From 7cd28958ecd6983b9afb61af9239b38b3a59a477 Mon Sep 17 00:00:00 2001 From: Tristan Partin Date: Wed, 26 Nov 2025 10:23:34 -0600 Subject: [PATCH] Move NEON_AUTH_TOKEN to a builtin GUC This environment variable is used as the password to connect to another postgres instance as the walreceiver. The purpose of moving to a GUC is so that we can reload the storage auth token periodically. Signed-off-by: Tristan Partin --- .../replication/libpqwalreceiver/libpqwalreceiver.c | 9 +++------ src/backend/replication/walreceiver.c | 1 + src/backend/utils/misc/guc_tables.c | 13 +++++++++++++ src/include/replication/walreceiver.h | 1 + 4 files changed, 18 insertions(+), 6 deletions(-) diff --git a/src/backend/replication/libpqwalreceiver/libpqwalreceiver.c b/src/backend/replication/libpqwalreceiver/libpqwalreceiver.c index 5878bdcef4b..4acf57afcc0 100644 --- a/src/backend/replication/libpqwalreceiver/libpqwalreceiver.c +++ b/src/backend/replication/libpqwalreceiver/libpqwalreceiver.c @@ -136,7 +136,6 @@ libpqrcv_connect(const char *conninfo, bool logical, bool must_use_password, /* BEGIN_NEON */ const char *keys[7]; const char *vals[7]; - char * neon_auth_token = NULL; /* END_NEON */ int i = 0; @@ -159,16 +158,14 @@ libpqrcv_connect(const char *conninfo, bool logical, bool must_use_password, /* BEGIN_NEON */ if (pg_strcasecmp(appname, "walreceiver") == 0) { - neon_auth_token = getenv("NEON_AUTH_TOKEN"); - if (neon_auth_token != NULL) + if (neon_storage_auth_token[0] != '\0') { - elog(LOG, "Use NEON_AUTH_TOKEN to connect"); keys[++i] = "password"; - vals[i] = neon_auth_token; + vals[i] = neon_storage_auth_token; } else { - elog(LOG, "NEON_AUTH_TOKEN is undefined in the environment"); + elog(LOG, "no storage authentication token set"); } } /* END_NEON */ diff --git a/src/backend/replication/walreceiver.c b/src/backend/replication/walreceiver.c index 63cd3d44d77..67f14f76e9b 100644 --- a/src/backend/replication/walreceiver.c +++ b/src/backend/replication/walreceiver.c @@ -90,6 +90,7 @@ int wal_receiver_status_interval; int wal_receiver_timeout; bool hot_standby_feedback; +char *neon_storage_auth_token; /* libpqwalreceiver connection */ static WalReceiverConn *wrconn = NULL; diff --git a/src/backend/utils/misc/guc_tables.c b/src/backend/utils/misc/guc_tables.c index 9854bc2900d..fb770e95410 100644 --- a/src/backend/utils/misc/guc_tables.c +++ b/src/backend/utils/misc/guc_tables.c @@ -66,6 +66,7 @@ #include "replication/logicallauncher.h" #include "replication/slot.h" #include "replication/syncrep.h" +#include "replication/walreceiver.h" #include "storage/bufmgr.h" #include "storage/large_object.h" #include "storage/pg_shmem.h" @@ -4639,6 +4640,18 @@ struct config_string ConfigureNamesString[] = check_restrict_nonsystem_relation_kind, assign_restrict_nonsystem_relation_kind, NULL }, + + { + {"neon_storage_auth_token", PGC_SUSET, REPLICATION_STANDBY, + "Authentication token for Neon storage", + NULL, + GUC_SUPERUSER_ONLY + }, + &neon_storage_auth_token, + "", + NULL, NULL, NULL + }, + /* End-of-list marker */ { {NULL, 0, 0, NULL, NULL}, NULL, NULL, NULL, NULL, NULL diff --git a/src/include/replication/walreceiver.h b/src/include/replication/walreceiver.h index 281626fa6f5..44aa7d2b5c4 100644 --- a/src/include/replication/walreceiver.h +++ b/src/include/replication/walreceiver.h @@ -30,6 +30,7 @@ extern PGDLLIMPORT int wal_receiver_status_interval; extern PGDLLIMPORT int wal_receiver_timeout; extern PGDLLIMPORT bool hot_standby_feedback; +extern PGDLLIMPORT char *neon_storage_auth_token; /* * MAXCONNINFO: maximum size of a connection string.