Teach neon_local and the regression test suite to use authorized requests in compute_ctl #11316
Labels
a/test
Area: related to testing
c/compute
Component: compute, excluding postgres itself
m/good_first_issue
Moment: when doing your first Neon contributions
Comments
tristan957
added
a/test
tristan957
added a commit
that referenced
this issue
Mar 19, 2025
We will require authorization in production. We need to skip in testing builds for now because regression tests would fail. See #11316 for more information. Signed-off-by: Tristan Partin <[email protected]>
tristan957
added
the
m/good_first_issue
tristan957
added a commit
that referenced
this issue
Apr 1, 2025
We will require authorization in production. We need to skip in testing builds for now because regression tests would fail. See #11316 for more information. Signed-off-by: Tristan Partin <[email protected]>
github-merge-queue bot
pushed a commit
that referenced
this issue
Apr 3, 2025
We will require authorization in production. We need to skip in testing builds for now because regression tests would fail. See #11316 for more information. Signed-off-by: Tristan Partin <[email protected]> Signed-off-by: Tristan Partin <[email protected]>
Bodobolero
pushed a commit
that referenced
this issue
Apr 9, 2025
We will require authorization in production. We need to skip in testing builds for now because regression tests would fail. See #11316 for more information. Signed-off-by: Tristan Partin <[email protected]> Signed-off-by: Tristan Partin <[email protected]>
github-merge-queue bot
pushed a commit
that referenced
this issue
Apr 15, 2025
) This allows us to remove hacks in the compute_ctl authorization middleware which allowed for bypasses of auth checks. Fixes: #11316 Signed-off-by: Tristan Partin <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The regression test suite does not pass an authorization bearer token when making requests. Without it, regression tests would fail if we removed the hacks to currently bypass the checks. neon_local will need to generate a JWKS for the compute to use and pass it through
compute_ctl_config. This is a bit of work because currently a spec.json file is the just the compute spec and doesn't have any room for acompute_ctl_configkey.We really need to just teach neon_local to be more like the control plane and operate as an HTTP server. compute_ctl could talk to it just like production. Alternatively, let's just open source the control plane and make our lives so much easier 🙃
The text was updated successfully, but these errors were encountered: