Skip to content

Commit 4bc61ea

NikolayS NikolayS

committed

Merge branch '528-local-clone-host' into 'master'

feat: new configuration option cloneAccessAddresses to control port publishing for clone containers; restrict to 127.0.0.1 by default (#528) Closes #528 See merge request postgres-ai/database-lab!786

2 parents d77d30b + df25dd4 commit 4bc61eaCopy full SHA for 4bc61ea

File tree

9 files changed

+85

-21

lines changed

engine
- configs
- internal/provision
  - docker
    - docker.go
    - docker_test.go
  - mode_local.go
  - resources
    - appconfig.go

9 files changed

+85

-21

lines changed

`‎engine/configs/config.example.logical_generic.yml‎`

Lines changed: 6 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -143,6 +143,12 @@ provision:`
`143`	`143`	`# existing users to log in with old passwords.`
`144`	`144`	`keepUserPasswords: false`
`145`	`145`
	`146`	`+ # IP addresses that can be used to access clones.`
	`147`	`+ # By default, using a loop-back to accept only local connections.`
	`148`	`+ # The empty string means "all available addresses".`
	`149`	`+ # The option supports multiple IPs (using comma-separated format) and IPv6 addresses (for example, [::1])`
	`150`	`+ cloneAccessAddresses: "127.0.0.1"`
	`151`	`+`
`146`	`152`	`# Data retrieval flow. This section defines both initial retrieval, and rules`
`147`	`153`	`# to keep the data directory in a synchronized state with the source. Both are optional:`
`148`	`154`	`# you may already have the data directory, so neither initial retrieval nor`

`‎engine/configs/config.example.logical_rds_iam.yml‎`

Lines changed: 6 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -142,6 +142,12 @@ provision:`
`142`	`142`	`# existing users to log in with old passwords.`
`143`	`143`	`keepUserPasswords: false`
`144`	`144`
	`145`	`+ # IP addresses that can be used to access clones.`
	`146`	`+ # By default, using a loop-back to accept only local connections.`
	`147`	`+ # The empty string means "all available addresses".`
	`148`	`+ # The option supports multiple IPs (using comma-separated format) and IPv6 addresses (for example, [::1])`
	`149`	`+ cloneAccessAddresses: "127.0.0.1"`
	`150`	`+`
`145`	`151`	`# Data retrieval flow. This section defines both initial retrieval, and rules`
`146`	`152`	`# to keep the data directory in a synchronized state with the source. Both are optional:`
`147`	`153`	`# you may already have the data directory, so neither initial retrieval nor`

`‎engine/configs/config.example.physical_generic.yml‎`

Lines changed: 6 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -140,6 +140,12 @@ provision:`
`140`	`140`	`# existing users to log in with old passwords.`
`141`	`141`	`keepUserPasswords: false`
`142`	`142`
	`143`	`+ # IP addresses that can be used to access clones.`
	`144`	`+ # By default, using a loop-back to accept only local connections.`
	`145`	`+ # The empty string means "all available addresses".`
	`146`	`+ # The option supports multiple IPs (using comma-separated format) and IPv6 addresses (for example, [::1])`
	`147`	`+ cloneAccessAddresses: "127.0.0.1"`
	`148`	`+`
`143`	`149`	`# Data retrieval flow. This section defines both initial retrieval, and rules`
`144`	`150`	`# to keep the data directory in a synchronized state with the source. Both are optional:`
`145`	`151`	`# you may already have the data directory, so neither initial retrieval nor`

`‎engine/configs/config.example.physical_pgbackrest.yml‎`

Lines changed: 6 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -140,6 +140,12 @@ provision:`
`140`	`140`	`# existing users to log in with old passwords.`
`141`	`141`	`keepUserPasswords: false`
`142`	`142`
	`143`	`+ # IP addresses that can be used to access clones.`
	`144`	`+ # By default, using a loop-back to accept only local connections.`
	`145`	`+ # The empty string means "all available addresses".`
	`146`	`+ # The option supports multiple IPs (using comma-separated format) and IPv6 addresses (for example, [::1])`
	`147`	`+ cloneAccessAddresses: "127.0.0.1"`
	`148`	`+`
`143`	`149`	`# Data retrieval flow. This section defines both initial retrieval, and rules`
`144`	`150`	`# to keep the data directory in a synchronized state with the source. Both are optional:`
`145`	`151`	`# you may already have the data directory, so neither initial retrieval nor`

