pgsql Interface for charms.reactive

add support for multiple host auth when requesting db

Bug #1770885 reported by Thomas Clauwaert on 2018-05-12

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	PostgreSQL Charm	Triaged	Medium	Unassigned
	pgsql Interface for charms.reactive	Triaged	Medium	Unassigned

Bug Description

This is a feature request, not a bug!

I talked about this on the #juju irc channel but allow me formally describe the feature request here. When a charm uses the pgsql interface and requests a database through 'set_database()' it would be interesting to have more options to pass through (hosts and users). In my specific use case I request a database in charm A (on host A) but host B also requires access to the database. My charm A provides the details to B (acts as a proxy) but postgresql itself only allows host A in his pg_hba.conf file while an entry for host B should also be made. Allow me to illustrate:

Charm/Host B (x.y.z.b) ---- (connected) ---- Charm/Host A (x.y.z.a) ---- (pgsql interface) ---- postgresql

Feature Request:

Something like this where a list of hosts could be passed as a parameter to the set_database()
```
hosts = ['x.y.z.b']
pgsql.set_database('mydb', hosts)

```

or a seperate function

```
hosts = ['x.y.z.b']
pgsql.set_database('mydb')
pgsql.allow_hosts(hosts)

```

So that an entry is added for the same database but for host x.y.z.a in the pg_hba.conf file.

Note that the extra_pg_auth option of the postgresql charm makes it possible but with the above feature no manual steps are needed anymore!

Thanks in advance.

Revision history for this message

Stuart Bishop (stub) wrote on 2018-05-15:

I don't see any problem with this. While clients should not be trusted, this doesn't seem to increase risk.

Update the interface to request a list of CIDRs be given access.

Update the PostgreSQL charm to grant access in pg_hba.conf to the ranges.

pgbouncer does not need to be updated, as it doesn't do IP level access controllers and can just ignore the setting if the interface requests it.

Changed in postgresql-charm:
status:	New → Triaged
Changed in interface-pgsql:
status:	New → Triaged
Changed in postgresql-charm:
importance:	Undecided → Medium
Changed in interface-pgsql:
importance:	Undecided → Medium

Revision history for this message

Adam Vest (foxmulder2004) wrote on 2023-09-22:

This is kind of an older feature request, but I just bumped into this in my own testing env. I have a couple of subnets in my MAAS setup that can communicate with each other, though it's through NAT, so connections from one subnet app to another subnet postgresql server will be refused by postgresql because it's appearing as the nat IP. It would be nice to be able to include additional hosts in the bundle config so I don't have to go in and manually add it every time!

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.