Comments (7)
jim-mlodgenski
commented on August 25, 2024
1
PostgreSQL's trusted languages can't make network calls so plv8 and trusted plrust can't be used to make the HTTPS requests. It you are running PostgreSQL where you have full superuser rights and can use an untrusted language, plpython could work.
from pg_tle.
jkatz
commented on August 25, 2024
1
+1 to what @jim-mlodgenski said. However, depending on your environment with a trusted language, you may be able to make a network call with alternative means. For example, you can invoke an AWS Lambda function from an Aurora/RDS function written in a trusted language, where the Lambda function makes the remote network call. It is an extra hop, but it does allow for making HTTPS requests.
from pg_tle.
mxmauro
commented on August 25, 2024
Thanks @jim-mlodgenski and @jkatz for the feedback. I'll look for alternatives. Not sure if invoking a Lambda will fit because I should call it from the clientauth hook.
from pg_tle.
jkatz
commented on August 25, 2024
@mxmauro Keep in mind that the ClientAuthentication hook fires after PostgreSQL has authenticated against one of its existing methods (see: https://git.postgresql.org/gitweb/?p=postgresql.git;a=blob;f=src/backend/libpq/auth.c#l232). You can't change the authentication status at that time. There have been proposals upstream to allow for more flexibility in defining how a client authenticates to PostgreSQL, but currently this is not supported.
from pg_tle.
mxmauro
commented on August 25, 2024
I thought you can write an extension to define a new authentication method. I'll go backwards a few steps :) Thanks for the feedback.
from pg_tle.
JohnHVancouver
commented on August 25, 2024
I would like to create a new authentication mechanism with a third-party provider and have to do HTTPS
If I understand your ask correctly, this is supported by Postgres generally.
https://www.postgresql.org/docs/current/auth-pam.html
You would need to configure your own PAM auth module, but you can pass the username/password combination to your own custom module to do the authentication.
from pg_tle.
mxmauro
commented on August 25, 2024
Yes but my original intention was to see how far AWS RDS for Postgresql can be extended. At it only supports a few extensions and, for auth, just regular user/pass, IAM roles or Kerberos through AD. Then I found pg_tle for "custom" stuff.
from pg_tle.
Related Issues (20)
- Allow list commands to process in ProcessUtility hook
- Add automated test for pg_upgrade HOT 1
- TLE missing dependencies on its control & SQL functions when created through another's `cascade` HOT 2
- Add cluster-wide support for password check hook HOT 1
- passcheck feature `valid_until` parameter is passing the wrong value HOT 6
- Cast from bytea to vector HOT 1
- ALTER SYSTEM is not supported in AWS RDS Postgres HOT 1
- Does pg_tle support PL/Rust based UDFs? HOT 1
- Allow `@` Characters in Extension Names HOT 5
- `pg_dump`/`pg_restore` default version dependency issue/interaction HOT 1
- Debugging failed extension creation
- pg_dump/pg_restore with custom datatype fails unless `--use-set-session-authorization` is specified HOT 1
- clientauth can hang indefinitely if pgtle.clientauth_num_parallel_workers > max_worker_processes
- size limitation on custom type. HOT 8
- Clientauth skip lists do not work when user/database names are mixed case HOT 1
- Warn the user if a hook function is registered but a necessary parameter is not enabled
- Errored when inserting array value of custom datatype in binary mode . HOT 3
- Cannot build the extension on macOS HOT 3
- Login attempts could repeat depending on SSLMode and leads to incorrect count of attempts HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pg_tle.