`‎engine/configs/config.example.physical_walg.yml‎`

Lines changed: 6 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -140,6 +140,12 @@ provision:`
`140`	`140`	`# existing users to log in with old passwords.`
`141`	`141`	`keepUserPasswords: false`
`142`	`142`
	`143`	`+ # IP addresses that can be used to access clones.`
	`144`	`+ # By default, using a loop-back to accept only local connections.`
	`145`	`+ # The empty string means "all available addresses".`
	`146`	`+ # The option supports multiple IPs (using comma-separated format) and IPv6 addresses (for example, [::1])`
	`147`	`+ cloneAccessAddresses: "127.0.0.1"`
	`148`	`+`
`143`	`149`	`# Data retrieval flow. This section defines both initial retrieval, and rules`
`144`	`150`	`# to keep the data directory in a synchronized state with the source. Both are optional:`
`145`	`151`	`# you may already have the data directory, so neither initial retrieval nor`

`‎engine/internal/provision/docker/docker.go‎`

Lines changed: 15 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -78,7 +78,7 @@ func RunContainer(r runners.Runner, c *resources.AppConfig) error {`
`78`	`78`	`"docker run",`
`79`	`79`	`"--name", c.CloneName,`
`80`	`80`	`"--detach",`
`81`		`- "--publish", fmt.Sprintf("%[1]s:%[1]s", instancePort),`
	`81`	`+ publishPorts(c.ProvisionHosts, instancePort),`
`82`	`82`	`"--env", "PGDATA=" + c.DataDir(),`
`83`	`83`	`"--env", "PG_UNIX_SOCKET_DIR=" + unixSocketCloneDir,`
`84`	`84`	`"--env", "PG_SERVER_PORT=" + instancePort,`
`@@ -101,6 +101,20 @@ func RunContainer(r runners.Runner, c *resources.AppConfig) error {`
`101`	`101`	`return nil`
`102`	`102`	`}`
`103`	`103`
	`104`	`+func publishPorts(provisionHosts string, instancePort string) string {`
	`105`	`+ if provisionHosts == "" {`
	`106`	`+ return fmt.Sprintf("--publish %[1]s:%[1]s", instancePort)`
	`107`	`+ }`
	`108`	`+`
	`109`	`+ pub := []string{}`
	`110`	`+`
	`111`	`+ for _, s := range strings.Split(provisionHosts, ",") {`
	`112`	`+ pub = append(pub, "--publish", fmt.Sprintf("%[1]s:%[2]s:%[2]s", s, instancePort))`
	`113`	`+ }`
	`114`	`+`
	`115`	`+ return strings.Join(pub, " ")`
	`116`	`+}`
	`117`	`+`
`104`	`118`	`func createDefaultVolumes(c *resources.AppConfig) (string, []string) {`
`105`	`119`	`unixSocketCloneDir := c.Pool.SocketCloneDir(c.CloneName)`
`106`	`120`

`‎engine/internal/provision/docker/docker_test.go‎`

Lines changed: 17 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -94,3 +94,20 @@ func TestDefaultVolumes(t *testing.T) {`
`94`	`94`	`"--volume /tmp/test/default:/tmp/test/default",`
`95`	`95`	`"--volume /tmp/test/default/socket:/tmp/test/default/socket"}, volumes)`
`96`	`96`	`}`
	`97`	`+`
	`98`	`+func TestPublishPorts(t *testing.T) {`
	`99`	`+ testCases := []struct {`
	`100`	`+ provisionHosts string`
	`101`	`+ instancePort string`
	`102`	`+ expectedResult string`
	`103`	`+ }{`
	`104`	`+ {provisionHosts: "", instancePort: "6000", expectedResult: "--publish 6000:6000"},`
	`105`	`+ {provisionHosts: "127.0.0.1", instancePort: "6000", expectedResult: "--publish 127.0.0.1:6000:6000"},`
	`106`	`+ {provisionHosts: "127.0.0.1,172.0.0.1", instancePort: "6000", expectedResult: "--publish 127.0.0.1:6000:6000 --publish 172.0.0.1:6000:6000"},`
	`107`	`+ {provisionHosts: "[::1]", instancePort: "6000", expectedResult: "--publish [::1]:6000:6000"},`
	`108`	`+ }`
	`109`	`+`
	`110`	`+ for _, tc := range testCases {`
	`111`	`+ assert.Equal(t, publishPorts(tc.provisionHosts, tc.instancePort), tc.expectedResult)`
	`112`	`+ }`
	`113`	`+}`

