primer commit

.circleci/config.yml

@@ -0,0 +1,84 @@
+# Use the latest 2.1 version of CircleCI pipeline process engine.
+# See: https://circleci.com/docs/2.0/configuration-reference
+version: 2.1
+
+# Define a job to be invoked later in a workflow.
+# See: https://circleci.com/docs/2.0/configuration-reference/#jobs
+jobs:
+  build:
+    # Specify the execution environment. You can specify an image from Dockerhub or use one of our Convenience Images from CircleCI's Developer Hub.
+    # See: https://circleci.com/docs/2.0/configuration-reference/#docker-machine-macos-windows-executor
+    docker:
+      - image: ghcr.io/levkk/pgcat-ci:1.67
+        environment:
+          RUST_LOG: info
+          LLVM_PROFILE_FILE: /tmp/pgcat-%m-%p.profraw
+          RUSTC_BOOTSTRAP: 1
+          CARGO_INCREMENTAL: 0
+          RUSTFLAGS: "-Zprofile -Ccodegen-units=1 -Copt-level=0 -Clink-dead-code -Coverflow-checks=off -Zpanic_abort_tests -Cpanic=abort -Cinstrument-coverage"
+          RUSTDOCFLAGS: "-Cpanic=abort"
+      - image: postgres:14
+        command: ["postgres", "-p", "5432", "-c", "shared_preload_libraries=pg_stat_statements", "-c", "pg_stat_statements.track=all", "-c", "pg_stat_statements.max=100000"]
+        environment:
+          POSTGRES_USER: postgres
+          POSTGRES_DB: postgres
+          POSTGRES_PASSWORD: postgres
+          POSTGRES_INITDB_ARGS: --auth-local=md5 --auth-host=md5 --auth=md5
+      - image: postgres:14
+        command: ["postgres", "-p", "7432", "-c", "shared_preload_libraries=pg_stat_statements", "-c", "pg_stat_statements.track=all", "-c", "pg_stat_statements.max=100000"]
+        environment:
+          POSTGRES_USER: postgres
+          POSTGRES_DB: postgres
+          POSTGRES_PASSWORD: postgres
+          POSTGRES_INITDB_ARGS: --auth-local=scram-sha-256 --auth-host=scram-sha-256 --auth=scram-sha-256
+      - image: postgres:14
+        command: ["postgres", "-p", "8432", "-c", "shared_preload_libraries=pg_stat_statements", "-c", "pg_stat_statements.track=all", "-c", "pg_stat_statements.max=100000"]
+        environment:
+          POSTGRES_USER: postgres
+          POSTGRES_DB: postgres
+          POSTGRES_PASSWORD: postgres
+          POSTGRES_INITDB_ARGS: --auth-local=scram-sha-256 --auth-host=scram-sha-256 --auth=scram-sha-256
+      - image: postgres:14
+        command: ["postgres", "-p", "9432", "-c", "shared_preload_libraries=pg_stat_statements", "-c", "pg_stat_statements.track=all", "-c", "pg_stat_statements.max=100000"]
+        environment:
+          POSTGRES_USER: postgres
+          POSTGRES_DB: postgres
+          POSTGRES_PASSWORD: postgres
+          POSTGRES_INITDB_ARGS: --auth-local=scram-sha-256 --auth-host=scram-sha-256 --auth=scram-sha-256
+
+      - image: postgres:14
+        command: ["postgres", "-p", "10432", "-c", "shared_preload_libraries=pg_stat_statements"]
+        environment:
+          POSTGRES_USER: postgres
+          POSTGRES_DB: postgres
+          POSTGRES_PASSWORD: postgres
+          POSTGRES_INITDB_ARGS: --auth-local=md5 --auth-host=md5 --auth=md5
+
+    # Add steps to the job
+    # See: https://circleci.com/docs/2.0/configuration-reference/#steps
+    steps:
+      - checkout
+      - restore_cache:
+          key: cargo-lock-2-{{ checksum "Cargo.lock" }}
+      - run:
+          name: "Lint"
+          command: "cargo fmt --check"
+      - run:
+          name: "Tests"
+          command: "cargo clean && cargo build && cargo test && bash .circleci/run_tests.sh && .circleci/generate_coverage.sh"
+      - store_artifacts:
+          path: /tmp/cov
+          destination: coverage-data
+      - save_cache:
+          key: cargo-lock-2-{{ checksum "Cargo.lock" }}
+          paths:
+            - target
+            - ~/.cargo
+
+
+# Invoke jobs via workflows
+# See: https://circleci.com/docs/2.0/configuration-reference/#workflows
+workflows:
+  build:
+    jobs:
+      - build

.circleci/generate_coverage.sh

@@ -0,0 +1,15 @@
+#!/bin/bash
+
+# inspired by https://doc.rust-lang.org/rustc/instrument-coverage.html#tips-for-listing-the-binaries-automatically
+TEST_OBJECTS=$( \
+    for file in $(cargo test --no-run 2>&1 | grep "target/debug/deps/pgcat-[[:alnum:]]\+" -o); \
+    do \
+        printf "%s %s " --object $file; \
+    done \
+)
+
+rust-profdata merge -sparse /tmp/pgcat-*.profraw -o /tmp/pgcat.profdata
+
+bash -c "rust-cov export -ignore-filename-regex='rustc|registry' -Xdemangler=rustfilt -instr-profile=/tmp/pgcat.profdata $TEST_OBJECTS --object ./target/debug/pgcat --format lcov > ./lcov.info"
+
+genhtml lcov.info  --title "PgCat Code Coverage" --css-file ./cov-style.css --no-function-coverage --highlight --ignore-errors source --legend  --output-directory /tmp/cov --prefix $(pwd)

.circleci/pgcat.toml

@@ -0,0 +1,151 @@
+#
+# PgCat config example.
+#
+
+#
+# General pooler settings
+[general]
+# What IP to run on, 0.0.0.0 means accessible from everywhere.
+host = "0.0.0.0"
+
+# Port to run on, same as PgBouncer used in this example.
+port = 6432
+
+# Whether to enable prometheus exporter or not.
+enable_prometheus_exporter = true
+
+# Port at which prometheus exporter listens on.
+prometheus_exporter_port = 9930
+
+# How long to wait before aborting a server connection (ms).
+connect_timeout = 1000
+
+# How much time to give the health check query to return with a result (ms).
+healthcheck_timeout = 1000
+
+# How long to keep connection available for immediate re-use, without running a healthcheck query on it
+healthcheck_delay = 30000
+
+# How much time to give clients during shutdown before forcibly killing client connections (ms).
+shutdown_timeout = 5000
+
+# For how long to ban a server if it fails a health check (seconds).
+ban_time = 60 # Seconds
+
+# If we should log client connections
+log_client_connections = false
+
+# If we should log client disconnections
+log_client_disconnections = false
+
+# Reload config automatically if it changes.
+autoreload = 15000
+
+# TLS
+tls_certificate = ".circleci/server.cert"
+tls_private_key = ".circleci/server.key"
+
+# Credentials to access the virtual administrative database (pgbouncer or pgcat)
+# Connecting to that database allows running commands like `SHOW POOLS`, `SHOW DATABASES`, etc..
+admin_username = "admin_user"
+admin_password = "admin_pass"
+
+# pool
+# configs are structured as pool.<pool_name>
+# the pool_name is what clients use as database name when connecting
+# For the example below a client can connect using "postgres://sharding_user:sharding_user@pgcat_host:pgcat_port/sharded_db"
+[pools.sharded_db]
+# Pool mode (see PgBouncer docs for more).
+# session: one server connection per connected client
+# transaction: one server connection per client transaction
+pool_mode = "transaction"
+
+# If the client doesn't specify, route traffic to
+# this role by default.
+#
+# any: round-robin between primary and replicas,
+# replica: round-robin between replicas only without touching the primary,
+# primary: all queries go to the primary unless otherwise specified.
+default_role = "any"
+
+# Query parser. If enabled, we'll attempt to parse
+# every incoming query to determine if it's a read or a write.
+# If it's a read query, we'll direct it to a replica. Otherwise, if it's a write,
+# we'll direct it to the primary.
+query_parser_enabled = true
+
+# If the query parser is enabled and this setting is enabled, the primary will be part of the pool of databases used for
+# load balancing of read queries. Otherwise, the primary will only be used for write
+# queries. The primary can always be explicitely selected with our custom protocol.
+primary_reads_enabled = true
+
+# So what if you wanted to implement a different hashing function,
+# or you've already built one and you want this pooler to use it?
+#
+# Current options:
+#
+# pg_bigint_hash: PARTITION BY HASH (Postgres hashing function)
+# sha1: A hashing function based on SHA1
+#
+sharding_function = "pg_bigint_hash"
+
+# Credentials for users that may connect to this cluster
+[pools.sharded_db.users.0]
+username = "sharding_user"
+password = "sharding_user"
+# Maximum number of server connections that can be established for this user
+# The maximum number of connection from a single Pgcat process to any database in the cluster
+# is the sum of pool_size across all users.
+pool_size = 9
+statement_timeout = 0
+
+[pools.sharded_db.users.1]
+username = "other_user"
+password = "other_user"
+pool_size = 21
+statement_timeout = 30000
+
+# Shard 0
+[pools.sharded_db.shards.0]
+# [ host, port, role ]
+servers = [
+    [ "127.0.0.1", 5432, "primary" ],
+    [ "localhost", 5432, "replica" ]
+]
+# Database name (e.g. "postgres")
+database = "shard0"
+
+[pools.sharded_db.shards.1]
+servers = [
+    [ "127.0.0.1", 5432, "primary" ],
+    [ "localhost", 5432, "replica" ],
+]
+database = "shard1"
+
+[pools.sharded_db.shards.2]
+servers = [
+    [ "127.0.0.1", 5432, "primary" ],
+    [ "localhost", 5432, "replica" ],
+]
+database = "shard2"
+
+
+[pools.simple_db]
+pool_mode = "session"
+default_role = "primary"
+query_parser_enabled = true
+primary_reads_enabled = true
+sharding_function = "pg_bigint_hash"
+
+[pools.simple_db.users.0]
+username = "simple_user"
+password = "simple_user"
+pool_size = 5
+statement_timeout = 30000
+
+[pools.simple_db.shards.0]
+servers = [
+    [ "127.0.0.1", 5432, "primary" ],
+    [ "localhost", 5432, "replica" ]
+]
+database = "some_db"

.circleci/run_tests.sh

@@ -0,0 +1,163 @@
+#!/bin/bash
+
+set -e
+set -o xtrace
+
+# non-zero exit code if we provide bad configs
+(! ./target/debug/pgcat "fake_configs"  2>/dev/null)
+
+# Start PgCat with a particular log level
+# for inspection.
+function start_pgcat() {
+    kill -s SIGINT $(pgrep pgcat) || true
+    RUST_LOG=${1} ./target/debug/pgcat .circleci/pgcat.toml &
+    sleep 1
+}
+
+# Setup the database with shards and user
+PGPASSWORD=postgres psql -e -h 127.0.0.1 -p 5432 -U postgres -f tests/sharding/query_routing_setup.sql
+PGPASSWORD=postgres psql -e -h 127.0.0.1 -p 7432 -U postgres -f tests/sharding/query_routing_setup.sql
+PGPASSWORD=postgres psql -e -h 127.0.0.1 -p 8432 -U postgres -f tests/sharding/query_routing_setup.sql
+PGPASSWORD=postgres psql -e -h 127.0.0.1 -p 9432 -U postgres -f tests/sharding/query_routing_setup.sql
+PGPASSWORD=postgres psql -e -h 127.0.0.1 -p 10432 -U postgres -f tests/sharding/query_routing_setup.sql
+
+PGPASSWORD=sharding_user pgbench -h 127.0.0.1 -U sharding_user shard0 -i
+PGPASSWORD=sharding_user pgbench -h 127.0.0.1 -U sharding_user shard1 -i
+PGPASSWORD=sharding_user pgbench -h 127.0.0.1 -U sharding_user shard2 -i
+
+# Start Toxiproxy
+LOG_LEVEL=error toxiproxy-server &
+sleep 1
+
+# Create a database at port 5433, forward it to Postgres
+toxiproxy-cli create -l 127.0.0.1:5433 -u 127.0.0.1:5432 postgres_replica
+
+start_pgcat "info"
+
+# Check that prometheus is running
+curl --fail localhost:9930/metrics
+
+export PGPASSWORD=sharding_user
+export PGDATABASE=sharded_db
+
+# pgbench test
+pgbench -U sharding_user -i -h 127.0.0.1 -p 6432
+pgbench -U sharding_user -h 127.0.0.1 -p 6432 -t 500 -c 2 --protocol simple -f tests/pgbench/simple.sql
+pgbench -U sharding_user -h 127.0.0.1 -p 6432 -t 500 -c 2 --protocol extended
+
+# COPY TO STDOUT test
+psql -U sharding_user -h 127.0.0.1 -p 6432 -c 'COPY (SELECT * FROM pgbench_accounts LIMIT 15) TO STDOUT;' > /dev/null
+
+# Query cancellation test
+(psql -U sharding_user -h 127.0.0.1 -p 6432 -c 'SELECT pg_sleep(50)' || true) &
+sleep 1
+killall psql -s SIGINT
+
+# Pause/resume test.
+# Running benches before, during, and after pause/resume.
+pgbench -U sharding_user -t 500 -c 2 -h 127.0.0.1 -p 6432 --protocol extended &
+BENCH_ONE=$!
+PGPASSWORD=admin_pass psql -U admin_user -h 127.0.0.1 -p 6432 -d pgbouncer -c 'PAUSE sharded_db,sharding_user'
+pgbench -U sharding_user -h 127.0.0.1 -p 6432 -t 500 -c 2 --protocol extended &
+BENCH_TWO=$!
+PGPASSWORD=admin_pass psql -U admin_user -h 127.0.0.1 -p 6432 -d pgbouncer -c 'RESUME sharded_db,sharding_user'
+wait ${BENCH_ONE}
+wait ${BENCH_TWO}
+
+# Reload pool (closing unused server connections)
+PGPASSWORD=admin_pass psql -U admin_user -h 127.0.0.1 -p 6432 -d pgbouncer -c 'RELOAD'
+
+(psql -U sharding_user -h 127.0.0.1 -p 6432 -c 'SELECT pg_sleep(50)' || true) &
+sleep 1
+killall psql -s SIGINT
+
+# Sharding insert
+psql -U sharding_user -e -h 127.0.0.1 -p 6432 -f tests/sharding/query_routing_test_insert.sql
+
+# Sharding select
+psql -U sharding_user -e -h 127.0.0.1 -p 6432 -f tests/sharding/query_routing_test_select.sql > /dev/null
+
+# Replica/primary selection & more sharding tests
+psql -U sharding_user -e -h 127.0.0.1 -p 6432 -f tests/sharding/query_routing_test_primary_replica.sql > /dev/null
+
+# Statement timeout tests
+sed -i 's/statement_timeout = 0/statement_timeout = 100/' .circleci/pgcat.toml
+kill -SIGHUP $(pgrep pgcat) # Reload config
+sleep 0.2
+
+# This should timeout
+(! psql -U sharding_user -e -h 127.0.0.1 -p 6432 -c 'select pg_sleep(0.5)')
+
+# Disable statement timeout
+sed -i 's/statement_timeout = 100/statement_timeout = 0/' .circleci/pgcat.toml
+kill -SIGHUP $(pgrep pgcat) # Reload config again
+
+#
+# Integration tests and ActiveRecord tests
+#
+cd tests/ruby
+sudo bundle install
+bundle exec ruby tests.rb --format documentation || exit 1
+bundle exec rspec *_spec.rb --format documentation || exit 1
+cd ../..
+
+#
+# Python tests
+# These tests will start and stop the pgcat server so it will need to be restarted after the tests
+#
+pip3 install -r tests/python/requirements.txt
+python3 tests/python/tests.py || exit 1
+
+start_pgcat "info"
+
+# Admin tests
+export PGPASSWORD=admin_pass
+psql -U admin_user -e -h 127.0.0.1 -p 6432 -d pgbouncer -c 'SHOW STATS' > /dev/null
+psql -U admin_user -h 127.0.0.1 -p 6432 -d pgbouncer -c 'RELOAD' > /dev/null
+psql -U admin_user -h 127.0.0.1 -p 6432 -d pgbouncer -c 'SHOW CONFIG' > /dev/null
+psql -U admin_user -h 127.0.0.1 -p 6432 -d pgbouncer -c 'SHOW DATABASES' > /dev/null
+psql -U admin_user -h 127.0.0.1 -p 6432 -d pgcat -c 'SHOW LISTS' > /dev/null
+psql -U admin_user -h 127.0.0.1 -p 6432 -d pgcat -c 'SHOW POOLS' > /dev/null
+psql -U admin_user -h 127.0.0.1 -p 6432 -d pgcat -c 'SHOW VERSION' > /dev/null
+psql -U admin_user -h 127.0.0.1 -p 6432 -d pgbouncer -c "SET client_encoding TO 'utf8'" > /dev/null # will ignore
+(! psql -U admin_user -e -h 127.0.0.1 -p 6432 -d random_db -c 'SHOW STATS' > /dev/null)
+export PGPASSWORD=sharding_user
+
+# Start PgCat in debug to demonstrate failover better
+start_pgcat "trace"
+
+# Add latency to the replica at port 5433 slightly above the healthcheck timeout
+toxiproxy-cli toxic add -t latency -a latency=300 postgres_replica
+sleep 1
+
+# Note the failover in the logs
+timeout 5 psql -U sharding_user -e -h 127.0.0.1 -p 6432 <<-EOF
+SELECT 1;
+SELECT 1;
+SELECT 1;
+EOF
+
+# Remove latency
+toxiproxy-cli toxic remove --toxicName latency_downstream postgres_replica
+
+start_pgcat "info"
+
+# Test session mode (and config reload)
+sed -i '0,/simple_db/s/pool_mode = "transaction"/pool_mode = "session"/' .circleci/pgcat.toml
+
+# Reload config test
+kill -SIGHUP $(pgrep pgcat)
+
+# Revert settings after reload. Makes test runs idempotent
+sed -i '0,/simple_db/s/pool_mode = "session"/pool_mode = "transaction"/' .circleci/pgcat.toml
+
+sleep 1
+
+# Prepared statements that will only work in session mode
+pgbench -U sharding_user -h 127.0.0.1 -p 6432 -t 500 -c 2 --protocol prepared
+
+# Attempt clean shut down
+killall pgcat -s SIGINT
+
+# Allow for graceful shutdown
+sleep 1

.circleci/server.cert

@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDazCCAlOgAwIBAgIUChIvUGFJGJe5EDch32rchqoxER0wDQYJKoZIhvcNAQEL
+BQAwRTELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
+GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDAeFw0yMjA2MjcyMjI2MDZaFw0yMjA3
+MjcyMjI2MDZaMEUxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEw
+HwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQDdTwrBzV1v79faVckFvIn/9V4fypYs4vDi3X+h3wGn
+AjEh6mmizlKCwSwAam07D9Q5zKiXFrzNJqzSioOv5zsOAvObwrnzbtKSwfs3aP5g
+eEh2clHCZYx9p06WszPcgSB5nTz1NeY4XAwvGn3A+SVCLyPMTNwnem48+ONh2F9u
+FHtSuIsEVvTjMlH09O7LjwJlODxy3HNv2JHYM5Hx9tzc+NVYdERPtaVcX8ycw1Eh
+9hgGSgfaNM52/JfRMIDhENrsn0S1omRUtcJe72loreiwrECUOLAnAfp9Xqc+rMPP
+aLA6ElzmYef1+ZEC0p6isCHPhxY5ESVhKYhE9nQvksjnAgMBAAGjUzBRMB0GA1Ud
+DgQWBBQLDtzexqjx7xPtUZuZB/angU9oSDAfBgNVHSMEGDAWgBQLDtzexqjx7xPt
+UZuZB/angU9oSDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQC/
+mxY/a/WeLENVj2Gg9EUH0CKzfqeTey1mb6YfPGxzrD7oq1m0Vn2MmTbjZrJgh/Ob
+QckO3ElF4kC9+6XP+iDPmabGpjeLgllBboT5l2aqnD1syMrf61WPLzgRzRfplYGy
+cjBQDDKPu8Lu0QRMWU28tHYN0bMxJoCuXysGGX5WsuFnKCA6f/V+nycJJXxJH3eB
+eLjTueD9/RE3OXhi6m8A29Q1E9AE5EF4uRxYXrr91BmYnk4aFvSmBxhUEzE12eSN
+lHB/uSc0+Dp+UVmVr6wW8AQfd16UBA0BUf3kSW3aSvirYPYH0rXiOOpEJgOwOMnR
+f5+XAbN1Y+3OsFz/ZmP9
+-----END CERTIFICATE-----

.circleci/server.key

@@ -0,0 +1,28 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDdTwrBzV1v79fa
+VckFvIn/9V4fypYs4vDi3X+h3wGnAjEh6mmizlKCwSwAam07D9Q5zKiXFrzNJqzS
+ioOv5zsOAvObwrnzbtKSwfs3aP5geEh2clHCZYx9p06WszPcgSB5nTz1NeY4XAwv
+Gn3A+SVCLyPMTNwnem48+ONh2F9uFHtSuIsEVvTjMlH09O7LjwJlODxy3HNv2JHY
+M5Hx9tzc+NVYdERPtaVcX8ycw1Eh9hgGSgfaNM52/JfRMIDhENrsn0S1omRUtcJe
+72loreiwrECUOLAnAfp9Xqc+rMPPaLA6ElzmYef1+ZEC0p6isCHPhxY5ESVhKYhE
+9nQvksjnAgMBAAECggEAbnvddO9frFhivJ+DIhgEFQKcIOb0nigV9kx6QYehvYy8
+lp/+aMb0Lk7d9r8rFQdL/icMK5GwZALg2KNKJvEbbF1Q3PwT9VHoUlgBYKJMDEFA
+e9GKu7ASuVBjTZzdUUItwkkbe5eS/aQGeSWSjlpTnX0HNCFS72qRymK+scRhsAQf
+ZoHyZHDslkvPR3Pos+sndWBYCDHag5/KoPhsMt1+5S9NQcOUHx9Ac0gLHjau3N+P
+0FhODHFFGnnpyQvLvj6u3ZOR34ladMgoBglE0O3vPFhckn92EK4teeTWOsUMotiz
+qM3QIJTOJjtiY6VDGY93bIa4pFvt7Zi4vIerenKt0QKBgQD/UMFqfevTAMrk10AC
+bOa4+cM07ORY4ZwVj5ILhZn+8crDEEtBsUyuEU2FTINtnoEq1yGc/IXpsyS1BHjL
+L1xSml5LN3jInbi8z5XQfY5Sj3VOMtwY6yD20jcdeDC44rz3nStXdkcMWxbTMapx
+iOPsap5ciUKOMS7LyMidPEG/LQKBgQDd5vHgrLN0FBIIm+vZg6MEm4QyobstVp4l
+7V/GZsdL+M8AQv1Rx+5wSUSWKomOIv5lglis7f6g0c9O7Qkr78/wzoyoKC2RRqPp
+I90GjY2Iv22N4GIkRrDAgMZbkTitzIB6tbXEVeLAOh3frFJ8IwauRCOiXIjrZdJ4
+FvV86+nU4wKBgQDdWTP2kWkMrBk7QOp7r9Jv+AmnLuHhtOdPQgOJ/bA++X2ik9PL
+Bl3GY7XjpSwks1CkxZKcucmXjPp7/X6EGXFfI/owF82dkDADca0e7lufdERtIWb0
+K5WOpz2lTPhgsiLGQfq7fw2lxqsJOnvcpqOD6gOVkmKjSDyb7F0RBJazmQKBgQDD
+a8PQTcesjpBjLI3EfX1vbVY7ENu6zfFxDV+vZoxVh8UlQdm90AlYse3JIaUKnB7W
+Xrihcucv0hZ0N6RAIW5LcFvHK7sVmdR4WbEpODhRGeTtcZJ8yBSZM898jKQRy2vK
+pYRyaADNsWDlvujVkjMr/a40KrIaPQ3h3LZNUaYYaQKBgQD1x8A5S5SiE1cN1vFr
+aACkmA2WqEDKKhUsUigJdwW6WB/B9kWlIlz/iV1H9uwBXtSIYG4VqCSTAvh0z4gX
+Qu2SrdPm5PYnKzpdynpz78OnGdflD1RKWFGHItR6GN6tj/VmulO6mlFvT4jzBQ7j
++Hf8m2TcD4U3ksz3xw+YOD+cmA==
+-----END RSA PRIVATE KEY-----

.dockerignore

@@ -0,0 +1,6 @@
+target/
+tests/
+tracing/
+.circleci/
+.git/
+dev/

.editorconfig

@@ -0,0 +1,14 @@
+root = true
+
+[*]
+trim_trailing_whitespace = true
+insert_final_newline = true
+
+[*.rs]
+indent_style = space
+indent_size = 4
+max_line_length = 120
+
+[*.toml]
+indent_style = space
+indent_size = 2

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,38 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Describe the bug**
+A clear and concise description of what the bug is.
+
+**To Reproduce**
+Steps to reproduce the behavior:
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+**Expected behavior**
+A clear and concise description of what you expected to happen.
+
+**Screenshots**
+If applicable, add screenshots to help explain your problem.
+
+**Desktop (please complete the following information):**
+ - OS: [e.g. iOS]
+ - Browser [e.g. chrome, safari]
+ - Version [e.g. 22]
+
+**Smartphone (please complete the following information):**
+ - Device: [e.g. iPhone6]
+ - OS: [e.g. iOS8.1]
+ - Browser [e.g. stock browser, safari]
+ - Version [e.g. 22]
+
+**Additional context**
+Add any other context about the problem here.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,20 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+**Is your feature request related to a problem? Please describe.**
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like**
+A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context**
+Add any other context or screenshots about the feature request here.

