feat: add PgSQLServers_SslParams class with map, generate, get, and commit integration

2 weeks ago · 05e3ed4351
parent 619c084cab
commit 05e3ed4351
2 changed files with 94 additions and 0 deletions
--- a/include/PgSQL_HostGroups_Manager.h
+++ b/include/PgSQL_HostGroups_Manager.h
@ -172,6 +172,11 @@ class PgSQL_SrvConnList {
 	PgSQL_Connection *index(unsigned int);
 };

+class PgSQLServers_SslParams : public Servers_SslParams {
+	public:
+	using Servers_SslParams::Servers_SslParams;
+};
+
 class PgSQL_SrvC {	// MySQL Server Container
 	public:
 	PgSQL_HGC *myhgc;
@ -508,6 +513,9 @@ class PgSQL_HostGroups_Manager : public Base_HostGroups_Manager<PgSQL_HGC> {
 	 */
 	uint64_t hgsm_pgsql_replication_hostgroups_checksum = 0;

+	std::mutex PgSQL_Servers_SSL_Params_map_mutex;
+	std::unordered_map<std::string, PgSQLServers_SslParams> PgSQL_Servers_SSL_Params_map;
+
 #if 0
 	PtrArray *MyHostGroups;
 	std::unordered_map<unsigned int, PgSQL_HGC *>MyHostGroups_map;
@ -555,7 +563,9 @@ class PgSQL_HostGroups_Manager : public Base_HostGroups_Manager<PgSQL_HGC> {
 	SQLite3_result *incoming_replication_hostgroups;

 	void generate_pgsql_hostgroup_attributes_table();
+	void generate_pgsql_servers_ssl_params_table();
 	SQLite3_result *incoming_hostgroup_attributes;
+	SQLite3_result *incoming_pgsql_servers_ssl_params = nullptr;

 	SQLite3_result* incoming_pgsql_servers_v2;

@ -772,6 +782,7 @@ class PgSQL_HostGroups_Manager : public Base_HostGroups_Manager<PgSQL_HGC> {
 	 * @return The generated resultset.
 	 */
 	SQLite3_result* dump_table_pgsql(const string&);
+	PgSQLServers_SslParams * get_Server_SSL_Params(char *hostname, int port, char *username);

 	/**
 	 * @brief Update the public member resulset 'pgsql_servers_to_monitor'. This resulset should contain the latest
--- a/lib/PgSQL_HostGroups_Manager.cpp
+++ b/lib/PgSQL_HostGroups_Manager.cpp
@ -1517,6 +1517,13 @@ bool PgSQL_HostGroups_Manager::commit(
 			generate_pgsql_hostgroup_attributes_table();
 		}

+		// SSL params
+		if (incoming_pgsql_servers_ssl_params) {
+			proxy_debug(PROXY_DEBUG_MYSQL_CONNPOOL, 4, "DELETE FROM pgsql_servers_ssl_params\n");
+			mydb->execute("DELETE FROM pgsql_servers_ssl_params");
+			generate_pgsql_servers_ssl_params_table();
+		}
+
 		uint64_t new_hash = commit_update_checksum_from_pgsql_servers_v2(peer_pgsql_servers_v2.resultset);

 		{
@ -1839,6 +1846,8 @@ SQLite3_result * PgSQL_HostGroups_Manager::dump_table_pgsql(const string& name)
 		query = (char *)PGHGM_GEN_ADMIN_RUNTIME_SERVERS;
 	} else if (name == "cluster_pgsql_servers") {
 		query = (char *)PGHGM_GEN_CLUSTER_ADMIN_RUNTIME_SERVERS;
+	} else if (name == "pgsql_servers_ssl_params") {
+		query=(char *)"SELECT hostname, port, username, ssl_ca, ssl_cert, ssl_key, ssl_capath, ssl_crl, ssl_crlpath, ssl_cipher, ssl_protocol_version_range, comment FROM pgsql_servers_ssl_params ORDER BY hostname, port, username";
 	} else {
 		assert(0);
 	}
@ -2917,6 +2926,8 @@ void PgSQL_HostGroups_Manager::save_incoming_pgsql_table(SQLite3_result *s, cons
 		inc = &incoming_replication_hostgroups;
 	} else if (name == "pgsql_hostgroup_attributes") {
 		inc = &incoming_hostgroup_attributes;
+	} else if (name == "pgsql_servers_ssl_params") {
+		inc = &incoming_pgsql_servers_ssl_params;
 	} else {
 		assert(0);
 	}
@ -3958,6 +3969,78 @@ void PgSQL_HostGroups_Manager::generate_pgsql_hostgroup_attributes_table() {
 	incoming_hostgroup_attributes=NULL;
 }

