Skip to content

Commit 3c00dc6

Browse files
committed
Initial implementation
This adds a basic implementation of our validator written in C++, using the jwt-cpp library. Currently we only support OIDC providers that use JWT (or JWT-ish in case of Azure) access tokens, as opaque tokens will require provider-specific implementations in the future. This is intended as a minimal proof-of-concept implementation, so it was intentionally kept simple, no caching or any other advanced internal features. There's only on configuration option, the extension allows users to select which field to use for identity mapping - it defaults to `sub`, which should work most of the time, but it's not practical with some vendors (Azure), in which case users can just select a different option.
0 parents  commit 3c00dc6

File tree

139 files changed

+19450
-0
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

139 files changed

+19450
-0
lines changed

.clang-format

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
---
2+
BasedOnStyle: google
3+
ColumnLimit: 120
4+
---
5+
Language: Cpp
6+
Standard: Latest
7+
BreakConstructorInitializersBeforeComma: true
8+
ConstructorInitializerAllOnOneLineOrOnePerLine: true
9+
Cpp11BracedListStyle: true
10+
ForEachMacros: []
11+
---

.clang-tidy

Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,30 @@
1+
Checks: 'clang-analyzer-*,
2+
clang-analyzer-cplusplus*,
3+
bugprone-*,
4+
cppcoreguidelines-*,
5+
modernize-*,
6+
performance-*,
7+
readability-*,
8+
-modernize-use-trailing-return-type,
9+
-cppcoreguidelines-pro-type-vararg,
10+
-cppcoreguidelines-avoid-do-while,
11+
-cppcoreguidelines-avoid-non-const-global-variables,
12+
-cppcoreguidelines-pro-bounds-array-to-pointer-decay,
13+
-bugprone-easily-swappable-parameters,
14+
-readability-identifier-length,
15+
'
16+
WarningsAsErrors: '*'
17+
HeaderFilterRegex: 'pg_oauth/*.hpp'
18+
CheckOptions:
19+
- key: readability-identifier-naming.ClassCase
20+
value: lower_case
21+
- key: readability-identifier-naming.FunsionCase
22+
value: lower_case
23+
- key: readability-identifier-naming.UnionCase
24+
value: lower_case
25+
- key: readability-identifier-naming.EnumCase
26+
value: lower_case
27+
- key: readability-identifier-naming.VariableCase
28+
value: lower_case
29+
- key: readability-function-cognitive-complexity.IgnoreMacros
30+
value: true

.github/workflows/format-check.yml

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
name: clang-format Check
2+
on: [push, pull_request]
3+
jobs:
4+
formatting-check:
5+
name: Formatting Check
6+
runs-on: ubuntu-latest
7+
steps:
8+
- uses: actions/checkout@v4
9+
- name: Run clang-format style check for C/C++/Protobuf programs.
10+
uses: jidicula/[email protected]
11+
with:
12+
clang-format-version: '20'
13+
check-path: 'src'

.github/workflows/make-build.yml

Lines changed: 71 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,71 @@
1+
name: Make
2+
3+
on:
4+
push:
5+
branches: [ main ]
6+
pull_request:
7+
8+
jobs:
9+
make-build:
10+
name: Build
11+
runs-on: ubuntu-latest
12+
env:
13+
CC: clang-21
14+
CXX: clang++-21
15+
CXXFLAGS: -stdlib=libc++
16+
LDFLAGS: -stdlib=libc++
17+
18+
steps:
19+
- name: Install dependencies
20+
run: |
21+
sudo apt-get update
22+
sudo apt-get install -y \
23+
build-essential \
24+
pkg-config \
25+
libjwt-dev \
26+
libcurl4-openssl-dev \
27+
libssl-dev \
28+
libreadline-dev \
29+
zlib1g-dev \
30+
libxml2-dev \
31+
libxslt1-dev \
32+
uuid-dev \
33+
flex \
34+
bison
35+
wget https://apt.llvm.org/llvm.sh
36+
chmod +x llvm.sh
37+
sudo ./llvm.sh 21 all
38+
sudo apt-get install libc++-21-dev libc++abi-21-dev
39+
40+
- name: Checkout PostgreSQL source
41+
uses: actions/checkout@v4
42+
with:
43+
repository: postgres/postgres
44+
ref: REL_18_STABLE
45+
path: pg-source
46+
47+
- name: Checkout pg_oidc_validator extension
48+
uses: actions/checkout@v4
49+
with:
50+
path: pg-source/contrib/pg_oidc_validator
51+
submodules: true
52+
53+
- name: Add pg_oidc_validator to contrib Makefile
54+
run: |
55+
cd pg-source
56+
# Add pg_oidc_validator to the SUBDIRS list in contrib/Makefile
57+
sed -i '/^SUBDIRS = /s/$/ pg_oidc_validator/' contrib/Makefile
58+
59+
- name: Configure PostgreSQL
60+
run: |
61+
cd pg-source
62+
./configure \
63+
--prefix=/usr/local/pgsql \
64+
--enable-debug \
65+
--enable-cassert
66+
67+
- name: Build PostgreSQL with pg_oidc_validator
68+
run: |
69+
cd pg-source
70+
make -j$(nproc)
71+
make -j -C contrib/pg_oidc_validator

.github/workflows/meson-build.yml

Lines changed: 78 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,78 @@
1+
name: Meson
2+
3+
on:
4+
push:
5+
branches: [ main ]
6+
pull_request:
7+
8+
jobs:
9+
meson-build:
10+
name: Build and Clang-Tidy
11+
runs-on: ubuntu-latest
12+
env:
13+
CC: clang-21
14+
CXX: clang++-21
15+
CXXFLAGS: -stdlib=libc++
16+
LDFLAGS: -stdlib=libc++
17+
18+
steps:
19+
- name: Install dependencies
20+
run: |
21+
sudo apt-get update
22+
sudo apt-get install -y \
23+
build-essential \
24+
meson \
25+
ninja-build \
26+
pkg-config \
27+
libjwt-dev \
28+
libcurl4-openssl-dev \
29+
libssl-dev \
30+
libreadline-dev \
31+
zlib1g-dev \
32+
libxml2-dev \
33+
libxslt1-dev \
34+
uuid-dev \
35+
flex \
36+
bison
37+
wget https://apt.llvm.org/llvm.sh
38+
chmod +x llvm.sh
39+
sudo ./llvm.sh 21 all
40+
sudo apt-get install libc++-21-dev libc++abi-21-dev clang-tidy-21
41+
42+
- name: Checkout PostgreSQL source
43+
uses: actions/checkout@v4
44+
with:
45+
repository: postgres/postgres
46+
ref: REL_18_STABLE
47+
path: pg-source
48+
submodules: recursive
49+
50+
- name: Checkout pg_oidc_validator extension
51+
uses: actions/checkout@v4
52+
with:
53+
path: pg-source/contrib/pg_oidc_validator
54+
submodules: true
55+
56+
- name: Add pg_oidc_validator to contrib meson.build
57+
run: |
58+
cd pg-source
59+
echo "subdir('pg_oidc_validator')" >> contrib/meson.build
60+
61+
- name: Configure with meson
62+
run: |
63+
cd pg-source
64+
meson setup build \
65+
--buildtype=debug \
66+
-Dprefix=/usr/local/pgsql
67+
68+
- name: Build PostgreSQL with pg_oidc_validator
69+
run: |
70+
cd pg-source
71+
ninja -C build
72+
73+
- name: Run clang-tidy on pg_oidc_validator sources
74+
run: |
75+
cd pg-source
76+
cp build/compile_commands.json .
77+
cd contrib/pg_oidc_validator
78+
clang-tidy-21 src/*