.github/dependabot.yml

@@ -0,0 +1,12 @@
+version: 2
+updates:
+  - package-ecosystem: "cargo"
+    directory: "/"
+    schedule:
+      interval: "daily"
+      time: "04:00" # UTC
+    labels:
+      - "dependencies"
+    commit-message:
+      prefix: "chore(deps)"
+    open-pull-requests-limit: 10

.github/workflows/build-and-push.yaml

@@ -0,0 +1,54 @@
+name: Build and Push
+
+on: push
+
+env:
+  registry: ghcr.io
+  image-name: ${{ github.repository }}
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Determine tags
+        id: metadata
+        uses: docker/metadata-action@v4
+        with:
+          images: ${{ env.registry }}/${{ env.image-name }}
+          tags: |
+            type=sha,prefix=,format=long
+            type=schedule
+            type=ref,event=branch
+            type=ref,event=pr
+            type=raw,value=latest,enable={{ is_default_branch }}
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@v2.1.0
+        with:
+          registry: ${{ env.registry }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push ${{ env.image-name }}
+        uses: docker/build-push-action@v3
+        with:
+          push: true
+          tags: ${{ steps.metadata.outputs.tags }}
+          labels: ${{ steps.metadata.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+concurrency:
+  group: ${{ github.ref }}
+  cancel-in-progress: true

.github/workflows/publish-ci-docker-image.yml

@@ -0,0 +1,20 @@
+name: publish-ci-docker-image
+on:
+  push:
+    branches: [ main ]
+jobs:
+  publish-ci-docker-image:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v1
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Build CI Docker image
+        run: |
+          docker build . -f Dockerfile.ci --tag ghcr.io/postgresml/pgcat-ci:latest
+          docker run ghcr.io/postgresml/pgcat-ci:latest
+          docker push ghcr.io/postgresml/pgcat-ci:latest

.gitignore

@@ -0,0 +1,12 @@
+.idea
+/target
+*.deb
+.vscode
+*.profraw
+cov/
+lcov.info
+
+# Dev
+dev/.bash_history
+dev/cache
+!dev/cache/.keepme

.rustfmt.toml

@@ -0,0 +1,2 @@
+edition = "2021"
+hard_tabs = false

CONFIG.md

@@ -0,0 +1,425 @@
+# PgCat Configurations 
+## `general` Section
+
+### host
+```
+path: general.host
+default: "0.0.0.0"
+```
+
+What IP to run on, 0.0.0.0 means accessible from everywhere.
+
+### port
+```
+path: general.port
+default: 6432
+```
+
+Port to run on, same as PgBouncer used in this example.
+
+### enable_prometheus_exporter
+```
+path: general.enable_prometheus_exporter
+default: true
+```
+
+Whether to enable prometheus exporter or not.
+
+### prometheus_exporter_port
+```
+path: general.prometheus_exporter_port
+default: 9930
+```
+
+Port at which prometheus exporter listens on.
+
+### connect_timeout
+```
+path: general.connect_timeout
+default: 5000 # milliseconds
+```
+
+How long to wait before aborting a server connection (ms).
+
+### idle_timeout
+```
+path: general.idle_timeout
+default: 30000 # milliseconds
+```
+
+How long an idle connection with a server is left open (ms).
+
+### server_lifetime
+```
+path: general.server_lifetime
+default: 86400000 # 24 hours
+```
+
+Max connection lifetime before it's closed, even if actively used.
+
+### idle_client_in_transaction_timeout
+```
+path: general.idle_client_in_transaction_timeout
+default: 0 # milliseconds
+```
+
+How long a client is allowed to be idle while in a transaction (ms).
+
+### healthcheck_timeout
+```
+path: general.healthcheck_timeout
+default: 1000 # milliseconds
+```
+
+How much time to give the health check query to return with a result (ms).
+
+### healthcheck_delay
+```
+path: general.healthcheck_delay
+default: 30000 # milliseconds
+```
+
+How long to keep connection available for immediate re-use, without running a healthcheck query on it
+
+### shutdown_timeout
+```
+path: general.shutdown_timeout
+default: 60000 # milliseconds
+```
+
+How much time to give clients during shutdown before forcibly killing client connections (ms).
+
+### ban_time
+```
+path: general.ban_time
+default: 60 # seconds
+```
+
+How long to ban a server if it fails a health check (seconds).
+
+### log_client_connections
+```
+path: general.log_client_connections
+default: false
+```
+
+If we should log client connections
+
+### log_client_disconnections
+```
+path: general.log_client_disconnections
+default: false
+```
+
+If we should log client disconnections
+
+### autoreload
+```
+path: general.autoreload
+default: 15000
+```
+
+When set to true, PgCat reloads configs if it detects a change in the config file.
+
+### worker_threads
+```
+path: general.worker_threads
+default: 5
+```
+
+Number of worker threads the Runtime will use (4 by default).
+
+### tcp_keepalives_idle
+```
+path: general.tcp_keepalives_idle
+default: 5
+```
+
+Number of seconds of connection idleness to wait before sending a keepalive packet to the server.
+
+### tcp_keepalives_count
+```
+path: general.tcp_keepalives_count
+default: 5
+```
+
+Number of unacknowledged keepalive packets allowed before giving up and closing the connection.
+
+### tcp_keepalives_interval
+```
+path: general.tcp_keepalives_interval
+default: 5
+```
+
+Number of seconds between keepalive packets.
+
+### tls_certificate
+```
+path: general.tls_certificate
+default: <UNSET>
+example: "server.cert"
+```
+
+Path to TLS Certificate file to use for TLS connections
+
+### tls_private_key
+```
+path: general.tls_private_key
+default: <UNSET>
+example: "server.key"
+```
+
+Path to TLS private key file to use for TLS connections
+
+### admin_username
+```
+path: general.admin_username
+default: "admin_user"
+```
+
+User name to access the virtual administrative database (pgbouncer or pgcat)
+Connecting to that database allows running commands like `SHOW POOLS`, `SHOW DATABASES`, etc..
+
+### admin_password
+```
+path: general.admin_password
+default: "admin_pass"
+```
+
+Password to access the virtual administrative database
+
+### dns_cache_enabled
+```
+path: general.dns_cache_enabled
+default: false
+```
+When enabled, ip resolutions for server connections specified using hostnames will be cached
+and checked for changes every `dns_max_ttl` seconds. If a change in the host resolution is found
+old ip connections are closed (gracefully) and new connections will start using new ip.
+
+### dns_max_ttl
+```
+path: general.dns_max_ttl
+default: 30
+```
+Specifies how often (in seconds) cached ip addresses for servers are rechecked (see `dns_cache_enabled`).
+
+## `pools.<pool_name>` Section
+
+### pool_mode
+```
+path: pools.<pool_name>.pool_mode
+default: "transaction"
+```
+
+Pool mode (see PgBouncer docs for more).
+`session` one server connection per connected client
+`transaction` one server connection per client transaction
+
+### load_balancing_mode
+```
+path: pools.<pool_name>.load_balancing_mode
+default: "random"
+```
+
+Load balancing mode
+`random` selects the server at random
+`loc` selects the server with the least outstanding busy conncetions
+
+### default_role
+```
+path: pools.<pool_name>.default_role
+default: "any"
+```
+
+If the client doesn't specify, PgCat routes traffic to this role by default.
+`any` round-robin between primary and replicas,
+`replica` round-robin between replicas only without touching the primary,
+`primary` all queries go to the primary unless otherwise specified.
+
+### query_parser_enabled
+```
+path: pools.<pool_name>.query_parser_enabled
+default: true
+```
+
+If Query Parser is enabled, we'll attempt to parse
+every incoming query to determine if it's a read or a write.
+If it's a read query, we'll direct it to a replica. Otherwise, if it's a write,
+we'll direct it to the primary.
+
+### primary_reads_enabled
+```
+path: pools.<pool_name>.primary_reads_enabled
+default: true
+```
+
+If the query parser is enabled and this setting is enabled, the primary will be part of the pool of databases used for
+load balancing of read queries. Otherwise, the primary will only be used for write
+queries. The primary can always be explicitly selected with our custom protocol.
+
+### sharding_key_regex
+```
+path: pools.<pool_name>.sharding_key_regex
+default: <UNSET>
+example: '/\* sharding_key: (\d+) \*/'
+```
+
+Allow sharding commands to be passed as statement comments instead of
+separate commands. If these are unset this functionality is disabled.
+
+### sharding_function
+```
+path: pools.<pool_name>.sharding_function
+default: "pg_bigint_hash"
+```
+
+So what if you wanted to implement a different hashing function,
+or you've already built one and you want this pooler to use it?
+Current options:
+`pg_bigint_hash`: PARTITION BY HASH (Postgres hashing function)
+`sha1`: A hashing function based on SHA1
+
+### auth_query
+```
+path: pools.<pool_name>.auth_query
+default: <UNSET>
+example: "SELECT $1"
+```
+
+Query to be sent to servers to obtain the hash used for md5 authentication. The connection will be
+established using the database configured in the pool. This parameter is inherited by every pool
+and can be redefined in pool configuration.
+
+### auth_query_user
+```
+path: pools.<pool_name>.auth_query_user
+default: <UNSET>
+example: "sharding_user"
+```
+
+User to be used for connecting to servers to obtain the hash used for md5 authentication by sending the query
+specified in `auth_query_user`. The connection will be established using the database configured in the pool.
+This parameter is inherited by every pool and can be redefined in pool configuration.
+
+### auth_query_password
+```
+path: pools.<pool_name>.auth_query_password
+default: <UNSET>
+example: "sharding_user"
+```
+
+Password to be used for connecting to servers to obtain the hash used for md5 authentication by sending the query
+specified in `auth_query_user`. The connection will be established using the database configured in the pool.
+This parameter is inherited by every pool and can be redefined in pool configuration.
+
+### automatic_sharding_key
+```
+path: pools.<pool_name>.automatic_sharding_key
+default: <UNSET>
+example: "data.id"
+```
+
+Automatically parse this from queries and route queries to the right shard!
+
+### idle_timeout
+```
+path: pools.<pool_name>.idle_timeout
+default: 40000
+```
+
+Idle timeout can be overwritten in the pool
+
+### connect_timeout
+```
+path: pools.<pool_name>.connect_timeout
+default: 3000
+```
+
+Connect timeout can be overwritten in the pool
+
+## `pools.<pool_name>.users.<user_index>` Section
+
+### username
+```
+path: pools.<pool_name>.users.<user_index>.username
+default: "sharding_user"
+```
+
+PostgreSQL username used to authenticate the user and connect to the server
+if `server_username` is not set.
+
+### password
+```
+path: pools.<pool_name>.users.<user_index>.password
+default: "sharding_user"
+```
+
+PostgreSQL password used to authenticate the user and connect to the server
+if `server_password` is not set.
+
+### server_username
+```
+path: pools.<pool_name>.users.<user_index>.server_username
+default: <UNSET>
+example: "another_user"
+```
+
+PostgreSQL username used to connect to the server.
+
+### server_password
+```
+path: pools.<pool_name>.users.<user_index>.server_password
+default: <UNSET>
+example: "another_password"
+```
+
+PostgreSQL password used to connect to the server.
+
+### pool_size
+```
+path: pools.<pool_name>.users.<user_index>.pool_size
+default: 9
+```
+
+Maximum number of server connections that can be established for this user
+The maximum number of connection from a single Pgcat process to any database in the cluster
+is the sum of pool_size across all users.
+
+### statement_timeout
+```
+path: pools.<pool_name>.users.<user_index>.statement_timeout
+default: 0
+```
+
+Maximum query duration. Dangerous, but protects against DBs that died in a non-obvious way.
+0 means it is disabled.
+
+## `pools.<pool_name>.shards.<shard_index>` Section
+
+### servers
+```
+path: pools.<pool_name>.shards.<shard_index>.servers
+default: [["127.0.0.1", 5432, "primary"], ["localhost", 5432, "replica"]]
+```
+
+Array of servers in the shard, each server entry is an array of `[host, port, role]`
+
+### mirrors
+```
+path: pools.<pool_name>.shards.<shard_index>.mirrors
+default: <UNSET>
+example: [["1.2.3.4", 5432, 0], ["1.2.3.4", 5432, 1]]
+```
+
+Array of mirrors for the shard, each mirror entry is an array of `[host, port, index of server in servers array]`
+Traffic hitting the server identified by the index will be sent to the mirror.
+
+### database
+```
+path: pools.<pool_name>.shards.<shard_index>.database
+default: "shard0"
+```
+
+Database name (e.g. "postgres")
+

CONTRIBUTING.md

@@ -0,0 +1,13 @@
+## Introduction
+
+Thank you for contributing! Just a few tips here:
+
+1. `cargo fmt` your code before opening up a PR
+2. Run the test suite (e.g. `pgbench`) to make sure everything still works. The tests are in `.circleci/run_tests.sh`.
+3. Performance is important, make sure there are no regressions in your branch vs. `main`.
+
+Happy hacking!
+
+## TODOs
+
+See [Issues]([url](https://github.com/levkk/pgcat/issues)).

