flightsqlingress

package
v0.0.0-...-7f19a06 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 15, 2026 License: MIT Imports: 33 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	ReapTriggerPeriodic = "periodic"
	ReapTriggerForced   = "forced"
)

Variables

View Source 
var ErrDurableReconnectTerminal = errors.New("durable reconnect terminal")

Functions

func MarkDurableReconnectTerminal 

func MarkDurableReconnectTerminal(err error) error

func SNIFromContext 

func SNIFromContext(ctx context.Context) string

SNIFromContext returns the TLS ServerName (SNI) the client sent, or "" if the connection isn't TLS-terminated by this server (e.g. in unit tests). Exported so callers that route by org reuse the exact same extraction the auth path uses — auth and routing must never disagree on a connection's hostname.

Types

type Config 

type Config struct {
	SessionIdleTTL     time.Duration
	SessionReapTick    time.Duration
	HandleIdleTTL      time.Duration
	SessionTokenTTL    time.Duration
	WorkerQueueTimeout time.Duration // applied to CreateSession calls; 0 = use request context as-is

	// RejectPersistentSecretDDL rejects CREATE/DROP PERSISTENT SECRET with a
	// clear error. Set when the deployment runs the user persistent secret
	// manager: that manager intercepts secret DDL on the PG wire protocol
	// only, so a persistent secret created via Flight would execute, never be
	// stored, and then be silently deleted by the next session's hygiene wipe
	// — rejecting up front is the honest behavior until Flight gets its own
	// interception.
	RejectPersistentSecretDDL bool
}

type ControlPlaneFlightSQLHandler 

type ControlPlaneFlightSQLHandler struct {
	flightsql.BaseServer
	// contains filtered or unexported fields
}

ControlPlaneFlightSQLHandler implements Flight SQL over control-plane sessions.

func NewControlPlaneFlightSQLHandler 

func NewControlPlaneFlightSQLHandler(sessions *flightAuthSessionStore, validator CredentialValidator) (*ControlPlaneFlightSQLHandler, error)

func (*ControlPlaneFlightSQLHandler) BeginTransaction 

func (h *ControlPlaneFlightSQLHandler) BeginTransaction(ctx context.Context, req flightsql.ActionBeginTransactionRequest) ([]byte, error)

func (*ControlPlaneFlightSQLHandler) ClosePreparedStatement 

func (h *ControlPlaneFlightSQLHandler) ClosePreparedStatement(ctx context.Context, req flightsql.ActionClosePreparedStatementRequest) error

func (*ControlPlaneFlightSQLHandler) CloseSession 

func (h *ControlPlaneFlightSQLHandler) CloseSession(ctx context.Context, req *flight.CloseSessionRequest) (*flight.CloseSessionResult, error)

func (*ControlPlaneFlightSQLHandler) CreatePreparedStatement 

func (h *ControlPlaneFlightSQLHandler) CreatePreparedStatement(ctx context.Context, req flightsql.ActionCreatePreparedStatementRequest) (flightsql.ActionCreatePreparedStatementResult, error)

func (*ControlPlaneFlightSQLHandler) DoGetDBSchemas 

func (h *ControlPlaneFlightSQLHandler) DoGetDBSchemas(ctx context.Context, cmd flightsql.GetDBSchemas) (*arrow.Schema, <-chan flight.StreamChunk, error)

func (*ControlPlaneFlightSQLHandler) DoGetPreparedStatement 

func (h *ControlPlaneFlightSQLHandler) DoGetPreparedStatement(ctx context.Context, cmd flightsql.PreparedStatementQuery) (*arrow.Schema, <-chan flight.StreamChunk, error)

func (*ControlPlaneFlightSQLHandler) DoGetStatement 

func (h *ControlPlaneFlightSQLHandler) DoGetStatement(ctx context.Context, ticket flightsql.StatementQueryTicket) (*arrow.Schema, <-chan flight.StreamChunk, error)

func (*ControlPlaneFlightSQLHandler) DoGetTables 

func (h *ControlPlaneFlightSQLHandler) DoGetTables(ctx context.Context, cmd flightsql.GetTables) (*arrow.Schema, <-chan flight.StreamChunk, error)

func (*ControlPlaneFlightSQLHandler) DoPutCommandStatementUpdate 

func (h *ControlPlaneFlightSQLHandler) DoPutCommandStatementUpdate(ctx context.Context, cmd flightsql.StatementUpdate) (int64, error)

func (*ControlPlaneFlightSQLHandler) EndTransaction 

func (h *ControlPlaneFlightSQLHandler) EndTransaction(ctx context.Context, req flightsql.ActionEndTransactionRequest) error

func (*ControlPlaneFlightSQLHandler) GetFlightInfoPreparedStatement 

func (h *ControlPlaneFlightSQLHandler) GetFlightInfoPreparedStatement(ctx context.Context, cmd flightsql.PreparedStatementQuery, desc *flight.FlightDescriptor) (*flight.FlightInfo, error)