.github/workflows/pgdg-build.yml

Lines changed: 103 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,103 @@
1+
name: PGDG
2+
3+
on:
4+
push:
5+
branches: [ main ]
6+
pull_request:
7+
8+
jobs:
9+
pgxs-build:
10+
name: Build
11+
runs-on: ubuntu-latest
12+
13+
steps:
14+
- name: Install dependencies
15+
run: |
16+
sudo apt-get update
17+
sudo apt-get install -y \
18+
build-essential \
19+
pkg-config \
20+
libjwt-dev \
21+
libcurl4-openssl-dev \
22+
libssl-dev \
23+
libreadline-dev \
24+
libkrb5-dev \
25+
zlib1g-dev \
26+
libxml2-dev \
27+
libxslt1-dev \
28+
uuid-dev \
29+
flex \
30+
bison
31+
32+
- name: Install PG Distribution Postgresql 18
33+
run: |
34+
sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt \
35+
$(lsb_release -cs)-pgdg main 18" > /etc/apt/sources.list.d/pgdg.list'
36+
sudo wget --quiet -O - \
37+
https://www.postgresql.org/media/keys/ACCC4CF8.asc |
38+
sudo apt-key add -
39+
sudo apt update
40+
sudo apt -y install postgresql-18 postgresql-server-dev-18
41+
42+
- name: Checkout pg_oidc_validator extension
43+
uses: actions/checkout@v4
44+
45+
- name: Build pg_oidc_validator with PGDG
46+
run: |
47+
make -j USE_PGXS=1
48+
sudo make USE_PGXS=1 install
49+
50+
51+
- name: Create release directory
52+
run: |
53+
sudo mkdir pg-oidc-validator-pgdg18
54+
sudo mkdir -p pg-oidc-validator-pgdg18/usr/lib/postgresql/18/lib/
55+
sudo mkdir -p pg-oidc-validator-pgdg18/share/postgresql/18/extension/
56+
sudo cp /usr/share/postgresql/18/extension/pg_oidc_validator* pg-oidc-validator-pgdg18/share/postgresql/18/extension/
57+
sudo cp /usr/lib/postgresql/18/lib/pg_oidc_validator* pg-oidc-validator-pgdg18/usr/lib/postgresql/18/lib/
58+
59+
- name: Upload tgz
60+
uses: actions/upload-artifact@v4
61+
with:
62+
name: pg-oidc-validator-pgdg18-binary
63+
path: pg-oidc-validator-pgdg18
64+
65+
- name: Create deb
66+
run: |
67+
sudo mkdir pg-oidc-validator-pgdg18/DEBIAN
68+
sudo sh -c 'echo "Package: pg-oidc-validator-pgdg18" > pg-oidc-validator-pgdg18/DEBIAN/control'
69+
sudo sh -c 'echo "Version: 0.1" >> pg-oidc-validator-pgdg18/DEBIAN/control'
70+
sudo sh -c 'echo "Architecture: amd64" >> pg-oidc-validator-pgdg18/DEBIAN/control'
71+
sudo sh -c 'echo "Maintainer: Percona" >> pg-oidc-validator-pgdg18/DEBIAN/control'
72+
sudo sh -c 'echo "Description: Experimental pg-oidc-validator extension" >> pg-oidc-validator-pgdg18/DEBIAN/control'
73+
sudo dpkg-deb --build --root-owner-group pg-oidc-validator-pgdg18
74+
75+
- name: Test deb
76+
run: |
77+
sudo rm -rf /usr/share/postgresql/18/extension/pg_oidc_validator*
78+
sudo rm -rf /usr/lib/postgresql/18/lib/pg_oidc_validator*
79+
sudo dpkg -i --debug=7777 pg-oidc-validator-pgdg18.deb
80+
81+
- name: Upload deb
82+
uses: actions/upload-artifact@v4
83+
with:
84+
name: pg-oidc-validator-deb
85+
path: pg-oidc-validator-pgdg18.deb
86+
87+
- name: Create tgz
88+
run: |
89+
cd pg-oidc-validator-pgdg18 && sudo tar -czvf ../pg-oidc-validator-pgdg18.tar.gz .
90+
91+
- name: Publish release
92+
uses: ncipollo/release-action@v1
93+
# Only try and deploy on merged code
94+
if: "github.repository == 'Percona-Lab/pg_oidc_validator' && github.ref_name == 'main' && (github.event_name == 'push' || github.event_name == 'schedule')"
95+
with:
96+
artifacts: "pg-oidc-validator-pgdg18.tar.gz,pg-oidc-validator-pgdg18.deb"
97+
omitBody: true
98+
allowUpdates: true
99+
generateReleaseNotes: true
100+
makeLatest: true
101+
tag: "latest"
102+
name: "HEAD"
103+
replacesArtifacts: true

.github/workflows/pgxs-build.yml

Lines changed: 75 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,75 @@
1+
name: PGXS
2+
3+
on:
4+
push:
5+
branches: [ main ]
6+
pull_request:
7+
8+
jobs:
9+
pgxs-build:
10+
name: Build
11+
runs-on: ubuntu-latest
12+
env:
13+
CC: clang-21
14+
CXX: clang++-21
15+
CXXFLAGS: -stdlib=libc++
16+
LDFLAGS: -stdlib=libc++
17+
18+
steps:
19+
- name: Install dependencies
20+
run: |
21+
sudo apt-get update
22+
sudo apt-get install -y \
23+
build-essential \
24+
pkg-config \
25+
libjwt-dev \
26+
libcurl4-openssl-dev \
27+
libssl-dev \
28+
libreadline-dev \
29+
zlib1g-dev \
30+
libxml2-dev \
31+
libxslt1-dev \
32+
uuid-dev \
33+
flex \
34+
bison
35+
wget https://apt.llvm.org/llvm.sh
36+
chmod +x llvm.sh
37+
sudo ./llvm.sh 21 all
38+
sudo apt-get install libc++-21-dev libc++abi-21-dev
39+
40+
- name: Checkout PostgreSQL source
41+
uses: actions/checkout@v4
42+
with:
43+
repository: postgres/postgres
44+
ref: REL_18_STABLE
45+
path: pg-source
46+
47+
- name: Configure and build PostgreSQL
48+
run: |
49+
cd pg-source
50+
./configure \
51+
--prefix=/usr/local/pgsql \
52+
--enable-debug \
53+
--enable-cassert
54+
make -j$(nproc)
55+
56+
- name: Install PostgreSQL
57+
run: |
58+
cd pg-source
59+
sudo make install
60+
sudo ldconfig
61+
62+
- name: Add PostgreSQL binaries to PATH
63+
run: |
64+
echo "/usr/local/pgsql/bin" >> $GITHUB_PATH
65+
66+
- name: Checkout pg_oidc_validator extension
67+
uses: actions/checkout@v4
68+
with:
69+
submodules: true
70+
71+
- name: Build pg_oidc_validator with PGXS
72+
run: |
73+
export USE_PGXS=1
74+
export PG_CONFIG=/usr/local/pgsql/bin/pg_config
75+
make -j

.gitignore

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
1+
*.o
2+
*.so

.gitmodules

Whitespace-only changes.

0 commit comments

Comments
 (0)