Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1w5Coy-0030VV-1u
	for pgsql-hackers@arkaria.postgresql.org;
	Wed, 25 Mar 2026 01:14:08 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.96)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1w5Cox-00A60C-03
	for pgsql-hackers@arkaria.postgresql.org;
	Wed, 25 Mar 2026 01:14:07 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <andrewjackson947@gmail.com>)
	id 1w5Cow-00A604-29
	for pgsql-hackers@lists.postgresql.org;
	Wed, 25 Mar 2026 01:14:07 +0000
Received: from mail-oo1-xc34.google.com ([2607:f8b0:4864:20::c34])
	by magus.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.98.2)
	(envelope-from <andrewjackson947@gmail.com>)
	id 1w5Cor-00000000yWJ-3zme
	for pgsql-hackers@postgresql.org;
	Wed, 25 Mar 2026 01:14:06 +0000
Received: by mail-oo1-xc34.google.com with SMTP id
 006d021491bc7-67bbea1e090so3340841eaf.3
        for <pgsql-hackers@postgresql.org>;
 Tue, 24 Mar 2026 18:14:02 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1774401240; cv=none;
        d=google.com; s=arc-20240605;
        b=UtVxEE3qj8ZGr2T9QtCBSHQZTvv5LcQ/rJEmUgMS3+ahIhnD+Fut2MGtjP1dE6tcbY
         svEPHx+WmbHFvEAy4JL3u7MUyXwnuoZ1uueh5VyK4uJv0Dmdrjx9YV/glGCQFtc+tCY2
         NqTBY0tAyeId1oT0M/5x8CXJe1NgaP+ZuZhTpqVgZMfVuqjWX5HWZYYvHbqt0V4lV0g6
         Rw3wKTbostuu6EhpZ9ZjwncixvomCdo87Jusob/8mNVaDjJtxQzAekgcq1tCrIE3EBL8
         c/Z6jDpxa6wPPfF/vfdaniadxM7lZaC57LaODh8zYH5ZQoTnih2w/8C74dGesPDVx5jM
         4INw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20240605;
        h=to:subject:message-id:date:from:mime-version:dkim-signature;
        bh=oaJ9AYBytwAnATqRCI/qpb97+0/SbSOBt+ScYlxcR2Y=;
        fh=RfrkJab44jNT7RraF/sJO97r9/nkUL0AAgzmC7PBS2w=;
        b=Or+kNHji7WQQtiDgqitXJ90rKZDM6IhzNDUuYR/U5PDJXgAhEh9Vi6CZc7ZfZ4QqoX
         ApsuuFmDQj5C2qv/FsK4LWy6Y69yEVHQja+1IO20LmopoctXvunEle8HFHNDV1+O6dtD
         eLc60xCJ6vtihCaAyYrVc1DypIvjolNjMaQc5FcJ9Y/MB7Bg5er8ZkSyb8xiIpYLwuwB
         ju6lM0xhrC+Sxjw55z8B9Fh5h7qTwSMHhhmPu9wo+Cp9UbICyUGt0YD1Fq5ReDSIvmkM
         PKn+YIbq9d/ASfto57j5ZR9bcqdKfyuxzmMwXJzbYswMz3cWAzt5G8AoXFQpL0fjnTUI
         7MGg==;
        darn=postgresql.org
ARC-Authentication-Results: i=1; mx.google.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20251104; t=1774401240; x=1775006040;
 darn=postgresql.org;
        h=to:subject:message-id:date:from:mime-version:from:to:cc:subject
         :date:message-id:reply-to;
        bh=oaJ9AYBytwAnATqRCI/qpb97+0/SbSOBt+ScYlxcR2Y=;
        b=UaZ6G1VVY5vnrTCc/tEDHn4YsEeV5nlnPVQl1AiMTRhLTPANg181N3jFmMGhlrkc0e
         bLBb1X35CZRaBb/rnRGDIhquf2TD5ZnA8cERa8IFH50gikzeANO6mbwEZ2iE8cBnleGZ
         5PH2YJg42Gqhg6cpAVHRO10QUa8uyiekA5wK8tTMnzwpbqXoEHpkE/95P+3JyHFHg79V
         rYVXKJnOknJqcrceOB6Mm0mU0RyHUmJYLWjFv3r8eWd0mNEWJhAuQgXPS0QhKkvhc9ci
         TUNKp901fJWmA6dx4bLVzkfDk6l9BlPL2gQbLBcvJo8zrxerYOegCgnxBhASS25mr6Kp
         N2lg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20251104; t=1774401240; x=1775006040;
        h=to:subject:message-id:date:from:mime-version:x-gm-gg
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=oaJ9AYBytwAnATqRCI/qpb97+0/SbSOBt+ScYlxcR2Y=;
        b=raoOc9sTPyC2F6itRnRoKh7P8Fr3YZpkUGWj3uIKiWF5p6C4zYifgn9r+va44lqbXZ
         3dj6FH+lStUPVi4zaMnP+bg/Y8WCqZxQRuEL5wuShcH6nrgM08nybNr/kzT1x0zFNVdN
         0+GlUrUaJIa5VgBBW0v130hFcTq8hg679iX68RRm7Q35VZLLaW9eupfqpQHMMfDM3SZz
         Uuls+nm662YsZrtpfcjL+gmMs0cBtO/1GdKif5cN9tVlBOQ/CJowExVRiO0pjkW4VyqZ
         +cMGkxQPUn97sZyG4xT+0al3V1JvyQk8HL78/cgYQfL0bJrms778oDel+SBMnTRNQCo5
         33kA==
X-Gm-Message-State: AOJu0Yylf758HjUwTr5AitMw2iCY1PaV06lj2yZ7zEnFdy6AoWXYNWOv
	kPCKopBJEoZlN99aFYlSZxZy50QCLPlEyvStJBfUyeFtZcuHuAMSA9B77ggahIdNY19Oor6Gsml
	QsFOv9XvL2Jg40CYy94Tw7T9m0hs3YyBXnoo9NxU=
X-Gm-Gg: ATEYQzzrlg45OUxD4jG7wLwwL8EZCz2fuWjtTQd1OfV2DmHyJZMiq/JnBqW5c5K9zIE
	gMsBwuA29+Yyk5pbP0mbD0P56cbzkCb26iTnomnMgEw57Ooz5SG1v9SlG90tc1eplbA5GvWUu02
	BplWhCRKDNil2H2iZNWILzoHvyBKoXP8pVUWqqYGcHwmkOhulAYYOTbaNB/LL0WI/wII/xKpZ3x
	4Hiq8XGPWcdD/GqJA2aFHQmm/vKImhZEmYXhh6Eh1lkSfVLATZ3TWf1o03rLTWFdx0T4FLN/UzG
	kZKPUP+iDFepQtlG+A==
X-Received: by 2002:a05:6820:1f10:b0:677:87ab:a78a with SMTP id
 006d021491bc7-67dff55efb7mr980349eaf.61.1774401240418; Tue, 24 Mar 2026
 18:14:00 -0700 (PDT)
MIME-Version: 1.0
From: Andrew Jackson <andrewjackson947@gmail.com>
Date: Tue, 24 Mar 2026 20:13:24 -0500
X-Gm-Features: AaiRm51_87ZUJj92jn9v5Ht7M3VKbjGe8BgClaPsBZmmEncaCizGvpWuMbrpLSY
Message-ID: 
 <CAKK5BkFp_3JsssrpQ6=mxJ9iQtj8btQADmcUEsCNPdEdOb69-Q@mail.gmail.com>
Subject: Add http connection service file functionality
To: pgsql-hackers <pgsql-hackers@postgresql.org>
Content-Type: text/plain; charset="UTF-8"
List-Id: <pgsql-hackers.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-hackers@lists.postgresql.org>
List-Owner: <mailto:pgsql-hackers-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-hackers>
Archived-At: 
 <https://www.postgresql.org/message-id/CAKK5BkFp_3JsssrpQ6%3DmxJ9iQtj8btQADmcUEsCNPdEdOb69-Q%40mail.gmail.com>
Precedence: bulk