`‎engine/internal/provision/mode_local.go‎`

Lines changed: 15 additions & 13 deletions

Original file line number	Diff line number	Diff line change
`@@ -51,11 +51,12 @@ type PortPool struct {`
`51`	`51`
`52`	`52`	`// Config defines configuration for provisioning.`
`53`	`53`	`type Config struct {`
`54`		- PortPool PortPool `yaml:"portPool"`
`55`		- DockerImage string `yaml:"dockerImage"`
`56`		- UseSudo bool `yaml:"useSudo"`
`57`		- KeepUserPasswords bool `yaml:"keepUserPasswords"`
`58`		- ContainerConfig map[string]string `yaml:"containerConfig"`
	`54`	+ PortPool PortPool `yaml:"portPool"`
	`55`	+ DockerImage string `yaml:"dockerImage"`
	`56`	+ UseSudo bool `yaml:"useSudo"`
	`57`	+ KeepUserPasswords bool `yaml:"keepUserPasswords"`
	`58`	+ ContainerConfig map[string]string `yaml:"containerConfig"`
	`59`	+ CloneAccessAddresses string `yaml:"cloneAccessAddresses"`
`59`	`60`	`}`
`60`	`61`
`61`	`62`	`// Provisioner describes a struct for ports and clones management.`
`@@ -598,14 +599,15 @@ func (p *Provisioner) stopPoolSessions(fsm pool.FSManager, exceptClones map[stri`
`598`	`599`
`599`	`600`	`func (p Provisioner) getAppConfig(pool resources.Pool, name string, port uint) *resources.AppConfig {`
`600`	`601`	`appConfig := &resources.AppConfig{`
`601`		`- CloneName: name,`
`602`		`- DockerImage: p.config.DockerImage,`
`603`		`- Host: pool.SocketCloneDir(name),`
`604`		`- Port: port,`
`605`		`- DB: p.dbCfg,`
`606`		`- Pool: pool,`
`607`		`- ContainerConf: p.config.ContainerConfig,`
`608`		`- NetworkID: p.networkID,`
	`602`	`+ CloneName: name,`
	`603`	`+ DockerImage: p.config.DockerImage,`
	`604`	`+ Host: pool.SocketCloneDir(name),`
	`605`	`+ Port: port,`
	`606`	`+ DB: p.dbCfg,`
	`607`	`+ Pool: pool,`
	`608`	`+ ContainerConf: p.config.ContainerConfig,`
	`609`	`+ NetworkID: p.networkID,`
	`610`	`+ ProvisionHosts: p.config.CloneAccessAddresses,`
`609`	`611`	`}`
`610`	`612`
`611`	`613`	`return appConfig`

`‎engine/internal/provision/resources/appconfig.go‎`

Lines changed: 8 additions & 7 deletions

Original file line number	Diff line number	Diff line change
`@@ -10,13 +10,14 @@ import (`
`10`	`10`
`11`	`11`	`// AppConfig currently stores Postgres configuration (other application in the future too).`
`12`	`12`	`type AppConfig struct {`
`13`		`- CloneName string`
`14`		`- DockerImage string`
`15`		`- Pool *Pool`
`16`		`- Host string`
`17`		`- Port uint`
`18`		`- DB *DB`
`19`		`- NetworkID string`
	`13`	`+ CloneName string`
	`14`	`+ DockerImage string`
	`15`	`+ Pool *Pool`
	`16`	`+ Host string`
	`17`	`+ Port uint`
	`18`	`+ DB *DB`
	`19`	`+ NetworkID string`
	`20`	`+ ProvisionHosts string`
`20`	`21`
`21`	`22`	`ContainerConf map[string]string`
`22`	`23`	`pgExtraConf map[string]string`

0 commit comments

Comments

(0)