Cargo.lock

@@ -0,0 +1,1922 @@
+# This file is automatically @generated by Cargo.
+# It is not intended for manual editing.
+version = 3
+
+[[package]]
+name = "aho-corasick"
+version = "1.0.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "67fc08ce920c31afb70f013dcce1bfc3a3195de6a228474e45e1f145b36f8d04"
+dependencies = [
+ "memchr",
+]
+
+[[package]]
+name = "android_system_properties"
+version = "0.1.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "819e7219dbd41043ac279b19830f2efc897156490d7fd6ea916720117ee66311"
+dependencies = [
+ "libc",
+]
+
+[[package]]
+name = "arc-swap"
+version = "1.6.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bddcadddf5e9015d310179a59bb28c4d4b9920ad0f11e8e14dbadf654890c9a6"
+
+[[package]]
+name = "async-stream"
+version = "0.3.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "dad5c83079eae9969be7fadefe640a1c566901f05ff91ab221de4b6f68d9507e"
+dependencies = [
+ "async-stream-impl",
+ "futures-core",
+]
+
+[[package]]
+name = "async-stream-impl"
+version = "0.3.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "10f203db73a71dfa2fb6dd22763990fa26f3d2625a6da2da900d23b87d26be27"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 1.0.109",
+]
+
+[[package]]
+name = "async-trait"
+version = "0.1.68"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b9ccdd8f2a161be9bd5c023df56f1b2a0bd1d83872ae53b71a84a12c9bf6e842"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.9",
+]
+
+[[package]]
+name = "atomic_enum"
+version = "0.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6227a8d6fdb862bcb100c4314d0d9579e5cd73fa6df31a2e6f6e1acd3c5f1207"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 1.0.109",
+]
+
+[[package]]
+name = "autocfg"
+version = "1.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa"
+
+[[package]]
+name = "base64"
+version = "0.21.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a4a4ddaa51a5bc52a6948f74c06d20aaaddb71924eab79b8c97a8c556e942d6a"
+
+[[package]]
+name = "bb8"
+version = "0.8.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1627eccf3aa91405435ba240be23513eeca466b5dc33866422672264de061582"
+dependencies = [
+ "async-trait",
+ "futures-channel",
+ "futures-util",
+ "parking_lot",
+ "tokio",
+]
+
+[[package]]
+name = "bitflags"
+version = "1.3.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a"
+
+[[package]]
+name = "block-buffer"
+version = "0.10.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "69cce20737498f97b993470a6e536b8523f0af7892a4f928cceb1ac5e52ebe7e"
+dependencies = [
+ "generic-array",
+]
+
+[[package]]
+name = "bumpalo"
+version = "3.12.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0d261e256854913907f67ed06efbc3338dfe6179796deefc1ff763fc1aee5535"
+
+[[package]]
+name = "byteorder"
+version = "1.4.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "14c189c53d098945499cdfa7ecc63567cf3886b3332b312a5b4585d8d3a6a610"
+
+[[package]]
+name = "bytes"
+version = "1.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "89b2fd2a0dcf38d7971e2194b6b6eebab45ae01067456a7fd93d5547a61b70be"
+
+[[package]]
+name = "cc"
+version = "1.0.79"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "50d30906286121d95be3d479533b458f87493b30a4b5f79a607db8f5d11aa91f"
+
+[[package]]
+name = "cfg-if"
+version = "1.0.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
+
+[[package]]
+name = "chrono"
+version = "0.4.23"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "16b0a3d9ed01224b22057780a37bb8c5dbfe1be8ba48678e7bf57ec4b385411f"
+dependencies = [
+ "iana-time-zone",
+ "js-sys",
+ "num-integer",
+ "num-traits",
+ "time",
+ "wasm-bindgen",
+ "winapi",
+]
+
+[[package]]
+name = "codespan-reporting"
+version = "0.11.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3538270d33cc669650c4b093848450d380def10c331d38c768e34cac80576e6e"
+dependencies = [
+ "termcolor",
+ "unicode-width",
+]
+
+[[package]]
+name = "core-foundation-sys"
+version = "0.8.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5827cebf4670468b8772dd191856768aedcb1b0278a04f989f7766351917b9dc"
+
+[[package]]
+name = "cpufeatures"
+version = "0.2.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "28d997bd5e24a5928dd43e46dc529867e207907fe0b239c3477d924f7f2ca320"
+dependencies = [
+ "libc",
+]
+
+[[package]]
+name = "crypto-common"
+version = "0.1.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3"
+dependencies = [
+ "generic-array",
+ "typenum",
+]
+
+[[package]]
+name = "cxx"
+version = "1.0.91"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "86d3488e7665a7a483b57e25bdd90d0aeb2bc7608c8d0346acf2ad3f1caf1d62"
+dependencies = [
+ "cc",
+ "cxxbridge-flags",
+ "cxxbridge-macro",
+ "link-cplusplus",
+]
+
+[[package]]
+name = "cxx-build"
+version = "1.0.91"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "48fcaf066a053a41a81dfb14d57d99738b767febb8b735c3016e469fac5da690"
+dependencies = [
+ "cc",
+ "codespan-reporting",
+ "once_cell",
+ "proc-macro2",
+ "quote",
+ "scratch",
+ "syn 1.0.109",
+]
+
+[[package]]
+name = "cxxbridge-flags"
+version = "1.0.91"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a2ef98b8b717a829ca5603af80e1f9e2e48013ab227b68ef37872ef84ee479bf"
+
+[[package]]
+name = "cxxbridge-macro"
+version = "1.0.91"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "086c685979a698443656e5cf7856c95c642295a38599f12fb1ff76fb28d19892"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 1.0.109",
+]
+
+[[package]]
+name = "data-encoding"
+version = "2.3.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3ee2393c4a91429dffb4bedf19f4d6abf27d8a732c8ce4980305d782e5426d57"
+
+[[package]]
+name = "digest"
+version = "0.10.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8168378f4e5023e7218c89c891c0fd8ecdb5e5e4f18cb78f38cf245dd021e76f"
+dependencies = [
+ "block-buffer",
+ "crypto-common",
+ "subtle",
+]
+
+[[package]]
+name = "either"
+version = "1.8.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7fcaabb2fef8c910e7f4c7ce9f67a1283a1715879a7c230ca9d6d1ae31f16d91"
+
+[[package]]
+name = "enum-as-inner"
+version = "0.5.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c9720bba047d567ffc8a3cba48bf19126600e249ab7f128e9233e6376976a116"
+dependencies = [
+ "heck",
+ "proc-macro2",
+ "quote",
+ "syn 1.0.109",
+]
+
+[[package]]
+name = "env_logger"
+version = "0.10.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "85cdab6a89accf66733ad5a1693a4dcced6aeff64602b634530dd73c1f3ee9f0"
+dependencies = [
+ "humantime",
+ "is-terminal",
+ "log",
+ "regex",
+ "termcolor",
+]
+
+[[package]]
+name = "errno"
+version = "0.2.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f639046355ee4f37944e44f60642c6f3a7efa3cf6b78c78a0d989a8ce6c396a1"
+dependencies = [
+ "errno-dragonfly",
+ "libc",
+ "winapi",
+]
+
+[[package]]
+name = "errno-dragonfly"
+version = "0.1.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "aa68f1b12764fab894d2755d2518754e71b4fd80ecfb822714a1206c2aab39bf"
+dependencies = [
+ "cc",
+ "libc",
+]
+
+[[package]]
+name = "exitcode"
+version = "1.1.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "de853764b47027c2e862a995c34978ffa63c1501f2e15f987ba11bd4f9bba193"
+
+[[package]]
+name = "fallible-iterator"
+version = "0.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4443176a9f2c162692bd3d352d745ef9413eec5782a80d8fd6f8a1ac692a07f7"
+
+[[package]]
+name = "fnv"
+version = "1.0.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1"
+
+[[package]]
+name = "form_urlencoded"
+version = "1.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a9c384f161156f5260c24a097c56119f9be8c798586aecc13afbcbe7b7e26bf8"
+dependencies = [
+ "percent-encoding",
+]
+
+[[package]]
+name = "futures"
+version = "0.3.28"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "23342abe12aba583913b2e62f22225ff9c950774065e4bfb61a19cd9770fec40"
+dependencies = [
+ "futures-channel",
+ "futures-core",
+ "futures-executor",
+ "futures-io",
+ "futures-sink",
+ "futures-task",
+ "futures-util",
+]
+
+[[package]]
+name = "futures-channel"
+version = "0.3.28"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "955518d47e09b25bbebc7a18df10b81f0c766eaf4c4f1cccef2fca5f2a4fb5f2"
+dependencies = [
+ "futures-core",
+ "futures-sink",
+]
+
+[[package]]
+name = "futures-core"
+version = "0.3.28"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4bca583b7e26f571124fe5b7561d49cb2868d79116cfa0eefce955557c6fee8c"
+
+[[package]]
+name = "futures-executor"
+version = "0.3.28"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ccecee823288125bd88b4d7f565c9e58e41858e47ab72e8ea2d64e93624386e0"
+dependencies = [
+ "futures-core",
+ "futures-task",
+ "futures-util",
+]
+
+[[package]]
+name = "futures-io"
+version = "0.3.28"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4fff74096e71ed47f8e023204cfd0aa1289cd54ae5430a9523be060cdb849964"
+
+[[package]]
+name = "futures-macro"
+version = "0.3.28"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "89ca545a94061b6365f2c7355b4b32bd20df3ff95f02da9329b34ccc3bd6ee72"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.9",
+]
+
+[[package]]
+name = "futures-sink"
+version = "0.3.28"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f43be4fe21a13b9781a69afa4985b0f6ee0e1afab2c6f454a8cf30e2b2237b6e"
+
+[[package]]
+name = "futures-task"
+version = "0.3.28"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "76d3d132be6c0e6aa1534069c705a74a5997a356c0dc2f86a47765e5617c5b65"
+
+[[package]]
+name = "futures-util"
+version = "0.3.28"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "26b01e40b772d54cf6c6d721c1d1abd0647a0106a12ecaa1c186273392a69533"
+dependencies = [
+ "futures-channel",
+ "futures-core",
+ "futures-io",
+ "futures-macro",
+ "futures-sink",
+ "futures-task",
+ "memchr",
+ "pin-project-lite",
+ "pin-utils",
+ "slab",
+]
+
+[[package]]
+name = "generic-array"
+version = "0.14.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bff49e947297f3312447abdca79f45f4738097cc82b06e72054d2223f601f1b9"
+dependencies = [
+ "typenum",
+ "version_check",
+]
+
+[[package]]
+name = "getrandom"
+version = "0.2.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c05aeb6a22b8f62540c194aac980f2115af067bfe15a0734d7277a768d396b31"
+dependencies = [
+ "cfg-if",
+ "libc",
+ "wasi 0.11.0+wasi-snapshot-preview1",
+]
+
+[[package]]
+name = "h2"
+version = "0.3.17"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "66b91535aa35fea1523ad1b86cb6b53c28e0ae566ba4a460f4457e936cad7c6f"
+dependencies = [
+ "bytes",
+ "fnv",
+ "futures-core",
+ "futures-sink",
+ "futures-util",
+ "http",
+ "indexmap",
+ "slab",
+ "tokio",
+ "tokio-util",
+ "tracing",
+]
+
+[[package]]
+name = "hashbrown"
+version = "0.12.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8a9ee70c43aaf417c914396645a0fa852624801b24ebb7ae78fe8272889ac888"
+
+[[package]]
+name = "heck"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2540771e65fc8cb83cd6e8a237f70c319bd5c29f78ed1084ba5d50eeac86f7f9"
+
+[[package]]
+name = "hermit-abi"
+version = "0.2.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ee512640fe35acbfb4bb779db6f0d80704c2cacfa2e39b601ef3e3f47d1ae4c7"
+dependencies = [
+ "libc",
+]
+
+[[package]]
+name = "hermit-abi"
+version = "0.3.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fed44880c466736ef9a5c5b5facefb5ed0785676d0c02d612db14e54f0d84286"
+
+[[package]]
+name = "hmac"
+version = "0.12.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e"
+dependencies = [
+ "digest",
+]
+
+[[package]]
+name = "hostname"
+version = "0.3.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3c731c3e10504cc8ed35cfe2f1db4c9274c3d35fa486e3b31df46f068ef3e867"
+dependencies = [
+ "libc",
+ "match_cfg",
+ "winapi",
+]
+
+[[package]]
+name = "http"
+version = "0.2.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bd6effc99afb63425aff9b05836f029929e345a6148a14b7ecd5ab67af944482"
+dependencies = [
+ "bytes",
+ "fnv",
+ "itoa",
+]
+
+[[package]]
+name = "http-body"
+version = "0.4.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d5f38f16d184e36f2408a55281cd658ecbd3ca05cce6d6510a176eca393e26d1"
+dependencies = [
+ "bytes",
+ "http",
+ "pin-project-lite",
+]
+
+[[package]]
+name = "httparse"
+version = "1.8.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d897f394bad6a705d5f4104762e116a75639e470d80901eed05a860a95cb1904"
+
+[[package]]
+name = "httpdate"
+version = "1.0.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c4a1e36c821dbe04574f602848a19f742f4fb3c98d40449f11bcad18d6b17421"
+
+[[package]]
+name = "humantime"
+version = "2.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9a3a5bfb195931eeb336b2a7b4d761daec841b97f947d34394601737a7bba5e4"
+
+[[package]]
+name = "hyper"
+version = "0.14.26"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ab302d72a6f11a3b910431ff93aae7e773078c769f0a3ef15fb9ec692ed147d4"
+dependencies = [
+ "bytes",
+ "futures-channel",
+ "futures-core",
+ "futures-util",
+ "h2",
+ "http",
+ "http-body",
+ "httparse",
+ "httpdate",
+ "itoa",
+ "pin-project-lite",
+ "socket2",
+ "tokio",
+ "tower-service",
+ "tracing",
+ "want",
+]
+
+[[package]]
+name = "iana-time-zone"
+version = "0.1.53"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "64c122667b287044802d6ce17ee2ddf13207ed924c712de9a66a5814d5b64765"
+dependencies = [
+ "android_system_properties",
+ "core-foundation-sys",
+ "iana-time-zone-haiku",
+ "js-sys",
+ "wasm-bindgen",
+ "winapi",
+]
+
+[[package]]
+name = "iana-time-zone-haiku"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0703ae284fc167426161c2e3f1da3ea71d94b21bedbcc9494e92b28e334e3dca"
+dependencies = [
+ "cxx",
+ "cxx-build",
+]
+
+[[package]]
+name = "idna"
+version = "0.2.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "418a0a6fab821475f634efe3ccc45c013f742efe03d853e8d3355d5cb850ecf8"
+dependencies = [
+ "matches",
+ "unicode-bidi",
+ "unicode-normalization",
+]
+
+[[package]]
+name = "idna"
+version = "0.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e14ddfc70884202db2244c223200c204c2bda1bc6e0998d11b5e024d657209e6"
+dependencies = [
+ "unicode-bidi",
+ "unicode-normalization",
+]
+
+[[package]]
+name = "indexmap"
+version = "1.9.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1885e79c1fc4b10f0e172c475f458b7f7b93061064d98c3293e98c5ba0c8b399"
+dependencies = [
+ "autocfg",
+ "hashbrown",
+]
+
+[[package]]
+name = "io-lifetimes"
+version = "1.0.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1abeb7a0dd0f8181267ff8adc397075586500b81b28a73e8a0208b00fc170fb3"
+dependencies = [
+ "libc",
+ "windows-sys",
+]
+
+[[package]]
+name = "ipconfig"
+version = "0.3.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bd302af1b90f2463a98fa5ad469fc212c8e3175a41c3068601bfa2727591c5be"
+dependencies = [
+ "socket2",
+ "widestring",
+ "winapi",
+ "winreg",
+]
+
+[[package]]
+name = "ipnet"
+version = "2.5.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f88c5561171189e69df9d98bcf18fd5f9558300f7ea7b801eb8a0fd748bd8745"
+
+[[package]]
+name = "is-terminal"
+version = "0.4.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "21b6b32576413a8e69b90e952e4a026476040d81017b80445deda5f2d3921857"
+dependencies = [
+ "hermit-abi 0.3.1",
+ "io-lifetimes",
+ "rustix",
+ "windows-sys",
+]
+
+[[package]]
+name = "itertools"
+version = "0.10.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b0fd2260e829bddf4cb6ea802289de2f86d6a7a690192fbe91b3f46e0f2c8473"
+dependencies = [
+ "either",
+]
+
+[[package]]
+name = "itoa"
+version = "1.0.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fad582f4b9e86b6caa621cabeb0963332d92eea04729ab12892c2533951e6440"
+
+[[package]]
+name = "jemalloc-sys"
+version = "0.5.3+5.3.0-patched"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f9bd5d616ea7ed58b571b2e209a65759664d7fb021a0819d7a790afc67e47ca1"
+dependencies = [
+ "cc",
+ "libc",
+]
+
+[[package]]
+name = "jemallocator"
+version = "0.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "16c2514137880c52b0b4822b563fadd38257c1f380858addb74a400889696ea6"
+dependencies = [
+ "jemalloc-sys",
+ "libc",
+]
+
+[[package]]
+name = "js-sys"
+version = "0.3.61"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "445dde2150c55e483f3d8416706b97ec8e8237c307e5b7b4b8dd15e6af2a0730"
+dependencies = [
+ "wasm-bindgen",
+]
+
+[[package]]
+name = "lazy_static"
+version = "1.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646"
+
+[[package]]
+name = "libc"
+version = "0.2.139"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "201de327520df007757c1f0adce6e827fe8562fbc28bfd9c15571c66ca1f5f79"
+
+[[package]]
+name = "link-cplusplus"
+version = "1.0.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ecd207c9c713c34f95a097a5b029ac2ce6010530c7b49d7fea24d977dede04f5"
+dependencies = [
+ "cc",
+]
+
+[[package]]
+name = "linked-hash-map"
+version = "0.5.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0717cef1bc8b636c6e1c1bbdefc09e6322da8a9321966e8928ef80d20f7f770f"
+
+[[package]]
+name = "linux-raw-sys"
+version = "0.1.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f051f77a7c8e6957c0696eac88f26b0117e54f52d3fc682ab19397a8812846a4"
+
+[[package]]
+name = "lock_api"
+version = "0.4.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "435011366fe56583b16cf956f9df0095b405b82d76425bc8981c0e22e60ec4df"
+dependencies = [
+ "autocfg",
+ "scopeguard",
+]
+
+[[package]]
+name = "log"
+version = "0.4.17"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "abb12e687cfb44aa40f41fc3978ef76448f9b6038cad6aef4259d3c095a2382e"
+dependencies = [
+ "cfg-if",
+]
+
+[[package]]
+name = "lru-cache"
+version = "0.1.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "31e24f1ad8321ca0e8a1e0ac13f23cb668e6f5466c2c57319f6a5cf1cc8e3b1c"
+dependencies = [
+ "linked-hash-map",
+]
+
+[[package]]
+name = "match_cfg"
+version = "0.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ffbee8634e0d45d258acb448e7eaab3fce7a0a467395d4d9f228e3c1f01fb2e4"
+
+[[package]]
+name = "matches"
+version = "0.1.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a3e378b66a060d48947b590737b30a1be76706c8dd7b8ba0f2fe3989c68a853f"
+
+[[package]]
+name = "md-5"
+version = "0.10.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6365506850d44bff6e2fbcb5176cf63650e48bd45ef2fe2665ae1570e0f4b9ca"
+dependencies = [
+ "digest",
+]
+
+[[package]]
+name = "memchr"
+version = "2.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2dffe52ecf27772e601905b7522cb4ef790d2cc203488bbd0e2fe85fcb74566d"
+
+[[package]]
+name = "memoffset"
+version = "0.7.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5de893c32cde5f383baa4c04c5d6dbdd735cfd4a794b0debdb2bb1b421da5ff4"
+dependencies = [
+ "autocfg",
+]
+
+[[package]]
+name = "mio"
+version = "0.8.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5b9d9a46eff5b4ff64b45a9e316a6d1e0bc719ef429cbec4dc630684212bfdf9"
+dependencies = [
+ "libc",
+ "log",
+ "wasi 0.11.0+wasi-snapshot-preview1",
+ "windows-sys",
+]
+
+[[package]]
+name = "nix"
+version = "0.26.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bfdda3d196821d6af13126e40375cdf7da646a96114af134d5f417a9a1dc8e1a"
+dependencies = [
+ "bitflags",
+ "cfg-if",
+ "libc",
+ "memoffset",
+ "pin-utils",
+ "static_assertions",
+]
+
+[[package]]
+name = "num-integer"
+version = "0.1.45"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "225d3389fb3509a24c93f5c29eb6bde2586b98d9f016636dff58d7c6f7569cd9"
+dependencies = [
+ "autocfg",
+ "num-traits",
+]
+
+[[package]]
+name = "num-traits"
+version = "0.2.15"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "578ede34cf02f8924ab9447f50c28075b4d3e5b269972345e7e0372b38c6cdcd"
+dependencies = [
+ "autocfg",
+]
+
+[[package]]
+name = "num_cpus"
+version = "1.15.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0fac9e2da13b5eb447a6ce3d392f23a29d8694bff781bf03a16cd9ac8697593b"
+dependencies = [
+ "hermit-abi 0.2.6",
+ "libc",
+]
+
+[[package]]
+name = "once_cell"
+version = "1.17.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b7e5500299e16ebb147ae15a00a942af264cf3688f47923b8fc2cd5858f23ad3"
+
+[[package]]
+name = "parking_lot"
+version = "0.12.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3742b2c103b9f06bc9fff0a37ff4912935851bee6d36f3c02bcc755bcfec228f"
+dependencies = [
+ "lock_api",
+ "parking_lot_core",
+]
+
+[[package]]
+name = "parking_lot_core"
+version = "0.9.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9069cbb9f99e3a5083476ccb29ceb1de18b9118cafa53e90c9551235de2b9521"
+dependencies = [
+ "cfg-if",
+ "libc",
+ "redox_syscall",
+ "smallvec",
+ "windows-sys",
+]
+
+[[package]]
+name = "percent-encoding"
+version = "2.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "478c572c3d73181ff3c2539045f6eb99e5491218eae919370993b890cdbdd98e"
+
+[[package]]
+name = "pgcat"
+version = "1.0.2-alpha3"
+dependencies = [
+ "arc-swap",
+ "async-trait",
+ "atomic_enum",
+ "base64",
+ "bb8",
+ "bytes",
+ "chrono",
+ "env_logger",
+ "exitcode",
+ "fallible-iterator",
+ "futures",
+ "hmac",
+ "hyper",
+ "itertools",
+ "jemallocator",
+ "log",
+ "md-5",
+ "nix",
+ "num_cpus",
+ "once_cell",
+ "parking_lot",
+ "phf",
+ "pin-project",
+ "postgres-protocol",
+ "rand",
+ "regex",
+ "rustls",
+ "rustls-pemfile",
+ "serde",
+ "serde_derive",
+ "serde_json",
+ "sha-1",
+ "sha2",
+ "socket2",
+ "sqlparser",
+ "stringprep",
+ "tokio",
+ "tokio-rustls",
+ "tokio-test",
+ "toml",
+ "trust-dns-resolver",
+ "webpki-roots",
+]
+
+[[package]]
+name = "phf"
+version = "0.11.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "928c6535de93548188ef63bb7c4036bd415cd8f36ad25af44b9789b2ee72a48c"
+dependencies = [
+ "phf_macros",
+ "phf_shared",
+]
+
+[[package]]
+name = "phf_generator"
+version = "0.11.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b1181c94580fa345f50f19d738aaa39c0ed30a600d95cb2d3e23f94266f14fbf"
+dependencies = [
+ "phf_shared",
+ "rand",
+]
+
+[[package]]
+name = "phf_macros"
+version = "0.11.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "92aacdc5f16768709a569e913f7451034034178b05bdc8acda226659a3dccc66"
+dependencies = [
+ "phf_generator",
+ "phf_shared",
+ "proc-macro2",
+ "quote",
+ "syn 1.0.109",
+]
+
+[[package]]
+name = "phf_shared"
+version = "0.11.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e1fb5f6f826b772a8d4c0394209441e7d37cbbb967ae9c7e0e8134365c9ee676"
+dependencies = [
+ "siphasher",
+]
+
+[[package]]
+name = "pin-project"
+version = "1.0.12"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ad29a609b6bcd67fee905812e544992d216af9d755757c05ed2d0e15a74c6ecc"
+dependencies = [
+ "pin-project-internal",
+]
+
+[[package]]
+name = "pin-project-internal"
+version = "1.0.12"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "069bdb1e05adc7a8990dce9cc75370895fbe4e3d58b9b73bf1aee56359344a55"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 1.0.109",
+]
+
+[[package]]
+name = "pin-project-lite"
+version = "0.2.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e0a7ae3ac2f1173085d398531c705756c94a4c56843785df85a60c1a0afac116"
+
+[[package]]
+name = "pin-utils"
+version = "0.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184"
+
+[[package]]
+name = "postgres-protocol"
+version = "0.6.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "78b7fa9f396f51dffd61546fd8573ee20592287996568e6175ceb0f8699ad75d"
+dependencies = [
+ "base64",
+ "byteorder",
+ "bytes",
+ "fallible-iterator",
+ "hmac",
+ "md-5",
+ "memchr",
+ "rand",
+ "sha2",
+ "stringprep",
+]
+
+[[package]]
+name = "ppv-lite86"
+version = "0.2.17"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de"
+
+[[package]]
+name = "proc-macro2"
+version = "1.0.53"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ba466839c78239c09faf015484e5cc04860f88242cff4d03eb038f04b4699b73"
+dependencies = [
+ "unicode-ident",
+]
+
+[[package]]
+name = "quick-error"
+version = "1.2.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a1d01941d82fa2ab50be1e79e6714289dd7cde78eba4c074bc5a4374f650dfe0"
+
+[[package]]
+name = "quote"
+version = "1.0.26"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4424af4bf778aae2051a77b60283332f386554255d722233d09fbfc7e30da2fc"
+dependencies = [
+ "proc-macro2",
+]
+
+[[package]]
+name = "rand"
+version = "0.8.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404"
+dependencies = [
+ "libc",
+ "rand_chacha",
+ "rand_core",
+]
+
+[[package]]
+name = "rand_chacha"
+version = "0.3.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88"
+dependencies = [
+ "ppv-lite86",
+ "rand_core",
+]
+
+[[package]]
+name = "rand_core"
+version = "0.6.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c"
+dependencies = [
+ "getrandom",
+]
+
+[[package]]
+name = "redox_syscall"
+version = "0.2.16"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fb5a58c1855b4b6819d59012155603f0b22ad30cad752600aadfcb695265519a"
+dependencies = [
+ "bitflags",
+]
+
+[[package]]
+name = "regex"
+version = "1.8.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "af83e617f331cc6ae2da5443c602dfa5af81e517212d9d611a5b3ba1777b5370"
+dependencies = [
+ "aho-corasick",
+ "memchr",
+ "regex-syntax",
+]
+
+[[package]]
+name = "regex-syntax"
+version = "0.7.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a5996294f19bd3aae0453a862ad728f60e6600695733dd5df01da90c54363a3c"
+
+[[package]]
+name = "resolv-conf"
+version = "0.7.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "52e44394d2086d010551b14b53b1f24e31647570cd1deb0379e2c21b329aba00"
+dependencies = [
+ "hostname",
+ "quick-error",
+]
+
+[[package]]
+name = "ring"
+version = "0.16.20"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3053cf52e236a3ed746dfc745aa9cacf1b791d846bdaf412f60a8d7d6e17c8fc"
+dependencies = [
+ "cc",
+ "libc",
+ "once_cell",
+ "spin",
+ "untrusted",
+ "web-sys",
+ "winapi",
+]
+
+[[package]]
+name = "rustix"
+version = "0.36.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f43abb88211988493c1abb44a70efa56ff0ce98f233b7b276146f1f3f7ba9644"
+dependencies = [
+ "bitflags",
+ "errno",
+ "io-lifetimes",
+ "libc",
+ "linux-raw-sys",
+ "windows-sys",
+]
+
+[[package]]
+name = "rustls"
+version = "0.21.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c911ba11bc8433e811ce56fde130ccf32f5127cab0e0194e9c68c5a5b671791e"
+dependencies = [
+ "log",
+ "ring",
+ "rustls-webpki",
+ "sct",
+]
+
+[[package]]
+name = "rustls-pemfile"
+version = "1.0.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d194b56d58803a43635bdc398cd17e383d6f71f9182b9a192c127ca42494a59b"
+dependencies = [
+ "base64",
+]
+
+[[package]]
+name = "rustls-webpki"
+version = "0.100.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d6207cd5ed3d8dca7816f8f3725513a34609c0c765bf652b8c3cb4cfd87db46b"
+dependencies = [
+ "ring",
+ "untrusted",
+]
+
+[[package]]
+name = "ryu"
+version = "1.0.13"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f91339c0467de62360649f8d3e185ca8de4224ff281f66000de5eb2a77a79041"
+
+[[package]]
+name = "scopeguard"
+version = "1.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d29ab0c6d3fc0ee92fe66e2d99f700eab17a8d57d1c1d3b748380fb20baa78cd"
+
+[[package]]
+name = "scratch"
+version = "1.0.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ddccb15bcce173023b3fedd9436f882a0739b8dfb45e4f6b6002bee5929f61b2"
+
+[[package]]
+name = "sct"
+version = "0.7.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d53dcdb7c9f8158937a7981b48accfd39a43af418591a5d008c7b22b5e1b7ca4"
+dependencies = [
+ "ring",
+ "untrusted",
+]
+
+[[package]]
+name = "serde"
+version = "1.0.160"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bb2f3770c8bce3bcda7e149193a069a0f4365bda1fa5cd88e03bca26afc1216c"
+dependencies = [
+ "serde_derive",
+]
+
+[[package]]
+name = "serde_derive"
+version = "1.0.160"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "291a097c63d8497e00160b166a967a4a79c64f3facdd01cbd7502231688d77df"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 2.0.9",
+]
+
+[[package]]
+name = "serde_json"
+version = "1.0.96"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "057d394a50403bcac12672b2b18fb387ab6d289d957dab67dd201875391e52f1"
+dependencies = [
+ "itoa",
+ "ryu",
+ "serde",
+]
+
+[[package]]
+name = "serde_spanned"
+version = "0.6.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0efd8caf556a6cebd3b285caf480045fcc1ac04f6bd786b09a6f11af30c4fcf4"
+dependencies = [
+ "serde",
+]
+
+[[package]]
+name = "sha-1"
+version = "0.10.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f5058ada175748e33390e40e872bd0fe59a19f265d0158daa551c5a88a76009c"
+dependencies = [
+ "cfg-if",
+ "cpufeatures",
+ "digest",
+]
+
+[[package]]
+name = "sha2"
+version = "0.10.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "82e6b795fe2e3b1e845bafcb27aa35405c4d47cdfc92af5fc8d3002f76cebdc0"
+dependencies = [
+ "cfg-if",
+ "cpufeatures",
+ "digest",
+]
+
+[[package]]
+name = "signal-hook-registry"
+version = "1.4.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d8229b473baa5980ac72ef434c4415e70c4b5e71b423043adb4ba059f89c99a1"
+dependencies = [
+ "libc",
+]
+
+[[package]]
+name = "siphasher"
+version = "0.3.10"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "7bd3e3206899af3f8b12af284fafc038cc1dc2b41d1b89dd17297221c5d225de"
+
+[[package]]
+name = "slab"
+version = "0.4.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6528351c9bc8ab22353f9d776db39a20288e8d6c37ef8cfe3317cf875eecfc2d"
+dependencies = [
+ "autocfg",
+]
+
+[[package]]
+name = "smallvec"
+version = "1.10.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a507befe795404456341dfab10cef66ead4c041f62b8b11bbb92bffe5d0953e0"
+
+[[package]]
+name = "socket2"
+version = "0.4.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "02e2d2db9033d13a1567121ddd7a095ee144db4e1ca1b1bda3419bc0da294ebd"
+dependencies = [
+ "libc",
+ "winapi",
+]
+
+[[package]]
+name = "spin"
+version = "0.5.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d"
+
+[[package]]
+name = "sqlparser"
+version = "0.33.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "355dc4d4b6207ca8a3434fc587db0a8016130a574dbcdbfb93d7f7b5bc5b211a"
+dependencies = [
+ "log",
+ "sqlparser_derive",
+]
+
+[[package]]
+name = "sqlparser_derive"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "55fe75cb4a364c7f7ae06c7dbbc8d84bddd85d6cdf9975963c3935bc1991761e"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 1.0.109",
+]
+
+[[package]]
+name = "static_assertions"
+version = "1.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a2eb9349b6444b326872e140eb1cf5e7c522154d69e7a0ffb0fb81c06b37543f"
+
+[[package]]
+name = "stringprep"
+version = "0.1.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8ee348cb74b87454fff4b551cbf727025810a004f88aeacae7f85b87f4e9a1c1"
+dependencies = [
+ "unicode-bidi",
+ "unicode-normalization",
+]
+
+[[package]]
+name = "subtle"
+version = "2.4.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6bdef32e8150c2a081110b42772ffe7d7c9032b606bc226c8260fd97e0976601"
+
+[[package]]
+name = "syn"
+version = "1.0.109"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "unicode-ident",
+]
+
+[[package]]
+name = "syn"
+version = "2.0.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0da4a3c17e109f700685ec577c0f85efd9b19bcf15c913985f14dc1ac01775aa"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "unicode-ident",
+]
+
+[[package]]
+name = "termcolor"
+version = "1.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "be55cf8942feac5c765c2c993422806843c9a9a45d4d5c407ad6dd2ea95eb9b6"
+dependencies = [
+ "winapi-util",
+]
+
+[[package]]
+name = "thiserror"
+version = "1.0.37"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "10deb33631e3c9018b9baf9dcbbc4f737320d2b576bac10f6aefa048fa407e3e"
+dependencies = [
+ "thiserror-impl",
+]
+
+[[package]]
+name = "thiserror-impl"
+version = "1.0.37"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "982d17546b47146b28f7c22e3d08465f6b8903d0ea13c1660d9d84a6e7adcdbb"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 1.0.109",
+]
+
+[[package]]
+name = "time"
+version = "0.1.45"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1b797afad3f312d1c66a56d11d0316f916356d11bd158fbc6ca6389ff6bf805a"
+dependencies = [
+ "libc",
+ "wasi 0.10.0+wasi-snapshot-preview1",
+ "winapi",
+]
+
+[[package]]
+name = "tinyvec"
+version = "1.6.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "87cc5ceb3875bb20c2890005a4e226a4651264a5c75edb2421b52861a0a0cb50"
+dependencies = [
+ "tinyvec_macros",
+]
+
+[[package]]
+name = "tinyvec_macros"
+version = "0.1.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20"
+
+[[package]]
+name = "tokio"
+version = "1.26.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "03201d01c3c27a29c8a5cee5b55a93ddae1ccf6f08f65365c2c918f8c1b76f64"
+dependencies = [
+ "autocfg",
+ "bytes",
+ "libc",
+ "memchr",
+ "mio",
+ "num_cpus",
+ "parking_lot",
+ "pin-project-lite",
+ "signal-hook-registry",
+ "socket2",
+ "tokio-macros",
+ "windows-sys",
+]
+
+[[package]]
+name = "tokio-macros"
+version = "1.8.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d266c00fde287f55d3f1c3e96c500c362a2b8c695076ec180f27918820bc6df8"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 1.0.109",
+]
+
+[[package]]
+name = "tokio-rustls"
+version = "0.24.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e0d409377ff5b1e3ca6437aa86c1eb7d40c134bfec254e44c830defa92669db5"
+dependencies = [
+ "rustls",
+ "tokio",
+]
+
+[[package]]
+name = "tokio-stream"
+version = "0.1.11"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d660770404473ccd7bc9f8b28494a811bc18542b915c0855c51e8f419d5223ce"
+dependencies = [
+ "futures-core",
+ "pin-project-lite",
+ "tokio",
+]
+
+[[package]]
+name = "tokio-test"
+version = "0.4.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "53474327ae5e166530d17f2d956afcb4f8a004de581b3cae10f12006bc8163e3"
+dependencies = [
+ "async-stream",
+ "bytes",
+ "futures-core",
+ "tokio",
+ "tokio-stream",
+]
+
+[[package]]
+name = "tokio-util"
+version = "0.7.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5427d89453009325de0d8f342c9490009f76e999cb7672d77e46267448f7e6b2"
+dependencies = [
+ "bytes",
+ "futures-core",
+ "futures-sink",
+ "pin-project-lite",
+ "tokio",
+ "tracing",
+]
+
+[[package]]
+name = "toml"
+version = "0.7.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b403acf6f2bb0859c93c7f0d967cb4a75a7ac552100f9322faf64dc047669b21"
+dependencies = [
+ "serde",
+ "serde_spanned",
+ "toml_datetime",
+ "toml_edit",
+]
+
+[[package]]
+name = "toml_datetime"
+version = "0.6.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3ab8ed2edee10b50132aed5f331333428b011c99402b5a534154ed15746f9622"
+dependencies = [
+ "serde",
+]
+
+[[package]]
+name = "toml_edit"
+version = "0.19.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "08de71aa0d6e348f070457f85af8bd566e2bc452156a423ddf22861b3a953fae"
+dependencies = [
+ "indexmap",
+ "serde",
+ "serde_spanned",
+ "toml_datetime",
+ "winnow",
+]
+
+[[package]]
+name = "tower-service"
+version = "0.3.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b6bc1c9ce2b5135ac7f93c72918fc37feb872bdc6a5533a8b85eb4b86bfdae52"
+
+[[package]]
+name = "tracing"
+version = "0.1.37"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8ce8c33a8d48bd45d624a6e523445fd21ec13d3653cd51f681abf67418f54eb8"
+dependencies = [
+ "cfg-if",
+ "pin-project-lite",
+ "tracing-attributes",
+ "tracing-core",
+]
+
+[[package]]
+name = "tracing-attributes"
+version = "0.1.23"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4017f8f45139870ca7e672686113917c71c7a6e02d4924eda67186083c03081a"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 1.0.109",
+]
+
+[[package]]
+name = "tracing-core"
+version = "0.1.30"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "24eb03ba0eab1fd845050058ce5e616558e8f8d8fca633e6b163fe25c797213a"
+dependencies = [
+ "once_cell",
+]
+
+[[package]]
+name = "trust-dns-proto"
+version = "0.22.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4f7f83d1e4a0e4358ac54c5c3681e5d7da5efc5a7a632c90bb6d6669ddd9bc26"
+dependencies = [
+ "async-trait",
+ "cfg-if",
+ "data-encoding",
+ "enum-as-inner",
+ "futures-channel",
+ "futures-io",
+ "futures-util",
+ "idna 0.2.3",
+ "ipnet",
+ "lazy_static",
+ "rand",
+ "smallvec",
+ "thiserror",
+ "tinyvec",
+ "tokio",
+ "tracing",
+ "url",
+]
+
+[[package]]
+name = "trust-dns-resolver"
+version = "0.22.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "aff21aa4dcefb0a1afbfac26deb0adc93888c7d295fb63ab273ef276ba2b7cfe"
+dependencies = [
+ "cfg-if",
+ "futures-util",
+ "ipconfig",
+ "lazy_static",
+ "lru-cache",
+ "parking_lot",
+ "resolv-conf",
+ "smallvec",
+ "thiserror",
+ "tokio",
+ "tracing",
+ "trust-dns-proto",
+]
+
+[[package]]
+name = "try-lock"
+version = "0.2.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3528ecfd12c466c6f163363caf2d02a71161dd5e1cc6ae7b34207ea2d42d81ed"
+
+[[package]]
+name = "typenum"
+version = "1.16.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "497961ef93d974e23eb6f433eb5fe1b7930b659f06d12dec6fc44a8f554c0bba"
+
+[[package]]
+name = "unicode-bidi"
+version = "0.3.10"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d54675592c1dbefd78cbd98db9bacd89886e1ca50692a0692baefffdeb92dd58"
+
+[[package]]
+name = "unicode-ident"
+version = "1.0.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "84a22b9f218b40614adcb3f4ff08b703773ad44fa9423e4e0d346d5db86e4ebc"
+
+[[package]]
+name = "unicode-normalization"
+version = "0.1.22"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5c5713f0fc4b5db668a2ac63cdb7bb4469d8c9fed047b1d0292cc7b0ce2ba921"
+dependencies = [
+ "tinyvec",
+]
+
+[[package]]
+name = "unicode-width"
+version = "0.1.10"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c0edd1e5b14653f783770bce4a4dabb4a5108a5370a5f5d8cfe8710c361f6c8b"
+
+[[package]]
+name = "untrusted"
+version = "0.7.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a"
+
+[[package]]
+name = "url"
+version = "2.3.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0d68c799ae75762b8c3fe375feb6600ef5602c883c5d21eb51c09f22b83c4643"
+dependencies = [
+ "form_urlencoded",
+ "idna 0.3.0",
+ "percent-encoding",
+]
+
+[[package]]
+name = "version_check"
+version = "0.9.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f"
+
+[[package]]
+name = "want"
+version = "0.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1ce8a968cb1cd110d136ff8b819a556d6fb6d919363c61534f6860c7eb172ba0"
+dependencies = [
+ "log",
+ "try-lock",
+]
+
+[[package]]
+name = "wasi"
+version = "0.10.0+wasi-snapshot-preview1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1a143597ca7c7793eff794def352d41792a93c481eb1042423ff7ff72ba2c31f"
+
+[[package]]
+name = "wasi"
+version = "0.11.0+wasi-snapshot-preview1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423"
+
+[[package]]
+name = "wasm-bindgen"
+version = "0.2.84"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "31f8dcbc21f30d9b8f2ea926ecb58f6b91192c17e9d33594b3df58b2007ca53b"
+dependencies = [
+ "cfg-if",
+ "wasm-bindgen-macro",
+]
+
+[[package]]
+name = "wasm-bindgen-backend"
+version = "0.2.84"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "95ce90fd5bcc06af55a641a86428ee4229e44e07033963a2290a8e241607ccb9"
+dependencies = [
+ "bumpalo",
+ "log",
+ "once_cell",
+ "proc-macro2",
+ "quote",
+ "syn 1.0.109",
+ "wasm-bindgen-shared",
+]
+
+[[package]]
+name = "wasm-bindgen-macro"
+version = "0.2.84"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4c21f77c0bedc37fd5dc21f897894a5ca01e7bb159884559461862ae90c0b4c5"
+dependencies = [
+ "quote",
+ "wasm-bindgen-macro-support",
+]
+
+[[package]]
+name = "wasm-bindgen-macro-support"
+version = "0.2.84"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "2aff81306fcac3c7515ad4e177f521b5c9a15f2b08f4e32d823066102f35a5f6"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn 1.0.109",
+ "wasm-bindgen-backend",
+ "wasm-bindgen-shared",
+]
+
+[[package]]
+name = "wasm-bindgen-shared"
+version = "0.2.84"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0046fef7e28c3804e5e38bfa31ea2a0f73905319b677e57ebe37e49358989b5d"
+
+[[package]]
+name = "web-sys"
+version = "0.3.61"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e33b99f4b23ba3eec1a53ac264e35a755f00e966e0065077d6027c0f575b0b97"
+dependencies = [
+ "js-sys",
+ "wasm-bindgen",
+]
+
+[[package]]
+name = "webpki-roots"
+version = "0.23.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "aa54963694b65584e170cf5dc46aeb4dcaa5584e652ff5f3952e56d66aff0125"
+dependencies = [
+ "rustls-webpki",
+]
+
+[[package]]
+name = "widestring"
+version = "0.5.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "17882f045410753661207383517a6f62ec3dbeb6a4ed2acce01f0728238d1983"
+
+[[package]]
+name = "winapi"
+version = "0.3.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419"
+dependencies = [
+ "winapi-i686-pc-windows-gnu",
+ "winapi-x86_64-pc-windows-gnu",
+]
+
+[[package]]
+name = "winapi-i686-pc-windows-gnu"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6"
+
+[[package]]
+name = "winapi-util"
+version = "0.1.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "70ec6ce85bb158151cae5e5c87f95a8e97d2c0c4b001223f33a334e3ce5de178"
+dependencies = [
+ "winapi",
+]
+
+[[package]]
+name = "winapi-x86_64-pc-windows-gnu"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"
+
+[[package]]
+name = "windows-sys"
+version = "0.45.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "75283be5efb2831d37ea142365f009c02ec203cd29a3ebecbc093d52315b66d0"
+dependencies = [
+ "windows-targets",
+]
+
+[[package]]
+name = "windows-targets"
+version = "0.42.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8e2522491fbfcd58cc84d47aeb2958948c4b8982e9a2d8a2a35bbaed431390e7"
+dependencies = [
+ "windows_aarch64_gnullvm",
+ "windows_aarch64_msvc",
+ "windows_i686_gnu",
+ "windows_i686_msvc",
+ "windows_x86_64_gnu",
+ "windows_x86_64_gnullvm",
+ "windows_x86_64_msvc",
+]
+
+[[package]]
+name = "windows_aarch64_gnullvm"
+version = "0.42.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8c9864e83243fdec7fc9c5444389dcbbfd258f745e7853198f365e3c4968a608"
+
+[[package]]
+name = "windows_aarch64_msvc"
+version = "0.42.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4c8b1b673ffc16c47a9ff48570a9d85e25d265735c503681332589af6253c6c7"
+
+[[package]]
+name = "windows_i686_gnu"
+version = "0.42.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "de3887528ad530ba7bdbb1faa8275ec7a1155a45ffa57c37993960277145d640"
+
+[[package]]
+name = "windows_i686_msvc"
+version = "0.42.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bf4d1122317eddd6ff351aa852118a2418ad4214e6613a50e0191f7004372605"
+
+[[package]]
+name = "windows_x86_64_gnu"
+version = "0.42.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c1040f221285e17ebccbc2591ffdc2d44ee1f9186324dd3e84e99ac68d699c45"
+
+[[package]]
+name = "windows_x86_64_gnullvm"
+version = "0.42.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "628bfdf232daa22b0d64fdb62b09fcc36bb01f05a3939e20ab73aaf9470d0463"
+
+[[package]]
+name = "windows_x86_64_msvc"
+version = "0.42.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "447660ad36a13288b1db4d4248e857b510e8c3a225c822ba4fb748c0aafecffd"
+
+[[package]]
+name = "winnow"
+version = "0.3.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "faf09497b8f8b5ac5d3bb4d05c0a99be20f26fd3d5f2db7b0716e946d5103658"
+dependencies = [
+ "memchr",
+]
+
+[[package]]
+name = "winreg"
+version = "0.10.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "80d0f4e272c85def139476380b12f9ac60926689dd2e01d4923222f40580869d"
+dependencies = [
+ "winapi",
+]