Hello,

This patch adds an exported function to the libpq-oauth shared object
file that uses libcurl to look up connection service files
from an HTTP address instead of just on the local filesystem.
The goal here is to provide the ability for managed service
operators a single source of truth for connection details.
This enables a form of built-in libpq service discovery
format. This would allow administrators to add, remove, and
change hosts in multi host connection strings without
coordinating with every end user who may hardcode their
connection strings in a lot of different places.

Currently libpq has functionality which accomplishes some of
the above by allowing entry of connection parameters into
LDAP servers[0], though this cannot be specified directly in
a connection string (though there is a patch that adds this
functionality [1]). Another potential issue here is that
setting up LDAP infrastructure is a lot less accessible to
many administrators than setting up an HTTP web server.

The current state of this patch is very rough and is being
presented as more of a RFC than anything else.
Some obvious issues:
1. Lots of duplicated logic between the parse_service_file_curl
   and parseServiceFile.
2. Bundling this functionality in with libpq-oauth.so seems odd.
   It would probably make more sense to rename libpq-oauth.so to
   libpq-oauth.so to libpq-libcurl.so or create an entirely new
   .so file for this logic.

Despite these shortcomings this approach may be a more natural
alternative to previous attempts [2, 3] at allowing administrators
to mix read-only/read-write nodes into overloaded A records.

Would appreciate any feedback.

Thanks,
Andrew Jackson