Skip to content

feat: switch to include directives in pg_hba #1765

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 14 commits into
base: develop
Choose a base branch
from
Open

feat: switch to include directives in pg_hba #1765

wants to merge 14 commits into from
+300 −159

Conversation

staaldraad
Copy link
Member

Using include directives makes changing the pg_hba.conf on the fly more flexible. Enabling / disabling ssl enforcement for example only requires creating or removing a file, leaving the pg_hba.conf untouched. Allowing for more repeatable and stable processes and no need for regex based replace or custom parsers.

This will also support the just-in-time access work by allowing jit to be dynamically enabled/disabled

⚠️ do not merge yet: requires admin-api update, otherwise ssl enforcement enable/disable will stop functioning

@staaldraad
Copy link
Member Author

Requires pg16+

@staaldraad
feat: switch to include directives in pg_hba
9bbec84 
Using include directives makes changing the pg_hba.conf on the fly more
flexible. Enabling / disabling ssl enforcement for example only requires
creating or removing a file, leaving the pg_hba.conf untouched. Allowing
for more repeatable and stable processes and no need for regex based
replace or custom parsers.

This will also support the just-in-time access work by allowing jit to
be dynamically enabled/disabled
@staaldraad
chore: postgres 15 doesnt support include directive
97c6044
@staaldraad
chore: postgres 15 doesnt support include directive
9ce4ffd
@staaldraad
chore: version checks
f07131d
@staaldraad
chore: check version by name
0cfd417
@staaldraad
chore: include lib
e0accb6
@staaldraad
chore: include lib
f1b6c72
@staaldraad
chore: include lib
0ecbd48
@staaldraad
chore: set active version
e1815c7
@staaldraad
chore: fix run-server to be pg_hba version aware
6d11c7d
@staaldraad staaldraad force-pushed the etienne/sec-493-switch-pg_hba-to-use-include-directive branch from e258813 to 6d11c7d Compare August 19, 2025 07:54
@staaldraad staaldraad marked this pull request as ready for review August 26, 2025 12:52
@staaldraad staaldraad requested review from a team as code owners August 26, 2025 12:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@staaldraad