Cargo.toml

@@ -0,0 +1,52 @@
+[package]
+name = "pgcat"
+version = "1.0.2-alpha3"
+edition = "2021"
+
+# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
+[dependencies]
+tokio = { version = "1", features = ["full"] }
+bytes = "1"
+md-5 = "0.10"
+bb8 = "0.8.0"
+async-trait = "0.1"
+rand = "0.8"
+chrono = "0.4"
+sha-1 = "0.10"
+toml = "0.7"
+serde = { version = "1", features = ["derive"] }
+serde_derive = "1"
+regex = "1"
+num_cpus = "1"
+once_cell = "1"
+sqlparser = {version = "0.33", features = ["visitor"] }
+log = "0.4"
+arc-swap = "1"
+env_logger = "0.10"
+parking_lot = "0.12.1"
+hmac = "0.12"
+sha2 = "0.10"
+base64 = "0.21"
+stringprep = "0.1"
+tokio-rustls = "0.24"
+rustls-pemfile = "1"
+hyper = { version = "0.14", features = ["full"] }
+phf = { version = "0.11.1", features = ["macros"] }
+exitcode = "1.1.2"
+futures = "0.3"
+socket2 = { version = "0.4.7", features = ["all"] }
+nix = "0.26.2"
+atomic_enum = "0.2.0"
+postgres-protocol = "0.6.5"
+fallible-iterator = "0.2"
+pin-project = "1"
+webpki-roots = "0.23"
+rustls = { version = "0.21", features = ["dangerous_configuration"] }
+trust-dns-resolver = "0.22.0"
+tokio-test = "0.4.2"
+serde_json = "1"
+itertools = "0.10"
+
+[target.'cfg(not(target_env = "msvc"))'.dependencies]
+jemallocator = "0.5.0"
+

Dockerfile

@@ -0,0 +1,11 @@
+FROM rust:1 AS builder
+COPY . /app
+WORKDIR /app
+RUN cargo build --release
+
+FROM debian:bullseye-slim
+COPY --from=builder /app/target/release/pgcat /usr/bin/pgcat
+COPY --from=builder /app/pgcat.toml /etc/pgcat/pgcat.toml
+WORKDIR /etc/pgcat
+ENV RUST_LOG=info
+CMD ["pgcat"]

Dockerfile.ci

@@ -0,0 +1,12 @@
+FROM cimg/rust:1.67.1
+RUN sudo apt-get update && \
+	sudo apt-get install -y \
+		psmisc postgresql-contrib-14 postgresql-client-14 libpq-dev \
+		ruby ruby-dev python3 python3-pip \
+		lcov llvm-11 iproute2 && \
+	sudo apt-get upgrade curl && \
+	cargo install cargo-binutils rustfilt && \
+	rustup component add llvm-tools-preview && \
+ 	pip3 install psycopg2 && sudo gem install bundler && \
+	wget -O /tmp/toxiproxy-2.4.0.deb https://github.com/Shopify/toxiproxy/releases/download/v2.4.0/toxiproxy_2.4.0_linux_$(dpkg --print-architecture).deb && \
+	sudo dpkg -i /tmp/toxiproxy-2.4.0.deb

LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2023 PgCat Contributors
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

README.md

@@ -0,0 +1,290 @@
+## PgCat: Nextgen PostgreSQL Pooler
+
+[![CircleCI](https://circleci.com/gh/postgresml/pgcat/tree/main.svg?style=svg)](https://circleci.com/gh/postgresml/pgcat/tree/main)
+<a href="https://discord.gg/DmyJP3qJ7U" target="_blank">
+    <img src="https://img.shields.io/discord/1013868243036930099" alt="Join our Discord!" />
+</a>
+
+PostgreSQL pooler and proxy (like PgBouncer) with support for sharding, load balancing, failover and mirroring.
+
+## Features
+
+| **Feature** | **Status** | **Comments** |
+|-------------|------------|--------------|
+| Transaction pooling | **Stable** | Identical to PgBouncer with notable improvements for handling bad clients and abandoned transactions. |
+| Session pooling | **Stable** | Identical to PgBouncer. |
+| Multi-threaded runtime | **Stable** | Using Tokio asynchronous runtime, the pooler takes advantage of multicore machines. |
+| Load balancing of read queries | **Stable** | Queries are automatically load balanced between replicas and the primary. |
+| Failover | **Stable** | Queries are automatically rerouted around broken replicas, validated by regular health checks. |
+| Admin database statistics | **Stable** | Pooler statistics and administration via the `pgbouncer` and `pgcat` databases. |
+| Prometheus statistics | **Stable** | Statistics are reported via a HTTP endpoint for Prometheus. |
+| SSL/TLS | **Stable** | Clients can connect to the pooler using TLS. Pooler can connect to Postgres servers using TLS. |
+| Client/Server authentication | **Stable** | Clients can connect using MD5 authentication, supported by `libpq` and all Postgres client drivers. PgCat can connect to Postgres using MD5 and SCRAM-SHA-256. |
+| Live configuration reloading | **Stable** | Identical to PgBouncer; all settings can be reloaded dynamically (except `host` and `port`). |
+| Auth passthrough | **Stable** | MD5 password authentication can be configured to use an `auth_query` so no cleartext passwords are needed in the config file.|
+| Sharding using extended SQL syntax | **Experimental** | Clients can dynamically configure the pooler to route queries to specific shards. |
+| Sharding using comments parsing/Regex | **Experimental** | Clients can include shard information (sharding key, shard ID) in the query comments. |
+| Automatic sharding | **Experimental** | PgCat can parse queries, detect sharding keys automatically, and route queries to the correct shard. |
+| Mirroring | **Experimental** | Mirror queries between multiple databases in order to test servers with realistic production traffic. |
+
+
+## Status
+
+PgCat is stable and used in production to serve hundreds of thousands of queries per second.
+
+<table>
+  <tr>
+    <td>
+      <a href="https://tech.instacart.com/adopting-pgcat-a-nextgen-postgres-proxy-3cf284e68c2f">
+        <img src="./images/instacart.webp" height="70" width="auto">
+      </a>
+    </td>
+    <td>
+      <a href="https://postgresml.org/blog/scaling-postgresml-to-one-million-requests-per-second">
+        <img src="./images/postgresml.webp" height="70" width="auto">
+      </a>
+    </td>
+    <td>
+      <a href="https://onesignal.com">
+        <img src="./images/one_signal.webp" height="70" width="auto">
+      </a>
+    </td>
+  </tr>
+  <tr>
+    <td>
+      <a href="https://tech.instacart.com/adopting-pgcat-a-nextgen-postgres-proxy-3cf284e68c2f">
+        Instacart
+      </a>
+    </td>
+    <td>
+      <a href="https://postgresml.org/blog/scaling-postgresml-to-one-million-requests-per-second">
+        PostgresML
+      </a>
+    </td>
+    <td>
+      OneSignal
+    </td>
+  </tr>
+</table>
+
+Some features remain experimental and are being actively developed. They are optional and can be enabled through configuration.
+
+## Deployment
+
+See `Dockerfile` for example deployment using Docker. The pooler is configured to spawn 4 workers so 4 CPUs are recommended for optimal performance. That setting can be adjusted to spawn as many (or as little) workers as needed.
+
+A Docker image is available from `docker pull ghcr.io/postgresml/pgcat:latest`. See our [Github packages repository](https://github.com/postgresml/pgcat/pkgs/container/pgcat).
+
+For quick local example, use the Docker Compose environment provided:
+
+```bash
+docker-compose up
+
+# In a new terminal:
+PGPASSWORD=postgres psql -h 127.0.0.1 -p 6432 -U postgres -c 'SELECT 1'
+```
+
+### Config
+
+See **[Configuration](https://github.com/levkk/pgcat/blob/main/CONFIG.md)**.
+
+## Contributing
+
+The project is being actively developed and looking for additional contributors and production deployments.
+
+### Local development
+
+1. Install Rust (latest stable will work great).
+2. `cargo build --release` (to get better benchmarks).
+3. Change the config in `pgcat.toml` to fit your setup (optional given next step).
+4. Install Postgres and run `psql -f tests/sharding/query_routing_setup.sql` (user/password may be required depending on your setup)
+5. `RUST_LOG=info cargo run --release` You're ready to go!
+
+### Tests
+
+When making substantial modifications to the protocol implementation, make sure to test them with pgbench:
+
+```
+pgbench -i -h 127.0.0.1 -p 6432 && \
+pgbench -t 1000 -p 6432 -h 127.0.0.1 --protocol simple && \
+pgbench -t 1000 -p 6432 -h 127.0.0.1 --protocol extended
+```
+
+See [sharding README](./tests/sharding/README.md) for sharding logic testing.
+
+Additionally, all features are tested with Ruby, Python, and Rust unit and integration tests.
+
+Run `cargo test` to run Rust unit tests.
+
+Run the following commands to run Ruby and Python integration tests:
+
+```
+cd tests/docker/
+docker compose up --exit-code-from main # This will also produce coverage report under ./cov/
+```
+
+### Docker-based local development
+
+You can open a Docker development environment where you can debug tests easier. Run the following command to spin it up:
+
+```
+./dev/script/console
+```
+
+This will open a terminal in an environment similar to that used in tests. In there, you can compile the pooler, run tests, do some debugging with the test environment, etc. Objects compiled inside the container (and bundled gems) will be placed in `dev/cache` so they don't interfere with what you have on your machine.
+
+## Usage
+
+### Session mode
+In session mode, a client talks to one server for the duration of the connection. Prepared statements, `SET`, and advisory locks are supported. In terms of supported features, there is very little if any difference between session mode and talking directly to the server.
+
+To use session mode, change `pool_mode = "session"`.
+
+### Transaction mode
+In transaction mode, a client talks to one server for the duration of a single transaction; once it's over, the server is returned to the pool. Prepared statements, `SET`, and advisory locks are not supported; alternatives are to use `SET LOCAL` and `pg_advisory_xact_lock` which are scoped to the transaction.
+
+This mode is enabled by default.
+
+### Load balancing of read queries
+All queries are load balanced against the configured servers using either the random or least open connections algorithms. The most straightforward configuration example would be to put this pooler in front of several replicas and let it load balance all queries.
+
+If the configuration includes a primary and replicas, the queries can be separated with the built-in query parser. The query parser, implemented with the `sqlparser` crate, will interpret the query and route all `SELECT` queries to a replica, while all other queries including explicit transactions will be routed to the primary.
+
+#### Query parser
+The query parser will do its best to determine where the query should go, but sometimes that's not possible. In that case, the client can select which server it wants using this custom SQL syntax:
+
+```sql
+-- To talk to the primary for the duration of the next transaction:
+SET SERVER ROLE TO 'primary';
+
+-- To talk to the replica for the duration of the next transaction:
+SET SERVER ROLE TO 'replica';
+
+-- Let the query parser decide
+SET SERVER ROLE TO 'auto';
+
+-- Pick any server at random
+SET SERVER ROLE TO 'any';
+
+-- Reset to default configured settings
+SET SERVER ROLE TO 'default';
+```
+
+The setting will persist until it's changed again or the client disconnects.
+
+By default, all queries are routed to the first available server; `default_role` setting controls this behavior.
+
+### Failover
+All servers are checked with a `;` (very fast) query before being given to a client. Additionally, the server health is monitored with every client query that it processes. If the server is not reachable, it will be banned and cannot serve any more transactions for the duration of the ban. The queries are routed to the remaining servers. If all servers become banned, the ban list is cleared: this is a safety precaution against false positives. The primary can never be banned.
+
+The ban time can be changed with `ban_time`. The default is 60 seconds.
+
+### Sharding
+We use the `PARTITION BY HASH` hashing function, the same as used by Postgres for declarative partitioning. This allows to shard the database using Postgres partitions and place the partitions on different servers (shards). Both read and write queries can be routed to the shards using this pooler.
+
+#### Extended syntax
+To route queries to a particular shard, we use this custom SQL syntax:
+
+```sql
+-- To talk to a shard explicitly
+SET SHARD TO '1';
+
+-- To let the pooler choose based on a value
+SET SHARDING KEY TO '1234';
+```
+
+The active shard will last until it's changed again or the client disconnects. By default, the queries are routed to shard 0.
+
+For hash function implementation, see `src/sharding.rs` and `tests/sharding/partition_hash_test_setup.sql`.
+
+
+##### ActiveRecord/Rails
+
+```ruby
+class User < ActiveRecord::Base
+end
+
+# Metadata will be fetched from shard 0
+ActiveRecord::Base.establish_connection
+
+# Grab a bunch of users from shard 1
+User.connection.execute "SET SHARD TO '1'"
+User.take(10)
+
+# Using id as the sharding key
+User.connection.execute "SET SHARDING KEY TO '1234'"
+User.find_by_id(1234)
+
+# Using geographical sharding
+User.connection.execute "SET SERVER ROLE TO 'primary'"
+User.connection.execute "SET SHARDING KEY TO '85'"
+User.create(name: "test user", email: "test@example.com", zone_id: 85)
+
+# Let the query parser figure out where the query should go.
+# We are still on shard = hash(85) % shards.
+User.connection.execute "SET SERVER ROLE TO 'auto'"
+User.find_by_email("test@example.com")
+```
+
+##### Raw SQL
+
+```sql
+-- Grab a bunch of users from shard 1
+SET SHARD TO '1';
+SELECT * FROM users LIMT 10;
+
+-- Find by id
+SET SHARDING KEY TO '1234';
+SELECT * FROM USERS WHERE id = 1234;
+
+-- Writing in a primary/replicas configuration.
+SET SHARDING ROLE TO 'primary';
+SET SHARDING KEY TO '85';
+INSERT INTO users (name, email, zome_id) VALUES ('test user', 'test@example.com', 85);
+
+SET SERVER ROLE TO 'auto'; -- let the query router figure out where the query should go
+SELECT * FROM users WHERE email = 'test@example.com'; -- shard setting lasts until set again; we are reading from the primary
+```
+
+#### With comments
+Issuing queries to the pooler can cause additional latency. To reduce its impact, it's possible to include sharding information inside SQL comments sent via the query. This is reasonably easy to implement with ORMs like [ActiveRecord](https://api.rubyonrails.org/classes/ActiveRecord/QueryMethods.html#method-i-annotate) and [SQLAlchemy](https://docs.sqlalchemy.org/en/20/core/events.html#sql-execution-and-connection-events).
+
+```
+/* shard_id: 5 */ SELECT * FROM foo WHERE id = 1234;
+
+/* sharding_key: 1234 */ SELECT * FROM foo WHERE id = 1234;
+```
+
+#### Automatic query parsing
+PgCat can use the `sqlparser` crate to parse SQL queries and extract the sharding key. This is configurable with the `automatic_sharding_key` setting. This feature is still experimental, but it's the ideal implementation for sharding, requiring no client modifications.
+
+### Statistics reporting
+
+The stats are very similar to what PgBouncer reports and the names are kept to be comparable. They are accessible by querying the admin database `pgcat`, and `pgbouncer` for compatibility.
+
+```
+psql -h 127.0.0.1 -p 6432 -d pgbouncer -c 'SHOW DATABASES'
+```
+
+Additionally, Prometheus statistics are available at `/metrics` via HTTP.
+
+### Live configuration reloading
+
+The config can be reloaded by sending a `kill -s SIGHUP` to the process or by querying `RELOAD` to the admin database. All settings except the `host` and `port` can be reloaded without restarting the pooler, including sharding and replicas configurations.
+
+### Mirroring
+
+Mirroring allows to route queries to multiple databases at the same time. This is useful for prewarning replicas before placing them into the active configuration, or for testing different versions of Postgres with live traffic.
+
+## License
+
+PgCat is free and open source, released under the MIT license.
+
+## Contributors
+
+Many thanks to our amazing contributors!
+
+<a href = "https://github.com/postgresml/pgcat/graphs/contributors">
+  <img src = "https://contrib.rocks/image?repo=postgresml/pgcat"/>
+</a>
+

