From 05e3ed435158cadc3e735a03e77eb974915e5c89 Mon Sep 17 00:00:00 2001 From: Rahim Kanji Date: Mon, 6 Apr 2026 12:44:12 +0500 Subject: [PATCH] feat: add PgSQLServers_SslParams class with map, generate, get, and commit integration --- include/PgSQL_HostGroups_Manager.h | 11 ++++ lib/PgSQL_HostGroups_Manager.cpp | 83 ++++++++++++++++++++++++++++++ 2 files changed, 94 insertions(+) diff --git a/include/PgSQL_HostGroups_Manager.h b/include/PgSQL_HostGroups_Manager.h index d945998a4..9fa936cd9 100644 --- a/include/PgSQL_HostGroups_Manager.h +++ b/include/PgSQL_HostGroups_Manager.h @@ -172,6 +172,11 @@ class PgSQL_SrvConnList { PgSQL_Connection *index(unsigned int); }; +class PgSQLServers_SslParams : public Servers_SslParams { + public: + using Servers_SslParams::Servers_SslParams; +}; + class PgSQL_SrvC { // MySQL Server Container public: PgSQL_HGC *myhgc; @@ -508,6 +513,9 @@ class PgSQL_HostGroups_Manager : public Base_HostGroups_Manager { */ uint64_t hgsm_pgsql_replication_hostgroups_checksum = 0; + std::mutex PgSQL_Servers_SSL_Params_map_mutex; + std::unordered_map PgSQL_Servers_SSL_Params_map; + #if 0 PtrArray *MyHostGroups; std::unordered_mapMyHostGroups_map; @@ -555,7 +563,9 @@ class PgSQL_HostGroups_Manager : public Base_HostGroups_Manager { SQLite3_result *incoming_replication_hostgroups; void generate_pgsql_hostgroup_attributes_table(); + void generate_pgsql_servers_ssl_params_table(); SQLite3_result *incoming_hostgroup_attributes; + SQLite3_result *incoming_pgsql_servers_ssl_params = nullptr; SQLite3_result* incoming_pgsql_servers_v2; @@ -772,6 +782,7 @@ class PgSQL_HostGroups_Manager : public Base_HostGroups_Manager { * @return The generated resultset. */ SQLite3_result* dump_table_pgsql(const string&); + PgSQLServers_SslParams * get_Server_SSL_Params(char *hostname, int port, char *username); /** * @brief Update the public member resulset 'pgsql_servers_to_monitor'. This resulset should contain the latest diff --git a/lib/PgSQL_HostGroups_Manager.cpp b/lib/PgSQL_HostGroups_Manager.cpp index 2c5d2ad13..41efcf100 100644 --- a/lib/PgSQL_HostGroups_Manager.cpp +++ b/lib/PgSQL_HostGroups_Manager.cpp @@ -1517,6 +1517,13 @@ bool PgSQL_HostGroups_Manager::commit( generate_pgsql_hostgroup_attributes_table(); } + // SSL params + if (incoming_pgsql_servers_ssl_params) { + proxy_debug(PROXY_DEBUG_MYSQL_CONNPOOL, 4, "DELETE FROM pgsql_servers_ssl_params\n"); + mydb->execute("DELETE FROM pgsql_servers_ssl_params"); + generate_pgsql_servers_ssl_params_table(); + } + uint64_t new_hash = commit_update_checksum_from_pgsql_servers_v2(peer_pgsql_servers_v2.resultset); { @@ -1839,6 +1846,8 @@ SQLite3_result * PgSQL_HostGroups_Manager::dump_table_pgsql(const string& name) query = (char *)PGHGM_GEN_ADMIN_RUNTIME_SERVERS; } else if (name == "cluster_pgsql_servers") { query = (char *)PGHGM_GEN_CLUSTER_ADMIN_RUNTIME_SERVERS; + } else if (name == "pgsql_servers_ssl_params") { + query=(char *)"SELECT hostname, port, username, ssl_ca, ssl_cert, ssl_key, ssl_capath, ssl_crl, ssl_crlpath, ssl_cipher, ssl_protocol_version_range, comment FROM pgsql_servers_ssl_params ORDER BY hostname, port, username"; } else { assert(0); } @@ -2917,6 +2926,8 @@ void PgSQL_HostGroups_Manager::save_incoming_pgsql_table(SQLite3_result *s, cons inc = &incoming_replication_hostgroups; } else if (name == "pgsql_hostgroup_attributes") { inc = &incoming_hostgroup_attributes; + } else if (name == "pgsql_servers_ssl_params") { + inc = &incoming_pgsql_servers_ssl_params; } else { assert(0); } @@ -3958,6 +3969,78 @@ void PgSQL_HostGroups_Manager::generate_pgsql_hostgroup_attributes_table() { incoming_hostgroup_attributes=NULL; } +void PgSQL_HostGroups_Manager::generate_pgsql_servers_ssl_params_table() { + if (incoming_pgsql_servers_ssl_params==NULL) { + return; + } + int rc; + + const char * query = (const char *)"INSERT INTO