Allow bypassing authentication (#3840)

FerretDB · Dec 12, 2023 · b26d394 · b26d394
1 parent 6737d32
commit b26d394
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 9 deletions.
diff --git a/internal/backends/postgresql/metadata/pool/pool.go b/internal/backends/postgresql/metadata/pool/pool.go
@@ -134,6 +134,22 @@ func (p *Pool) Get(username, password string) (*pgxpool.Pool, error) {
 	return res, nil
 }
 
+// GetAny returns a random open pool of connections to PostgreSQL, or nil if none are available.
+func (p *Pool) GetAny() *pgxpool.Pool {
+	p.rw.RLock()
+	defer p.rw.RUnlock()
+
+	for _, pool := range p.pools {
+		p.l.Debug("Pool.GetAny: returning existing pool")
+
+		return pool
+	}
+
+	p.l.Debug("Pool.GetAny: no existing pools")
+
+	return nil
+}
+
 // Describe implements prometheus.Collector.
 func (p *Pool) Describe(ch chan<- *prometheus.Desc) {
 	prometheus.DescribeByCollect(p, ch)

diff --git a/internal/backends/postgresql/metadata/registry.go b/internal/backends/postgresql/metadata/registry.go
@@ -106,7 +106,8 @@ func (r *Registry) Close() {
 }
 
 // getPool returns a pool of connections to PostgreSQL database
-// for the username/password combination in the context using [conninfo].
+// for the username/password combination in the context using [conninfo]
+// (or any pool if authentication is bypassed).
 //
 // It loads metadata if it hasn't been loaded from the database yet.
 //
@@ -115,11 +116,21 @@ func (r *Registry) Close() {
 //
 // All methods should use this method to check authentication and load metadata.
 func (r *Registry) getPool(ctx context.Context) (*pgxpool.Pool, error) {
-	username, password := conninfo.Get(ctx).Auth()
+	connInfo := conninfo.Get(ctx)
 
-	p, err := r.p.Get(username, password)
-	if err != nil {
-		return nil, lazyerrors.Error(err)
+	var p *pgxpool.Pool
+
+	if connInfo.BypassAuth {
+		if p = r.p.GetAny(); p == nil {
+			return nil, lazyerrors.New("no connection pool")
+		}
+	} else {
+		username, password := connInfo.Auth()
+
+		var err error
+		if p, err = r.p.Get(username, password); err != nil {
+			return nil, lazyerrors.Error(err)
+		}
 	}
 
 	r.rw.RLock()

diff --git a/internal/clientconn/conninfo/conn_info.go b/internal/clientconn/conninfo/conn_info.go
@@ -28,12 +28,14 @@ var connInfoKey = contextKey{}
 
 // ConnInfo represents connection info.
 type ConnInfo struct {
-	PeerAddr string
+	// the order of fields is weird to make the struct smaller due to alignment
 
+	PeerAddr     string
+	username     string // protected by rw
+	password     string // protected by rw
+	metadataRecv bool   // protected by rw
+	BypassAuth   bool
 	rw           sync.RWMutex
-	username     string
-	password     string
-	metadataRecv bool
 }
 
 // New returns a new ConnInfo.