cov-style.css

@@ -0,0 +1,158 @@
+/*
+ * Copyright 2021 Collabora, Ltd.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining
+ * a copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to
+ * the following conditions:
+ *
+ * The above copyright notice and this permission notice (including the
+ * next paragraph) shall be included in all copies or substantial
+ * portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT.  IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
+ * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
+ * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+ * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+body {
+	background-color: #f2f2f2;
+	font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto,
+		"Noto Sans", Ubuntu, Cantarell, "Helvetica Neue", sans-serif,
+		"Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol",
+		"Noto Color Emoji";
+}
+
+.sourceHeading, .source, .coverFn,
+.testName, .testPer, .testNum,
+.coverLegendCovLo, .headerCovTableEntryLo, .coverPerLo, .coverNumLo,
+.coverLegendCovMed, .headerCovTableEntryMed, .coverPerMed, .coverNumMed,
+.coverLegendCovHi, .headerCovTableEntryHi, .coverPerHi, .coverNumHi,
+.coverFile {
+	font-family: "Menlo", "DejaVu Sans Mono", "Liberation Mono",
+		"Consolas", "Ubuntu Mono", "Courier New", "andale mono",
+		"lucida console", monospace;
+}
+
+pre {
+	font-size: 0.7875rem;
+}
+
+.headerCovTableEntry, .testPer, .testNum, .testName,
+.coverLegendCovLo, .headerCovTableEntryLo, .coverPerLo, .coverNumLo,
+.coverLegendCovMed, .headerCovTableEntryMed, .coverPerMed, .coverNumMed,
+.coverLegendCovHi, .headerCovTableEntryHi, .coverPerHi, .coverNumHi {
+	text-align: right;
+	white-space: nowrap;
+}
+
+.coverPerLo, .coverPerMed, .coverPerHi, .testPer {
+/*	font-weight: bold;*/
+}
+
+.coverNumLo, .coverNumMed, .coverNumHi, .testNum {
+	font-style: italic;
+	font-size: 90%;
+	padding-left: 1em;
+}
+
+.title {
+	font-size: 200%;
+}
+
+.tableHead {
+	text-align: center;
+	font-weight: bold;
+	background-color: #bfbfbf;
+}
+
+.coverFile, .coverBar, .coverFn {
+	background-color: #d9d9d9;
+}
+
+.headerCovTableHead {
+	font-weight: bold;
+	text-align: right;
+}
+
+.headerCovTableEntry {
+	background-color: #d9d9d9;
+}
+
+.coverFnLo,
+.coverLegendCovLo, .headerCovTableEntryLo, .coverPerLo, .coverNumLo {
+	background-color: #f2dada;
+}
+
+.coverFnHi,
+.coverLegendCovMed, .headerCovTableEntryMed, .coverPerMed, .coverNumMed {
+	background-color: #add9ad;
+}
+
+.coverLegendCovHi, .headerCovTableEntryHi, .coverPerHi, .coverNumHi {
+	background-color: #59b359;
+}
+
+.coverBarOutline {
+	border-style: solid;
+	border-width: 1px;
+	border-color: black;
+	padding: 0px;
+}
+
+.coverFnLo, .coverFnHi {
+	text-align: right;
+}
+
+.lineNum {
+	background-color: #d9d9d9;
+}
+
+.coverLegendCov, .lineCov, .branchCov {
+	background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAgAAAABCAIAAABsYngUAAADAXpUWHRSYXcgcHJvZmlsZSB0eXBlIGV4aWYAAHjazZVbktwgDEX/WUWWgCSExHIwj6rsIMvPxcY9PY9MzVTyEVMNtCwkoYNwGL9+zvADDxHHkNQ8l5wjnlRS4YqJx+upZ08xnf313O/otTw8FBgzwShbP2/5gJyhz1vetp0KuT4ZKmO/OF6/qNsQ+3ZwO9yOhC4HcRsOdRsS3p7T9f+4thVzcXveQtv6sz5t1dfW0CUxzprJEvrE0SwXzJ1jMuStr0CPvhfqdvTmf7hVGTHxEJKI3leEsn4kFWNCT/CGfUnBXDEuyd4yaHGIhnm58/r581nk4Q59Y32N+p69Qc3xPelwJvRWkTeE8mP8UE76Ig/PSE9uT55z3jN+LZ/pJaibXLjxzdl9znHtrqaMLee9qXuL5wx6x8rWuSqjGX4afSV7tYLmKImGc9RxyA60RoUYGCcl6lRp0jjHRg0hJh4MjszcALcFCB0wCjcgJYBGo8kGzF0cB6DhOAik/IiFTrfldNfI4biTB5wegjHCkr9q4StKc66CIlq55CtXiItXwhHFIkeE6ocaiNDcSdUzwXd7+yyuAoJ6ptmxwRqPZQH4D6WXwyUnaIGiYrwKmKxvA0gRIlAEQwICMZMoZYrGHIwIiXQAqgidJfEBLKTKHUFyEsmAgyqAb6wxOlVZ+RLjIgQIlRzEwAaFCFgpKc6PJccZqiqaVDWrqWvRmiWvCsvZ8rpRq4klU8tm5lasBhdPrp7d3L14LVwEN64W1GPxUkqtcFphuWJ1hUKtBx9ypEOPfNjhRzlq49CkpaYtN2veSqudu3TUcc/duvfS66CBozTS0JGHDR9l1ImjNmWmqTNPmz5LmPVBbWN9175BjTY1PkktRXtQg9TsNkHrOtHFDMQ4EYDbIkASmBez6JQSL3KLWSyMqlBGkLrgdFrEQDANYp30YPdCToPkf8MtAAT/C3JhofsCuffcPqLW6/mhk5PQKsOV1CiovpHgnx3LcCvhwlnz9dF8P4Y/vfju+J8aQpZK+A373P3XzDqcKwAAAAZiS0dEAAAAAAAA+UO7fwAAAAlwSFlzAAAOxAAADsQBlSsOGwAAAAd0SU1FB+UEEQYyDQA04tUAAAAZdEVYdENvbW1lbnQAQ3JlYXRlZCB3aXRoIEdJTVBXgQ4XAAAADklEQVQI12PULVBlwAYAEagAxGHRDdwAAAAASUVORK5CYII=');
+	background-repeat: repeat-y;
+	background-position: left top;
+	background-color: #c6ffb8;
+}
+
+.coverLegendNoCov, .lineNoCov, .branchNoCov, .branchNoExec {
+	background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAgAAAABCAIAAABsYngUAAAACXBIWXMAAA7EAAAOxAGVKw4bAAAAB3RJTUUH5QMUCiMidNgp2gAAABl0RVh0Q29tbWVudABDcmVhdGVkIHdpdGggR0lNUFeBDhcAAAAPSURBVAjXY/wZIcWADQAAIa4BbZaExr0AAAAASUVORK5CYII=');
+	background-repeat: repeat-y;
+	background-position: left top;
+	background-color: #ffcfbb;
+}
+
+.coverLegendCov, .coverLegendNoCov {
+	padding: 0em 1em 0em 1em;
+}
+
+.headerItem, .headerValue, .headerValueLeg {
+	white-space: nowrap;
+}
+
+.headerItem {
+	text-align: right;
+	font-weight: bold;
+}
+
+.ruler {
+	background-color: #d9d9d9;
+}
+
+.detail {
+	font-size: 80%;
+}
+
+.versionInfo {
+	font-size: 80%;
+	text-align: right;
+}
+

dev/Dockerfile

@@ -0,0 +1,33 @@
+FROM rust:bullseye
+
+# Dependencies
+RUN apt-get update -y \
+    && apt-get install -y \
+    llvm-11 psmisc postgresql-contrib postgresql-client \
+    ruby ruby-dev libpq-dev python3 python3-pip lcov curl sudo iproute2 \
+    strace ngrep iproute2 dnsutils lsof net-tools telnet
+
+# Rust
+RUN cargo install cargo-binutils rustfilt
+RUN rustup component add llvm-tools-preview
+
+# Ruby
+RUN sudo gem install bundler
+
+# Toxyproxy
+RUN wget -O toxiproxy-2.4.0.deb https://github.com/Shopify/toxiproxy/releases/download/v2.4.0/toxiproxy_2.4.0_linux_$(dpkg --print-architecture).deb && \
+    sudo dpkg -i toxiproxy-2.4.0.deb
+
+# Config
+ENV APP_ROOT=/app
+ARG APP_USER=pgcat
+COPY dev_bashrc /etc/bash.bashrc
+
+RUN useradd -m -o -u 999 ${APP_USER} || exit 0 && mkdir ${APP_ROOT} && chown ${APP_USER} ${APP_ROOT}
+RUN adduser ${APP_USER} sudo \
+    && echo "${APP_USER} ALL=NOPASSWD: ALL" > /etc/sudoers.d/${APP_USER} \
+    && chmod ugo+s /usr/sbin/usermod /usr/sbin/groupmod
+ENV HOME=${APP_ROOT}
+WORKDIR ${APP_ROOT}
+
+ENTRYPOINT ["/bin/bash"]

dev/dev_bashrc

@@ -0,0 +1,120 @@
+# ~/.bashrc: executed by bash(1) for non-login shells.
+# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc)
+# for examples
+
+# FIX USER NEEDED SO WE CAN SHARE UID BETWEEN HOST AND DEV ENV
+usermod -o -u $(id -u) pgcat 
+groupmod -o -g $(id -g) pgcat 
+
+# We fix the setuid in those commands as we now have sudo
+sudo chmod ugo-s /usr/sbin/usermod /usr/sbin/groupmod 
+
+# Environment customization
+export DEV_ROOT="${APP_ROOT}/dev"
+export HISTFILE="${DEV_ROOT}/.bash_history"
+export CARGO_TARGET_DIR="${DEV_ROOT}/cache/target"
+export CARGO_HOME="${DEV_ROOT}/cache/target/.cargo"
+export BUNDLE_PATH="${DEV_ROOT}/cache/bundle"
+
+# Regular bashrc
+# If not running interactively, don't do anything
+case $- in
+  *i*) ;;
+  *) return;;
+esac
+
+# don't put duplicate lines or lines starting with space in the history.
+# See bash(1) for more options
+HISTCONTROL=ignoreboth
+
+# append to the history file, don't overwrite it
+shopt -s histappend
+
+# for setting history length see HISTSIZE and HISTFILESIZE in bash(1)
+HISTSIZE=1000
+HISTFILESIZE=2000
+
+# check the window size after each command and, if necessary,
+# update the values of LINES and COLUMNS.
+shopt -s checkwinsize
+
+# If set, the pattern "**" used in a pathname expansion context will
+# match all files and zero or more directories and subdirectories.
+#shopt -s globstar
+
+# make less more friendly for non-text input files, see lesspipe(1)
+[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)"
+
+# set variable identifying the chroot you work in (used in the prompt below)
+if [ -z "${debian_chroot:-}" ] && [ -r /etc/debian_chroot ]; then
+  debian_chroot=$(cat /etc/debian_chroot)
+fi
+
+# set a fancy prompt (non-color, unless we know we "want" color)
+case "$TERM" in
+  xterm-color|*-256color) color_prompt=yes;;
+esac
+
+# uncomment for a colored prompt, if the terminal has the capability; turned
+# off by default to not distract the user: the focus in a terminal window
+# should be on the output of commands, not on the prompt
+#force_color_prompt=yes
+
+if [ -n "$force_color_prompt" ]; then
+  if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then
+    # We have color support; assume it's compliant with Ecma-48
+    # (ISO/IEC-6429). (Lack of such support is extremely rare, and such
+    # a case would tend to support setf rather than setaf.)
+    color_prompt=yes
+  else
+    color_prompt=
+  fi
+fi
+
+PS1='\[\e]0;pgcat@dev-container\h: \w\a\]${debian_chroot:+($debian_chroot)}\[\033[01;32m\]pgcat\[\033[00m\]@\[\033[01;32m\]dev-container\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\[\033[01;31m\]$(git branch &>/dev/null; if [ $? -eq 0 ]; then echo " ($(git branch | grep ^* |sed s/\*\ //))"; fi)\[\033[00m\]\$ '
+
+unset color_prompt force_color_prompt
+
+# enable color support of ls and also add handy aliases
+if [ -x /usr/bin/dircolors ]; then
+  test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)"
+  alias ls='ls --color=auto'
+  #alias dir='dir --color=auto'
+  #alias vdir='vdir --color=auto'
+
+  alias grep='grep --color=auto'
+  alias fgrep='fgrep --color=auto'
+  alias egrep='egrep --color=auto'
+fi
+
+# colored GCC warnings and errors
+#export GCC_COLORS='error=01;31:warning=01;35:note=01;36:caret=01;32:locus=01:quote=01'
+
+# some more ls aliases
+alias ll='ls -alF'
+alias la='ls -A'
+alias l='ls -CF'
+
+# Add an "alert" alias for long running commands.  Use like so:
+#   sleep 10; alert
+alias alert='notify-send --urgency=low -i "$([ $? = 0 ] && echo terminal || echo error)" "$(history|tail -n1|sed -e '\''s/^\s*[0-9]\+\s*//;s/[;&|]\s*alert$//'\'')"'
+
+# Alias definitions.
+# You may want to put all your additions into a separate file like
+# ~/.bash_aliases, instead of adding them here directly.
+# See /usr/share/doc/bash-doc/examples in the bash-doc package.
+
+if [ -f ~/.bash_aliases ]; then
+  . ~/.bash_aliases
+fi
+
+# enable programmable completion features (you don't need to enable
+# this, if it's already enabled in /etc/bash.bashrc and /etc/profile
+# sources /etc/bash.bashrc).
+if ! shopt -oq posix; then
+  if [ -f /usr/share/bash-completion/bash_completion ]; then
+    . /usr/share/bash-completion/bash_completion
+  elif [ -f /etc/bash_completion ]; then
+    . /etc/bash_completion
+  fi
+fi

dev/docker-compose.yaml

@@ -0,0 +1,94 @@
+version: "3"
+
+x-common-definition-pg:
+  &common-definition-pg
+  image: postgres:14
+  network_mode: "service:main"
+  healthcheck:
+    test: [ "CMD-SHELL", "pg_isready -U postgres -d postgres" ]
+    interval: 5s
+    timeout: 5s
+    retries: 5
+  volumes:
+    - type: bind
+      source: ../tests/sharding/query_routing_setup.sql
+      target: /docker-entrypoint-initdb.d/query_routing_setup.sql
+    - type: bind
+      source: ../tests/sharding/partition_hash_test_setup.sql
+      target: /docker-entrypoint-initdb.d/partition_hash_test_setup.sql
+
+x-common-env-pg:
+  &common-env-pg
+  POSTGRES_USER: postgres
+  POSTGRES_DB: postgres
+  POSTGRES_PASSWORD: postgres
+
+services:
+  main:
+    image: gcr.io/google_containers/pause:3.2
+    ports:
+      - 6432
+
+  pg1:
+    <<: *common-definition-pg
+    environment:
+      <<: *common-env-pg
+      POSTGRES_INITDB_ARGS: --auth-local=md5 --auth-host=md5 --auth=md5
+      PGPORT: 5432
+    command: ["postgres", "-p", "5432", "-c", "shared_preload_libraries=pg_stat_statements", "-c", "pg_stat_statements.track=all", "-c", "pg_stat_statements.max=100000"]
+
+  pg2:
+    <<: *common-definition-pg
+    environment:
+      <<: *common-env-pg
+      POSTGRES_INITDB_ARGS: --auth-local=scram-sha-256 --auth-host=scram-sha-256 --auth=scram-sha-256
+      PGPORT: 7432
+    command: ["postgres", "-p", "7432", "-c", "shared_preload_libraries=pg_stat_statements", "-c", "pg_stat_statements.track=all", "-c", "pg_stat_statements.max=100000"]
+  pg3:
+    <<: *common-definition-pg
+    environment:
+      <<: *common-env-pg
+      POSTGRES_INITDB_ARGS: --auth-local=scram-sha-256 --auth-host=scram-sha-256 --auth=scram-sha-256
+      PGPORT: 8432
+    command: ["postgres", "-p", "8432", "-c", "shared_preload_libraries=pg_stat_statements", "-c", "pg_stat_statements.track=all", "-c", "pg_stat_statements.max=100000"]
+  pg4:
+    <<: *common-definition-pg
+    environment:
+      <<: *common-env-pg
+      POSTGRES_INITDB_ARGS: --auth-local=scram-sha-256 --auth-host=scram-sha-256 --auth=scram-sha-256
+      PGPORT: 9432
+    command: ["postgres", "-p", "9432", "-c", "shared_preload_libraries=pg_stat_statements", "-c", "pg_stat_statements.track=all", "-c", "pg_stat_statements.max=100000"]
+  pg5:
+    <<: *common-definition-pg
+    environment:
+      <<: *common-env-pg
+      POSTGRES_INITDB_ARGS: --auth-local=md5 --auth-host=md5 --auth=md5
+      PGPORT: 10432
+    command: ["postgres", "-p", "10432", "-c", "shared_preload_libraries=pg_stat_statements", "-c", "pg_stat_statements.track=all", "-c", "pg_stat_statements.max=100000"]
+
+  toxiproxy:
+    build: .
+    network_mode: "service:main"
+    container_name: toxiproxy
+    environment:
+      LOG_LEVEL: info
+    entrypoint: toxiproxy-server
+    depends_on:
+      - pg1
+      - pg2
+      - pg3
+      - pg4
+      - pg5
+
+  pgcat-shell:
+    stdin_open: true
+    user: "${HOST_UID}:${HOST_GID}"
+    build: .
+    network_mode: "service:main"
+    depends_on:
+      - toxiproxy
+    volumes:
+      - ../:/app/
+    entrypoint:
+      - /bin/bash
+      - -i

dev/script/console

@@ -0,0 +1,12 @@
+#!/bin/bash
+
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
+export HOST_UID="$(id -u)"
+export HOST_GID="$(id -g)"
+
+if [[ "${1}" == "down" ]]; then
+	docker-compose -f "${DIR}/../docker-compose.yaml" down
+	exit 0
+else
+	docker-compose -f "${DIR}/../docker-compose.yaml" run --rm pgcat-shell
+fi

docker-compose.yml

@@ -0,0 +1,17 @@
+version: "3"
+services:
+  postgres:
+    image: postgres:14
+    environment:
+      POSTGRES_PASSWORD: postgres
+      POSTGRES_HOST_AUTH_METHOD: md5
+  pgcat:
+    build: .
+    command:
+      - "pgcat"
+      - "/etc/pgcat/pgcat.toml"
+    volumes:
+      - "${PWD}/examples/docker/pgcat.toml:/etc/pgcat/pgcat.toml"
+    ports:
+      - "6432:6432"
+      - "9930:9930"

examples/docker/pgcat.toml

@@ -0,0 +1,123 @@
+#
+# PgCat config example.
+#
+
+#
+# General pooler settings
+[general]
+# What IP to run on, 0.0.0.0 means accessible from everywhere.
+host = "0.0.0.0"
+
+# Port to run on, same as PgBouncer used in this example.
+port = 6432
+
+# Whether to enable prometheus exporter or not.
+enable_prometheus_exporter = true
+
+# Port at which prometheus exporter listens on.
+prometheus_exporter_port = 9930
+
+# How long to wait before aborting a server connection (ms).
+connect_timeout = 5000
+
+# How much time to give `SELECT 1` health check query to return with a result (ms).
+healthcheck_timeout = 1000
+
+# How long to keep connection available for immediate re-use, without running a healthcheck query on it
+healthcheck_delay = 30000
+
+# How much time to give clients during shutdown before forcibly killing client connections (ms).
+shutdown_timeout = 60000
+
+# For how long to ban a server if it fails a health check (seconds).
+ban_time = 60 # seconds
+
+# If we should log client connections
+log_client_connections = false
+
+# If we should log client disconnections
+log_client_disconnections = false
+
+# TLS
+# tls_certificate = "server.cert"
+# tls_private_key = "server.key"
+
+# Credentials to access the virtual administrative database (pgbouncer or pgcat)
+# Connecting to that database allows running commands like `SHOW POOLS`, `SHOW DATABASES`, etc..
+admin_username = "postgres"
+admin_password = "postgres"
+
+# pool
+# configs are structured as pool.<pool_name>
+# the pool_name is what clients use as database name when connecting
+# For the example below a client can connect using "postgres://sharding_user:sharding_user@pgcat_host:pgcat_port/sharded"
+[pools.postgres]
+# Pool mode (see PgBouncer docs for more).
+# session: one server connection per connected client
+# transaction: one server connection per client transaction
+pool_mode = "transaction"
+
+# If the client doesn't specify, route traffic to
+# this role by default.
+#
+# any: round-robin between primary and replicas,
+# replica: round-robin between replicas only without touching the primary,
+# primary: all queries go to the primary unless otherwise specified.
+default_role = "any"
+
+# Query parser. If enabled, we'll attempt to parse
+# every incoming query to determine if it's a read or a write.
+# If it's a read query, we'll direct it to a replica. Otherwise, if it's a write,
+# we'll direct it to the primary.
+query_parser_enabled = true
+
+# If the query parser is enabled and this setting is enabled, the primary will be part of the pool of databases used for
+# load balancing of read queries. Otherwise, the primary will only be used for write
+# queries. The primary can always be explicitly selected with our custom protocol.
+primary_reads_enabled = true
+
+# So what if you wanted to implement a different hashing function,
+# or you've already built one and you want this pooler to use it?
+#
+# Current options:
+#
+# pg_bigint_hash: PARTITION BY HASH (Postgres hashing function)
+# sha1: A hashing function based on SHA1
+#
+sharding_function = "pg_bigint_hash"
+
+# Credentials for users that may connect to this cluster
+[pools.postgres.users.0]
+username = "postgres"
+password = "postgres"
+# Maximum number of server connections that can be established for this user
+# The maximum number of connection from a single Pgcat process to any database in the cluster
+# is the sum of pool_size across all users.
+pool_size = 9
+
+# Maximum query duration. Dangerous, but protects against DBs that died in a non-obvious way.
+statement_timeout = 0
+
+# Shard 0
+[pools.postgres.shards.0]
+# [ host, port, role ]
+servers = [
+    [ "postgres", 5432, "primary" ],
+    [ "postgres", 5432, "replica" ]
+]
+# Database name (e.g. "postgres")
+database = "postgres"
+
+[pools.postgres.shards.1]
+servers = [
+    [ "postgres", 5432, "primary" ],
+    [ "postgres", 5432, "replica" ],
+]
+database = "postgres"
+
+[pools.postgres.shards.2]
+servers = [
+    [ "postgres", 5432, "primary" ],
+    [ "postgres", 5432, "replica" ],
+]
+database = "postgres"

pgcat.minimal.toml

@@ -0,0 +1,22 @@
+# This is an example of the most basic config
+# that will mimic what PgBouncer does in transaction mode with one server.
+
+[general]
+
+host = "0.0.0.0"
+port = 6433
+admin_username = "pgcat"
+admin_password = "pgcat"
+
+[pools.pgml.users.0]
+username = "postgres"
+password = "postgres"
+pool_size = 10
+min_pool_size = 1
+pool_mode = "transaction"
+
+[pools.pgml.shards.0]
+servers = [
+  ["127.0.0.1", 28815, "primary"]
+]
+database = "postgres"

pgcat.toml

@@ -0,0 +1,334 @@
+#
+# PgCat config example.
+#
+
+#
+# General pooler settings
+[general]
+# What IP to run on, 0.0.0.0 means accessible from everywhere.
+host = "0.0.0.0"
+
+# Port to run on, same as PgBouncer used in this example.
+port = 6432
+
+# Whether to enable prometheus exporter or not.
+enable_prometheus_exporter = true
+
+# Port at which prometheus exporter listens on.
+prometheus_exporter_port = 9930
+
+# How long to wait before aborting a server connection (ms).
+connect_timeout = 5000 # milliseconds
+
+# How long an idle connection with a server is left open (ms).
+idle_timeout = 30000 # milliseconds
+
+# Max connection lifetime before it's closed, even if actively used.
+server_lifetime = 86400000 # 24 hours
+
+# How long a client is allowed to be idle while in a transaction (ms).
+idle_client_in_transaction_timeout = 0 # milliseconds
+
+# How much time to give the health check query to return with a result (ms).
+healthcheck_timeout = 1000 # milliseconds
+
+# How long to keep connection available for immediate re-use, without running a healthcheck query on it
+healthcheck_delay = 30000 # milliseconds
+
+# How much time to give clients during shutdown before forcibly killing client connections (ms).
+shutdown_timeout = 60000 # milliseconds
+
+# How long to ban a server if it fails a health check (seconds).
+ban_time = 60 # seconds
+
+# If we should log client connections
+log_client_connections = false
+
+# If we should log client disconnections
+log_client_disconnections = false
+
+# When set to true, PgCat reloads configs if it detects a change in the config file.
+autoreload = 15000
+
+# Number of worker threads the Runtime will use (4 by default).
+worker_threads = 5
+
+# Number of seconds of connection idleness to wait before sending a keepalive packet to the server.
+tcp_keepalives_idle = 5
+# Number of unacknowledged keepalive packets allowed before giving up and closing the connection.
+tcp_keepalives_count = 5
+# Number of seconds between keepalive packets.
+tcp_keepalives_interval = 5
+
+# Path to TLS Certificate file to use for TLS connections
+# tls_certificate = ".circleci/server.cert"
+# Path to TLS private key file to use for TLS connections
+# tls_private_key = ".circleci/server.key"
+
+# Enable/disable server TLS
+server_tls = false
+
+# Verify server certificate is completely authentic.
+verify_server_certificate = false
+
+# User name to access the virtual administrative database (pgbouncer or pgcat)
+# Connecting to that database allows running commands like `SHOW POOLS`, `SHOW DATABASES`, etc..
+admin_username = "admin_user"
+# Password to access the virtual administrative database
+admin_password = "admin_pass"
+
+# Default plugins that are configured on all pools.
+[plugins]
+
+# Prewarmer plugin that runs queries on server startup, before giving the connection
+# to the client.
+[plugins.prewarmer]
+enabled = false
+queries = [
+  "SELECT pg_prewarm('pgbench_accounts')",
+]
+
+# Log all queries to stdout.
+[plugins.query_logger]
+enabled = false
+
+# Block access to tables that Postgres does not allow us to control.
+[plugins.table_access]
+enabled = false
+tables = [
+  "pg_user",
+  "pg_roles",
+  "pg_database",
+]
+
+# Intercept user queries and give a fake reply.
+[plugins.intercept]
+enabled = true
+
+[plugins.intercept.queries.0]
+
+query = "select current_database() as a, current_schemas(false) as b"
+schema = [
+  ["a", "text"],
+  ["b", "text"],
+]
+result = [
+  ["${DATABASE}", "{public}"],
+]
+
+[plugins.intercept.queries.1]
+
+query = "select current_database(), current_schema(), current_user"
+schema = [
+  ["current_database", "text"],
+  ["current_schema", "text"],
+  ["current_user", "text"],
+]
+result = [
+  ["${DATABASE}", "public", "${USER}"],
+]
+
+
+# pool configs are structured as pool.<pool_name>
+# the pool_name is what clients use as database name when connecting.
+# For a pool named `sharded_db`, clients access that pool using connection string like
+# `postgres://sharding_user:sharding_user@pgcat_host:pgcat_port/sharded_db`
+[pools.sharded_db]
+# Pool mode (see PgBouncer docs for more).
+# `session` one server connection per connected client
+# `transaction` one server connection per client transaction
+pool_mode = "transaction"
+
+# Load balancing mode
+# `random` selects the server at random
+# `loc` selects the server with the least outstanding busy conncetions
+load_balancing_mode = "random"
+
+# If the client doesn't specify, PgCat routes traffic to this role by default.
+# `any` round-robin between primary and replicas,
+# `replica` round-robin between replicas only without touching the primary,
+# `primary` all queries go to the primary unless otherwise specified.
+default_role = "any"
+
+# If Query Parser is enabled, we'll attempt to parse
+# every incoming query to determine if it's a read or a write.
+# If it's a read query, we'll direct it to a replica. Otherwise, if it's a write,
+# we'll direct it to the primary.
+query_parser_enabled = true
+
+# If the query parser is enabled and this setting is enabled, the primary will be part of the pool of databases used for
+# load balancing of read queries. Otherwise, the primary will only be used for write
+# queries. The primary can always be explicitly selected with our custom protocol.
+primary_reads_enabled = true
+
+# Allow sharding commands to be passed as statement comments instead of
+# separate commands. If these are unset this functionality is disabled.
+# sharding_key_regex = '/\* sharding_key: (\d+) \*/'
+# shard_id_regex = '/\* shard_id: (\d+) \*/'
+# regex_search_limit = 1000 # only look at the first 1000 characters of SQL statements
+
+# So what if you wanted to implement a different hashing function,
+# or you've already built one and you want this pooler to use it?
+# Current options:
+# `pg_bigint_hash`: PARTITION BY HASH (Postgres hashing function)
+# `sha1`: A hashing function based on SHA1
+sharding_function = "pg_bigint_hash"
+
+# Query to be sent to servers to obtain the hash used for md5 authentication. The connection will be
+# established using the database configured in the pool. This parameter is inherited by every pool
+# and can be redefined in pool configuration.
+# auth_query = "SELECT $1"
+
+# User to be used for connecting to servers to obtain the hash used for md5 authentication by sending the query
+# specified in `auth_query_user`. The connection will be established using the database configured in the pool.
+# This parameter is inherited by every pool and can be redefined in pool configuration.
+# auth_query_user = "sharding_user"
+
+# Password to be used for connecting to servers to obtain the hash used for md5 authentication by sending the query
+# specified in `auth_query_user`. The connection will be established using the database configured in the pool.
+# This parameter is inherited by every pool and can be redefined in pool configuration.
+# auth_query_password = "sharding_user"
+
+# Automatically parse this from queries and route queries to the right shard!
+# automatic_sharding_key = "data.id"
+
+# Idle timeout can be overwritten in the pool
+idle_timeout = 40000
+
+# Connect timeout can be overwritten in the pool
+connect_timeout = 3000
+
+# When enabled, ip resolutions for server connections specified using hostnames will be cached
+# and checked for changes every `dns_max_ttl` seconds. If a change in the host resolution is found
+# old ip connections are closed (gracefully) and new connections will start using new ip.
+# dns_cache_enabled = false
+
+# Specifies how often (in seconds) cached ip addresses for servers are rechecked (see `dns_cache_enabled`).
+# dns_max_ttl = 30
+
+# Plugins can be configured on a pool-per-pool basis. This overrides the global plugins setting,
+# so all plugins have to be configured here again.
+[pool.sharded_db.plugins]
+
+[pools.sharded_db.plugins.prewarmer]
+enabled = true
+queries = [
+  "SELECT pg_prewarm('pgbench_accounts')",
+]
+
+[pools.sharded_db.plugins.query_logger]
+enabled = false
+
+[pools.sharded_db.plugins.table_access]
+enabled = false
+tables = [
+  "pg_user",
+  "pg_roles",
+  "pg_database",
+]
+
+[pools.sharded_db.plugins.intercept]
+enabled = true
+
+[pools.sharded_db.plugins.intercept.queries.0]
+
+query = "select current_database() as a, current_schemas(false) as b"
+schema = [
+  ["a", "text"],
+  ["b", "text"],
+]
+result = [
+  ["${DATABASE}", "{public}"],
+]
+
+[pools.sharded_db.plugins.intercept.queries.1]
+
+query = "select current_database(), current_schema(), current_user"
+schema = [
+  ["current_database", "text"],
+  ["current_schema", "text"],
+  ["current_user", "text"],
+]
+result = [
+  ["${DATABASE}", "public", "${USER}"],
+]
+
+# User configs are structured as pool.<pool_name>.users.<user_index>
+# This section holds the credentials for users that may connect to this cluster
+[pools.sharded_db.users.0]
+# PostgreSQL username used to authenticate the user and connect to the server
+# if `server_username` is not set.
+username = "sharding_user"
+
+# PostgreSQL password used to authenticate the user and connect to the server
+# if `server_password` is not set.
+password = "sharding_user"
+
+pool_mode = "session"
+
+# PostgreSQL username used to connect to the server.
+# server_username = "another_user"
+
+# PostgreSQL password used to connect to the server.
+# server_password = "another_password"
+
+# Maximum number of server connections that can be established for this user
+# The maximum number of connection from a single Pgcat process to any database in the cluster
+# is the sum of pool_size across all users.
+pool_size = 9
+
+
+# Maximum query duration. Dangerous, but protects against DBs that died in a non-obvious way.
+# 0 means it is disabled.
+statement_timeout = 0
+
+[pools.sharded_db.users.1]
+username = "other_user"
+password = "other_user"
+pool_size = 21
+statement_timeout = 15000
+
+# Shard configs are structured as pool.<pool_name>.shards.<shard_id>
+# Each shard config contains a list of servers that make up the shard
+# and the database name to use.
+[pools.sharded_db.shards.0]
+# Array of servers in the shard, each server entry is an array of `[host, port, role]`
+servers = [["127.0.0.1", 5432, "primary"], ["localhost", 5432, "replica"]]
+
+# Array of mirrors for the shard, each mirror entry is an array of `[host, port, index of server in servers array]`
+# Traffic hitting the server identified by the index will be sent to the mirror.
+# mirrors = [["1.2.3.4", 5432, 0], ["1.2.3.4", 5432, 1]]
+
+# Database name (e.g. "postgres")
+database = "shard0"
+
+[pools.sharded_db.shards.1]
+servers = [["127.0.0.1", 5432, "primary"], ["localhost", 5432, "replica"]]
+database = "shard1"
+
+[pools.sharded_db.shards.2]
+servers = [["127.0.0.1", 5432, "primary" ], ["localhost", 5432, "replica" ]]
+database = "shard2"
+
+
+[pools.simple_db]
+pool_mode = "session"
+default_role = "primary"
+query_parser_enabled = true
+primary_reads_enabled = true
+sharding_function = "pg_bigint_hash"
+
+[pools.simple_db.users.0]
+username = "simple_user"
+password = "simple_user"
+pool_size = 5
+min_pool_size = 3
+server_lifetime = 60000
+statement_timeout = 0
+
+[pools.simple_db.shards.0]
+servers = [
+    [ "127.0.0.1", 5432, "primary" ],
+    [ "localhost", 5432, "replica" ]
+]
+database = "some_db"

