cameleer/cameleer-server
1
0
Fork 0
Code Issues 41 Pull Requests Actions Packages Projects Releases Wiki Activity

fix: scope pg_stat_activity queries by ApplicationName for tenant isolation
Some checks failed
CI / cleanup-branch (push) Has been skipped
Details
CI / build (push) Failing after 36s
Details
CI / docker (push) Has been skipped
Details
CI / deploy (push) Has been skipped
Details
CI / deploy-feature (push) Has been skipped
Details

Browse Source 
DatabaseAdminController's active-queries and kill-query endpoints could
expose SQL text from other tenants sharing the same PostgreSQL instance.
Added ApplicationName=tenant_{id} to the JDBC URL and filter
pg_stat_activity by application_name so each tenant only sees its own
connections.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
hsiegeln
2026-04-14 23:51:13 +02:00
parent c33b2a9048
commit 7a63135d26
5 changed files with 7 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
deploy/overlays/feature/kustomization.yaml
View File

@@ -24,7 +24,7 @@ patches:
- name: server
env:
- name: SPRING_DATASOURCE_URL
value: "jdbc:postgresql://cameleer-postgres.cameleer.svc.cluster.local:5432/cameleer3?currentSchema=BRANCH_SCHEMA"
value: "jdbc:postgresql://cameleer-postgres.cameleer.svc.cluster.local:5432/cameleer3?currentSchema=BRANCH_SCHEMA&ApplicationName=BRANCH_SCHEMA"
- name: CAMELEER_SERVER_SECURITY_UIORIGIN
value: "http://BRANCH_SLUG.cameleer.siegeln.net"
# UI ConfigMap: branch-specific API URL

2
deploy/overlays/main/kustomization.yaml
View File

@@ -41,7 +41,7 @@ patches:
- name: CAMELEER_SERVER_SECURITY_UIORIGIN
value: "http://192.168.50.86:30090"
- name: SPRING_DATASOURCE_URL
value: "jdbc:postgresql://cameleer-postgres:5432/cameleer3?currentSchema=public"
value: "jdbc:postgresql://cameleer-postgres:5432/cameleer3?currentSchema=public&ApplicationName=tenant_default"
# UI ConfigMap: production API URL
- target:
kind: ConfigMap