Hello,
This patch adds an exported function to the libpq-oauth shared object
file that uses libcurl to look up connection service files
from an HTTP address instead of just on the local filesystem.
The goal here is to provide the ability for managed service
operators a single source of truth for connection details.
This enables a form of built-in libpq service discovery
format. This would allow administrators to add, remove, and
change hosts in multi host connection strings without
coordinating with every end user who may hardcode their
connection strings in a lot of different places.
Currently libpq has functionality which accomplishes some of
the above by allowing entry of connection parameters into
LDAP servers[0], though this cannot be specified directly in
a connection string (though there is a patch that adds this
functionality [1]). Another potential issue here is that
setting up LDAP infrastructure is a lot less accessible to
many administrators than setting up an HTTP web server.
The current state of this patch is very rough and is being
presented as more of a RFC than anything else.
Some obvious issues:
1. Lots of duplicated logic between the parse_service_file_curl
and parseServiceFile.
2. Bundling this functionality in with libpq-oauth.so seems odd.
It would probably make more sense to rename libpq-oauth.so to
libpq-oauth.so to libpq-libcurl.so or create an entirely new
.so file for this logic.
Despite these shortcomings this approach may be a more natural
alternative to previous attempts [2, 3] at allowing administrators
to mix read-only/read-write nodes into overloaded A records.
Would appreciate any feedback.
Thanks,
Andrew Jackson