src/admin.rs

@@ -0,0 +1,915 @@
+use crate::pool::BanReason;
+use bytes::{Buf, BufMut, BytesMut};
+use log::{error, info, trace};
+use nix::sys::signal::{self, Signal};
+use nix::unistd::Pid;
+use std::collections::HashMap;
+/// Admin database.
+use std::sync::atomic::Ordering;
+use std::time::{SystemTime, UNIX_EPOCH};
+use tokio::time::Instant;
+
+use crate::config::{get_config, reload_config, VERSION};
+use crate::errors::Error;
+use crate::messages::*;
+use crate::pool::ClientServerMap;
+use crate::pool::{get_all_pools, get_pool};
+use crate::stats::{get_client_stats, get_pool_stats, get_server_stats, ClientState, ServerState};
+
+pub fn generate_server_info_for_admin() -> BytesMut {
+    let mut server_info = BytesMut::new();
+
+    server_info.put(server_parameter_message("application_name", ""));
+    server_info.put(server_parameter_message("client_encoding", "UTF8"));
+    server_info.put(server_parameter_message("server_encoding", "UTF8"));
+    server_info.put(server_parameter_message("server_version", VERSION));
+    server_info.put(server_parameter_message("DateStyle", "ISO, MDY"));
+
+    server_info
+}
+
+/// Handle admin client.
+pub async fn handle_admin<T>(
+    stream: &mut T,
+    mut query: BytesMut,
+    client_server_map: ClientServerMap,
+) -> Result<(), Error>
+where
+    T: tokio::io::AsyncWrite + std::marker::Unpin,
+{
+    let code = query.get_u8() as char;
+
+    if code != 'Q' {
+        return Err(Error::ProtocolSyncError(format!(
+            "Invalid code, expected 'Q' but got '{}'",
+            code
+        )));
+    }
+
+    let len = query.get_i32() as usize;
+    let query = String::from_utf8_lossy(&query[..len - 5]).to_string();
+
+    trace!("Admin query: {}", query);
+
+    let query_parts: Vec<&str> = query.trim_end_matches(';').split_whitespace().collect();
+
+    match query_parts[0].to_ascii_uppercase().as_str() {
+        "BAN" => {
+            trace!("BAN");
+            ban(stream, query_parts).await
+        }
+        "UNBAN" => {
+            trace!("UNBAN");
+            unban(stream, query_parts).await
+        }
+        "RELOAD" => {
+            trace!("RELOAD");
+            reload(stream, client_server_map).await
+        }
+        "SET" => {
+            trace!("SET");
+            ignore_set(stream).await
+        }
+        "PAUSE" => {
+            trace!("PAUSE");
+            pause(stream, query_parts[1]).await
+        }
+        "RESUME" => {
+            trace!("RESUME");
+            resume(stream, query_parts[1]).await
+        }
+        "SHUTDOWN" => {
+            trace!("SHUTDOWN");
+            shutdown(stream).await
+        }
+        "SHOW" => match query_parts[1].to_ascii_uppercase().as_str() {
+            "BANS" => {
+                trace!("SHOW BANS");
+                show_bans(stream).await
+            }
+            "CONFIG" => {
+                trace!("SHOW CONFIG");
+                show_config(stream).await
+            }
+            "DATABASES" => {
+                trace!("SHOW DATABASES");
+                show_databases(stream).await
+            }
+            "LISTS" => {
+                trace!("SHOW LISTS");
+                show_lists(stream).await
+            }
+            "POOLS" => {
+                trace!("SHOW POOLS");
+                show_pools(stream).await
+            }
+            "CLIENTS" => {
+                trace!("SHOW CLIENTS");
+                show_clients(stream).await
+            }
+            "SERVERS" => {
+                trace!("SHOW SERVERS");
+                show_servers(stream).await
+            }
+            "STATS" => {
+                trace!("SHOW STATS");
+                show_stats(stream).await
+            }
+            "VERSION" => {
+                trace!("SHOW VERSION");
+                show_version(stream).await
+            }
+            "USERS" => {
+                trace!("SHOW USERS");
+                show_users(stream).await
+            }
+            _ => error_response(stream, "Unsupported SHOW query against the admin database").await,
+        },
+        _ => error_response(stream, "Unsupported query against the admin database").await,
+    }
+}
+
+/// Column-oriented statistics.
+async fn show_lists<T>(stream: &mut T) -> Result<(), Error>
+where
+    T: tokio::io::AsyncWrite + std::marker::Unpin,
+{
+    let client_stats = get_client_stats();
+    let server_stats = get_server_stats();
+
+    let columns = vec![("list", DataType::Text), ("items", DataType::Int4)];
+
+    let mut users = 1;
+    let mut databases = 1;
+    for (_, pool) in get_all_pools() {
+        databases += pool.databases();
+        users += 1; // One user per pool
+    }
+    let mut res = BytesMut::new();
+    res.put(row_description(&columns));
+    res.put(data_row(&vec![
+        "databases".to_string(),
+        databases.to_string(),
+    ]));
+    res.put(data_row(&vec!["users".to_string(), users.to_string()]));
+    res.put(data_row(&vec!["pools".to_string(), databases.to_string()]));
+    res.put(data_row(&vec![
+        "free_clients".to_string(),
+        client_stats
+            .keys()
+            .filter(|client_id| {
+                client_stats
+                    .get(client_id)
+                    .unwrap()
+                    .state
+                    .load(Ordering::Relaxed)
+                    == ClientState::Idle
+            })
+            .count()
+            .to_string(),
+    ]));
+    res.put(data_row(&vec![
+        "used_clients".to_string(),
+        client_stats
+            .keys()
+            .filter(|client_id| {
+                client_stats
+                    .get(client_id)
+                    .unwrap()
+                    .state
+                    .load(Ordering::Relaxed)
+                    == ClientState::Active
+            })
+            .count()
+            .to_string(),
+    ]));
+    res.put(data_row(&vec![
+        "login_clients".to_string(),
+        "0".to_string(),
+    ]));
+    res.put(data_row(&vec![
+        "free_servers".to_string(),
+        server_stats
+            .keys()
+            .filter(|server_id| {
+                server_stats
+                    .get(server_id)
+                    .unwrap()
+                    .state
+                    .load(Ordering::Relaxed)
+                    == ServerState::Idle
+            })
+            .count()
+            .to_string(),
+    ]));
+    res.put(data_row(&vec![
+        "used_servers".to_string(),
+        server_stats
+            .keys()
+            .filter(|server_id| {
+                server_stats
+                    .get(server_id)
+                    .unwrap()
+                    .state
+                    .load(Ordering::Relaxed)
+                    == ServerState::Active
+            })
+            .count()
+            .to_string(),
+    ]));
+    res.put(data_row(&vec!["dns_names".to_string(), "0".to_string()]));
+    res.put(data_row(&vec!["dns_zones".to_string(), "0".to_string()]));
+    res.put(data_row(&vec!["dns_queries".to_string(), "0".to_string()]));
+    res.put(data_row(&vec!["dns_pending".to_string(), "0".to_string()]));
+
+    res.put(command_complete("SHOW"));
+
+    res.put_u8(b'Z');
+    res.put_i32(5);
+    res.put_u8(b'I');
+
+    write_all_half(stream, &res).await
+}
+
+/// Show PgCat version.
+async fn show_version<T>(stream: &mut T) -> Result<(), Error>
+where
+    T: tokio::io::AsyncWrite + std::marker::Unpin,
+{
+    let mut res = BytesMut::new();
+
+    res.put(row_description(&vec![("version", DataType::Text)]));
+    res.put(data_row(&vec![format!("PgCat {}", VERSION)]));
+    res.put(command_complete("SHOW"));
+
+    res.put_u8(b'Z');
+    res.put_i32(5);
+    res.put_u8(b'I');
+
+    write_all_half(stream, &res).await
+}
+
+/// Show utilization of connection pools for each shard and replicas.
+async fn show_pools<T>(stream: &mut T) -> Result<(), Error>
+where
+    T: tokio::io::AsyncWrite + std::marker::Unpin,
+{
+    let all_pool_stats = get_pool_stats();
+
+    let columns = vec![
+        ("database", DataType::Text),
+        ("user", DataType::Text),
+        ("pool_mode", DataType::Text),
+        ("cl_idle", DataType::Numeric),
+        ("cl_active", DataType::Numeric),
+        ("cl_waiting", DataType::Numeric),
+        ("cl_cancel_req", DataType::Numeric),
+        ("sv_active", DataType::Numeric),
+        ("sv_idle", DataType::Numeric),
+        ("sv_used", DataType::Numeric),
+        ("sv_tested", DataType::Numeric),
+        ("sv_login", DataType::Numeric),
+        ("maxwait", DataType::Numeric),
+        ("maxwait_us", DataType::Numeric),
+    ];
+
+    let mut res = BytesMut::new();
+    res.put(row_description(&columns));
+
+    for ((_user_pool, _pool), pool_stats) in all_pool_stats {
+        let mut row = vec![
+            pool_stats.database(),
+            pool_stats.user(),
+            pool_stats.pool_mode().to_string(),
+        ];
+        pool_stats.populate_row(&mut row);
+        pool_stats.clear_maxwait();
+        res.put(data_row(&row));
+    }
+
+    res.put(command_complete("SHOW"));
+
+    // ReadyForQuery
+    res.put_u8(b'Z');
+    res.put_i32(5);
+    res.put_u8(b'I');
+
+    write_all_half(stream, &res).await
+}
+
+/// Show shards and replicas.
+async fn show_databases<T>(stream: &mut T) -> Result<(), Error>
+where
+    T: tokio::io::AsyncWrite + std::marker::Unpin,
+{
+    // Columns
+    let columns = vec![
+        ("name", DataType::Text),
+        ("host", DataType::Text),
+        ("port", DataType::Text),
+        ("database", DataType::Text),
+        ("force_user", DataType::Text),
+        ("pool_size", DataType::Int4),
+        ("min_pool_size", DataType::Int4),
+        ("reserve_pool", DataType::Int4),
+        ("pool_mode", DataType::Text),
+        ("max_connections", DataType::Int4),
+        ("current_connections", DataType::Int4),
+        ("paused", DataType::Int4),
+        ("disabled", DataType::Int4),
+    ];
+
+    let mut res = BytesMut::new();
+
+    res.put(row_description(&columns));
+
+    for (_, pool) in get_all_pools() {
+        let pool_config = pool.settings.clone();
+        for shard in 0..pool.shards() {
+            let database_name = &pool.address(shard, 0).database;
+            for server in 0..pool.servers(shard) {
+                let address = pool.address(shard, server);
+                let pool_state = pool.pool_state(shard, server);
+                let banned = pool.is_banned(address);
+                let paused = pool.paused();
+
+                res.put(data_row(&vec![
+                    address.name(),                         // name
+                    address.host.to_string(),               // host
+                    address.port.to_string(),               // port
+                    database_name.to_string(),              // database
+                    pool_config.user.username.to_string(),  // force_user
+                    pool_config.user.pool_size.to_string(), // pool_size
+                    "0".to_string(),                        // min_pool_size
+                    "0".to_string(),                        // reserve_pool
+                    pool_config.pool_mode.to_string(),      // pool_mode
+                    pool_config.user.pool_size.to_string(), // max_connections
+                    pool_state.connections.to_string(),     // current_connections
+                    match paused {
+                        // paused
+                        true => "1".to_string(),
+                        false => "0".to_string(),
+                    },
+                    match banned {
+                        // disabled
+                        true => "1".to_string(),
+                        false => "0".to_string(),
+                    },
+                ]));
+            }
+        }
+    }
+    res.put(command_complete("SHOW"));
+
+    // ReadyForQuery
+    res.put_u8(b'Z');
+    res.put_i32(5);
+    res.put_u8(b'I');
+
+    write_all_half(stream, &res).await
+}
+
+/// Ignore any SET commands the client sends.
+/// This is common initialization done by ORMs.
+async fn ignore_set<T>(stream: &mut T) -> Result<(), Error>
+where
+    T: tokio::io::AsyncWrite + std::marker::Unpin,
+{
+    custom_protocol_response_ok(stream, "SET").await
+}
+
+/// Bans a host from being used
+async fn ban<T>(stream: &mut T, tokens: Vec<&str>) -> Result<(), Error>
+where
+    T: tokio::io::AsyncWrite + std::marker::Unpin,
+{
+    let host = match tokens.get(1) {
+        Some(host) => host,
+        None => return error_response(stream, "usage: BAN hostname duration_seconds").await,
+    };
+
+    let duration_seconds = match tokens.get(2) {
+        Some(duration_seconds) => match duration_seconds.parse::<i64>() {
+            Ok(duration_seconds) => duration_seconds,
+            Err(_) => {
+                return error_response(stream, "duration_seconds must be an integer").await;
+            }
+        },
+        None => return error_response(stream, "usage: BAN hostname duration_seconds").await,
+    };
+
+    if duration_seconds <= 0 {
+        return error_response(stream, "duration_seconds must be >= 0").await;
+    }
+
+    let columns = vec![
+        ("db", DataType::Text),
+        ("user", DataType::Text),
+        ("role", DataType::Text),
+        ("host", DataType::Text),
+    ];
+    let mut res = BytesMut::new();
+    res.put(row_description(&columns));
+
+    for (id, pool) in get_all_pools().iter() {
+        for address in pool.get_addresses_from_host(host) {
+            if !pool.is_banned(&address) {
+                pool.ban(&address, BanReason::AdminBan(duration_seconds), None);
+                res.put(data_row(&vec![
+                    id.db.clone(),
+                    id.user.clone(),
+                    address.role.to_string(),
+                    address.host,
+                ]));
+            }
+        }
+    }
+
+    res.put(command_complete("BAN"));
+
+    // ReadyForQuery
+    res.put_u8(b'Z');
+    res.put_i32(5);
+    res.put_u8(b'I');
+
+    write_all_half(stream, &res).await
+}
+
+/// Clear a host for use
+async fn unban<T>(stream: &mut T, tokens: Vec<&str>) -> Result<(), Error>
+where
+    T: tokio::io::AsyncWrite + std::marker::Unpin,
+{
+    let host = match tokens.get(1) {
+        Some(host) => host,
+        None => return error_response(stream, "UNBAN command requires a hostname to unban").await,
+    };
+
+    let columns = vec![
+        ("db", DataType::Text),
+        ("user", DataType::Text),
+        ("role", DataType::Text),
+        ("host", DataType::Text),
+    ];
+    let mut res = BytesMut::new();
+    res.put(row_description(&columns));
+
+    for (id, pool) in get_all_pools().iter() {
+        for address in pool.get_addresses_from_host(host) {
+            if pool.is_banned(&address) {
+                pool.unban(&address);
+                res.put(data_row(&vec![
+                    id.db.clone(),
+                    id.user.clone(),
+                    address.role.to_string(),
+                    address.host,
+                ]));
+            }
+        }
+    }
+
+    res.put(command_complete("UNBAN"));
+
+    // ReadyForQuery
+    res.put_u8(b'Z');
+    res.put_i32(5);
+    res.put_u8(b'I');
+
+    write_all_half(stream, &res).await
+}
+
+/// Shows all the bans
+async fn show_bans<T>(stream: &mut T) -> Result<(), Error>
+where
+    T: tokio::io::AsyncWrite + std::marker::Unpin,
+{
+    let columns = vec![
+        ("db", DataType::Text),
+        ("user", DataType::Text),
+        ("role", DataType::Text),
+        ("host", DataType::Text),
+        ("reason", DataType::Text),
+        ("ban_time", DataType::Text),
+        ("ban_duration_seconds", DataType::Text),
+        ("ban_remaining_seconds", DataType::Text),
+    ];
+    let mut res = BytesMut::new();
+    res.put(row_description(&columns));
+
+    // The block should be pretty quick so we cache the time outside
+    let now = SystemTime::now()
+        .duration_since(UNIX_EPOCH)
+        .expect("Time went backwards")
+        .as_secs() as i64;
+
+    for (id, pool) in get_all_pools().iter() {
+        for (address, (ban_reason, ban_time)) in pool.get_bans().iter() {
+            let ban_duration = match ban_reason {
+                BanReason::AdminBan(duration) => *duration,
+                _ => pool.settings.ban_time,
+            };
+            let remaining = ban_duration - (now - ban_time.timestamp());
+            if remaining <= 0 {
+                continue;
+            }
+            res.put(data_row(&vec![
+                id.db.clone(),
+                id.user.clone(),
+                address.role.to_string(),
+                address.host.clone(),
+                format!("{:?}", ban_reason),
+                ban_time.to_string(),
+                ban_duration.to_string(),
+                remaining.to_string(),
+            ]));
+        }
+    }
+
+    res.put(command_complete("SHOW BANS"));
+
+    // ReadyForQuery
+    res.put_u8(b'Z');
+    res.put_i32(5);
+    res.put_u8(b'I');
+
+    write_all_half(stream, &res).await
+}
+
+/// Reload the configuration file without restarting the process.
+async fn reload<T>(stream: &mut T, client_server_map: ClientServerMap) -> Result<(), Error>
+where
+    T: tokio::io::AsyncWrite + std::marker::Unpin,
+{
+    info!("Reloading config");
+
+    reload_config(client_server_map).await?;
+
+    get_config().show();
+
+    let mut res = BytesMut::new();
+
+    res.put(command_complete("RELOAD"));
+
+    // ReadyForQuery
+    res.put_u8(b'Z');
+    res.put_i32(5);
+    res.put_u8(b'I');
+
+    write_all_half(stream, &res).await
+}
+
+/// Shows current configuration.
+async fn show_config<T>(stream: &mut T) -> Result<(), Error>
+where
+    T: tokio::io::AsyncWrite + std::marker::Unpin,
+{
+    let config = &get_config();
+    let config: HashMap<String, String> = config.into();
+
+    // Configs that cannot be changed without restarting.
+    let immutables = ["host", "port", "connect_timeout"];
+
+    // Columns
+    let columns = vec![
+        ("key", DataType::Text),
+        ("value", DataType::Text),
+        ("default", DataType::Text),
+        ("changeable", DataType::Text),
+    ];
+
+    // Response data
+    let mut res = BytesMut::new();
+    res.put(row_description(&columns));
+
+    // DataRow rows
+    for (key, value) in config {
+        let changeable = if immutables.iter().filter(|col| *col == &key).count() == 1 {
+            "no".to_string()
+        } else {
+            "yes".to_string()
+        };
+
+        let row = vec![key, value, "-".to_string(), changeable];
+
+        res.put(data_row(&row));
+    }
+
+    res.put(command_complete("SHOW"));
+
+    // ReadyForQuery
+    res.put_u8(b'Z');
+    res.put_i32(5);
+    res.put_u8(b'I');
+
+    write_all_half(stream, &res).await
+}
+
+/// Show shard and replicas statistics.
+async fn show_stats<T>(stream: &mut T) -> Result<(), Error>
+where
+    T: tokio::io::AsyncWrite + std::marker::Unpin,
+{
+    let columns = vec![
+        ("instance", DataType::Text),
+        ("database", DataType::Text),
+        ("user", DataType::Text),
+        ("total_xact_count", DataType::Numeric),
+        ("total_query_count", DataType::Numeric),
+        ("total_received", DataType::Numeric),
+        ("total_sent", DataType::Numeric),
+        ("total_xact_time", DataType::Numeric),
+        ("total_query_time", DataType::Numeric),
+        ("total_wait_time", DataType::Numeric),
+        ("total_errors", DataType::Numeric),
+        ("avg_xact_count", DataType::Numeric),
+        ("avg_query_count", DataType::Numeric),
+        ("avg_recv", DataType::Numeric),
+        ("avg_sent", DataType::Numeric),
+        ("avg_errors", DataType::Numeric),
+        ("avg_xact_time", DataType::Numeric),
+        ("avg_query_time", DataType::Numeric),
+        ("avg_wait_time", DataType::Numeric),
+    ];
+
+    let mut res = BytesMut::new();
+    res.put(row_description(&columns));
+
+    for (user_pool, pool) in get_all_pools() {
+        for shard in 0..pool.shards() {
+            for server in 0..pool.servers(shard) {
+                let address = pool.address(shard, server);
+
+                let mut row = vec![address.name(), user_pool.db.clone(), user_pool.user.clone()];
+                let stats = address.stats.clone();
+                stats.populate_row(&mut row);
+
+                res.put(data_row(&row));
+            }
+        }
+    }
+
+    res.put(command_complete("SHOW"));
+
+    // ReadyForQuery
+    res.put_u8(b'Z');
+    res.put_i32(5);
+    res.put_u8(b'I');
+
+    write_all_half(stream, &res).await
+}
+
+/// Show currently connected clients
+async fn show_clients<T>(stream: &mut T) -> Result<(), Error>
+where
+    T: tokio::io::AsyncWrite + std::marker::Unpin,
+{
+    let columns = vec![
+        ("client_id", DataType::Text),
+        ("database", DataType::Text),
+        ("user", DataType::Text),
+        ("application_name", DataType::Text),
+        ("state", DataType::Text),
+        ("transaction_count", DataType::Numeric),
+        ("query_count", DataType::Numeric),
+        ("error_count", DataType::Numeric),
+        ("age_seconds", DataType::Numeric),
+    ];
+
+    let new_map = get_client_stats();
+    let mut res = BytesMut::new();
+    res.put(row_description(&columns));
+
+    for (_, client) in new_map {
+        let row = vec![
+            format!("{:#010X}", client.client_id()),
+            client.pool_name(),
+            client.username(),
+            client.application_name(),
+            client.state.load(Ordering::Relaxed).to_string(),
+            client.transaction_count.load(Ordering::Relaxed).to_string(),
+            client.query_count.load(Ordering::Relaxed).to_string(),
+            client.error_count.load(Ordering::Relaxed).to_string(),
+            Instant::now()
+                .duration_since(client.connect_time())
+                .as_secs()
+                .to_string(),
+        ];
+
+        res.put(data_row(&row));
+    }
+
+    res.put(command_complete("SHOW"));
+
+    // ReadyForQuery
+    res.put_u8(b'Z');
+    res.put_i32(5);
+    res.put_u8(b'I');
+
+    write_all_half(stream, &res).await
+}
+
+/// Show currently connected servers
+async fn show_servers<T>(stream: &mut T) -> Result<(), Error>
+where
+    T: tokio::io::AsyncWrite + std::marker::Unpin,
+{
+    let columns = vec![
+        ("server_id", DataType::Text),
+        ("database_name", DataType::Text),
+        ("user", DataType::Text),
+        ("address_id", DataType::Text),
+        ("application_name", DataType::Text),
+        ("state", DataType::Text),
+        ("transaction_count", DataType::Numeric),
+        ("query_count", DataType::Numeric),
+        ("bytes_sent", DataType::Numeric),
+        ("bytes_received", DataType::Numeric),
+        ("age_seconds", DataType::Numeric),
+    ];
+
+    let new_map = get_server_stats();
+    let mut res = BytesMut::new();
+    res.put(row_description(&columns));
+
+    for (_, server) in new_map {
+        let application_name = server.application_name.read();
+        let row = vec![
+            format!("{:#010X}", server.server_id()),
+            server.pool_name(),
+            server.username(),
+            server.address_name(),
+            application_name.clone(),
+            server.state.load(Ordering::Relaxed).to_string(),
+            server.transaction_count.load(Ordering::Relaxed).to_string(),
+            server.query_count.load(Ordering::Relaxed).to_string(),
+            server.bytes_sent.load(Ordering::Relaxed).to_string(),
+            server.bytes_received.load(Ordering::Relaxed).to_string(),
+            Instant::now()
+                .duration_since(server.connect_time())
+                .as_secs()
+                .to_string(),
+        ];
+
+        res.put(data_row(&row));
+    }
+
+    res.put(command_complete("SHOW"));
+
+    // ReadyForQuery
+    res.put_u8(b'Z');
+    res.put_i32(5);
+    res.put_u8(b'I');
+
+    write_all_half(stream, &res).await
+}
+
+/// Pause a pool. It won't pass any more queries to the backends.
+async fn pause<T>(stream: &mut T, query: &str) -> Result<(), Error>
+where
+    T: tokio::io::AsyncWrite + std::marker::Unpin,
+{
+    let parts: Vec<&str> = query.split(",").map(|part| part.trim()).collect();
+
+    if parts.len() != 2 {
+        error_response(
+            stream,
+            "PAUSE requires a database and a user, e.g. PAUSE my_db,my_user",
+        )
+        .await
+    } else {
+        let database = parts[0];
+        let user = parts[1];
+
+        match get_pool(database, user) {
+            Some(pool) => {
+                pool.pause();
+
+                let mut res = BytesMut::new();
+
+                res.put(command_complete(&format!("PAUSE {},{}", database, user)));
+
+                // ReadyForQuery
+                res.put_u8(b'Z');
+                res.put_i32(5);
+                res.put_u8(b'I');
+
+                write_all_half(stream, &res).await
+            }
+
+            None => {
+                error_response(
+                    stream,
+                    &format!(
+                        "No pool configured for database: {}, user: {}",
+                        database, user
+                    ),
+                )
+                .await
+            }
+        }
+    }
+}
+
+/// Resume a pool. Queries are allowed again.
+async fn resume<T>(stream: &mut T, query: &str) -> Result<(), Error>
+where
+    T: tokio::io::AsyncWrite + std::marker::Unpin,
+{
+    let parts: Vec<&str> = query.split(",").map(|part| part.trim()).collect();
+
+    if parts.len() != 2 {
+        error_response(
+            stream,
+            "RESUME requires a database and a user, e.g. RESUME my_db,my_user",
+        )
+        .await
+    } else {
+        let database = parts[0];
+        let user = parts[1];
+
+        match get_pool(database, user) {
+            Some(pool) => {
+                pool.resume();
+
+                let mut res = BytesMut::new();
+
+                res.put(command_complete(&format!("RESUME {},{}", database, user)));
+
+                // ReadyForQuery
+                res.put_u8(b'Z');
+                res.put_i32(5);
+                res.put_u8(b'I');
+
+                write_all_half(stream, &res).await
+            }
+
+            None => {
+                error_response(
+                    stream,
+                    &format!(
+                        "No pool configured for database: {}, user: {}",
+                        database, user
+                    ),
+                )
+                .await
+            }
+        }
+    }
+}
+
+/// Send response packets for shutdown.
+async fn shutdown<T>(stream: &mut T) -> Result<(), Error>
+where
+    T: tokio::io::AsyncWrite + std::marker::Unpin,
+{
+    let mut res = BytesMut::new();
+
+    res.put(row_description(&vec![("success", DataType::Text)]));
+
+    let mut shutdown_success = "t";
+
+    let pid = std::process::id();
+    if signal::kill(Pid::from_raw(pid.try_into().unwrap()), Signal::SIGINT).is_err() {
+        error!("Unable to send SIGINT to PID: {}", pid);
+        shutdown_success = "f";
+    }
+
+    res.put(data_row(&vec![shutdown_success.to_string()]));
+
+    res.put(command_complete("SHUTDOWN"));
+
+    res.put_u8(b'Z');
+    res.put_i32(5);
+    res.put_u8(b'I');
+
+    write_all_half(stream, &res).await
+}
+
+/// Show Users.
+async fn show_users<T>(stream: &mut T) -> Result<(), Error>
+where
+    T: tokio::io::AsyncWrite + std::marker::Unpin,
+{
+    let mut res = BytesMut::new();
+
+    res.put(row_description(&vec![
+        ("name", DataType::Text),
+        ("pool_mode", DataType::Text),
+    ]));
+
+    for (user_pool, pool) in get_all_pools() {
+        let pool_config = &pool.settings;
+        res.put(data_row(&vec![
+            user_pool.user.clone(),
+            pool_config.pool_mode.to_string(),
+        ]));
+    }
+
+    res.put(command_complete("SHOW"));
+
+    res.put_u8(b'Z');
+    res.put_i32(5);
+    res.put_u8(b'I');
+
+    write_all_half(stream, &res).await
+}

