diff --git a/src/backend/replication/libpqwalreceiver/libpqwalreceiver.c b/src/backend/replication/libpqwalreceiver/libpqwalreceiver.c index 879c7241e75..d67c4e2f2c6 100644 --- a/src/backend/replication/libpqwalreceiver/libpqwalreceiver.c +++ b/src/backend/replication/libpqwalreceiver/libpqwalreceiver.c @@ -150,7 +150,6 @@ libpqrcv_connect(const char *conninfo, bool replication, bool logical, /* BEGIN_NEON */ const char *keys[7]; const char *vals[7]; - char * neon_auth_token = NULL; /* END_NEON */ int i = 0; @@ -212,16 +211,14 @@ libpqrcv_connect(const char *conninfo, bool replication, bool logical, /* BEGIN_NEON */ if (pg_strcasecmp(appname, "walreceiver") == 0) { - neon_auth_token = getenv("NEON_AUTH_TOKEN"); - if (neon_auth_token != NULL) + if (neon_storage_auth_token[0] != '\0') { - elog(LOG, "Use NEON_AUTH_TOKEN to connect"); keys[++i] = "password"; - vals[i] = neon_auth_token; + vals[i] = neon_storage_auth_token; } else { - elog(LOG, "NEON_AUTH_TOKEN is undefined in the environment"); + elog(LOG, "no storage authentication token set"); } } /* END_NEON */ diff --git a/src/backend/replication/walreceiver.c b/src/backend/replication/walreceiver.c index 3f64e01f7d6..d124fc48d4b 100644 --- a/src/backend/replication/walreceiver.c +++ b/src/backend/replication/walreceiver.c @@ -88,6 +88,7 @@ int wal_receiver_status_interval; int wal_receiver_timeout; bool hot_standby_feedback; +char *neon_storage_auth_token; /* libpqwalreceiver connection */ static WalReceiverConn *wrconn = NULL; @@ -1392,6 +1393,22 @@ WalRcvGetStateString(WalRcvState state) return "UNKNOWN"; } +/* + * We currently grant the privileged role pg_monitor, which implies + * pg_read_all_settings. Until we fix that, let's just redact the content unless + * the user requesting the value is a superuser. + * + * See: https://databricks.atlassian.net/browse/LKB-7128 + */ +const char * +show_neon_storage_auth_token(void) +{ + if (superuser()) + return neon_storage_auth_token; + + return "**********"; +} + /* * Returns activity of WAL receiver, including pid, state and xlog locations * received from the WAL sender of another server. diff --git a/src/backend/utils/misc/guc_tables.c b/src/backend/utils/misc/guc_tables.c index dd11cd1c223..30dc1b5bcf9 100644 --- a/src/backend/utils/misc/guc_tables.c +++ b/src/backend/utils/misc/guc_tables.c @@ -77,6 +77,7 @@ #include "replication/slot.h" #include "replication/slotsync.h" #include "replication/syncrep.h" +#include "replication/walreceiver.h" #include "storage/aio.h" #include "storage/bufmgr.h" #include "storage/bufpage.h" @@ -5050,6 +5051,17 @@ struct config_string ConfigureNamesString[] = check_log_connections, assign_log_connections, NULL }, + { + {"neon_storage_auth_token", PGC_SUSET, REPLICATION_STANDBY, + "Authentication token for Neon storage", + NULL, + GUC_NO_SHOW_ALL | GUC_NO_RESET | GUC_NO_RESET_ALL | GUC_NOT_IN_SAMPLE | GUC_SUPERUSER_ONLY + }, + &neon_storage_auth_token, + "", + NULL, NULL, show_neon_storage_auth_token, + }, + /* End-of-list marker */ { diff --git a/src/include/replication/walreceiver.h b/src/include/replication/walreceiver.h index 89f63f908f8..bf55bb0c0dc 100644 --- a/src/include/replication/walreceiver.h +++ b/src/include/replication/walreceiver.h @@ -28,6 +28,7 @@ extern PGDLLIMPORT int wal_receiver_status_interval; extern PGDLLIMPORT int wal_receiver_timeout; extern PGDLLIMPORT bool hot_standby_feedback; +extern PGDLLIMPORT char *neon_storage_auth_token; /* * MAXCONNINFO: maximum size of a connection string. @@ -489,6 +490,8 @@ walrcv_clear_result(WalRcvExecResult *walres) pg_noreturn extern void WalReceiverMain(const void *startup_data, size_t startup_data_len); extern void WalRcvForceReply(void); +extern const char *show_neon_storage_auth_token(void); + /* prototypes for functions in walreceiverfuncs.c */ extern Size WalRcvShmemSize(void); extern void WalRcvShmemInit(void);