Revert "Groups implementation (#609)"

This reverts commit 5f13f83.
yandex · May 7, 2024 · 1dd30d3 · 1dd30d3
1 parent 5f13f83
commit 1dd30d3
Show file tree

Hide file tree

Showing 26 changed files with 216 additions and 843 deletions.
diff --git a/README.md b/README.md
@@ -111,6 +111,7 @@ Set up your CLion to build project in container, [manual](https://github.com/shu
 
 * [include](documentation/configuration.md#include-string)
 * [daemonize](documentation/configuration.md#daemonize-yesno)
+* [sequential\_routing](documentation/configuration.md#sequential_routing-yesno)
 * [priority](documentation/configuration.md#priority-integer)
 * [pid\_file](documentation/configuration.md#pid_file-string)
 * [unix\_socket\_dir](documentation/configuration.md#unix_socket_dir-string)

diff --git a/config-examples/odyssey-dev-with-watchdog.conf b/config-examples/odyssey-dev-with-watchdog.conf
@@ -45,6 +45,7 @@ listen {
 	compression yes
 }
 
+
 storage "postgres_server" {
 	type "remote"
 	host "localhost"

diff --git a/docker/Dockerfile b/docker/Dockerfile
@@ -79,7 +79,6 @@ COPY ./docker/ldap /ldap
 COPY ./docker/lagpolling /lagpolling
 COPY ./docker/shell-test /shell-test
 COPY ./docker/tsa /tsa
-COPY ./docker/group /group
 COPY ./docker/xproto /xproto
 COPY ./docker/copy /copy
 COPY ./docker/gorm /gorm

diff --git a/docker/bin/setup b/docker/bin/setup
@@ -49,7 +49,7 @@ sudo -u postgres /usr/bin/pg_basebackup -D /var/lib/postgresql/14/repl -R -h loc
 sudo -u postgres /usr/lib/postgresql/14/bin/pg_ctl -D /var/lib/postgresql/14/repl/ -o '-p 5433' start
 
 # Create databases
-for database_name in db scram_db ldap_db auth_query_db db1 hba_db tsa_db group_db addr_db xproto_db "spqr-console"; do
+for database_name in db scram_db ldap_db auth_query_db db1 hba_db tsa_db addr_db xproto_db "spqr-console"; do
     sudo -u postgres createdb $database_name >> "$SETUP_LOG" 2>&1 || {
         echo "ERROR: 'createdb $database_name' failed, examine the log"
         cat "$SETUP_LOG"
@@ -63,14 +63,6 @@ mkdir /var/cores
 sudo sysctl -w kernel.core_pattern=/var/cores/core.%p.%e
 pgbench -i -h localhost -p 5432 -U postgres postgres
 
-# Create users
-psql -h localhost -p 5432 -U postgres -c "create role group1; create role group2; create user group_checker; create user group_user1; create user group_user2; create user group_user3; create user group_user4; create user group_user5; create user group_checker1; create user group_checker2;" -d group_db >> $SETUP_LOG 2>&1 || {
-    echo "ERROR: users creation failed, examine the log"
-    cat "$SETUP_LOG"
-    cat "$PG_LOG"
-    exit 1
-}
-
 # Create users
 psql -h localhost -p 5432 -U postgres -c "set password_encryption = 'scram-sha-256'; create user scram_user password 'scram_user_password';" -d scram_db >> $SETUP_LOG 2>&1 || {
     echo "ERROR: users creation failed, examine the log"

diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh
@@ -6,13 +6,6 @@ cd /test_dir/test && /usr/bin/odyssey_test
 
 setup
 
-# group
-/group/test_group.sh
-if [ $? -eq 1 ]
-then
-	exit 1
-fi
-
 # gorm
 ody-start
 /gorm/test.sh

diff --git a/docker/group/config.conf b/docker/group/config.conf
diff --git a/docker/group/test_group.sh b/docker/group/test_group.sh
diff --git a/docker/hba/test.sh b/docker/hba/test.sh
@@ -53,6 +53,18 @@ PGPASSWORD=correct_password psql -h localhost -p 6432 -U user_unknown -c "SELECT
 	"
 	cat /var/log/postgresql/postgresql-14-main.log
 
+	exit 1
+}  
+
+kill -s HUP $(pgrep odyssey)
+PGPASSWORD=correct_password PGCONNECT_TIMEOUT=5 psql -h localhost -p 6432 -U user_allow -c "SELECT 1" hba_db > /dev/null 2>&1 || {
+  echo "ERROR: unable to connect after SIGHUP"
+
+	cat /var/log/odyssey.log
+	echo "
+	"
+	cat /var/log/postgresql/postgresql-14-main.log
+
 	exit 1
 }
 

diff --git a/documentation/configuration.md b/documentation/configuration.md
@@ -16,6 +16,16 @@ By default Odyssey does not run as a daemon. Set to 'yes' to enable.
 
