1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
|
syntax = "proto3";
package yandex.cloud.mdb.postgresql.v1;
import "google/protobuf/wrappers.proto";
import "yandex/cloud/validation.proto";
option go_package = "github.com/yandex-cloud/go-genproto/yandex/cloud/mdb/postgresql/v1;postgresql";
option java_package = "yandex.cloud.api.mdb.postgresql.v1";
// A PostgreSQL User resource. For more information, see
// the [Developer's Guide](/docs/managed-postgresql/concepts).
message User {
// Name of the PostgreSQL user.
string name = 1;
// ID of the PostgreSQL cluster the user belongs to.
string cluster_id = 2;
// Set of permissions granted to the user to access specific databases.
repeated Permission permissions = 3;
// Maximum number of database connections available to the user.
//
// When used in session pooling, this setting limits the number of connections to every single host in PostgreSQL cluster. In this case, the setting's value must be greater than the total number of connections that backend services can open to access the PostgreSQL cluster. The setting's value should not exceed the value of the [Cluster.config.postgresql_config_12.effective_config.max_connections] setting.
//
// When used in transaction pooling, this setting limits the number of user's active transactions; therefore, in this mode user can open thousands of connections, but only `N` concurrent connections will be opened, where `N` is the value of the setting.
//
// Minimum value: `10` (default: `50`), when used in session pooling.
int64 conn_limit = 4;
UserSettings settings = 5;
// This flag defines whether the user can login to a PostgreSQL database.
//
// Default value: `true` (login is allowed).
google.protobuf.BoolValue login = 6;
// A set of roles and privileges that are granted to the user.
//
// For more information, see [the documentation](/docs/managed-postgresql/operations/grant).
repeated string grants = 7 [(length) = "<=63", (pattern) = "[a-zA-Z0-9_]*"];
// Deletion Protection inhibits deletion of the user
//
// Default value: `unspecified` (inherits cluster's deletion_protection)
google.protobuf.BoolValue deletion_protection = 8;
// Password-based authentication method for user.
// Possible values are `` USER_PASSWORD_ENCRYPTION_MD5 `` or `` USER_PASSWORD_ENCRYPTION_SCRAM_SHA_256 ``.
// The default is `` password_encryption `` setting for cluster.
UserPasswordEncryption user_password_encryption = 9;
}
message Permission {
// Name of the database that the permission grants access to.
string database_name = 1;
}
message UserSpec {
// Name of the PostgreSQL user.
string name = 1 [(required) = true, (length) = "<=63", (pattern) = "[a-zA-Z0-9_-]*"];
// Password of the PostgreSQL user.
string password = 2 [(required) = true, (length) = "8-128"];
// Set of permissions to grant to the user to access specific databases.
repeated Permission permissions = 3;
// Maximum number of database connections that should be available to the user.
//
// When used in session pooling, this setting limits the number of connections to every single host in PostgreSQL cluster. In this case, the setting's value must be greater than the total number of connections that backend services can open to access the PostgreSQL cluster. The setting's value should not exceed the value of the [Cluster.config.postgresql_config_12.effective_config.max_connections] setting.
//
// When used in transaction pooling, this setting limits the number of user's active transactions; therefore, in this mode user can open thousands of connections, but only `N` concurrent connections will be opened, where `N` is the value of the setting.
//
// Minimum value: `10` (default: `50`), when used in session pooling.
google.protobuf.Int64Value conn_limit = 4 [(value) = ">=10"];
// PostgreSQL settings for the user.
UserSettings settings = 5;
// This flag defines whether the user can login to a PostgreSQL database.
//
// Default value: `true` (login is allowed).
google.protobuf.BoolValue login = 6;
// A set of roles and privileges that are granted to the user.
//
// For more information, see [the documentation](/docs/managed-postgresql/operations/grant).
repeated string grants = 7 [(length) = "<=63", (pattern) = "[a-zA-Z0-9_]*"];
// Deletion Protection inhibits deletion of the user
//
// Default value: `unspecified` (inherits cluster's deletion_protection)
google.protobuf.BoolValue deletion_protection = 8;
// Password-based authentication method for user.
// Possible values are `` USER_PASSWORD_ENCRYPTION_MD5 `` or `` USER_PASSWORD_ENCRYPTION_SCRAM_SHA_256 ``.
// The default is `` password_encryption `` setting for cluster.
