Add addr pool in rule (#550)

yandex · Feb 14, 2024 · f60df91 · f60df91
1 parent 7c6b8f4
commit f60df91
Show file tree

Hide file tree

Showing 31 changed files with 823 additions and 206 deletions.
diff --git a/config-examples/odyssey-dev.conf b/config-examples/odyssey-dev.conf
@@ -111,4 +111,4 @@ locks_dir "/tmp/odyssey"
 
 graceful_die_on_errors yes
 enable_online_restart no
-bindwith_reuseport yes
+bindwith_reuseport yes
diff --git a/docker/Dockerfile b/docker/Dockerfile
@@ -69,6 +69,7 @@ COPY --from=base /prep_stmts/pkg/pstmts-test /pstmts-test
 COPY --from=base /config-validation/pkg/config-validation /config-validation
 COPY ./docker/scram /scram
 COPY ./docker/hba /hba
+COPY ./docker/rule-address /rule-address
 COPY ./docker/auth_query /auth_query
 COPY ./docker/ldap /ldap
 COPY ./docker/lagpolling /lagpolling

diff --git a/docker/auth_query/test_auth_query.sh b/docker/auth_query/test_auth_query.sh
@@ -28,5 +28,4 @@ PGPASSWORD=passwd psql -h localhost -p 6432 -U auth_query_user_md5 -c "SELECT 1"
 	exit 1
 }
 
-
 ody-stop
diff --git a/docker/bin/setup b/docker/bin/setup
@@ -49,7 +49,7 @@ sudo -u postgres /usr/bin/pg_basebackup -D /var/lib/postgresql/14/repl -R -h loc
 sudo -u postgres /usr/lib/postgresql/14/bin/pg_ctl -D /var/lib/postgresql/14/repl/ -o '-p 5433' start
 
 # Create databases
-for database_name in db scram_db ldap_db auth_query_db db1 hba_db tsa_db; do
+for database_name in db scram_db ldap_db auth_query_db db1 hba_db tsa_db addr_db; do
     sudo -u postgres createdb $database_name >> "$SETUP_LOG" 2>&1 || {
         echo "ERROR: 'createdb $database_name' failed, examine the log"
         cat "$SETUP_LOG"
@@ -127,6 +127,14 @@ psql -h localhost -p 5432 -U postgres  -c "create user user_allow password 'corr
   exit 1
 }
 
+# Create users
+psql -h localhost -p 5432 -U postgres  -c "create user user_addr_correct password 'correct_password'; create user user_addr_incorrect password 'correct_password'; create user user_addr_default password 'correct_password'; create user user_addr_empty password 'correct_password'; create user user_addr_hostname_localhost password 'correct_password';" >> $SETUP_LOG 2>&1 || {
+  echo "ERROR: users creation failed, examine the log"
+  cat "$SETUP_LOG"
+  cat "$PG_LOG"
+  exit 1
+}
+
 for i in `seq 0 9`
 do
 	# Create tables

diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh
@@ -6,6 +6,13 @@ cd /test_dir/test && /usr/bin/odyssey_test
 
 setup
 
+# odyssey rule-address test
+/rule-address/test.sh
+if [ $? -eq 1 ]
+then
+	exit 1
+fi
+
 # odyssey target session attrs test
 /tsa/tsa.sh
 if [ $? -eq 1 ]
@@ -74,4 +81,4 @@ ody-start
 /ody-integration-test
 ody-stop
 
