rueian / pgbroker Goto Github PK

A golang library for building PostgreSQL proxy

License: MIT License

Go 99.78% Shell 0.22%

pgbroker's Introduction

pgbroker

pgbroker is a golang library for building PostgreSQL proxy, which makes it easy to support from simple query logging to complex dynamic database mappings from an external resource controller and modification on data transferred between client and pg in streaming or per message manner.

Usage

static proxy

One example usage of pgbroker is just simple mapping multiple pg instances into one entry for centralizing management.

Please checkout the https://github.com/rueian/pgbroker-static project.

It is a production ready postgres proxy configured by a yaml file, and it is also has a pre-build docker image.

docker pull rueian/pgbroker-static:latest

dynamic proxy

By implementing the PGResolver interface, the proxy is able to acquire different connections based on the client's StartupMessage.

type PGResolver interface {
	GetPGConn(ctx context.Context, clientAddr net.Addr, parameters map[string]string) (net.Conn, error)
}

Please check out the https://github.com/rueian/godemand-example project, which uses godemand as an external http resource controller for dynamic pg mapping.

In this way, the external resource controller is able to do any change to the postgres before connection estiblished, including creating new postgres instance on the fly.

data modification

pgbroker provides MessageHandler and StreamCallback for each postgres protocol v3 messages. Developers can use them to easily modify the data transferred between client and pg in streaming or per message manner.

It is useful when implementing such as data obfuscation and permission control.

pgbroker's People

Contributors

Stargazers

Watchers

Forkers

isgasho mikalv sgx79 kennychenfight pioneerworks yapcheekian imneov crochold shagr4th weitzj

pgbroker's Issues

Dynamic PG Resolution after Handshake

Hi @rueian,

Firstly, thanks for creating this library.
My application requires the proxy server itself, to do the 3-way handshake with the client. And after that handshake, the proxy server should communicate with an external agent to resolve the address of the db instance in a pg server.

Can this library help?

Concurrent map writes in GetHandler()

Server.Spawn() runs a goroutine for every connection which eventually calls the ClientMessageHandlers/ServerMessageHandlers GetHandler() function.

Since the handler maps exist once per server you can end up with two goroutines updating the map m concurrently, crashing the application.

Given that there aren't that many message types wouldn't it be easier in general to just setup the map once in Server.Spawn()?

Data obfuscation

Hi @rueian
I came across mentions of data modification support, offered by this library. Hence, wanted to discuss how well it'd support my use-case.
Masking entire columns, as determined by some external data privacy controller. Thereupon, sending back modified results to the client.

In which of the server-side handlers could we fit in the result modification code? Assuming the library already supports and abstracts away the unpacking & repacking logic.
Additionally, among the client-side handlers, where could we possibly fit in some authorisation checks, based on user's db access & query-type access capabilities?

Improvement of documentation in pkg.go.dev

First of all great job on handling the complexities of postgres wire protocol and creating this !
I feel it would be great examples and context can be added to the documentation in documentation here
https://pkg.go.dev/github.com/rueian/[email protected]/backend

Additional context

I am trying to build this https://github.com/kishaningithub/rdapp for talking in postgres wire protocol i tried to use https://github.com/jackc/pgproto3 but fell into lot of traps within the protocol which i am trying to find a way out

Enable ssl

Hi! Thanks for this amazing work.
I'm wondering if exist any way to proxy with TLS on.

Thanks!!

Ability to set and forward a password

First off, great project! Thanks for the work you've put into this. Is it currently possible to set or override a password that the client sends utilizing this library (maybe from within GetPGConn or similar). Any ideas on how I might go about implementing something like that?

For instance, currently both of these callbacks are triggered when I connect via something like PGPASSWORD=hi psql blah:

serverMessageHandlers.AddHandleAuthenticationMD5Password(func(ms *proxy.Ctx, msg *message.AuthenticationMD5Password) (*message.AuthenticationMD5Password, error) {
    return msg, nil
})
clientMessageHandlers.AddHandlePasswordMessage(func(md *proxy.Ctx, msg *message.PasswordMessage) (*message.PasswordMessage, error) {
    return msg, nil
})

My thought was that I could somehow override the password in one of those callbacks so that the connection hits the server with the new password that I set, but I haven't figured out a way to do that.