diff options
| -rw-r--r-- | contrib/dblink/dblink.c | 7 | ||||
| -rw-r--r-- | contrib/dblink/expected/dblink.out | 11 | ||||
| -rw-r--r-- | contrib/dblink/sql/dblink.sql | 8 | ||||
| -rw-r--r-- | contrib/postgres_fdw/expected/postgres_fdw.out | 11 | ||||
| -rw-r--r-- | contrib/postgres_fdw/option.c | 7 | ||||
| -rw-r--r-- | contrib/postgres_fdw/sql/postgres_fdw.sql | 8 |
6 files changed, 52 insertions, 0 deletions
diff --git a/contrib/dblink/dblink.c b/contrib/dblink/dblink.c index 092f0753ff5..1b2d72c6def 100644 --- a/contrib/dblink/dblink.c +++ b/contrib/dblink/dblink.c @@ -3095,6 +3095,13 @@ is_valid_dblink_option(const PQconninfoOption *options, const char *option, return false; /* + * Disallow OAuth options for now, since the builtin flow communicates on + * stderr by default and can't cache tokens yet. + */ + if (strncmp(opt->keyword, "oauth_", strlen("oauth_")) == 0) + return false; + + /* * If the option is "user" or marked secure, it should be specified only * in USER MAPPING. Others should be specified only in SERVER. */ diff --git a/contrib/dblink/expected/dblink.out b/contrib/dblink/expected/dblink.out index 7809f58d96b..c70c79574fd 100644 --- a/contrib/dblink/expected/dblink.out +++ b/contrib/dblink/expected/dblink.out @@ -898,6 +898,17 @@ CREATE USER MAPPING FOR public SERVER fdtest OPTIONS (server 'localhost'); -- fail, can't specify server here ERROR: invalid option "server" CREATE USER MAPPING FOR public SERVER fdtest OPTIONS (user :'USER'); +-- OAuth options are not allowed in either context +ALTER SERVER fdtest OPTIONS (ADD oauth_issuer 'https://example.com'); +ERROR: invalid option "oauth_issuer" +ALTER SERVER fdtest OPTIONS (ADD oauth_client_id 'myID'); +ERROR: invalid option "oauth_client_id" +ALTER USER MAPPING FOR public SERVER fdtest + OPTIONS (ADD oauth_issuer 'https://example.com'); +ERROR: invalid option "oauth_issuer" +ALTER USER MAPPING FOR public SERVER fdtest + OPTIONS (ADD oauth_client_id 'myID'); +ERROR: invalid option "oauth_client_id" GRANT USAGE ON FOREIGN SERVER fdtest TO regress_dblink_user; GRANT EXECUTE ON FUNCTION dblink_connect_u(text, text) TO regress_dblink_user; SET SESSION AUTHORIZATION regress_dblink_user; diff --git a/contrib/dblink/sql/dblink.sql b/contrib/dblink/sql/dblink.sql index 7870ce5d5a4..365b21036e8 100644 --- a/contrib/dblink/sql/dblink.sql +++ b/contrib/dblink/sql/dblink.sql @@ -469,6 +469,14 @@ CREATE USER MAPPING FOR public SERVER fdtest OPTIONS (server 'localhost'); -- fail, can't specify server here CREATE USER MAPPING FOR public SERVER fdtest OPTIONS (user :'USER'); +-- OAuth options are not allowed in either context +ALTER SERVER fdtest OPTIONS (ADD oauth_issuer 'https://example.com'); +ALTER SERVER fdtest OPTIONS (ADD oauth_client_id 'myID'); +ALTER USER MAPPING FOR public SERVER fdtest + OPTIONS (ADD oauth_issuer 'https://example.com'); +ALTER USER MAPPING FOR public SERVER fdtest + OPTIONS (ADD oauth_client_id 'myID'); + GRANT