src/auth_passthrough.rs

@@ -0,0 +1,134 @@
+use crate::errors::Error;
+use crate::pool::ConnectionPool;
+use crate::server::Server;
+use log::debug;
+
+#[derive(Clone, Debug)]
+pub struct AuthPassthrough {
+    password: String,
+    query: String,
+    user: String,
+}
+
+impl AuthPassthrough {
+    /// Initializes an AuthPassthrough.
+    pub fn new(query: &str, user: &str, password: &str) -> Self {
+        AuthPassthrough {
+            password: password.to_string(),
+            query: query.to_string(),
+            user: user.to_string(),
+        }
+    }
+
+    /// Returns an AuthPassthrough given the pool configuration.
+    /// If any of required values is not set, None is returned.
+    pub fn from_pool_config(pool_config: &crate::config::Pool) -> Option<Self> {
+        if pool_config.is_auth_query_configured() {
+            return Some(AuthPassthrough::new(
+                pool_config.auth_query.as_ref().unwrap(),
+                pool_config.auth_query_user.as_ref().unwrap(),
+                pool_config.auth_query_password.as_ref().unwrap(),
+            ));
+        }
+
+        None
+    }
+
+    /// Returns an AuthPassthrough given the pool settings.
+    /// If any of required values is not set, None is returned.
+    pub fn from_pool_settings(pool_settings: &crate::pool::PoolSettings) -> Option<Self> {
+        let pool_config = crate::config::Pool {
+            auth_query: pool_settings.auth_query.clone(),
+            auth_query_password: pool_settings.auth_query_password.clone(),
+            auth_query_user: pool_settings.auth_query_user.clone(),
+            ..Default::default()
+        };
+
+        AuthPassthrough::from_pool_config(&pool_config)
+    }
+
+    /// Connects to server and executes auth_query for the specified address.
+    /// If the response is a row with two columns containing the username set in the address.
+    /// and its MD5 hash, the MD5 hash returned.
+    ///
+    /// Note that the query is executed, changing $1 with the name of the user
+    /// this is so we only hold in memory (and transfer) the least amount of 'sensitive' data.
+    /// Also, it is compatible with pgbouncer.
+    ///
+    /// # Arguments
+    ///
+    /// * `address` - An Address of the server we want to connect to. The username for the hash will be obtained from this value.
+    ///
+    /// # Examples
+    ///
+    /// ```
+    /// use pgcat::auth_passthrough::AuthPassthrough;
+    /// use pgcat::config::Address;
+    /// let auth_passthrough = AuthPassthrough::new("SELECT * FROM public.user_lookup('$1');", "postgres", "postgres");
+    /// auth_passthrough.fetch_hash(&Address::default());
+    /// ```
+    ///
+    pub async fn fetch_hash(&self, address: &crate::config::Address) -> Result<String, Error> {
+        let auth_user = crate::config::User {
+            username: self.user.clone(),
+            password: Some(self.password.clone()),
+            server_username: None,
+            server_password: None,
+            pool_size: 1,
+            statement_timeout: 0,
+            pool_mode: None,
+            server_lifetime: None,
+            min_pool_size: None,
+        };
+
+        let user = &address.username;
+
+        debug!("Connecting to server to obtain auth hashes");
+
+        let auth_query = self.query.replace("$1", user);
+
+        match Server::exec_simple_query(address, &auth_user, &auth_query).await {
+            Ok(password_data) => {
+                if password_data.len() == 2 && password_data.first().unwrap() == user {
+                    if let Some(stripped_hash) = password_data
+                        .last()
+                        .unwrap()
+                        .to_string()
+                        .strip_prefix("md5") {
+                            Ok(stripped_hash.to_string())
+                        }
+                    else {
+                        Err(Error::AuthPassthroughError(
+                            "Obtained hash from auth_query does not seem to be in md5 format.".to_string(),
+                        ))
+                    }
+                } else {
+                    Err(Error::AuthPassthroughError(
+                        "Data obtained from query does not follow the scheme 'user','hash'."
+                            .to_string(),
+                    ))
+                 }
+            }
+            Err(err) => {
+                Err(Error::AuthPassthroughError(
+                    format!("Error trying to obtain password from auth_query, ignoring hash for user '{}'. Error: {:?}",
+                        user, err))
+                )
+            }
+        }
+    }
+}
+
+pub async fn refetch_auth_hash(pool: &ConnectionPool) -> Result<String, Error> {
+    let address = pool.address(0, 0);
+    if let Some(apt) = AuthPassthrough::from_pool_settings(&pool.settings) {
+        let hash = apt.fetch_hash(address).await?;
+
+        return Ok(hash);
+    }
+
+    Err(Error::ClientError(format!(
+        "Could not obtain hash for {{ username: {:?}, database: {:?} }}. Auth passthrough not enabled.",
+        address.username, address.database
+    )))
+}

