Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

L4 module for Postgres: matchers #188

Open
wants to merge 11 commits into
base: master
Choose a base branch
from
Open

L4 module for Postgres: matchers #188

wants to merge 11 commits into from

Conversation

metafeather
Copy link
Contributor

@metafeather metafeather commented May 4, 2024
edited
Loading

This PR adds additional matchers for the Postgres module:

  1. Postgres Matcher can now match on the combination of user and database parameters when SSL is disabled
  2. New PostgresClient Matcher that checks the application_name parameter when SSL is disabled
  3. New PostgresSSL Matcher that can enforce/reject the use of SSL connections, but cannot match on their content

More tests and docs are in progress, but given the discussion in #187 I'd like to share the non-SSL matchers, and discuss further enhancements to the PostgresSSL Matcher

@metafeather metafeather mentioned this pull request May 4, 2024
Closed
@metafeather metafeather force-pushed the 05-03-l4-module-for-postgres-matchers branch from 3fa7048 to beb34b7 Compare May 4, 2024 23:04
@mholt
Copy link
Owner

mholt commented May 5, 2024

/cc @coolaj86 in case you'd be interested in this

@metafeather metafeather force-pushed the 05-03-l4-module-for-postgres-matchers branch from 21e7c5d to ac96a41 Compare June 2, 2024 16:50
@mholt
Copy link
Owner

mholt commented Jun 4, 2024

Thanks for updating this. Will probably give it another review soon.

mholt
mholt reviewed Jun 4, 2024
View reviewed changes
Copy link
Owner

@mholt mholt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, this looks quite involved! I'm glad you are doing this 😄

I probably won't be testing it myself, so, I imagine you've tested that this works?

One other question I had is: is it possible to have just 1 matcher? I vaguely understand why Postgres SSL is different from regular SSL (but can we call it TLS?). I just wonder if we could simplify the config a bit, or maybe you can help me understand why they should be different matchers entirely... thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mholt mholt mholt left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@metafeather @mholt