USAGE ON FOREIGN SERVER fdtest TO regress_dblink_user; GRANT EXECUTE ON FUNCTION dblink_connect_u(text, text) TO regress_dblink_user; diff --git a/contrib/postgres_fdw/expected/postgres_fdw.out b/contrib/postgres_fdw/expected/postgres_fdw.out index d1acee5a5fa..24ff5f70cce 100644 --- a/contrib/postgres_fdw/expected/postgres_fdw.out +++ b/contrib/postgres_fdw/expected/postgres_fdw.out @@ -196,6 +196,17 @@ ALTER USER MAPPING FOR public SERVER testserver1 -- permitted to check validation. ALTER USER MAPPING FOR public SERVER testserver1 OPTIONS (ADD sslkey 'value', ADD sslcert 'value'); +-- OAuth options are not allowed in either context +ALTER SERVER testserver1 OPTIONS (ADD oauth_issuer 'https://example.com'); +ERROR: invalid option "oauth_issuer" +ALTER SERVER testserver1 OPTIONS (ADD oauth_client_id 'myID'); +ERROR: invalid option "oauth_client_id" +ALTER USER MAPPING FOR public SERVER testserver1 + OPTIONS (ADD oauth_issuer 'https://example.com'); +ERROR: invalid option "oauth_issuer" +ALTER USER MAPPING FOR public SERVER testserver1 + OPTIONS (ADD oauth_client_id 'myID'); +ERROR: invalid option "oauth_client_id" ALTER FOREIGN TABLE ft1 OPTIONS (schema_name 'S 1', table_name 'T 1'); ALTER FOREIGN TABLE ft2 OPTIONS (schema_name 'S 1', table_name 'T 1'); ALTER FOREIGN TABLE ft1 ALTER COLUMN c1 OPTIONS (column_name 'C 1'); diff --git a/contrib/postgres_fdw/option.c b/contrib/postgres_fdw/option.c index d0766f007d2..c2f936640bc 100644 --- a/contrib/postgres_fdw/option.c +++ b/contrib/postgres_fdw/option.c @@ -348,6 +348,13 @@ InitPgFdwOptions(void) strcmp(lopt->keyword, "client_encoding") == 0) continue; + /* + * Disallow OAuth options for now, since the builtin flow communicates + * on stderr by default and can't cache tokens yet. + */ + if (strncmp(lopt->keyword, "oauth_", strlen("oauth_")) == 0) + continue; + /* We don't have to copy keyword string, as described above. */ popt->keyword = lopt->keyword; diff --git a/contrib/postgres_fdw/sql/postgres_fdw.sql b/contrib/postgres_fdw/sql/postgres_fdw.sql index ea6287b03fd..1f27260bafe 100644 --- a/contrib/postgres_fdw/sql/postgres_fdw.sql +++ b/contrib/postgres_fdw/sql/postgres_fdw.sql @@ -213,6 +213,14 @@ ALTER USER MAPPING FOR public SERVER testserver1 ALTER USER MAPPING FOR public SERVER testserver1 OPTIONS (ADD sslkey 'value', ADD sslcert 'value'); +-- OAuth options are not allowed in either context +ALTER SERVER testserver1 OPTIONS (ADD oauth_issuer 'https://example.com'); +ALTER SERVER testserver1 OPTIONS (ADD oauth_client_id 'myID'); +ALTER USER MAPPING FOR public SERVER testserver1 + OPTIONS (ADD oauth_issuer 'https://example.com'); +ALTER USER MAPPING FOR public SERVER testserver1 + OPTIONS (ADD oauth_client_id 'myID'); + ALTER FOREIGN TABLE ft1 OPTIONS (schema_name 'S 1', table_name 'T 1'); ALTER FOREIGN TABLE ft2 OPTIONS (schema_name 'S 1', table_name 'T 1'); ALTER FOREIGN TABLE ft1 ALTER COLUMN c1 OPTIONS (column_name 'C 1'); |