UserPasswordEncryption user_password_encryption = 9;
}
enum UserPasswordEncryption {
USER_PASSWORD_ENCRYPTION_UNSPECIFIED = 0;
USER_PASSWORD_ENCRYPTION_MD5 = 1;
USER_PASSWORD_ENCRYPTION_SCRAM_SHA_256 = 2;
}
message PGAuditSettings {
enum PGAuditSettingsLog {
PG_AUDIT_SETTINGS_LOG_UNSPECIFIED = 0;
PG_AUDIT_SETTINGS_LOG_READ = 1;
PG_AUDIT_SETTINGS_LOG_WRITE = 2;
PG_AUDIT_SETTINGS_LOG_FUNCTION = 3;
PG_AUDIT_SETTINGS_LOG_ROLE = 4;
PG_AUDIT_SETTINGS_LOG_DDL = 5;
PG_AUDIT_SETTINGS_LOG_MISC = 6;
PG_AUDIT_SETTINGS_LOG_MISC_SET = 7;
}
repeated PGAuditSettingsLog log = 1;
}
// PostgreSQL user settings.
message UserSettings {
enum SynchronousCommit {
SYNCHRONOUS_COMMIT_UNSPECIFIED = 0;
// Success is reported to the client if the data is in WAL (Write-Ahead Log), and WAL is written to the storage of both the master and its synchronous standby server. Default value.
SYNCHRONOUS_COMMIT_ON = 1;
// Success is reported to the client even if the data is not in WAL.
// There is no synchronous write operation, data may be loss in case of storage subsystem failure.
SYNCHRONOUS_COMMIT_OFF = 2;
// Success is reported to the client if the data is in WAL, and WAL is written to the storage of the master server.
// The transaction may be lost due to storage subsystem failure on the master server.
SYNCHRONOUS_COMMIT_LOCAL = 3;
// Success is reported to the client if the data is in WAL, WAL is written to the storage of the master server, and the server's synchronous standby indicates that it has received WAL and written it out to its operating system.
// The transaction may be lost due to simultaneous storage subsystem failure on the master and operating system's failure on the synchronous standby.
SYNCHRONOUS_COMMIT_REMOTE_WRITE = 4;
// Success is reported to the client if the data is in WAL (Write-Ahead Log), WAL is written to the storage of the master server, and its synchronous standby indicates that it has received WAL and applied it.
// The transaction may be lost due to irrecoverably failure of both the master and its synchronous standby.
SYNCHRONOUS_COMMIT_REMOTE_APPLY = 5;
}
enum LogStatement {
LOG_STATEMENT_UNSPECIFIED = 0;
// Logs none of SQL statements. Default value.
LOG_STATEMENT_NONE = 1;
// Logs all data definition statements (such as `CREATE`, `ALTER`, `DROP` and others).
LOG_STATEMENT_DDL = 2;
// Logs all statements that fall in the `LOG_STATEMENT_DDL` category plus data-modifying statements (such as `INSERT`, `UPDATE` and others).
LOG_STATEMENT_MOD = 3;
// Logs all SQL statements.
LOG_STATEMENT_ALL = 4;
}
enum TransactionIsolation {
TRANSACTION_ISOLATION_UNSPECIFIED = 0;
// This level behaves like `TRANSACTION_ISOLATION_READ_COMMITTED` in PostgreSQL.
TRANSACTION_ISOLATION_READ_UNCOMMITTED = 1;
// On this level query sees only data committed before the query began. Default value.
TRANSACTION_ISOLATION_READ_COMMITTED = 2;
// On this level all subsequent queries in a transaction will see the same rows, that were read by the first `SELECT` or `INSERT` query in this transaction, unchanged (these rows are locked during the first query).
TRANSACTION_ISOLATION_REPEATABLE_READ = 3;
// This level provides the strictest transaction isolation.
// All queries in the current transaction see only the rows that were fixed prior to execution of the first `SELECT` or `INSERT` query in this transaction.
// If read and write operations in a concurrent set of serializable transactions overlap and this may cause an inconsistency that is not possible during the serial transaction execution, then one of the transaction will be rolled back, triggering a serialization failure.
TRANSACTION_ISOLATION_SERIALIZABLE = 4;
}
enum PoolingMode {
POOLING_MODE_UNSPECIFIED = 0;
// Server connection will be assigned to it for the whole duration the client stays connected. Default value.
SESSION = 1;
// Server connection is assigned to a client only during a transaction.
TRANSACTION = 2;
// Server connection will be put back into the pool immediately after a query completes.
STATEMENT = 3;
}
// SQL sets an isolation level for each transaction.
