Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ErrInternal = &pgconn.PgError{
Severity: "FATAL",
Message: "database currently not available",
}
ErrInternal defines an error message to be returned to the client if there was some internal error Other errors, raised by the database, should be directly returned to the client.
var SslModes = []string{"disable", "allow", "prefer", "require", "verify-ca", "verify-full"}
SslModes defines valid settings for establishing encrypted database connections
Functions ¶
This section is empty.
Types ¶
type Counter ¶
type Counter struct {
// contains filtered or unexported fields
}
Counter provides a concurrent counter with semaphore protected access
type Database ¶
type Database struct {
Host string `json:"host"` // Database host the client is proxied to
Port uint16 `json:"port"` // Database port the client is proxied to
SslMode string `json:"ssl_mode"` // One of Postgres' SSL mode values (disable, allow, prefer, require, verify-ca, verify-full)
}
func (*Database) UnmarshalJSON ¶
type ErrCertificate ¶
type ErrCertificate struct {
Message string
}
ErrCertificate is returned if no suitable certificate could be found
func (*ErrCertificate) Error ¶
func (e *ErrCertificate) Error() string
type PgConn ¶
type PgConn struct {
Uuid string // random string identifying log messages of this connection stream
Pid uint32
Sid uint32
Db string
User string
Application string
Timestamp time.Time
TimestampLast time.Time
AddressDatabase string
AddressClient string
InProgress bool // Flag whether a query is currently in execution
Terminated bool // Flag whether Termination was requested by client
}
type PgReverseProxy ¶
type PgReverseProxy struct {
// contains filtered or unexported fields
}
PgReverseProxy defines a Postgres reverse proxy listening on a certain port, accepting incoming client connections and redirecting them to configured database servers, based on SNIs indicated by the client.
func Init ¶
func Init( logger scanUtils.Logger, listenerPort uint, listenerTlsConf *tls.Config, listenerForceTls bool, listenerDefaultSni bool, ) (*PgReverseProxy, error)
Init initializes the Postgres reverse proxy
func (*PgReverseProxy) RegisterMonitoring ¶
func (p *PgReverseProxy) RegisterMonitoring(f func( loggerClient scanUtils.Logger, dbName string, dbUser string, dbTables []string, query string, queryResults int, queryStart time.Time, queryEndExec time.Time, queryEndTotal time.Time, clientName string, ) error)
RegisterMonitoring can be used to configure a custom function for user activity logging or monitoring
func (*PgReverseProxy) RegisterSni ¶
func (p *PgReverseProxy) RegisterSni(sni ...Sni) error
RegisterSni initializes an SNI with a dedicated configuration. The configuration can contain is dedicated SSL certificate and custom target database settings. Depending on the server name users will be served with specific SSL certificates and forwarded to respective databases.
func (*PgReverseProxy) Serve ¶
func (p *PgReverseProxy) Serve()
Serve listens for incoming connections and processes them in an asynchronous goroutine
func (*PgReverseProxy) Stop ¶
func (p *PgReverseProxy) Stop()
Stop shuts down the Postgres reverse proxy
type Sni ¶
type Sni struct {
CertPath string `json:"cert_path"` // SSL certificate presented to the database client
KeyPath string `json:"key_path"` // SSL certificate presented to the database client
Database Database `json:"database"` // Target database to redirect clients to
AllowedOrigins []string `json:"allowed_origins"` // Whitelist of IPs allowed to access this SNI
Certificate tls.Certificate `json:"-"` // To be loaded from cert and key path and not Json serializable
CertificateX509 x509.Certificate `json:"-"` // To be loaded from cert and key path and not Json serializable
}
Source Files