-teardown
+teardown
diff --git a/docker/rule-address/addr.conf b/docker/rule-address/addr.conf
@@ -0,0 +1,64 @@
+listen {
+	host "*"
+	port 6432
+}
+
+storage "postgres_server" {
+            type "remote"
+            host "127.0.0.1"
+            port 5432
+}
+
+database "addr_db" {
+    user "user_addr_correct" "127.0.0.0/24" {
+            authentication "clear_text"
+            password "correct_password"
+            storage "postgres_server"
+            pool "session"
+    }
+
+    user "user_addr_incorrect" "255.0.0.0/24" {
+            authentication "clear_text"
+            password "correct_password"
+            storage "postgres_server"
+            pool "session"
+    }
+
+    user "user_addr_default" default {
+            authentication "clear_text"
+            password "correct_password"
+            storage "postgres_server"
+            pool "session"
+    }
+
+    user "user_addr_empty" {
+            authentication "clear_text"
+            password "correct_password"
+            storage "postgres_server"
+            pool "session"
+    }
+
+    user "user_addr_hostname_localhost" "localhost" {
+            authentication "clear_text"
+            password "correct_password"
+            storage "postgres_server"
+            pool "session"
+    }
+}
+
+daemonize yes
+pid_file "/var/run/odyssey.pid"
+
+unix_socket_dir "/tmp"
+unix_socket_mode "0644"
+
+locks_dir "/tmp"
+
+log_format "%p %t %l [%i %s] (%c) %m\n"
+log_file "/var/log/odyssey.log"
+log_to_stdout no
+log_config yes
+log_debug yes
+log_session yes
+log_stats no
+log_query yes
diff --git a/docker/rule-address/test.sh b/docker/rule-address/test.sh
@@ -0,0 +1,79 @@
+#!/bin/bash -x
+
+set -ex
+
+/usr/bin/odyssey /rule-address/addr.conf
+
+PGPASSWORD=correct_password psql -h localhost -p 6432 -U user_addr_correct -c "SELECT 1" addr_db > /dev/null 2>&1 || {
+  echo "ERROR: failed auth with correct addr, correct password and plain password in config"
+
+	cat /var/log/odyssey.log
+
+	exit 1
+}
+
+PGPASSWORD=incorrect_password psql -h localhost -p 6432 -U user_addr_correct -c "SELECT 1" addr_db > /dev/null 2>&1 && {
+  echo "ERROR: successfully auth with correct addr, but incorrect password"
+
+	cat /var/log/odyssey.log
+
+	exit 1
+}
+
+PGPASSWORD=correct_password psql -h localhost -p 6432 -U user_addr_incorrect -c "SELECT 1" addr_db > /dev/null 2>&1 && {
+  echo "ERROR: successfully auth with incorrect addr"
+
+	cat /var/log/odyssey.log
+
+	exit 1
+}
+
+PGPASSWORD=correct_password psql -h localhost -p 6432 -U user_addr_default -c "SELECT 1" addr_db > /dev/null 2>&1 || {
+  echo "ERROR: failed auth with correct addr, correct password and plain password in config"
+
+	cat /var/log/odyssey.log
+
+	exit 1
+}
+
+PGPASSWORD=incorrect_password psql -h localhost -p 6432 -U user_addr_default -c "SELECT 1" addr_db > /dev/null 2>&1 && {
+  echo "ERROR: successfully auth with correct addr, but incorrect password"
+
+	cat /var/log/odyssey.log
+
+	exit 1
+}
+
+PGPASSWORD=correct_password psql -h localhost -p 6432 -U user_addr_empty -c "SELECT 1" addr_db > /dev/null 2>&1 || {
+  echo "ERROR: failed auth with correct addr, correct password and plain password in config"
+
+	cat /var/log/odyssey.log
+
+	exit 1
+}
+
+PGPASSWORD=incorrect_password psql -h localhost -p 6432 -U user_addr_empty -c "SELECT 1" addr_db > /dev/null 2>&1 && {
+  echo "ERROR: successfully auth with correct addr, but incorrect password"
+
+	cat /var/log/odyssey.log
+
+	exit 1
+}
+
+PGPASSWORD=correct_password psql -h localhost -p 6432 -U user_addr_hostname_localhost -c "SELECT 1" addr_db > /dev/null 2>&1 || {
+  echo "ERROR: failed auth with correct addr, correct password and plain password in config"
+
+	cat /var/log/odyssey.log
+
+	exit 1
+}
+
+PGPASSWORD=incorrect_password psql -h localhost -p 6432 -U user_addr_hostname_localhost -c "SELECT 1" addr_db > /dev/null 2>&1 && {
+  echo "ERROR: successfully auth with correct addr, but incorrect password"
+
+	cat /var/log/odyssey.log
+
+	exit 1
+}
+
+ody-stop
diff --git a/sources/CMakeLists.txt b/sources/CMakeLists.txt
@@ -47,6 +47,7 @@ set(od_src
     storage.c
     murmurhash.c
     hashmap.c
+    address.c
     hba.c
     hba_reader.c
     hba_rule.c