Skip to content

feat: enable Flight SQL ingress in multi-tenant mode#326

Open
EDsCODE wants to merge 2 commits intomainfrom
feat/flight-sql-multitenant
Open

feat: enable Flight SQL ingress in multi-tenant mode#326
EDsCODE wants to merge 2 commits intomainfrom
feat/flight-sql-multitenant

Conversation

@EDsCODE
Copy link
Contributor

@EDsCODE EDsCODE commented Mar 18, 2026
edited
Loading

Summary

  • Introduce CredentialValidator interface in flightsqlingress to abstract auth away from a static map[string]string, with MapCredentialValidator (single-tenant) and FuncCredentialValidator (multi-tenant config store) implementations
  • Add teamRoutedSessionProvider adapter that routes Flight SQL sessions to per-team SessionManager instances via TeamRouter, with a pidSession map for correct destroy routing
  • Add flightSessionProvider wrapper so single-tenant Flight sessions are also labeled correctly
  • Rewrite startFlightIngress() to support both modes: multi-tenant uses config store auth + team-routed sessions, single-tenant uses static users + single session manager
  • Add Protocol field to ManagedSession and admin dashboard sessions table with colored badges (green "postgres" / blue "flight")
  • Add --flight-port 8815 and faster session TTLs to local K8s multitenant manifest
  • Add /multitenant-up and /multitenant-down Claude skills for stack lifecycle

Test plan

  • go test ./server/flightsqlingress/ — all 28 existing tests pass with MapCredentialValidator wrapping
  • go test ./controlplane/ — all tests pass including 4 new teamRoutedSessionProvider tests (error path, pid map cleanup, unknown pid no-op, concurrent destroy safety)
  • go build -tags kubernetes . — compiles cleanly
  • Local K8s QA: deployed via just run-multitenant-local, connected with duckhog extension over Flight SQL, verified session creation routes to local team's worker pool, confirmed "flight" protocol badge appears in admin dashboard at /sessions, verified session cleanup after idle TTL

🤖 Generated with Claude Code

@EDsCODE @claude
feat: enable Flight SQL ingress in multi-tenant mode
bfac6f8 
Introduce a CredentialValidator interface in flightsqlingress to abstract
auth away from a static users map, and a teamRoutedSessionProvider in
controlplane to route Flight SQL sessions to per-team SessionManagers.

- Add CredentialValidator interface with MapCredentialValidator (static
  users, single-tenant) and FuncCredentialValidator (config store,
  multi-tenant) implementations
- Add teamRoutedSessionProvider that bridges SessionProvider to per-team
  SessionManager via TeamRouter, with pid→SessionManager tracking for
  correct destroy routing
- Rewrite startFlightIngress() to branch on mode: multi-tenant uses
  config store auth + team-routed sessions, single-tenant uses existing
  static users + single session manager
- Add Protocol field to ManagedSession and admin dashboard sessions
  table (green "postgres" / blue "flight" badges)
- Add --flight-port 8815 and faster session TTLs to local K8s manifest
- Add /multitenant-up and /multitenant-down Claude skills

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@EDsCODE EDsCODE force-pushed the feat/flight-sql-multitenant branch from 386ffed to bfac6f8 Compare March 18, 2026 22:13
@EDsCODE
Copy link
Contributor Author

EDsCODE commented Mar 18, 2026

tried to consolidate the auth logic between pg and flight but it wasn't right so I backed it up to the basic implementation

@EDsCODE EDsCODE requested a review from bill-ph March 18, 2026 22:19
@EDsCODE @claude
docs: remove completed Flight SQL multi-tenant item from remaining work
afbf79c 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bill-ph bill-ph Awaiting requested review from bill-ph

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@EDsCODE