Skip to content

auth_user directive (per database entry) wrongly translated to user #31

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
ardumont opened this issue Jun 6, 2019 · 0 comments
Open

auth_user directive (per database entry) wrongly translated to user #31

ardumont opened this issue Jun 6, 2019 · 0 comments

Comments

@ardumont
Copy link

ardumont commented Jun 6, 2019
edited
Loading

Hello,

I'd like to use the auth_user directive on a per database basis. So far i
cannot (example at [2]), as the auth_user directive is translated as user
directive [1].

Those are not the same though.

From the documentation [2], auth_user allows to avoid specifying the
credentials in the pgbouncer configuration (and queries that information
instead to retrieve those information).

auth_user directive (global):

If auth_user is set, any user not specified in auth_file will be queried through
the auth_query query from pg_shadow in the database using auth_user. Auth_user’s
password will be taken from auth_file.

user directive (per database entry):

If user= is set, all connections to the destination database will be done with
the specified user, meaning that there will be only one pool for this database.

auth_user directive (per database entry):

Override of the global auth_user setting, if specified.

I shall propose a PR to adapt accordingly.
I have in mind to propose the use of both user and auth_user.
Then that'd be the client of this module to decide to use whatever she needs.

Note:
I tried to use the global directive auth_user (not specifying it on a per database entry) but:

  1. It's limited as we could have multiple different auth_user needed anyway
  2. It does not work (then again it's a pgbouncer problem, not this module's)

[1] https://github.com/covermymeds/puppet-pgbouncer/blob/master/templates/pgbouncer.ini.databases.part2.erb#L4

[2] https://forge.softwareheritage.org/D1550

[3] https://pgbouncer.github.io/config.html

Cheers,
Antoine R. Dumont
@ardumont ardumont changed the title auth_user directive (per database entry) translated to user fails to connect auth_user directive (per database entry) wrongly translated to user Jun 6, 2019
ardumont added a commit to SoftwareHeritage/puppet-pgbouncer that referenced this issue Jun 6, 2019
@ardumont
database: Use auth_user directive as intended
9ec0d8a 
Prior to this commit, the `auth_user` directive was translated as `user`
directive. Those directives are not the same.

The `user` directive expects credentials to be solved either by the userlist.txt
mechanism or by a password provided in the database entry.

The `auth_user` directive allows the credentials to be solved through querying.

Ultimately, it must be the module's user to decide which to use.

Related covermymeds#31
@ardumont ardumont mentioned this issue Jun 6, 2019
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ardumont