LCOV - code coverage report
Current view: top level - proxy/src/control_plane - mod.rs (source / functions) Coverage Total Hit
Test: 8ff8efadb0253cf618c612650348666c0c564111.info Lines: 33.3 % 24 8
Test Date: 2024-11-20 17:53:50 Functions: 50.0 % 4 2

            Line data    Source code
       1              : //! Various stuff for dealing with the Neon Console.
       2              : //! Later we might move some API wrappers here.
       3              : 
       4              : /// Payloads used in the console's APIs.
       5              : pub mod messages;
       6              : 
       7              : /// Wrappers for console APIs and their mocks.
       8              : pub mod client;
       9              : 
      10              : pub(crate) mod errors;
      11              : 
      12              : use std::sync::Arc;
      13              : use std::time::Duration;
      14              : 
      15              : use crate::auth::backend::jwt::AuthRule;
      16              : use crate::auth::backend::{ComputeCredentialKeys, ComputeUserInfo};
      17              : use crate::auth::IpPattern;
      18              : use crate::cache::project_info::ProjectInfoCacheImpl;
      19              : use crate::cache::{Cached, TimedLru};
      20              : use crate::context::RequestContext;
      21              : use crate::control_plane::messages::{ControlPlaneErrorMessage, MetricsAuxInfo};
      22              : use crate::intern::ProjectIdInt;
      23              : use crate::types::{EndpointCacheKey, EndpointId};
      24              : use crate::{compute, scram};
      25              : 
      26              : /// Various cache-related types.
      27              : pub mod caches {
      28              :     pub use super::client::ApiCaches;
      29              : }
      30              : 
      31              : /// Various cache-related types.
      32              : pub mod locks {
      33              :     pub use super::client::ApiLocks;
      34              : }
      35              : 
      36              : /// Console's management API.
      37              : pub mod mgmt;
      38              : 
      39              : /// Auth secret which is managed by the cloud.
      40              : #[derive(Clone, Eq, PartialEq, Debug)]
      41              : pub(crate) enum AuthSecret {
      42              :     #[cfg(any(test, feature = "testing"))]
      43              :     /// Md5 hash of user's password.
      44              :     Md5([u8; 16]),
      45              : 
      46              :     /// [SCRAM](crate::scram) authentication info.
      47              :     Scram(scram::ServerSecret),
      48              : }
      49              : 
      50              : #[derive(Default)]
      51              : pub(crate) struct AuthInfo {
      52              :     pub(crate) secret: Option<AuthSecret>,
      53              :     /// List of IP addresses allowed for the autorization.
      54              :     pub(crate) allowed_ips: Vec<IpPattern>,
      55              :     /// Project ID. This is used for cache invalidation.
      56              :     pub(crate) project_id: Option<ProjectIdInt>,
      57              : }
      58              : 
      59              : /// Info for establishing a connection to a compute node.
      60              : /// This is what we get after auth succeeded, but not before!
      61              : #[derive(Clone)]
      62              : pub(crate) struct NodeInfo {
      63              :     /// Compute node connection params.
      64              :     /// It's sad that we have to clone this, but this will improve
      65              :     /// once we migrate to a bespoke connection logic.
      66              :     pub(crate) config: compute::ConnCfg,
      67              : 
      68              :     /// Labels for proxy's metrics.
      69              :     pub(crate) aux: MetricsAuxInfo,
      70              : 
      71              :     /// Whether we should accept self-signed certificates (for testing)
      72              :     pub(crate) allow_self_signed_compute: bool,
      73              : }
      74              : 
      75              : impl NodeInfo {
      76            0 :     pub(crate) async fn connect(
      77            0 :         &self,
      78            0 :         ctx: &RequestContext,
      79            0 :         timeout: Duration,
      80            0 :     ) -> Result<compute::PostgresConnection, compute::ConnectionError> {
      81            0 :         self.config
      82            0 :             .connect(
      83            0 :                 ctx,
      84            0 :                 self.allow_self_signed_compute,
      85            0 :                 self.aux.clone(),
      86            0 :                 timeout,
      87            0 :             )
      88            0 :             .await
      89            0 :     }
      90            4 :     pub(crate) fn reuse_settings(&mut self, other: Self) {
      91            4 :         self.allow_self_signed_compute = other.allow_self_signed_compute;
      92            4 :         self.config.reuse_password(other.config);
      93            4 :     }
      94              : 
      95            6 :     pub(crate) fn set_keys(&mut self, keys: &ComputeCredentialKeys) {
      96            6 :         match keys {
      97              :             #[cfg(any(test, feature = "testing"))]
      98            6 :             ComputeCredentialKeys::Password(password) => self.config.password(password),
      99            0 :             ComputeCredentialKeys::AuthKeys(auth_keys) => self.config.auth_keys(*auth_keys),
     100            0 :             ComputeCredentialKeys::JwtPayload(_) | ComputeCredentialKeys::None => &mut self.config,
     101              :         };
     102            6 :     }
     103              : }
     104              : 
     105              : pub(crate) type NodeInfoCache =
     106              :     TimedLru<EndpointCacheKey, Result<NodeInfo, Box<ControlPlaneErrorMessage>>>;
     107              : pub(crate) type CachedNodeInfo = Cached<&'static NodeInfoCache, NodeInfo>;
     108              : pub(crate) type CachedRoleSecret = Cached<&'static ProjectInfoCacheImpl, Option<AuthSecret>>;
     109              : pub(crate) type CachedAllowedIps = Cached<&'static ProjectInfoCacheImpl, Arc<Vec<IpPattern>>>;
     110              : 
     111              : /// This will allocate per each call, but the http requests alone
     112              : /// already require a few allocations, so it should be fine.
     113              : pub(crate) trait ControlPlaneApi {
     114              :     /// Get the client's auth secret for authentication.
     115              :     /// Returns option because user not found situation is special.
     116              :     /// We still have to mock the scram to avoid leaking information that user doesn't exist.
     117              :     async fn get_role_secret(
     118              :         &self,
     119              :         ctx: &RequestContext,
     120              :         user_info: &ComputeUserInfo,
     121              :     ) -> Result<CachedRoleSecret, errors::GetAuthInfoError>;
     122              : 
     123              :     async fn get_allowed_ips_and_secret(
     124              :         &self,
     125              :         ctx: &RequestContext,
     126              :         user_info: &ComputeUserInfo,
     127              :     ) -> Result<(CachedAllowedIps, Option<CachedRoleSecret>), errors::GetAuthInfoError>;
     128              : 
     129              :     async fn get_endpoint_jwks(
     130              :         &self,
     131              :         ctx: &RequestContext,
     132              :         endpoint: EndpointId,
     133              :     ) -> Result<Vec<AuthRule>, errors::GetEndpointJwksError>;
     134              : 
     135              :     /// Wake up the compute node and return the corresponding connection info.
     136              :     async fn wake_compute(
     137              :         &self,
     138              :         ctx: &RequestContext,
     139              :         user_info: &ComputeUserInfo,
     140              :     ) -> Result<CachedNodeInfo, errors::WakeComputeError>;
     141              : }
        

Generated by: LCOV version 2.1-beta