2023-04-10 14:51:01 -07:00
|
|
|
//! Errors.
|
2022-03-10 01:33:29 -08:00
|
|
|
|
|
|
|
|
/// Various errors.
|
2023-05-03 09:13:05 -07:00
|
|
|
#[derive(Debug, PartialEq, Clone)]
|
2022-02-03 13:35:40 -08:00
|
|
|
pub enum Error {
|
2022-11-17 09:24:39 -08:00
|
|
|
SocketError(String),
|
2023-04-10 14:51:01 -07:00
|
|
|
ClientSocketError(String, ClientIdentifier),
|
|
|
|
|
ClientGeneralError(String, ClientIdentifier),
|
|
|
|
|
ClientAuthImpossible(String),
|
|
|
|
|
ClientAuthPassthroughError(String, ClientIdentifier),
|
2022-02-03 13:35:40 -08:00
|
|
|
ClientBadStartup,
|
2022-11-17 09:24:39 -08:00
|
|
|
ProtocolSyncError(String),
|
2023-03-06 06:10:59 -06:00
|
|
|
BadQuery(String),
|
2022-02-03 15:17:04 -08:00
|
|
|
ServerError,
|
2023-08-09 13:14:05 -03:00
|
|
|
ServerMessageParserError(String),
|
2023-04-10 14:51:01 -07:00
|
|
|
ServerStartupError(String, ServerIdentifier),
|
|
|
|
|
ServerAuthError(String, ServerIdentifier),
|
2022-02-08 09:25:59 -08:00
|
|
|
BadConfig,
|
2022-02-09 21:19:14 -08:00
|
|
|
AllServersDown,
|
2022-11-17 09:24:39 -08:00
|
|
|
ClientError(String),
|
2022-06-27 09:46:33 -07:00
|
|
|
TlsError,
|
2022-08-13 13:45:58 -07:00
|
|
|
StatementTimeout,
|
2023-05-02 10:26:40 +02:00
|
|
|
DNSCachedError(String),
|
2022-08-25 06:40:56 -07:00
|
|
|
ShuttingDown,
|
2023-01-19 10:19:49 -05:00
|
|
|
ParseBytesError(String),
|
Auth passthrough (auth_query) (#266)
* Add a new exec_simple_query method
This adds a new `exec_simple_query` method so we can make 'out of band'
queries to servers that don't interfere with pools at all.
In order to reuse startup code for making these simple queries,
we need to set the stats (`Reporter`) optional, so using these
simple queries wont interfere with stats.
* Add auth passthough (auth_query)
Adds a feature that allows setting auth passthrough for md5 auth.
It adds 3 new (general and pool) config parameters:
- `auth_query`: An string containing a query that will be executed on boot
to obtain the hash of a given user. This query have to use a placeholder `$1`,
so pgcat can replace it with the user its trying to fetch the hash from.
- `auth_query_user`: The user to use for connecting to the server and executing the
auth_query.
- `auth_query_password`: The password to use for connecting to the server and executing the
auth_query.
The configuration can be done either on the general config (so pools share them) or in a per-pool basis.
The behavior is, at boot time, when validating server connections, a hash is fetched per server
and stored in the pool. When new server connections are created, and no cleartext password is specified,
the obtained hash is used for creating them, if the hash could not be obtained for whatever reason, it retries
it.
When client authentication is tried, it uses cleartext passwords if specified, it not, it checks whether
we have query_auth set up, if so, it tries to use the obtained hash for making client auth. If there is no
hash (we could not obtain one when validating the connection), a new fetch is tried.
Once we have a hash, we authenticate using it against whathever the client has sent us, if there is a failure
we refetch the hash and retry auth (so password changes can be done).
The idea with this 'retrial' mechanism is to make it fault tolerant, so if for whatever reason hash could not be
obtained during connection validation, or the password has change, we can still connect later.
* Add documentation for Auth passthrough
2023-03-30 22:29:23 +02:00
|
|
|
AuthError(String),
|
|
|
|
|
AuthPassthroughError(String),
|
2023-05-03 09:13:05 -07:00
|
|
|
UnsupportedStatement,
|
|
|
|
|
QueryRouterParserError(String),
|
2023-06-16 12:57:44 -07:00
|
|
|
QueryRouterError(String),
|
Allow configuring routing decision when no shard is selected (#578)
The TL;DR for the change is that we allow QueryRouter to set the active shard to None. This signals to the Pool::get method that we have no shard selected. The get method follows a no_shard_specified_behavior config to know how to route the query.
Original PR description
Ruby-pg library makes a startup query to SET client_encoding to ... if Encoding.default_internal value is set (Code). This query is troublesome because we cannot possibly attach a routing comment to it. PgCat, by default, will route that query to the default shard.
Everything is fine until shard 0 has issues, Clients will all be attempting to send this query to shard0 which increases the connection latency significantly for all clients, even those not interested in shard0
This PR introduces no_shard_specified_behavior that defines the behavior in case we have routing-by-comment enabled but we get a query without a comment. The allowed behaviors are
random: Picks a shard at random
random_healthy: Picks a shard at random favoring shards with the least number of recent connection/checkout errors
shard_<number>: e.g. shard_0, shard_4, etc. picks a specific shard, everytime
In order to achieve this, this PR introduces an error_count on the Address Object that tracks the number of errors since the last checkout and uses that metric to sort shards by error count before making a routing decision.
I didn't want to use address stats to avoid introducing a routing dependency on internal stats (We might do that in the future but I prefer to avoid this for the time being.
I also made changes to the test environment to replace Ruby's TOML reader library, It appears to be abandoned and does not support mixed arrays (which we use in the config toml), and it also does not play nicely with single-quoted regular expressions. I opted for using yj which is a CLI tool that can convert from toml to JSON and back. So I refactor the tests to use that library.
2023-09-11 13:47:28 -05:00
|
|
|
InvalidShardId(usize),
|
2023-11-28 21:13:30 -08:00
|
|
|
PreparedStatementError,
|
2022-02-03 15:17:04 -08:00
|
|
|
}
|
2023-04-10 14:51:01 -07:00
|
|
|
|
|
|
|
|
#[derive(Clone, PartialEq, Debug)]
|
|
|
|
|
pub struct ClientIdentifier {
|
|
|
|
|
pub application_name: String,
|
|
|
|
|
pub username: String,
|
|
|
|
|
pub pool_name: String,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl ClientIdentifier {
|
|
|
|
|
pub fn new(application_name: &str, username: &str, pool_name: &str) -> ClientIdentifier {
|
|
|
|
|
ClientIdentifier {
|
|
|
|
|
application_name: application_name.into(),
|
|
|
|
|
username: username.into(),
|
|
|
|
|
pool_name: pool_name.into(),
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl std::fmt::Display for ClientIdentifier {
|
|
|
|
|
fn fmt(&self, f: &mut std::fmt::Formatter) -> std::fmt::Result {
|
|
|
|
|
write!(
|
|
|
|
|
f,
|
|
|
|
|
"{{ application_name: {}, username: {}, pool_name: {} }}",
|
|
|
|
|
self.application_name, self.username, self.pool_name
|
|
|
|
|
)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
#[derive(Clone, PartialEq, Debug)]
|
|
|
|
|
pub struct ServerIdentifier {
|
|
|
|
|
pub username: String,
|
|
|
|
|
pub database: String,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl ServerIdentifier {
|
|
|
|
|
pub fn new(username: &str, database: &str) -> ServerIdentifier {
|
|
|
|
|
ServerIdentifier {
|
|
|
|
|
username: username.into(),
|
|
|
|
|
database: database.into(),
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl std::fmt::Display for ServerIdentifier {
|
|
|
|
|
fn fmt(&self, f: &mut std::fmt::Formatter) -> std::fmt::Result {
|
|
|
|
|
write!(
|
|
|
|
|
f,
|
|
|
|
|
"{{ username: {}, database: {} }}",
|
|
|
|
|
self.username, self.database
|
|
|
|
|
)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
impl std::fmt::Display for Error {
|
|
|
|
|
fn fmt(&self, f: &mut std::fmt::Formatter) -> std::fmt::Result {
|
|
|
|
|
match &self {
|
|
|
|
|
&Error::ClientSocketError(error, client_identifier) => write!(
|
|
|
|
|
f,
|
|
|
|
|
"Error reading {} from client {}",
|
|
|
|
|
error, client_identifier
|
|
|
|
|
),
|
|
|
|
|
&Error::ClientGeneralError(error, client_identifier) => {
|
|
|
|
|
write!(f, "{} {}", error, client_identifier)
|
|
|
|
|
}
|
|
|
|
|
&Error::ClientAuthImpossible(username) => write!(
|
|
|
|
|
f,
|
|
|
|
|
"Client auth not possible, \
|
|
|
|
|
no cleartext password set for username: {} \
|
|
|
|
|
in config and auth passthrough (query_auth) \
|
|
|
|
|
is not set up.",
|
|
|
|
|
username
|
|
|
|
|
),
|
|
|
|
|
&Error::ClientAuthPassthroughError(error, client_identifier) => write!(
|
|
|
|
|
f,
|
|
|
|
|
"No cleartext password set, \
|
|
|
|
|
and no auth passthrough could not \
|
|
|
|
|
obtain the hash from server for {}, \
|
|
|
|
|
the error was: {}",
|
|
|
|
|
client_identifier, error
|
|
|
|
|
),
|
|
|
|
|
&Error::ServerStartupError(error, server_identifier) => write!(
|
|
|
|
|
f,
|
|
|
|
|
"Error reading {} on server startup {}",
|
|
|
|
|
error, server_identifier,
|
|
|
|
|
),
|
|
|
|
|
&Error::ServerAuthError(error, server_identifier) => {
|
|
|
|
|
write!(f, "{} for {}", error, server_identifier,)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// The rest can use Debug.
|
|
|
|
|
err => write!(f, "{:?}", err),
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2023-06-16 12:57:44 -07:00
|
|
|
|
|
|
|
|
impl From<std::ffi::NulError> for Error {
|
|
|
|
|
fn from(err: std::ffi::NulError) -> Self {
|
|
|
|
|
Error::QueryRouterError(err.to_string())
|
|
|
|
|
}
|
|
|
|
|
}
|