func (*ControlPlaneFlightSQLHandler) GetFlightInfoSchemas 

func (h *ControlPlaneFlightSQLHandler) GetFlightInfoSchemas(ctx context.Context, cmd flightsql.GetDBSchemas, desc *flight.FlightDescriptor) (*flight.FlightInfo, error)

func (*ControlPlaneFlightSQLHandler) GetFlightInfoStatement 

func (h *ControlPlaneFlightSQLHandler) GetFlightInfoStatement(ctx context.Context, cmd flightsql.StatementQuery, desc *flight.FlightDescriptor) (*flight.FlightInfo, error)

func (*ControlPlaneFlightSQLHandler) GetFlightInfoTables 

func (h *ControlPlaneFlightSQLHandler) GetFlightInfoTables(ctx context.Context, cmd flightsql.GetTables, desc *flight.FlightDescriptor) (*flight.FlightInfo, error)

type CredentialValidator 

type CredentialValidator interface {
	ValidateCredentials(username, password string) bool
}

CredentialValidator abstracts username/password authentication.

type DurableSessionMetadata 

type DurableSessionMetadata struct {
	Username     string
	OrgID        string
	WorkerID     int
	OwnerEpoch   int64
	CPInstanceID string
}

type DurableSessionRecord 

type DurableSessionRecord struct {
	SessionToken string
	Username     string
	OrgID        string
	WorkerID     int
	OwnerEpoch   int64
	CPInstanceID string
	State        DurableSessionState
	ExpiresAt    time.Time
	LastSeenAt   time.Time
}

type DurableSessionState 

type DurableSessionState string
const (
	DurableSessionStateActive  DurableSessionState = "active"
	DurableSessionStateClosed  DurableSessionState = "closed"
	DurableSessionStateExpired DurableSessionState = "expired"
)

type DurableSessionStore 

type DurableSessionStore interface {
	UpsertSession(record DurableSessionRecord) error
	GetSession(sessionToken string) (*DurableSessionRecord, error)
	TouchSession(sessionToken string, lastSeenAt time.Time) error
	CloseSession(sessionToken string, closedAt time.Time) error
}

type FlightIngress 

type FlightIngress struct {
	// contains filtered or unexported fields
}

FlightIngress serves Arrow Flight SQL on the control plane with Basic auth. It reuses worker sessions via SessionProvider.

func NewFlightIngress 

func NewFlightIngress(host string, port int, tlsConfig *tls.Config, validator CredentialValidator, provider SessionProvider, cfg Config, opts Options) (*FlightIngress, error)

func NewFlightIngressFromListener 

func NewFlightIngressFromListener(baseListener net.Listener, tlsConfig *tls.Config, validator CredentialValidator, provider SessionProvider, cfg Config, opts Options) (*FlightIngress, error)

func (*FlightIngress) Addr 

func (fi *FlightIngress) Addr() string

Addr returns the bound listener address.

func (*FlightIngress) BeginDrain 

func (fi *FlightIngress) BeginDrain()

func (*FlightIngress) Healthy 

func (fi *FlightIngress) Healthy() bool

func (*FlightIngress) Shutdown 

func (fi *FlightIngress) Shutdown()

Shutdown stops accepting new Flight connections and cleans up sessions.

func (*FlightIngress) Start 

func (fi *FlightIngress) Start()

Start begins serving in the background.

func (*FlightIngress) WaitForZeroSessions 

func (fi *FlightIngress) WaitForZeroSessions(ctx context.Context) bool

type FuncCredentialValidator 

type FuncCredentialValidator func(username, password string) bool

FuncCredentialValidator wraps a function (multi-tenant config store).

func (FuncCredentialValidator) ValidateCredentials 

func (f FuncCredentialValidator) ValidateCredentials(username, password string) bool

type Hooks 

type Hooks struct {
	OnSessionCountChanged func(int)
	OnSessionsReaped      func(trigger string, count int)
}

type MapCredentialValidator 

type MapCredentialValidator struct {
	Users map[string]string
}

MapCredentialValidator wraps a static users map (single-tenant / tests).

func (*MapCredentialValidator) ValidateCredentials 

func (v *MapCredentialValidator) ValidateCredentials(username, password string) bool

type Options 

type Options struct {
	Hooks       Hooks
	RateLimiter *server.RateLimiter
}

type SNIAwareCredentialValidator 

type SNIAwareCredentialValidator interface {
	ValidateCredentialsForSNI(sni, username, password string) bool
}

SNIAwareCredentialValidator is an optional extension. When the validator implements it, the Flight handler passes the TLS SNI value alongside the credentials so the validator can use the hostname for org routing (instead of scanning all orgs to match a username/password pair). Validators that don't implement this interface keep the legacy behavior.

type SessionProvider 

type SessionProvider interface {
	CreateSession(ctx context.Context, username string, pid int32, memoryLimit string, threads int) (int32, *flightclient.FlightExecutor, error)
	DestroySession(int32)
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.