Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Running PostgREST with zero config #2112

Merged
merged 6 commits into from
Jan 22, 2022
Merged

Running PostgREST with zero config #2112

merged 6 commits into from
Jan 22, 2022

Conversation

wolfgangwalther
Copy link
Member

@wolfgangwalther wolfgangwalther commented Jan 3, 2022
edited
Loading

Working on #1689, #1769, #1823 and #1991 here.

TODO:

  • Add Changelog
  • Add issue numbers to commit messages
  • Add support to run without db-anon-role
  • Change docs
  • Add test for blocked anonymous request

@wolfgangwalther wolfgangwalther force-pushed the zero-config branch 4 times, most recently from 1a44a3d to 68d8d7b Compare January 5, 2022 10:09
This was referenced Jan 16, 2022
Closed
Closed
@wolfgangwalther wolfgangwalther force-pushed the zero-config branch 3 times, most recently from 3b12ddf to 5f4898c Compare January 16, 2022 13:38
@wolfgangwalther wolfgangwalther marked this pull request as ready for review January 16, 2022 13:39
@wolfgangwalther
Copy link
Member Author

wolfgangwalther commented Jan 16, 2022
edited
Loading

There are a few comments from the related issues, that are still open / to discuss:

we should print a warning when neither anonymous access nor JWT is set up

This is not the case right now.

I briefly thought about exiting with an error in that case... but since both config settings can be loaded from the database after a notify, I don't think we should do that.

This will allow to start postgrest, but disable any access while the database schema is being loaded into the database. At the end of the init script, the anon role and JWT secret can be set and a NOTIFY sent - and then postgrest will be functional.

We do have error messages for both anonymous requests and authenticated requests, when either the anon role or the secret is missing - so it will be pretty obvious what's happening.

Ideally we'd also show a warning saying that we're defaulting to the public schema and this might not be fit for production(with a link to our Schema Isolation docs).

This might be different... but then again I really hate warnings I receive when I do something like that and am perfectly fine with the default. The problem is then, that I can't disable the warning. Annoying.

But yeah, I guess that's still up for debate. Opinions?

@wolfgangwalther wolfgangwalther mentioned this pull request Jan 16, 2022
Closed
@cemremengu
Copy link

cemremengu commented Jan 16, 2022
edited
Loading

I think these are all valid points.

I really hate warnings I receive when I do something like that and am perfectly fine with the default. The problem is then, that I can't disable the warning.

Maybe instead of warnings, postgrest can print info statements on startup stating what configuration it is being started up with. The interpretation will then be up to user whether it is a good or bad thing. However, I don't think this is a must since default functionality is already documented.

@wolfgangwalther
Copy link
Member Author

Maybe instead of warnings, postgrest can print info statements on startup stating what configuration it is being started up with. The interpretation will then be up to user whether it is a good or bad thing.

I'd certainly like that much more. While messing with some of the io tests I also missed something like --dump-config for reloading. So maybe we can add a log level debug, that would basically print the config values whenever they are (re-)loaded: On startup, on NOTIFY, on SIGUSR etc.

Or, other idea: What if we add some kind of pgrst debug NOTIFY command, that just dumps the config and maybe some other internal state (think connection/pool stats...) on stdout? This could be handy when debugging running instances.

@cemremengu
Copy link

I think that would be a nice enhancement. Other platforms, if enabled, (like hibernate) also dump such debug statistics and information including raw sql queries generated by query builder.

@MargaretKrutikova MargaretKrutikova mentioned this pull request Jan 20, 2022
Open
@wolfgangwalther
test: Make io tests use environment variables instead of config files…
ec09b87 
… where possible.

Load jwt secret from file instead of stdin in tests, because stdin is not supported when reloading the config. Resolves PostgREST#2126.
@wolfgangwalther
feat: Make db-uri optional
9ed30c0 
The default is now "postgresql://" which falls back to LIBPQ environment variables.

Resolves PostgREST#1991, Ref PostgREST#1823
@wolfgangwalther
feat: Make db-schemas optional
dbbde6a 
Resolves PostgREST#1769, Ref PostgREST#1823
@wolfgangwalther
Reformatting of some test-cases and removal of superfluous comments.
05b5ecd
wolfgangwalther added a commit to wolfgangwalther/postgrest-docs that referenced this pull request Jan 22, 2022
@wolfgangwalther
Run PostgREST with zero config. Related to PostgREST/postgrest#2112
c7d3b64
@wolfgangwalther wolfgangwalther mentioned this pull request Jan 22, 2022
Merged
@wolfgangwalther
feat: Make db-anon-role optional
c3ade07 
Without db-anon-role, PostgREST will block any anonymous access without hitting the database.

Resolves PostgREST#1689, Ref PostgREST#1823
@wolfgangwalther
feat: Allow running postgrest without configuration
d9e016b 
Resolves PostgREST#1823
@wolfgangwalther wolfgangwalther merged commit d9e016b into PostgREST:main Jan 22, 2022
@wolfgangwalther wolfgangwalther deleted the zero-config branch January 22, 2022 15:12
wolfgangwalther added a commit to wolfgangwalther/postgrest-docs that referenced this pull request Jan 23, 2022
@wolfgangwalther
Run PostgREST with zero config. Related to PostgREST/postgrest#2112
b388165
wolfgangwalther added a commit to wolfgangwalther/postgrest-docs that referenced this pull request Jan 23, 2022
@wolfgangwalther
Run PostgREST with zero config. Related to PostgREST/postgrest#2112
66e8bf2
@wolfgangwalther wolfgangwalther mentioned this pull request Jan 23, 2022
Merged
@wolfgangwalther
Copy link
Member Author

I think I broke the memory tests somehow. They are timing out now, not failing, so I didn't notice earlier. Will have to investigate.

wolfgangwalther added a commit to PostgREST/postgrest-docs that referenced this pull request Jan 24, 2022
@wolfgangwalther
Run PostgREST with zero config. Related to PostgREST/postgrest#2112
5f938db
@wolfgangwalther wolfgangwalther mentioned this pull request Jan 25, 2022
Closed
steve-chavez
steve-chavez reviewed Mar 2, 2022
View reviewed changes
nix/tools/withTools.nix
@@ -25,7 +25,6 @@ let
"ARG_USE_ENV([PGUSER], [postgrest_test_authenticator], [Authenticator PG role])"
"ARG_USE_ENV([PGDATABASE], [postgres], [PG database name])"
"ARG_USE_ENV([PGRST_DB_SCHEMAS], [test], [Schema to expose])"
"ARG_USE_ENV([PGRST_DB_ANON_ROLE], [postgrest_test_anonymous], [Anonymous PG role])"
Copy link
Member

@steve-chavez steve-chavez Mar 2, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm missing this one(and the below export PGRST_DB_ANON_ROLE) because when doing:

postgrest-with-postgresql-13 postgrest-run

I can no longer make quick tests with the anon role. I can add PGRST_DB_ANON_ROLE=postgrest_test_anonymous but that's more inconvenient(no autocompletion).

@wolfgangwalther Can I add this back? What would be the drawback?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hm. I think the idea was to make the posgrest-with-postgresql-xx helpers more independent of the actual schema they are are loading. The files to load can be changed with -f, I think. And we do so for IO tests and loadtest.

I think I just forgot to add a db role setting in the spec schema for the anonymous role. The tests didn't fail, because the spec tests have a separate config for that anyway. But to be able to load the spec schema with postgrest-run it would be good to have that db setting.

And I'd go one step further: We should move the schema setting into the db config, too. No need to hardcode test here for all.

laurenceisla pushed a commit to laurenceisla/postgrest-docs that referenced this pull request Mar 11, 2022
@wolfgangwalther @laurenceisla
Run PostgREST with zero config. Related to PostgREST/postgrest#2112
f030ac5
@steve-chavez steve-chavez mentioned this pull request Jun 14, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@steve-chavez steve-chavez steve-chavez approved these changes

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@wolfgangwalther @cemremengu @steve-chavez