+void PgSQL_HostGroups_Manager::generate_pgsql_servers_ssl_params_table() {
+	if (incoming_pgsql_servers_ssl_params==NULL) {
+		return;
+	}
+	int rc;
+
+	const char * query = (const char *)"INSERT INTO pgsql_servers_ssl_params ("
+		"hostname, port, username, ssl_ca, ssl_cert, ssl_key, ssl_capath, "
+		"ssl_crl, ssl_crlpath, ssl_cipher, ssl_protocol_version_range, comment) VALUES "
+		"(?1, ?2, ?3, ?4, ?5, ?6, ?7, ?8, ?9, ?10, ?11, ?12)";
+
+	auto [rc1, statement_unique] = mydb->prepare_v2(query);
+	ASSERT_SQLITE_OK(rc1, mydb);
+	sqlite3_stmt *statement = statement_unique.get();
+	proxy_info("New pgsql_servers_ssl_params table\n");
+	std::lock_guard<std::mutex> lock(PgSQL_Servers_SSL_Params_map_mutex);
+	PgSQL_Servers_SSL_Params_map.clear();
+
+	for (std::vector<SQLite3_row *>::iterator it = incoming_pgsql_servers_ssl_params->rows.begin() ; it != incoming_pgsql_servers_ssl_params->rows.end(); ++it) {
+		SQLite3_row *r=*it;
+		proxy_info("Loading PgSQL Server SSL Params for (%s,%s,%s)\n",
+			r->fields[0], r->fields[1], r->fields[2]
+		);
+
+		rc=(*proxy_sqlite3_bind_text)(statement,  1,  r->fields[0]  , -1, SQLITE_TRANSIENT); ASSERT_SQLITE_OK(rc, mydb); // hostname
+		rc=(*proxy_sqlite3_bind_int64)(statement, 2,  atoi(r->fields[1]));                   ASSERT_SQLITE_OK(rc, mydb); // port
+		rc=(*proxy_sqlite3_bind_text)(statement,  3,  r->fields[2]  , -1, SQLITE_TRANSIENT); ASSERT_SQLITE_OK(rc, mydb); // username
+		rc=(*proxy_sqlite3_bind_text)(statement,  4,  r->fields[3]  , -1, SQLITE_TRANSIENT); ASSERT_SQLITE_OK(rc, mydb); // ssl_ca
+		rc=(*proxy_sqlite3_bind_text)(statement,  5,  r->fields[4]  , -1, SQLITE_TRANSIENT); ASSERT_SQLITE_OK(rc, mydb); // ssl_cert
+		rc=(*proxy_sqlite3_bind_text)(statement,  6,  r->fields[5]  , -1, SQLITE_TRANSIENT); ASSERT_SQLITE_OK(rc, mydb); // ssl_key
+		rc=(*proxy_sqlite3_bind_text)(statement,  7,  r->fields[6]  , -1, SQLITE_TRANSIENT); ASSERT_SQLITE_OK(rc, mydb); // ssl_capath
+		rc=(*proxy_sqlite3_bind_text)(statement,  8,  r->fields[7]  , -1, SQLITE_TRANSIENT); ASSERT_SQLITE_OK(rc, mydb); // ssl_crl
+		rc=(*proxy_sqlite3_bind_text)(statement,  9,  r->fields[8]  , -1, SQLITE_TRANSIENT); ASSERT_SQLITE_OK(rc, mydb); // ssl_crlpath
+		rc=(*proxy_sqlite3_bind_text)(statement,  10, r->fields[9]  , -1, SQLITE_TRANSIENT); ASSERT_SQLITE_OK(rc, mydb); // ssl_cipher
+		rc=(*proxy_sqlite3_bind_text)(statement,  11, r->fields[10] , -1, SQLITE_TRANSIENT); ASSERT_SQLITE_OK(rc, mydb); // ssl_protocol_version_range
+		rc=(*proxy_sqlite3_bind_text)(statement,  12, r->fields[11] , -1, SQLITE_TRANSIENT); ASSERT_SQLITE_OK(rc, mydb); // comment
+
+		SAFE_SQLITE3_STEP2(statement);
+		rc=(*proxy_sqlite3_clear_bindings)(statement); ASSERT_SQLITE_OK(rc, mydb);
+		rc=(*proxy_sqlite3_reset)(statement); ASSERT_SQLITE_OK(rc, mydb);
+
+		PgSQLServers_SslParams PSSP(
+			r->fields[0], atoi(r->fields[1]), r->fields[2],
+			r->fields[3], r->fields[4],  r->fields[5],
+			r->fields[6], r->fields[7],  r->fields[8],
+			r->fields[9], r->fields[10], r->fields[11]
+		);
+		string MapKey = PSSP.getMapKey(rand_del);
+		PgSQL_Servers_SSL_Params_map.emplace(MapKey, PSSP);
+	}
+	delete incoming_pgsql_servers_ssl_params;
+	incoming_pgsql_servers_ssl_params=NULL;
+}
+
+PgSQLServers_SslParams * PgSQL_HostGroups_Manager::get_Server_SSL_Params(char *hostname, int port, char *username) {
+	string MapKey = string(hostname) + string(rand_del) + to_string(port) + string(rand_del) + string(username);
+	std::lock_guard<std::mutex> lock(PgSQL_Servers_SSL_Params_map_mutex);
+	auto it = PgSQL_Servers_SSL_Params_map.find(MapKey);
+	if (it != PgSQL_Servers_SSL_Params_map.end()) {
+		PgSQLServers_SslParams * PSSP = new PgSQLServers_SslParams(it->second);
+		return PSSP;
+	} else {
+		MapKey = string(hostname) + string(rand_del) + to_string(port) + string(rand_del) + "";
+		it = PgSQL_Servers_SSL_Params_map.find(MapKey);
+		if (it != PgSQL_Servers_SSL_Params_map.end()) {
+			PgSQLServers_SslParams * PSSP = new PgSQLServers_SslParams(it->second);
+			return PSSP;
+		}
+	}
+	return NULL;
+}
+
 int PgSQL_HostGroups_Manager::create_new_server_in_hg(
 	uint32_t hid, const PgSQL_srv_info_t& srv_info, const PgSQL_srv_opts_t& srv_opts
 ) {