.yugabyte.com/D27774
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
2.18 Backport Required
area/ysql
Yugabyte SQL (YSQL)
kind/new-feature
This is a request for a completely new feature
priority/high
High Priority
Jira Link: DB-7112
Description
Postgres supports the User Name Maps feature to provide a mapping between an external identity and PG user.
We already have the code in the YSQL codebase. Add a GFlag to populate the identity file mappings.
Warning: Please confirm that this issue does not contain any sensitive information
The text was updated successfully, but these errors were encountered: