-
Notifications
You must be signed in to change notification settings - Fork 86
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add GSSAPI authentication #107
Conversation
marking as draft until initial feedback. the bit that's annoying is adding testing - are you ok with me adding krb5 to the testing CI script @jackc ? |
eb5dfcd
to
e7b83b7
Compare
I know very little about GSS authentication so I don't have the expertise to comment much on the actual implementation of the protocol but here the things I did notice. Definitely agree with the separate module to avoid dependency bloat. I don't understand multiple modules in the same repo well enough to be sure of all the implications. The one clear thing I got from https://github.com/golang/go/wiki/Modules#faqs--multi-module-repositories is that multi-module repos are tricky. How do they work when the parent is v2+? e.g. pgconn is moving back to the main pgx repo for pgx Regarding testing, is there a downside to adding krb5 to the test script? I guess it would bloat the test dependencies? I try to keep pgx / pgconn working on the versions of Go supported by the Go team. I might make an exception with 1.18 due to its significant new features, but as far as I can tell none of the code is using them. Can we rollback the go.mod version to at least 1.17? |
Oh, and thanks for working on this! It will be a great addition, but it wasn't something I could take on myself. |
gotcha, i'll do that in the next pass
I would need to add a docker suite to test it - the environment is pretty finicky to setup. is SASL tested here too?
my
:) i think i need jackc/pgproto3#27 merged before continuing. |
SASL is tested here directly (see
Merged. |
This commit adds the GSSAPI authentication to pgx. This roughly follows the lib/pq implementation: * We require registering a provider to avoid mass dependency inclusions that may not be desired (lib/pq#971). * Requires the pgproto3 package be updated. I've included my custom fork for now.
i can do that :) but i guess there's not much here for testing then, heh. |
should be good to review |
LGTM! Thanks! |
This commit adds the GSSAPI authentication to pgx. This roughly follows
the lib/pq implementation:
that may not be desired (Unnecessary dependencies for non-Kerberos users lib/pq#971).
for now.
Depends on jackc/pgproto3#27.
Refs #1166.