From 1e1135688ea919f66b9425b5bfe06f14ef1e5285 Mon Sep 17 00:00:00 2001 From: Aleksandr Alekseev Date: Sun, 26 Feb 2023 15:42:28 +0300 Subject: [PATCH 1/6] Optimize redundant pgpass parsing in case password is explicitly set --- config.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/config.go b/config.go index 4080f2c..36b74c4 100644 --- a/config.go +++ b/config.go @@ -366,9 +366,9 @@ func ParseConfigWithOptions(connString string, options ParseConfigOptions) (*Con config.TLSConfig = fallbacks[0].TLSConfig config.Fallbacks = fallbacks[1:] - passfile, err := pgpassfile.ReadPassfile(settings["passfile"]) - if err == nil { - if config.Password == "" { + if config.Password == "" { + passfile, err := pgpassfile.ReadPassfile(settings["passfile"]) + if err == nil { host := config.Host if network, _ := NetworkAddress(config.Host, config.Port); network == "unix" { host = "localhost" From d361e703db04dc1cff78dd1fcf2d9fdd335c590f Mon Sep 17 00:00:00 2001 From: Brandon Kauffman Date: Fri, 23 Jun 2023 14:58:05 -0400 Subject: [PATCH 2/6] Enable failover efforts when pg_hba.conf disallows non-ssl connections This could be a fix the allows for a resolution of #68 and [#1581](https://github.com/jackc/pgx/issues/1581). By breaking retries on error code 28000 we do not continue the functionality of libpq. This should allow for a more similar experience without breaking changes made in #68. --- pgconn.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pgconn.go b/pgconn.go index 6601194..eb1497f 100644 --- a/pgconn.go +++ b/pgconn.go @@ -176,7 +176,7 @@ func ConnectConfig(octx context.Context, config *Config) (pgConn *PgConn, err er const ERRCODE_INVALID_CATALOG_NAME = "3D000" // db does not exist const ERRCODE_INSUFFICIENT_PRIVILEGE = "42501" // missing connect privilege if pgerr.Code == ERRCODE_INVALID_PASSWORD || - pgerr.Code == ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION || + pgerr.Code == ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION && strings.Contains(pgerr.Message, "SSL on") || pgerr.Code == ERRCODE_INVALID_CATALOG_NAME || pgerr.Code == ERRCODE_INSUFFICIENT_PRIVILEGE { break From 4c4dc6f097ddff7fe5c8718d65d366ebd071e6d2 Mon Sep 17 00:00:00 2001 From: Brandon Kauffman Date: Fri, 23 Jun 2023 17:14:28 -0400 Subject: [PATCH 3/6] Remove language dependent check to look for TLS config. --- pgconn.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pgconn.go b/pgconn.go index eb1497f..5886c02 100644 --- a/pgconn.go +++ b/pgconn.go @@ -176,7 +176,7 @@ func ConnectConfig(octx context.Context, config *Config) (pgConn *PgConn, err er const ERRCODE_INVALID_CATALOG_NAME = "3D000" // db does not exist const ERRCODE_INSUFFICIENT_PRIVILEGE = "42501" // missing connect privilege if pgerr.Code == ERRCODE_INVALID_PASSWORD || - pgerr.Code == ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION && strings.Contains(pgerr.Message, "SSL on") || + pgerr.Code == ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION && fc.TLSConfig != nil || pgerr.Code == ERRCODE_INVALID_CATALOG_NAME || pgerr.Code == ERRCODE_INSUFFICIENT_PRIVILEGE { break From f9ad18fc86505eaa20da3b9b986efcb7cf28ca97 Mon Sep 17 00:00:00 2001 From: Jack Christensen Date: Tue, 27 Jun 2023 20:20:22 -0500 Subject: [PATCH 4/6] Update CI to ubuntu-20.04 ubuntu-18-04 is no longer available. --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d84462d..ba39d6c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -10,7 +10,7 @@ jobs: test: name: Test - runs-on: ubuntu-18.04 + runs-on: ubuntu-20.04 strategy: matrix: From 9b31034fdd66b0a937191ebd253276322ac7b8d6 Mon Sep 17 00:00:00 2001 From: smaher-edb Date: Thu, 13 Jul 2023 11:05:50 +0530 Subject: [PATCH 5/6] connect_timeout is not obeyed for sslmode=allow|prefer connect_timeout given in conn string was not obeyed if sslmode is not specified or equals sslmode=allow|prefer. It took twice the amount of time specified by connect_timeout in conn string. While this behavior is correct if multi-host is provided in conn string, it doesn't look correct in case of single host. This behavior was also not matching with libpq. Ref: [1672](https://github.com/jackc/pgx/issues/1672) --- pgconn.go | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/pgconn.go b/pgconn.go index 5886c02..e531303 100644 --- a/pgconn.go +++ b/pgconn.go @@ -156,12 +156,15 @@ func ConnectConfig(octx context.Context, config *Config) (pgConn *PgConn, err er foundBestServer := false var fallbackConfig *FallbackConfig - for _, fc := range fallbackConfigs { + for i, fc := range fallbackConfigs { // ConnectTimeout restricts the whole connection process. if config.ConnectTimeout != 0 { - var cancel context.CancelFunc - ctx, cancel = context.WithTimeout(octx, config.ConnectTimeout) - defer cancel() + // create new context first time or when previous host was different + if i == 0 || (fallbackConfigs[i].Host != fallbackConfigs[i-1].Host) { + var cancel context.CancelFunc + ctx, cancel = context.WithTimeout(octx, config.ConnectTimeout) + defer cancel() + } } else { ctx = octx } @@ -599,9 +602,10 @@ func (pgConn *PgConn) PID() uint32 { // TxStatus returns the current TxStatus as reported by the server in the ReadyForQuery message. // // Possible return values: -// 'I' - idle / not in transaction -// 'T' - in a transaction -// 'E' - in a failed transaction +// +// 'I' - idle / not in transaction +// 'T' - in a transaction +// 'E' - in a failed transaction // // See https://www.postgresql.org/docs/current/protocol-message-formats.html. func (pgConn *PgConn) TxStatus() byte { From e82f7d1fadf5970c308d0502d196783e72467178 Mon Sep 17 00:00:00 2001 From: Jack Christensen Date: Wed, 19 Jul 2023 21:29:40 -0500 Subject: [PATCH 6/6] Release v1.14.1 --- CHANGELOG.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3550b43..36dcdae 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,9 @@ +# 1.14.1 (July 19, 2023) + +* Fix: Enable failover efforts when pg_hba.conf disallows non-ssl connections (Brandon Kauffman) +* Fix: connect_timeout is not obeyed for sslmode=allow|prefer (smaher-edb) +* Optimize redundant pgpass parsing in case password is explicitly set (Aleksandr Alekseev) + # 1.14.0 (February 11, 2023) * Fix: each connection attempt to new node gets own timeout (Nathan Giardina)