[YSQL] Add convenience GFlag to provide ident file mappings #18068
Assignees
Labels
2.18 Backport Required
area/ysql
Yugabyte SQL (YSQL)
kind/new-feature
This is a request for a completely new feature
priority/high
High Priority
Comments
dr0pdb
added
kind/new-feature
3 tasks
dr0pdb
changed the title
asrinivasanyb
added a commit
that referenced
this issue
Jul 17, 2023
…nt_conf_csv for user name maps Summary: This introduces a new tserver convenience gFlag "ysql_ident_conf_csv". This is a preview flag. This flag is related to the user name maps feature that Postgres supports from PG11 (see https://www.postgresql.org/docs/11/auth-username-maps.html) The value for this flag should be a comma separated string. Each comma separated item will become a single line in the ysql_ident.conf file. The format of a single line for the identity mapping will be the same as that in PG. yb-ctl and yugabyted will also now support the specification of the "ysql_ident_conf_csv" gFlag Jira: DB-7112 Test Plan: Manual testing ./bin/yb-ctl start ./bin/yb-ctl start --ysql_ident_conf_csv='mapname1 Bob John,"mapname2 /^(.*)@yugabyte\.com$ \1",mapname3 db-india_group db-india' --tserver_flags="allowed_preview_flags_csv='ysql_ident_conf_csv'" ./bin/yb-ctl start --ysql_ident_conf_csv='mapname1 asrinivasanyb asrinivasan,"mapname2 /^(.*)@yugabyte\.com$ \1"' --ysql_hba_conf_csv='host all asrinivasan 127.0.0.1/0 ident map=mapname1,"host all all 0.0.0.0/0 trust"' --tserver_flags="allowed_preview_flags_csv='ysql_ident_conf_csv'" ./bin/yugabyted start --ui=false ./bin/yugabyted start --ui=false --tserver_flags=ysql_ident_conf_csv={'mapname1 Bob John,"mapname2 /^(.*)@yugabyte\.com$ \1",mapname3 db-india_group db-india'},allowed_preview_flags_csv=ysql_ident_conf_csv ./bin/yugabyted start --ui=false --tserver_flags=ysql_ident_conf_csv={'mapname1 asrinivasanyb asrinivasan'},ysql_hba_conf_csv={'host all asrinivasan 127.0.0.1/0 ident map=mapname1,"host all all 0.0.0.0/0 trust"'},allowed_preview_flags_csv=ysql_ident_conf_csv Tests for this will be added along with the JWT authentication mode support feature (#18069) Reviewers: stiwary, rvenkatesh, skumar, sgarg-yb, jason Reviewed By: stiwary, rvenkatesh, sgarg-yb Subscribers: jason, yql Differential Revision: https://phorge.dev.yugabyte.com/D26745
asrinivasanyb
added a commit
that referenced
this issue
Jul 24, 2023
… GFlag ysql_ident_conf_csv for user name maps Summary: Please see https://phorge.dev.yugabyte.com/D26745 for details about the feature. This following is specific to the backport to 2.18 - The support for defining preview flags (https://phorge.dev.yugabyte.com/D24743) is not present in 2.18. Hence, the ysql_ident_conf_csv flag is defined using the DEFINE_NON_RUNTIME_string macro. That is, ysql_ident_conf_csv will not be a preview flag in 2.18 as the concept of preview flags is not supported in 2.18 Jira: DB-7112 Test Plan: Manual testing the test cases do not include the "allowed_preview_flags_csv" as the support for defining preview flags is not part of 2.18 ./bin/yb-ctl start ./bin/yb-ctl start --ysql_ident_conf_csv='mapname1 asrinivasanyb asrinivasan,"mapname2 /^(.*)@yugabyte\.com$ \1"' --ysql_hba_conf_csv='host all asrinivasan 127.0.0.1/0 ident map=mapname1,"host all all 0.0.0.0/0 trust"' ./bin/yugabyted start --ui=false ./bin/yugabyted start --ui=false --tserver_flags=ysql_ident_conf_csv={'mapname1 Bob John,"mapname2 /^(.*)@yugabyte\.com$ \1",mapname3 db-india_group db-india'} ./bin/yugabyted start --ui=false --tserver_flags=ysql_ident_conf_csv={'mapname1 asrinivasanyb asrinivasan'},ysql_hba_conf_csv={'host all asrinivasan 127.0.0.1/0 ident map=mapname1,"host all all 0.0.0.0/0 trust"'} Reviewers: stiwary, rvenkatesh, skumar, sgarg-yb, jason Reviewed By: rvenkatesh, sgarg-yb Subscribers: yql, jason Differential Revision: https://phorge.dev.yugabyte.com/D27118
This was referenced Aug 7, 2023
asrinivasanyb
added a commit
that referenced
this issue
Aug 15, 2023
Summary: As part of #18068, a convenience GFlag ysql_ident_conf_csv was added to set ident configuration. This was backported to 2.18. The support for preview flags is not present in 2.18. Hence, in 2.18, the ysql_ident_conf_csv GFlag is not a preview flag. For consistency, the ysql_ident_conf_csv GFlag is now being made a non-preview flag in master also. Jira: DB-7585 Test Plan: 1) ./yb_build.sh --java-test 'org.yb.pgsql.TestJWTAuth' 2) Manual testing ./bin/yb-ctl start ./bin/yb-ctl start --ysql_ident_conf_csv='mapname1 asrinivasanyb asrinivasan,"mapname2 /^(.*)@yugabyte\.com$ \1"' --ysql_hba_conf_csv='host all asrinivasan 127.0.0\ .1/0 ident map=mapname1,"host all all 0.0.0.0/0 trust"' ./bin/yugabyted start --ui=false ./bin/yugabyted start --ui=false --tserver_flags=ysql_ident_conf_csv={'mapname1 asrinivasanyb asrinivasan'},ysql_hba_conf_csv={'host all asrinivasan 127.0.0.1/0 id\ ent map=mapname1,"host all all 0.0.0.0/0 trust"'} Reviewers: stiwary, skumar, mihnea Reviewed By: stiwary Subscribers: yql Differential Revision: https://phorge.dev.yugabyte.com/D27774
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Jira Link: DB-7112
Description
Postgres supports the User Name Maps feature to provide a mapping between an external identity and PG user.
We already have the code in the YSQL codebase. Add a GFlag to populate the identity file mappings.
Warning: Please confirm that this issue does not contain any sensitive information
The text was updated successfully, but these errors were encountered: