Compute team review

[tristan957]

• [x] Why can't the extension be relocatable (control file)?
• [ ] Are the thread local variables supposed to be per-backend? Doesn't seem like they need to be thread local to me. I think this has been previously discussed.
• [x] I don't think a panic is the correct way to do error handling, like in auth::init(), which can only be called once. In postgres, you would use an ereport.
• [x] Can we evaluate our unwrap/expect usage, and instead use ereport?
• [x] Remove the "Created by pgrx" from the extension control file.
• [x] Should we set version to something other than 0.0.0 for the initial inclusion into the compute image?
• [x] I don't see any pgrx_embed!(). Is it important?
• [x] Can we rename the schema from auth to session_jwt or something? auth is pretty generic and not related to the extension name.
• [x] Mind renaming auth.get() to something like auth.get_session()? Anything but a naked get would be good. Looking at auth.user_id() which is a getter, maybe something like auth.session() makes sense.
• [x] Can we use a more descriptive comment in the control file, similar to pgvector?

I'll leave the Rust stuff to the experts :). It's possible pgrx is taking the panics and transforming them into Postgres errors, but if it does do that, what error messages does it produce for unwraps, and what SQL error code is produced with it?

[davidgomes]

Are the thread local variables supposed to be per-backend? Doesn't seem like they need to be thread local to me.

I think we're tracking that here: https://github.com/neondatabase/cloud/issues/16041.

Mind renaming auth.get() to something like auth.get_session()

Absolutely, it's now auth.session()

Can we rename the schema from auth tosession_jwt`?

We shouldn't, because developers using this will type it a lot, e.g.:

create table todos (
  id bigint generated by default as identity primary key,
  user_id text not null,
  task text check (char_length(task) > 0),
  is_complete boolean default false,
  inserted_at timestamp with time zone default timezone('utc'::text, now()) not null
);

alter table todos enable row level security;

create policy "Individuals can create todos." on todos for
    insert with check (auth.user_id() = user_id);

create policy "Individuals can view their own todos. " on todos for
    select using (auth.user_id() = user_id);

create policy "Individuals can update their own todos." on todos for
    update using (auth.user_id() = user_id);

create policy "Individuals can delete their own todos." on todos for
    delete using (auth.user_id() = user_id);

I've addressed most everything else in a PR: https://github.com/neondatabase/pg_session_jwt/pull/7.

[tristan957]

We shouldn't, because developers using this will type it a lot

Then I would rename the extension to something that mentions auth 🤷

[davidgomes]

We shouldn't, because developers using this will type it a lot

Then I would rename the extension to something that mentions auth 🤷

We were initially going with that, but auth is pretty confusing because it can mean authentication or authorization (or both some times).

Ultimately, this isn't very important because this extension will be automatically installed for users and we don't really expect anyone to use it outside of Neon.

[conradludgate]

Panics do indeed become ereport, but with an arbitrary error code. Changing it to manual ereport in #8

[conradludgate]

Why can't the extension be relocatable (control file)?

Was the default setting from pgrx. I don't really know what it means. Will look into it

[conradludgate]

cargo pgrx schema
       Using DefaultFeature("pg16") and `pg_config` from /Users/conrad/.pgrx/16.4/pgrx-install/bin/pg_config
Error: 
   0: /Users/conrad/Documents/neon/ext/neon_jwt/pg_session_jwt.control:  The `relocatable` property MUST be `false`.  Please update your .control file.

[conradludgate]

seems to be a limitation of pgrx 0.11. fixed in 0.12

[tristan957]

Why can't the extension be relocatable (control file)?

Was the default setting from pgrx. I don't really know what it means. Will look into it

If it is relocatable, would it break BaaS?

ALTER EXTENSION pg_session_jwt SET SCHEMA test_schema;
-- Try to use the functions

[conradludgate]

Ah, possibly. local_proxy needs to know how to access it.

[tristan957]

Might be worth testing in your local environment, just to make sure my hypothesis is right.

[mrl5]

Tested with commit cb073ad6d9 and I think it's not relocatable:

pg_session_jwt=# CREATE SCHEMA test_schema;
CREATE SCHEMA
pg_session_jwt=# ALTER EXTENSION pg_session_jwt SET SCHEMA test_schema;
ERROR:  extension "pg_session_jwt" does not support SET SCHEMA

then tried with public schema

pg_session_jwt=# ALTER EXTENSION pg_session_jwt SET SCHEMA public;
ALTER EXTENSION
pg_session_jwt=# select public.user_id();
ERROR:  function public.user_id() does not exist
LINE 1: select public.user_id();
               ^
HINT:  No function matches the given name and argument types. You might need to add explicit type casts.
pg_session_jwt=# select auth.user_id();
ERROR:  invalid subject claim in the JWT