Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[proxy]: Use TLS for cancellation queries #10152

Merged
merged 1 commit into from
Dec 17, 2024
Merged

[proxy]: Use TLS for cancellation queries #10152

merged 1 commit into from
Dec 17, 2024
+63 −6

Conversation

awarus
Copy link
Contributor

@awarus awarus commented Dec 14, 2024
edited
Loading

Problem

pg_sni_router assumes that all the streams are upgradable to TLS. Cancellation requests were declined because of using NoTls config.

Summary of changes

Provide TLS client config for cancellation requests.

Fixes #21789

@awarus awarus requested a review from a team as a code owner December 14, 2024 09:32
@awarus awarus requested a review from conradludgate December 14, 2024 09:32
@awarus awarus marked this pull request as draft December 14, 2024 09:36
@github-actions GitHub Actions
Copy link

github-actions bot commented Dec 14, 2024
edited
Loading

7147 tests run: 6848 passed, 0 failed, 299 skipped (full report)

Flaky tests (7)

Postgres 17

Postgres 16

  • test_pgdata_import_smoke[None-1024-RelBlockSize.MULTIPLE_RELATION_SEGMENTS]: release-arm64

Postgres 15

  • test_pgdata_import_smoke[None-1024-RelBlockSize.MULTIPLE_RELATION_SEGMENTS]: release-arm64
  • test_scrubber_physical_gc_ancestors[None]: release-arm64

Postgres 14

  • test_compute_pageserver_connection_stress: release-arm64
  • test_pgdata_import_smoke[8-1024-RelBlockSize.MULTIPLE_RELATION_SEGMENTS]: release-arm64

Code coverage* (full report)

  • functions: 31.3% (8392 of 26792 functions)
  • lines: 48.0% (66602 of 138704 lines)

* collected from Rust tests only

The comment gets automatically updated with the latest test results
a60791c at 2024-12-17T19:34:58.284Z :recycle:

@awarus awarus marked this pull request as ready for review December 14, 2024 10:51
@conradludgate conradludgate mentioned this pull request Dec 16, 2024
Merged
github-merge-queue bot pushed a commit that referenced this pull request Dec 16, 2024
@conradludgate
chore(proxy): refactor self-signed config (#10154)
24d6587 
## Problem

While reviewing #10152 I found it tricky to actually determine whether
the connection used `allow_self_signed_compute` or not.

I've tried to remove this setting in the past:
* #7884
* #7437
* neondatabase/cloud#13702

But each time it seems it is used by e2e tests

## Summary of changes

The `node_info.allow_self_signed_computes` is always initialised to
false, and then sometimes inherits the proxy config value. There's no
need this needs to be in the node_info, so removing it and propagating
it via `TcpMechansim` is simpler.
@awarus awarus force-pushed the cancel_tls branch 2 times, most recently from 7962721 to ee62b24 Compare December 17, 2024 15:03
@awarus
[proxy]: Use TLS for cancellation queries
a60791c 
pg_sni_router assumes that all the streams are upgradable to TLS.
Cancellation requests were declined because of using NoTls
config.
Provide TLS client config for cancellation requests.

Fixes #21789
@awarus awarus enabled auto-merge December 17, 2024 18:12
@awarus awarus added this pull request to the merge queue Dec 17, 2024
Merged via the queue into main with commit 93e9583 Dec 17, 2024
82 checks passed
@awarus awarus deleted the cancel_tls branch December 17, 2024 19:27
@conradludgate conradludgate mentioned this pull request Dec 17, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@conradludgate conradludgate conradludgate approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@awarus @conradludgate