// This setting defines the default isolation level to be set for all new SQL transactions.
//
// See in-depth description in [PostgreSQL documentation](https://www.postgresql.org/docs/current/transaction-iso.html).
TransactionIsolation default_transaction_isolation = 1;
// The maximum time (in milliseconds) for any statement to wait for acquiring a lock on an table, index, row or other database object.
// If the wait time is longer than the specified amount, then this statement is aborted.
//
// Default value: `0` (no control is enforced, a statement waiting time is unlimited).
google.protobuf.Int64Value lock_timeout = 2;
// This setting controls logging of the duration of statements.
//
// The duration of each completed statement will be logged if the statement ran for at least the specified amount of time (in milliseconds).
// E.g., if this setting's value is set to `500`, a statement that took 300 milliseconds to complete will not be logged; on the other hand, the one that took 2000 milliseconds to complete, will be logged.
//
// Value of `0` forces PostgreSQL to log the duration of all statements.
//
// Value of `-1` (default) disables logging of the duration of statements.
//
// See in-depth description in [PostgreSQL documentation](https://www.postgresql.org/docs/current/runtime-config-logging.html).
google.protobuf.Int64Value log_min_duration_statement = 3;
// This setting defines whether DBMS will commit transaction in a synchronous way.
//
// When synchronization is enabled, cluster waits for the synchronous operations to be completed prior to reporting `success` to the client.
// These operations guarantee different levels of the data safety and visibility in the cluster.
//
// See in-depth description in [PostgreSQL documentation](https://www.postgresql.org/docs/current/runtime-config-wal.html#GUC-SYNCHRONOUS-COMMIT).
SynchronousCommit synchronous_commit = 4;
// The maximum storage space size (in kilobytes) that a single process can use to create temporary files.
// If a transaction exceeds this limit during execution, it will be aborted.
//
// A huge query may not fit into a server's RAM, therefore PostgreSQL will use some storage to store and execute such a query. Too big queries can make excessive use of the storage system, effectively making other quieries to run slow. This setting prevents execution of a big queries that can influence other queries by limiting size of temporary files.
google.protobuf.Int64Value temp_file_limit = 5;
// This setting specifies which SQL statements should be logged (on the user level).
//
// See in-depth description in [PostgreSQL documentation](https://www.postgresql.org/docs/current/runtime-config-logging.html).
LogStatement log_statement = 6;
// Mode that the connection pooler is working in with specified user.
//
// See in-depth description in [Odyssey documentation](https://github.com/yandex/odyssey/blob/master/documentation/configuration.md#pool-string)
PoolingMode pool_mode = 7;
// User can use prepared statements with transaction pooling.
//
// See in-depth description in [PostgreSQL documentation](https://www.postgresql.org/docs/current/sql-prepare.html)
google.protobuf.BoolValue prepared_statements_pooling = 8;
// The connection pooler setting. It determines the maximum allowed replication lag (in seconds).
// Pooler will reject connections to the replica with a lag above this threshold.
// It can be useful to prevent application from reading stale data.
//
// Default value: 0
//
// Value of `0` disables this mechanism
google.protobuf.Int64Value catchup_timeout = 9;
// The maximum time (in milliseconds) to wait for WAL replication (can be set only for PostgreSQL 12+)
// Terminate replication connections that are inactive for longer than this amount of time.
//
// Default value: `60000` (60 seconds).
//
// Value of `0` disables the timeout mechanism.
//
// See in-depth description in [PostgreSQL documentation](https://www.postgresql.org/docs/current/runtime-config-replication.html)
google.protobuf.Int64Value wal_sender_timeout = 10;
// Sets the maximum allowed idle time (in milliseconds) between queries, when in a transaction.
//
// Values of `0` (default) disables the timeout.
//
// See in-depth description in [PostgreSQL documentation](https://www.postgresql.org/docs/current/runtime-config-client.html)
google.protobuf.Int64Value idle_in_transaction_session_timeout = 11 [(value) = "0-2147483647"]; // in milliseconds.
// The maximum time (in milliseconds) to wait for statement
// The timeout is measured from the time a command arrives at the server until it is completed by the server.
//
// If `log_min_error_statement` is set to ERROR or lower, the statement that timed out will also be logged.
//
// Value of `0` (default) disables the timeout
//
// See in-depth description in [PostgreSQL documentation](https://www.postgresql.org/docs/current/runtime-config-client.html)
google.protobuf.Int64Value statement_timeout = 12;
PGAuditSettings pgaudit = 13;
}
|