 `daemonize no`
 
+#### sequential\_routing_ *yes|no*
+
+Try to match routes exactly in config order.
+
+By default, Odyssey tries to match all specific routes first, and then all default ones.
+It may be confusing because auth-denying default route can be overridden with more specific auth-permitting route below in the config.
+With this option set, Odyssey will match routes exactly in config order, like in HBA files.
+
+`sequential_routing no`
+
 #### priority *integer*
 
 Process priority.

diff --git a/scripts/install_ci.sh b/scripts/install_ci.sh
@@ -1,10 +1,43 @@
 #!/usr/bin/env bash
 
-set -ex
-
-sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list'
-wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
-sudo apt-get update
-sudo apt-get -y --no-install-recommends install postgresql-14 postgresql-server-dev-14 libpq5 libpq-dev clang-format-11 libpam0g-dev libldap-dev
-sudo pkill -9 postgres || true
-cho -n | openssl s_client -connect https://scan.coverity.com:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | sudo tee -a /etc/ssl/certs/ca-
+set -e
+
+if ! sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list'; then
+    echo "Error adding PostgreSQL repository."
+    exit 1
+fi
+
+if ! wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -; then
+    echo "Error adding PostgreSQL repository key."
+    exit 1
+fi
+
+if ! sudo apt-get update; then
+    echo "Error updating package list."
+    exit 1
+fi
+
+if ! sudo apt-get -y --no-install-recommends install postgresql-14 postgresql-server-dev-14 libpq5 libpq-dev clang-format-11 libpam0g-dev libldap-dev; then
+    echo "Error installing PostgreSQL and its dependencies."
+    exit 1
+fi
+
+if pgrep "postgres" > /dev/null; then
+    if ! sudo pkill -9 postgres; then
+        echo "Error stopping PostgreSQL process."
+        exit 1
+    fi
+fi
+
+if ! sudo sh -c 'echo -n | openssl s_client -connect https://scan.coverity.com:443 | sed -ne "/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p" >> /etc/ssl/certs/ca-certificates.crt'; then
+    echo "Error adding SSL certificate."
+    exit 1
+fi
+
+if ! sudo apt-get clean; then
+    echo "Error cleaning apt-get cache."
+    exit 1
+fi
+
+echo "Script completed successfully."
+exit 0
diff --git a/sources/CMakeLists.txt b/sources/CMakeLists.txt
@@ -52,8 +52,7 @@ set(od_src
     hba.c
     hba_reader.c
     hba_rule.c
-    mdb_iamproxy.c
-    group.c)
+    mdb_iamproxy.c)
 
 if (PAM_FOUND)
         list(APPEND od_src pam.c)

diff --git a/sources/config.c b/sources/config.c
@@ -14,6 +14,7 @@ void od_config_init(od_config_t *config)
 {
 	config->daemonize = 0;
 	config->priority = 0;
+	config->sequential_routing = 0;
 	config->log_debug = 0;
 	config->log_to_stdout = 1;
 	config->log_config = 0;
@@ -245,6 +246,8 @@ void od_config_print(od_config_t *config, od_logger_t *logger)
 	       od_config_yes_no(config->daemonize));
 	od_log(logger, "config", NULL, NULL, "priority                %d",
 	       config->priority);
+	od_log(logger, "config", NULL, NULL, "sequential_routing      %s",
+	       od_config_yes_no(config->sequential_routing));
 	if (config->pid_file)
 		od_log(logger, "config", NULL, NULL,
 		       "pid_file                %s", config->pid_file);

diff --git a/sources/config.h b/sources/config.h
@@ -27,6 +27,7 @@ struct od_config_listen {
 struct od_config {
 	int daemonize;
 	int priority;
+	int sequential_routing;
 	/* logging */
 	int log_to_stdout;
 	int log_debug;