pgsql_servers_ssl_params (" + "hostname, port, username, ssl_ca, ssl_cert, ssl_key, ssl_capath, " + "ssl_crl, ssl_crlpath, ssl_cipher, ssl_protocol_version_range, comment) VALUES " + "(?1, ?2, ?3, ?4, ?5, ?6, ?7, ?8, ?9, ?10, ?11, ?12)"; + + auto [rc1, statement_unique] = mydb->prepare_v2(query); + ASSERT_SQLITE_OK(rc1, mydb); + sqlite3_stmt *statement = statement_unique.get(); + proxy_info("New pgsql_servers_ssl_params table\n"); + std::lock_guard lock(PgSQL_Servers_SSL_Params_map_mutex); + PgSQL_Servers_SSL_Params_map.clear(); + + for (std::vector::iterator it = incoming_pgsql_servers_ssl_params->rows.begin() ; it != incoming_pgsql_servers_ssl_params->rows.end(); ++it) { + SQLite3_row *r=*it; + proxy_info("Loading PgSQL Server SSL Params for (%s,%s,%s)\n", + r->fields[0], r->fields[1], r->fields[2] + ); + + rc=(*proxy_sqlite3_bind_text)(statement, 1, r->fields[0] , -1, SQLITE_TRANSIENT); ASSERT_SQLITE_OK(rc, mydb); // hostname + rc=(*proxy_sqlite3_bind_int64)(statement, 2, atoi(r->fields[1])); ASSERT_SQLITE_OK(rc, mydb); // port + rc=(*proxy_sqlite3_bind_text)(statement, 3, r->fields[2] , -1, SQLITE_TRANSIENT); ASSERT_SQLITE_OK(rc, mydb); // username + rc=(*proxy_sqlite3_bind_text)(statement, 4, r->fields[3] , -1, SQLITE_TRANSIENT); ASSERT_SQLITE_OK(rc, mydb); // ssl_ca + rc=(*proxy_sqlite3_bind_text)(statement, 5, r->fields[4] , -1, SQLITE_TRANSIENT); ASSERT_SQLITE_OK(rc, mydb); // ssl_cert + rc=(*proxy_sqlite3_bind_text)(statement, 6, r->fields[5] , -1, SQLITE_TRANSIENT); ASSERT_SQLITE_OK(rc, mydb); // ssl_key + rc=(*proxy_sqlite3_bind_text)(statement, 7, r->fields[6] , -1, SQLITE_TRANSIENT); ASSERT_SQLITE_OK(rc, mydb); // ssl_capath + rc=(*proxy_sqlite3_bind_text)(statement, 8, r->fields[7] , -1, SQLITE_TRANSIENT); ASSERT_SQLITE_OK(rc, mydb); // ssl_crl + rc=(*proxy_sqlite3_bind_text)(statement, 9, r->fields[8] , -1, SQLITE_TRANSIENT); ASSERT_SQLITE_OK(rc, mydb); // ssl_crlpath + rc=(*proxy_sqlite3_bind_text)(statement, 10, r->fields[9] , -1, SQLITE_TRANSIENT); ASSERT_SQLITE_OK(rc, mydb); // ssl_cipher + rc=(*proxy_sqlite3_bind_text)(statement, 11, r->fields[10] , -1, SQLITE_TRANSIENT); ASSERT_SQLITE_OK(rc, mydb); // ssl_protocol_version_range + rc=(*proxy_sqlite3_bind_text)(statement, 12, r->fields[11] , -1, SQLITE_TRANSIENT); ASSERT_SQLITE_OK(rc, mydb); // comment + + SAFE_SQLITE3_STEP2(statement); + rc=(*proxy_sqlite3_clear_bindings)(statement); ASSERT_SQLITE_OK(rc, mydb); + rc=(*proxy_sqlite3_reset)(statement); ASSERT_SQLITE_OK(rc, mydb); + + PgSQLServers_SslParams PSSP( + r->fields[0], atoi(r->fields[1]), r->fields[2], + r->fields[3], r->fields[4], r->fields[5], + r->fields[6], r->fields[7], r->fields[8], + r->fields[9], r->fields[10], r->fields[11] + ); + string MapKey = PSSP.getMapKey(rand_del); + PgSQL_Servers_SSL_Params_map.emplace(MapKey, PSSP); + } + delete incoming_pgsql_servers_ssl_params; + incoming_pgsql_servers_ssl_params=NULL; +} + +PgSQLServers_SslParams * PgSQL_HostGroups_Manager::get_Server_SSL_Params(char *hostname, int port, char *username) { + string MapKey = string(hostname) + string(rand_del) + to_string(port) + string(rand_del) + string(username); + std::lock_guard lock(PgSQL_Servers_SSL_Params_map_mutex); + auto it = PgSQL_Servers_SSL_Params_map.find(MapKey); + if (it != PgSQL_Servers_SSL_Params_map.end()) { + PgSQLServers_SslParams * PSSP = new PgSQLServers_SslParams(it->second); + return PSSP; + } else { + MapKey = string(hostname) + string(rand_del) + to_string(port) + string(rand_del) + ""; + it = PgSQL_Servers_SSL_Params_map.find(MapKey); + if (it != PgSQL_Servers_SSL_Params_map.end()) { + PgSQLServers_SslParams * PSSP = new PgSQLServers_SslParams(it->second); + return PSSP; + } + } + return NULL; +} + int PgSQL_HostGroups_Manager::create_new_server_in_hg( uint32_t hid, const PgSQL_srv_info_t& srv_info, const PgSQL_srv_opts_t& srv_opts ) {