src/client.rs

@@ -0,0 +1,1516 @@
+use crate::errors::{ClientIdentifier, Error};
+use crate::pool::BanReason;
+/// Handle clients by pretending to be a PostgreSQL server.
+use bytes::{Buf, BufMut, BytesMut};
+use log::{debug, error, info, trace, warn};
+use std::collections::HashMap;
+use std::sync::Arc;
+use std::time::Instant;
+use tokio::io::{split, AsyncReadExt, BufReader, ReadHalf, WriteHalf};
+use tokio::net::TcpStream;
+use tokio::sync::broadcast::Receiver;
+use tokio::sync::mpsc::Sender;
+
+use crate::admin::{generate_server_info_for_admin, handle_admin};
+use crate::auth_passthrough::refetch_auth_hash;
+use crate::config::{get_config, get_idle_client_in_transaction_timeout, Address, PoolMode};
+use crate::constants::*;
+use crate::messages::*;
+use crate::plugins::PluginOutput;
+use crate::pool::{get_pool, ClientServerMap, ConnectionPool};
+use crate::query_router::{Command, QueryRouter};
+use crate::server::Server;
+use crate::stats::{ClientStats, PoolStats, ServerStats};
+use crate::tls::Tls;
+
+use tokio_rustls::server::TlsStream;
+
+/// Type of connection received from client.
+enum ClientConnectionType {
+    Startup,
+    Tls,
+    CancelQuery,
+}
+
+/// The client state. One of these is created per client.
+pub struct Client<S, T> {
+    /// The reads are buffered (8K by default).
+    read: BufReader<S>,
+
+    /// We buffer the writes ourselves because we know the protocol
+    /// better than a stock buffer.
+    write: T,
+
+    /// Internal buffer, where we place messages until we have to flush
+    /// them to the backend.
+    buffer: BytesMut,
+
+    /// Address
+    addr: std::net::SocketAddr,
+
+    /// The client was started with the sole reason to cancel another running query.
+    cancel_mode: bool,
+
+    /// In transaction mode, the connection is released after each transaction.
+    /// Session mode has slightly higher throughput per client, but lower capacity.
+    transaction_mode: bool,
+
+    /// For query cancellation, the client is given a random process ID and secret on startup.
+    process_id: i32,
+    secret_key: i32,
+
+    /// Clients are mapped to servers while they use them. This allows a client
+    /// to connect and cancel a query.
+    client_server_map: ClientServerMap,
+
+    /// Client parameters, e.g. user, client_encoding, etc.
+    #[allow(dead_code)]
+    parameters: HashMap<String, String>,
+
+    /// Statistics related to this client
+    stats: Arc<ClientStats>,
+
+    /// Clients want to talk to admin database.
+    admin: bool,
+
+    /// Last address the client talked to.
+    last_address_id: Option<usize>,
+
+    /// Last server process stats we talked to.
+    last_server_stats: Option<Arc<ServerStats>>,
+
+    /// Connected to server
+    connected_to_server: bool,
+
+    /// Name of the server pool for this client (This comes from the database name in the connection string)
+    pool_name: String,
+
+    /// Postgres user for this client (This comes from the user in the connection string)
+    username: String,
+
+    /// Application name for this client (defaults to pgcat)
+    application_name: String,
+
+    /// Used to notify clients about an impending shutdown
+    shutdown: Receiver<()>,
+}
+
+/// Client entrypoint.
+pub async fn client_entrypoint(
+    mut stream: TcpStream,
+    client_server_map: ClientServerMap,
+    shutdown: Receiver<()>,
+    drain: Sender<i32>,
+    admin_only: bool,
+    tls_certificate: Option<String>,
+    log_client_connections: bool,
+) -> Result<(), Error> {
+    // Figure out if the client wants TLS or not.
+    let addr = stream.peer_addr().unwrap();
+
+    match get_startup::<TcpStream>(&mut stream).await {
+        // Client requested a TLS connection.
+        Ok((ClientConnectionType::Tls, _)) => {
+            // TLS settings are configured, will setup TLS now.
+            if tls_certificate != None {
+                debug!("Accepting TLS request");
+
+                let mut yes = BytesMut::new();
+                yes.put_u8(b'S');
+                write_all(&mut stream, yes).await?;
+
+                // Negotiate TLS.
+                match startup_tls(stream, client_server_map, shutdown, admin_only).await {
+                    Ok(mut client) => {
+                        if log_client_connections {
+                            info!("Client {:?} connected (TLS)", addr);
+                        } else {
+                            debug!("Client {:?} connected (TLS)", addr);
+                        }
+
+                        if !client.is_admin() {
+                            let _ = drain.send(1).await;
+                        }
+
+                        let result = client.handle().await;
+
+                        if !client.is_admin() {
+                            let _ = drain.send(-1).await;
+
+                            if result.is_err() {
+                                client.stats.disconnect();
+                            }
+                        }
+
+                        result
+                    }
+                    Err(err) => Err(err),
+                }
+            }
+            // TLS is not configured, we cannot offer it.
+            else {
+                // Rejecting client request for TLS.
+                let mut no = BytesMut::new();
+                no.put_u8(b'N');
+                write_all(&mut stream, no).await?;
+
+                // Attempting regular startup. Client can disconnect now
+                // if they choose.
+                match get_startup::<TcpStream>(&mut stream).await {
+                    // Client accepted unencrypted connection.
+                    Ok((ClientConnectionType::Startup, bytes)) => {
+                        let (read, write) = split(stream);
+
+                        // Continue with regular startup.
+                        match Client::startup(
+                            read,
+                            write,
+                            addr,
+                            bytes,
+                            client_server_map,
+                            shutdown,
+                            admin_only,
+                        )
+                        .await
+                        {
+                            Ok(mut client) => {
+                                if log_client_connections {
+                                    info!("Client {:?} connected (plain)", addr);
+                                } else {
+                                    debug!("Client {:?} connected (plain)", addr);
+                                }
+
+                                if !client.is_admin() {
+                                    let _ = drain.send(1).await;
+                                }
+
+                                let result = client.handle().await;
+
+                                if !client.is_admin() {
+                                    let _ = drain.send(-1).await;
+
+                                    if result.is_err() {
+                                        client.stats.disconnect();
+                                    }
+                                }
+
+                                result
+                            }
+                            Err(err) => Err(err),
+                        }
+                    }
+
+                    // Client probably disconnected rejecting our plain text connection.
+                    Ok((ClientConnectionType::Tls, _))
+                    | Ok((ClientConnectionType::CancelQuery, _)) => Err(Error::ProtocolSyncError(
+                        "Bad postgres client (plain)".into(),
+                    )),
+
+                    Err(err) => Err(err),
+                }
+            }
+        }
+
+        // Client wants to use plain connection without encryption.
+        Ok((ClientConnectionType::Startup, bytes)) => {
+            let (read, write) = split(stream);
+
+            // Continue with regular startup.
+            match Client::startup(
+                read,
+                write,
+                addr,
+                bytes,
+                client_server_map,
+                shutdown,
+                admin_only,
+            )
+            .await
+            {
+                Ok(mut client) => {
+                    if log_client_connections {
+                        info!("Client {:?} connected (plain)", addr);
+                    } else {
+                        debug!("Client {:?} connected (plain)", addr);
+                    }
+
+                    if !client.is_admin() {
+                        let _ = drain.send(1).await;
+                    }
+
+                    let result = client.handle().await;
+
+                    if !client.is_admin() {
+                        let _ = drain.send(-1).await;
+
+                        if result.is_err() {
+                            client.stats.disconnect();
+                        }
+                    }
+
+                    result
+                }
+                Err(err) => Err(err),
+            }
+        }
+
+        // Client wants to cancel a query.
+        Ok((ClientConnectionType::CancelQuery, bytes)) => {
+            let (read, write) = split(stream);
+
+            // Continue with cancel query request.
+            match Client::cancel(read, write, addr, bytes, client_server_map, shutdown).await {
+                Ok(mut client) => {
+                    info!("Client {:?} issued a cancel query request", addr);
+
+                    if !client.is_admin() {
+                        let _ = drain.send(1).await;
+                    }
+
+                    let result = client.handle().await;
+
+                    if !client.is_admin() {
+                        let _ = drain.send(-1).await;
+
+                        if result.is_err() {
+                            client.stats.disconnect();
+                        }
+                    }
+                    result
+                }
+
+                Err(err) => Err(err),
+            }
+        }
+
+        // Something failed, probably the socket.
+        Err(err) => Err(err),
+    }
+}
+
+/// Handle the first message the client sends.
+async fn get_startup<S>(stream: &mut S) -> Result<(ClientConnectionType, BytesMut), Error>
+where
+    S: tokio::io::AsyncRead + std::marker::Unpin + tokio::io::AsyncWrite,
+{
+    // Get startup message length.
+    let len = match stream.read_i32().await {
+        Ok(len) => len,
+        Err(_) => return Err(Error::ClientBadStartup),
+    };
+
+    // Get the rest of the message.
+    let mut startup = vec![0u8; len as usize - 4];
+    match stream.read_exact(&mut startup).await {
+        Ok(_) => (),
+        Err(_) => return Err(Error::ClientBadStartup),
+    };
+
+    let mut bytes = BytesMut::from(&startup[..]);
+    let code = bytes.get_i32();
+
+    match code {
+        // Client is requesting SSL (TLS).
+        SSL_REQUEST_CODE => Ok((ClientConnectionType::Tls, bytes)),
+
+        // Client wants to use plain text, requesting regular startup.
+        PROTOCOL_VERSION_NUMBER => Ok((ClientConnectionType::Startup, bytes)),
+
+        // Client is requesting to cancel a running query (plain text connection).
+        CANCEL_REQUEST_CODE => Ok((ClientConnectionType::CancelQuery, bytes)),
+
+        // Something else, probably something is wrong and it's not our fault,
+        // e.g. badly implemented Postgres client.
+        _ => Err(Error::ProtocolSyncError(format!(
+            "Unexpected startup code: {}",
+            code
+        ))),
+    }
+}
+
+/// Handle TLS connection negotiation.
+pub async fn startup_tls(
+    stream: TcpStream,
+    client_server_map: ClientServerMap,
+    shutdown: Receiver<()>,
+    admin_only: bool,
+) -> Result<Client<ReadHalf<TlsStream<TcpStream>>, WriteHalf<TlsStream<TcpStream>>>, Error> {
+    // Negotiate TLS.
+    let tls = Tls::new()?;
+    let addr = stream.peer_addr().unwrap();
+
+    let mut stream = match tls.acceptor.accept(stream).await {
+        Ok(stream) => stream,
+
+        // TLS negotiation failed.
+        Err(err) => {
+            error!("TLS negotiation failed: {:?}", err);
+            return Err(Error::TlsError);
+        }
+    };
+
+    // TLS negotiation successful.
+    // Continue with regular startup using encrypted connection.
+    match get_startup::<TlsStream<TcpStream>>(&mut stream).await {
+        // Got good startup message, proceeding like normal except we
+        // are encrypted now.
+        Ok((ClientConnectionType::Startup, bytes)) => {
+            let (read, write) = split(stream);
+
+            Client::startup(
+                read,
+                write,
+                addr,
+                bytes,
+                client_server_map,
+                shutdown,
+                admin_only,
+            )
+            .await
+        }
+
+        // Bad Postgres client.
+        Ok((ClientConnectionType::Tls, _)) | Ok((ClientConnectionType::CancelQuery, _)) => {
+            Err(Error::ProtocolSyncError("Bad postgres client (tls)".into()))
+        }
+
+        Err(err) => Err(err),
+    }
+}
+
+impl<S, T> Client<S, T>
+where
+    S: tokio::io::AsyncRead + std::marker::Unpin,
+    T: tokio::io::AsyncWrite + std::marker::Unpin,
+{
+    pub fn is_admin(&self) -> bool {
+        self.admin
+    }
+
+    /// Handle Postgres client startup after TLS negotiation is complete
+    /// or over plain text.
+    pub async fn startup(
+        mut read: S,
+        mut write: T,
+        addr: std::net::SocketAddr,
+        bytes: BytesMut, // The rest of the startup message.
+        client_server_map: ClientServerMap,
+        shutdown: Receiver<()>,
+        admin_only: bool,
+    ) -> Result<Client<S, T>, Error> {
+        let parameters = parse_startup(bytes.clone())?;
+
+        // This parameter is mandatory by the protocol.
+        let username = match parameters.get("user") {
+            Some(user) => user,
+            None => {
+                return Err(Error::ClientError(
+                    "Missing user parameter on client startup".into(),
+                ))
+            }
+        };
+
+        let pool_name = match parameters.get("database") {
+            Some(db) => db,
+            None => username,
+        };
+
+        let application_name = match parameters.get("application_name") {
+            Some(application_name) => application_name,
+            None => "pgcat",
+        };
+
+        let client_identifier = ClientIdentifier::new(&application_name, &username, &pool_name);
+
+        let admin = ["pgcat", "pgbouncer"]
+            .iter()
+            .filter(|db| *db == pool_name)
+            .count()
+            == 1;
+
+        // Kick any client that's not admin while we're in admin-only mode.
+        if !admin && admin_only {
+            debug!(
+                "Rejecting non-admin connection to {} when in admin only mode",
+                pool_name
+            );
+            error_response_terminal(
+                &mut write,
+                "terminating connection due to administrator command",
+            )
+            .await?;
+            return Err(Error::ShuttingDown);
+        }
+
+        // Generate random backend ID and secret key
+        let process_id: i32 = rand::random();
+        let secret_key: i32 = rand::random();
+
+        // Perform MD5 authentication.
+        // TODO: Add SASL support.
+        let salt = md5_challenge(&mut write).await?;
+
+        let code = match read.read_u8().await {
+            Ok(p) => p,
+            Err(_) => {
+                return Err(Error::ClientSocketError(
+                    "password code".into(),
+                    client_identifier,
+                ))
+            }
+        };
+
+        // PasswordMessage
+        if code as char != 'p' {
+            return Err(Error::ProtocolSyncError(format!(
+                "Expected p, got {}",
+                code as char
+            )));
+        }
+
+        let len = match read.read_i32().await {
+            Ok(len) => len,
+            Err(_) => {
+                return Err(Error::ClientSocketError(
+                    "password message length".into(),
+                    client_identifier,
+                ))
+            }
+        };
+
+        let mut password_response = vec![0u8; (len - 4) as usize];
+
+        match read.read_exact(&mut password_response).await {
+            Ok(_) => (),
+            Err(_) => {
+                return Err(Error::ClientSocketError(
+                    "password message".into(),
+                    client_identifier,
+                ))
+            }
+        };
+
+        // Authenticate admin user.
+        let (transaction_mode, server_info) = if admin {
+            let config = get_config();
+
+            // Compare server and client hashes.
+            let password_hash = md5_hash_password(
+                &config.general.admin_username,
+                &config.general.admin_password,
+                &salt,
+            );
+
+            if password_hash != password_response {
+                let error = Error::ClientGeneralError("Invalid password".into(), client_identifier);
+
+                warn!("{}", error);
+                wrong_password(&mut write, username).await?;
+
+                return Err(error);
+            }
+
+            (false, generate_server_info_for_admin())
+        }
+        // Authenticate normal user.
+        else {
+            let mut pool = match get_pool(pool_name, username) {
+                Some(pool) => pool,
+                None => {
+                    error_response(
+                        &mut write,
+                        &format!(
+                            "No pool configured for database: {:?}, user: {:?}",
+                            pool_name, username
+                        ),
+                    )
+                    .await?;
+
+                    return Err(Error::ClientGeneralError(
+                        "Invalid pool name".into(),
+                        client_identifier,
+                    ));
+                }
+            };
+
+            // Obtain the hash to compare, we give preference to that written in cleartext in config
+            // if there is nothing set in cleartext and auth passthrough (auth_query) is configured, we use the hash obtained
+            // when the pool was created. If there is no hash there, we try to fetch it one more time.
+            let password_hash = if let Some(password) = &pool.settings.user.password {
+                Some(md5_hash_password(username, password, &salt))
+            } else {
+                if !get_config().is_auth_query_configured() {
+                    wrong_password(&mut write, username).await?;
+                    return Err(Error::ClientAuthImpossible(username.into()));
+                }
+
+                let mut hash = (*pool.auth_hash.read()).clone();
+
+                if hash.is_none() {
+                    warn!(
+                        "Query auth configured \
+                          but no hash password found \
+                          for pool {}. Will try to refetch it.",
+                        pool_name
+                    );
+
+                    match refetch_auth_hash(&pool).await {
+                        Ok(fetched_hash) => {
+                            warn!("Password for {}, obtained. Updating.", client_identifier);
+
+                            {
+                                let mut pool_auth_hash = pool.auth_hash.write();
+                                *pool_auth_hash = Some(fetched_hash.clone());
+                            }
+
+                            hash = Some(fetched_hash);
+                        }
+
+                        Err(err) => {
+                            wrong_password(&mut write, username).await?;
+
+                            return Err(Error::ClientAuthPassthroughError(
+                                err.to_string(),
+                                client_identifier,
+                            ));
+                        }
+                    }
+                };
+
+                Some(md5_hash_second_pass(&hash.unwrap(), &salt))
+            };
+
+            // Once we have the resulting hash, we compare with what the client gave us.
+            // If they do not match and auth query is set up, we try to refetch the hash one more time
+            // to see if the password has changed since the pool was created.
+            //
+            // @TODO: we could end up fetching again the same password twice (see above).
+            if password_hash.unwrap() != password_response {
+                warn!(
+                    "Invalid password {}, will try to refetch it.",
+                    client_identifier
+                );
+
+                let fetched_hash = match refetch_auth_hash(&pool).await {
+                    Ok(fetched_hash) => fetched_hash,
+                    Err(err) => {
+                        wrong_password(&mut write, username).await?;
+
+                        return Err(err);
+                    }
+                };
+
+                let new_password_hash = md5_hash_second_pass(&fetched_hash, &salt);
+
+                // Ok password changed in server an auth is possible.
+                if new_password_hash == password_response {
+                    warn!(
+                        "Password for {}, changed in server. Updating.",
+                        client_identifier
+                    );
+
+                    {
+                        let mut pool_auth_hash = pool.auth_hash.write();
+                        *pool_auth_hash = Some(fetched_hash);
+                    }
+                } else {
+                    wrong_password(&mut write, username).await?;
+                    return Err(Error::ClientGeneralError(
+                        "Invalid password".into(),
+                        client_identifier,
+                    ));
+                }
+            }
+
+            let transaction_mode = pool.settings.pool_mode == PoolMode::Transaction;
+
+            // If the pool hasn't been validated yet,
+            // connect to the servers and figure out what's what.
+            if !pool.validated() {
+                match pool.validate().await {
+                    Ok(_) => (),
+                    Err(err) => {
+                        error_response(
+                            &mut write,
+                            &format!(
+                                "Pool down for database: {:?}, user: {:?}",
+                                pool_name, username
+                            ),
+                        )
+                        .await?;
+                        return Err(Error::ClientError(format!("Pool down: {:?}", err)));
+                    }
+                }
+            }
+
+            (transaction_mode, pool.server_info())
+        };
+
+        debug!("Password authentication successful");
+
+        auth_ok(&mut write).await?;
+        write_all(&mut write, server_info).await?;
+        backend_key_data(&mut write, process_id, secret_key).await?;
+        ready_for_query(&mut write).await?;
+
+        trace!("Startup OK");
+        let pool_stats = match get_pool(pool_name, username) {
+            Some(pool) => {
+                if !admin {
+                    pool.stats
+                } else {
+                    Arc::new(PoolStats::default())
+                }
+            }
+            None => Arc::new(PoolStats::default()),
+        };
+
+        let stats = Arc::new(ClientStats::new(
+            process_id,
+            application_name,
+            username,
+            pool_name,
+            tokio::time::Instant::now(),
+            pool_stats,
+        ));
+
+        Ok(Client {
+            read: BufReader::new(read),
+            write,
+            addr,
+            buffer: BytesMut::with_capacity(8196),
+            cancel_mode: false,
+            transaction_mode,
+            process_id,
+            secret_key,
+            client_server_map,
+            parameters: parameters.clone(),
+            stats,
+            admin,
+            last_address_id: None,
+            last_server_stats: None,
+            pool_name: pool_name.clone(),
+            username: username.clone(),
+            application_name: application_name.to_string(),
+            shutdown,
+            connected_to_server: false,
+        })
+    }
+
+    /// Handle cancel request.
+    pub async fn cancel(
+        read: S,
+        write: T,
+        addr: std::net::SocketAddr,
+        mut bytes: BytesMut, // The rest of the startup message.
+        client_server_map: ClientServerMap,
+        shutdown: Receiver<()>,
+    ) -> Result<Client<S, T>, Error> {
+        let process_id = bytes.get_i32();
+        let secret_key = bytes.get_i32();
+        Ok(Client {
+            read: BufReader::new(read),
+            write,
+            addr,
+            buffer: BytesMut::with_capacity(8196),
+            cancel_mode: true,
+            transaction_mode: false,
+            process_id,
+            secret_key,
+            client_server_map,
+            parameters: HashMap::new(),
+            stats: Arc::new(ClientStats::default()),
+            admin: false,
+            last_address_id: None,
+            last_server_stats: None,
+            pool_name: String::from("undefined"),
+            username: String::from("undefined"),
+            application_name: String::from("undefined"),
+            shutdown,
+            connected_to_server: false,
+        })
+    }
+
+    /// Handle a connected and authenticated client.
+    pub async fn handle(&mut self) -> Result<(), Error> {
+        // The client wants to cancel a query it has issued previously.
+        if self.cancel_mode {
+            trace!("Sending CancelRequest");
+
+            let (process_id, secret_key, address, port) = {
+                let guard = self.client_server_map.lock();
+
+                match guard.get(&(self.process_id, self.secret_key)) {
+                    // Drop the mutex as soon as possible.
+                    // We found the server the client is using for its query
+                    // that it wants to cancel.
+                    Some((process_id, secret_key, address, port)) => {
+                        (*process_id, *secret_key, address.clone(), *port)
+                    }
+
+                    // The client doesn't know / got the wrong server,
+                    // we're closing the connection for security reasons.
+                    None => return Ok(()),
+                }
+            };
+
+            // Opens a new separate connection to the server, sends the backend_id
+            // and secret_key and then closes it for security reasons. No other interactions
+            // take place.
+            return Server::cancel(&address, port, process_id, secret_key).await;
+        }
+
+        // The query router determines where the query is going to go,
+        // e.g. primary, replica, which shard.
+        let mut query_router = QueryRouter::new();
+
+        self.stats.register(self.stats.clone());
+
+        // Result returned by one of the plugins.
+        let mut plugin_output = None;
+
+        // Our custom protocol loop.
+        // We expect the client to either start a transaction with regular queries
+        // or issue commands for our sharding and server selection protocol.
+        loop {
+            trace!(
+                "Client idle, waiting for message, transaction mode: {}",
+                self.transaction_mode
+            );
+
+            // Read a complete message from the client, which normally would be
+            // either a `Q` (query) or `P` (prepare, extended protocol).
+            // We can parse it here before grabbing a server from the pool,
+            // in case the client is sending some custom protocol messages, e.g.
+            // SET SHARDING KEY TO 'bigint';
+
+            let message = tokio::select! {
+                _ = self.shutdown.recv() => {
+                    if !self.admin {
+                        error_response_terminal(
+                            &mut self.write,
+                            "terminating connection due to administrator command"
+                        ).await?;
+
+                        self.stats.disconnect();
+                        return Ok(());
+                    }
+
+                    // Admin clients ignore shutdown.
+                    else {
+                        read_message(&mut self.read).await?
+                    }
+                },
+                message_result = read_message(&mut self.read) => message_result?
+            };
+
+            match message[0] as char {
+                // Buffer extended protocol messages even if we do not have
+                // a server connection yet. Hopefully, when we get the S message
+                // we'll be able to allocate a connection. Also, clients do not expect
+                // the server to respond to these messages so even if we were not able to
+                // allocate a connection, we wouldn't be able to send back an error message
+                // to the client so we buffer them and defer the decision to error out or not
+                // to when we get the S message
+                'D' | 'E' => {
+                    self.buffer.put(&message[..]);
+                    continue;
+                }
+
+                'Q' => {
+                    if query_router.query_parser_enabled() {
+                        if let Ok(ast) = QueryRouter::parse(&message) {
+                            let plugin_result = query_router.execute_plugins(&ast).await;
+
+                            match plugin_result {
+                                Ok(PluginOutput::Deny(error)) => {
+                                    error_response(&mut self.write, &error).await?;
+                                    continue;
+                                }
+
+                                Ok(PluginOutput::Intercept(result)) => {
+                                    write_all(&mut self.write, result).await?;
+                                    continue;
+                                }
+
+                                _ => (),
+                            };
+
+                            let _ = query_router.infer(&ast);
+                        }
+                    }
+                }
+
+                'P' => {
+                    self.buffer.put(&message[..]);
+
+                    if query_router.query_parser_enabled() {
+                        if let Ok(ast) = QueryRouter::parse(&message) {
+                            if let Ok(output) = query_router.execute_plugins(&ast).await {
+                                plugin_output = Some(output);
+                            }
+
+                            let _ = query_router.infer(&ast);
+                        }
+                    }
+
+                    continue;
+                }
+
+                'B' => {
+                    self.buffer.put(&message[..]);
+
+                    if query_router.query_parser_enabled() {
+                        query_router.infer_shard_from_bind(&message);
+                    }
+
+                    continue;
+                }
+
+                'X' => {
+                    debug!("Client disconnecting");
+
+                    self.stats.disconnect();
+
+                    return Ok(());
+                }
+
+                _ => (),
+            }
+
+            // Handle admin database queries.
+            if self.admin {
+                debug!("Handling admin command");
+                handle_admin(&mut self.write, message, self.client_server_map.clone()).await?;
+                continue;
+            }
+
+            // Check on plugin results.
+            match plugin_output {
+                Some(PluginOutput::Deny(error)) => {
+                    self.buffer.clear();
+                    error_response(&mut self.write, &error).await?;
+                    plugin_output = None;
+                    continue;
+                }
+
+                _ => (),
+            };
+
+            // Get a pool instance referenced by the most up-to-date
+            // pointer. This ensures we always read the latest config
+            // when starting a query.
+            let mut pool = self.get_pool().await?;
+
+            // Check if the pool is paused and wait until it's resumed.
+            if pool.wait_paused().await {
+                // Refresh pool information, something might have changed.
+                pool = self.get_pool().await?;
+            }
+
+            query_router.update_pool_settings(pool.settings.clone());
+
+            let current_shard = query_router.shard();
+
+            // Handle all custom protocol commands, if any.
+            match query_router.try_execute_command(&message) {
+                // Normal query, not a custom command.
+                None => (),
+
+                // SET SHARD TO
+                Some((Command::SetShard, _)) => {
+                    // Selected shard is not configured.
+                    if query_router.shard() >= pool.shards() {
+                        // Set the shard back to what it was.
+                        query_router.set_shard(current_shard);
+
+                        error_response(
+                            &mut self.write,
+                            &format!(
+                                "shard {} is more than configured {}, staying on shard {} (shard numbers start at 0)",
+                                query_router.shard(),
+                                pool.shards(),
+                                current_shard,
+                            ),
+                        )
+                            .await?;
+                    } else {
+                        custom_protocol_response_ok(&mut self.write, "SET SHARD").await?;
+                    }
+                    continue;
+                }
+
+                // SET PRIMARY READS TO
+                Some((Command::SetPrimaryReads, _)) => {
+                    custom_protocol_response_ok(&mut self.write, "SET PRIMARY READS").await?;
+                    continue;
+                }
+
+                // SET SHARDING KEY TO
+                Some((Command::SetShardingKey, _)) => {
+                    custom_protocol_response_ok(&mut self.write, "SET SHARDING KEY").await?;
+                    continue;
+                }
+
+                // SET SERVER ROLE TO
+                Some((Command::SetServerRole, _)) => {
+                    custom_protocol_response_ok(&mut self.write, "SET SERVER ROLE").await?;
+                    continue;
+                }
+
+                // SHOW SERVER ROLE
+                Some((Command::ShowServerRole, value)) => {
+                    show_response(&mut self.write, "server role", &value).await?;
+                    continue;
+                }
+
+                // SHOW SHARD
+                Some((Command::ShowShard, value)) => {
+                    show_response(&mut self.write, "shard", &value).await?;
+                    continue;
+                }
+
+                // SHOW PRIMARY READS
+                Some((Command::ShowPrimaryReads, value)) => {
+                    show_response(&mut self.write, "primary reads", &value).await?;
+                    continue;
+                }
+            };
+
+            debug!("Waiting for connection from pool");
+            if !self.admin {
+                self.stats.waiting();
+            }
+
+            // Grab a server from the pool.
+            let connection = match pool
+                .get(query_router.shard(), query_router.role(), &self.stats)
+                .await
+            {
+                Ok(conn) => {
+                    debug!("Got connection from pool");
+                    conn
+                }
+                Err(err) => {
+                    // Client is attempting to get results from the server,
+                    // but we were unable to grab a connection from the pool
+                    // We'll send back an error message and clean the extended
+                    // protocol buffer
+                    self.stats.idle();
+
+                    if message[0] as char == 'S' {
+                        error!("Got Sync message but failed to get a connection from the pool");
+                        self.buffer.clear();
+                    }
+
+                    error_response(&mut self.write, "could not get connection from the pool")
+                        .await?;
+
+                    error!(
+                        "Could not get connection from pool: \
+                        {{ \
+                            pool_name: {:?}, \
+                            username: {:?}, \
+                            shard: {:?}, \
+                            role: \"{:?}\", \
+                            error: \"{:?}\" \
+                        }}",
+                        self.pool_name,
+                        self.username,
+                        query_router.shard(),
+                        query_router.role(),
+                        err
+                    );
+
+                    continue;
+                }
+            };
+
+            let mut reference = connection.0;
+            let address = connection.1;
+            let server = &mut *reference;
+
+            // Server is assigned to the client in case the client wants to
+            // cancel a query later.
+            server.claim(self.process_id, self.secret_key);
+            self.connected_to_server = true;
+
+            // Update statistics
+            self.stats.active();
+
+            self.last_address_id = Some(address.id);
+            self.last_server_stats = Some(server.stats());
+
+            debug!(
+                "Client {:?} talking to server {:?}",
+                self.addr,
+                server.address()
+            );
+
+            // TODO: investigate other parameters and set them too.
+
+            // Set application_name.
+            server.set_name(&self.application_name).await?;
+
+            let mut initial_message = Some(message);
+
+            let idle_client_timeout_duration = match get_idle_client_in_transaction_timeout() {
+                0 => tokio::time::Duration::MAX,
+                timeout => tokio::time::Duration::from_millis(timeout),
+            };
+
+            // Transaction loop. Multiple queries can be issued by the client here.
+            // The connection belongs to the client until the transaction is over,
+            // or until the client disconnects if we are in session mode.
+            //
+            // If the client is in session mode, no more custom protocol
+            // commands will be accepted.
+            loop {
+                let message = match initial_message {
+                    None => {
+                        trace!("Waiting for message inside transaction or in session mode");
+
+                        match tokio::time::timeout(
+                            idle_client_timeout_duration,
+                            read_message(&mut self.read),
+                        )
+                        .await
+                        {
+                            Ok(Ok(message)) => message,
+                            Ok(Err(err)) => {
+                                // Client disconnected inside a transaction.
+                                // Clean up the server and re-use it.
+                                self.stats.disconnect();
+                                server.checkin_cleanup().await?;
+
+                                return Err(err);
+                            }
+                            Err(_) => {
+                                // Client idle in transaction timeout
+                                error_response(&mut self.write, "idle transaction timeout").await?;
+                                error!(
+                                    "Client idle in transaction timeout: \
+                                    {{ \
+                                        pool_name: {}, \
+                                        username: {}, \
+                                        shard: {}, \
+                                        role: \"{:?}\" \
+                                    }}",
+                                    self.pool_name,
+                                    self.username,
+                                    query_router.shard(),
+                                    query_router.role()
+                                );
+
+                                break;
+                            }
+                        }
+                    }
+
+                    Some(message) => {
+                        initial_message = None;
+                        message
+                    }
+                };
+
+                // The message will be forwarded to the server intact. We still would like to
+                // parse it below to figure out what to do with it.
+
+                // Safe to unwrap because we know this message has a certain length and has the code
+                // This reads the first byte without advancing the internal pointer and mutating the bytes
+                let code = *message.get(0).unwrap() as char;
+
+                trace!("Message: {}", code);
+
+                match code {
+                    // Query
+                    'Q' => {
+                        if query_router.query_parser_enabled() {
+                            if let Ok(ast) = QueryRouter::parse(&message) {
+                                let plugin_result = query_router.execute_plugins(&ast).await;
+
+                                match plugin_result {
+                                    Ok(PluginOutput::Deny(error)) => {
+                                        error_response(&mut self.write, &error).await?;
+                                        continue;
+                                    }
+
+                                    Ok(PluginOutput::Intercept(result)) => {
+                                        write_all(&mut self.write, result).await?;
+                                        continue;
+                                    }
+
+                                    _ => (),
+                                };
+
+                                let _ = query_router.infer(&ast);
+                            }
+                        }
+                        debug!("Sending query to server");
+
+                        self.send_and_receive_loop(
+                            code,
+                            Some(&message),
+                            server,
+                            &address,
+                            &pool,
+                            &self.stats.clone(),
+                        )
+                        .await?;
+
+                        if !server.in_transaction() {
+                            // Report transaction executed statistics.
+                            self.stats.transaction();
+                            server.stats().transaction(&self.application_name);
+
+                            // Release server back to the pool if we are in transaction mode.
+                            // If we are in session mode, we keep the server until the client disconnects.
+                            if self.transaction_mode {
+                                self.stats.idle();
+
+                                break;
+                            }
+                        }
+                    }
+
+                    // Terminate
+                    'X' => {
+                        server.checkin_cleanup().await?;
+                        self.stats.disconnect();
+                        self.release();
+
+                        return Ok(());
+                    }
+
+                    // Parse
+                    // The query with placeholders is here, e.g. `SELECT * FROM users WHERE email = $1 AND active = $2`.
+                    'P' => {
+                        if query_router.query_parser_enabled() {
+                            if let Ok(ast) = QueryRouter::parse(&message) {
+                                if let Ok(output) = query_router.execute_plugins(&ast).await {
+                                    plugin_output = Some(output);
+                                }
+                            }
+                        }
+
+                        self.buffer.put(&message[..]);
+                    }
+
+                    // Bind
+                    // The placeholder's replacements are here, e.g. 'user@email.com' and 'true'
+                    'B' => {
+                        self.buffer.put(&message[..]);
+                    }
+
+                    // Describe
+                    // Command a client can issue to describe a previously prepared named statement.
+                    'D' => {
+                        self.buffer.put(&message[..]);
+                    }
+
+                    // Close the prepared statement.
+                    'C' => {
+                        self.buffer.put(&message[..]);
+                    }
+
+                    // Execute
+                    // Execute a prepared statement prepared in `P` and bound in `B`.
+                    'E' => {
+                        self.buffer.put(&message[..]);
+                    }
+
+                    // Sync
+                    // Frontend (client) is asking for the query result now.
+                    'S' => {
+                        debug!("Sending query to server");
+
+                        match plugin_output {
+                            Some(PluginOutput::Deny(error)) => {
+                                error_response(&mut self.write, &error).await?;
+                                plugin_output = None;
+                                self.buffer.clear();
+                                continue;
+                            }
+
+                            Some(PluginOutput::Intercept(result)) => {
+                                write_all(&mut self.write, result).await?;
+                                plugin_output = None;
+                                self.buffer.clear();
+                                continue;
+                            }
+
+                            _ => (),
+                        };
+
+                        self.buffer.put(&message[..]);
+
+                        let first_message_code = (*self.buffer.get(0).unwrap_or(&0)) as char;
+
+                        // Almost certainly true
+                        if first_message_code == 'P' {
+                            // Message layout
+                            // P followed by 32 int followed by null-terminated statement name
+                            // So message code should be in offset 0 of the buffer, first character
+                            // in prepared statement name would be index 5
+                            let first_char_in_name = *self.buffer.get(5).unwrap_or(&0);
+                            if first_char_in_name != 0 {
+                                // This is a named prepared statement
+                                // Server connection state will need to be cleared at checkin
+                                server.mark_dirty();
+                            }
+                        }
+
+                        self.send_and_receive_loop(
+                            code,
+                            None,
+                            server,
+                            &address,
+                            &pool,
+                            &self.stats.clone(),
+                        )
+                        .await?;
+
+                        self.buffer.clear();
+
+                        if !server.in_transaction() {
+                            self.stats.transaction();
+                            server.stats().transaction(&self.application_name);
+
+                            // Release server back to the pool if we are in transaction mode.
+                            // If we are in session mode, we keep the server until the client disconnects.
+                            if self.transaction_mode {
+                                break;
+                            }
+                        }
+                    }
+
+                    // CopyData
+                    'd' => {
+                        self.buffer.put(&message[..]);
+
+                        // Want to limit buffer size
+                        if self.buffer.len() > 8196 {
+                            // Forward the data to the server,
+                            self.send_server_message(server, &self.buffer, &address, &pool)
+                                .await?;
+                            self.buffer.clear();
+                        }
+                    }
+
+                    // CopyDone or CopyFail
+                    // Copy is done, successfully or not.
+                    'c' | 'f' => {
+                        // We may already have some copy data in the buffer, add this message to buffer
+                        self.buffer.put(&message[..]);
+
+                        self.send_server_message(server, &self.buffer, &address, &pool)
+                            .await?;
+
+                        // Clear the buffer
+                        self.buffer.clear();
+
+                        let response = self
+                            .receive_server_message(server, &address, &pool, &self.stats.clone())
+                            .await?;
+
+                        match write_all_half(&mut self.write, &response).await {
+                            Ok(_) => (),
+                            Err(err) => {
+                                server.mark_bad();
+                                return Err(err);
+                            }
+                        };
+
+                        if !server.in_transaction() {
+                            self.stats.transaction();
+                            server.stats().transaction(&self.application_name);
+
+                            // Release server back to the pool if we are in transaction mode.
+                            // If we are in session mode, we keep the server until the client disconnects.
+                            if self.transaction_mode {
+                                break;
+                            }
+                        }
+                    }
+
+                    // Some unexpected message. We either did not implement the protocol correctly
+                    // or this is not a Postgres client we're talking to.
+                    _ => {
+                        error!("Unexpected code: {}", code);
+                    }
+                }
+            }
+
+            // The server is no longer bound to us, we can't cancel it's queries anymore.
+            debug!("Releasing server back into the pool");
+            server.checkin_cleanup().await?;
+            server.stats().idle();
+            self.connected_to_server = false;
+
+            self.release();
+            self.stats.idle();
+        }
+    }
+
+    /// Retrieve connection pool, if it exists.
+    /// Return an error to the client otherwise.
+    async fn get_pool(&mut self) -> Result<ConnectionPool, Error> {
+        match get_pool(&self.pool_name, &self.username) {
+            Some(pool) => Ok(pool),
+            None => {
+                error_response(
+                    &mut self.write,
+                    &format!(
+                        "No pool configured for database: {}, user: {}",
+                        self.pool_name, self.username
+                    ),
+                )
+                .await?;
+
+                Err(Error::ClientError(format!(
+                    "Invalid pool name {{ username: {}, pool_name: {}, application_name: {} }}",
+                    self.pool_name, self.username, self.application_name
+                )))
+            }
+        }
+    }
+
+    /// Release the server from the client: it can't cancel its queries anymore.
+    pub fn release(&self) {
+        let mut guard = self.client_server_map.lock();
+        guard.remove(&(self.process_id, self.secret_key));
+    }
+
+    async fn send_and_receive_loop(
+        &mut self,
+        code: char,
+        message: Option<&BytesMut>,
+        server: &mut Server,
+        address: &Address,
+        pool: &ConnectionPool,
+        client_stats: &ClientStats,
+    ) -> Result<(), Error> {
+        debug!("Sending {} to server", code);
+
+        let message = match message {
+            Some(message) => message,
+            None => &self.buffer,
+        };
+
+        self.send_server_message(server, message, address, pool)
+            .await?;
+
+        let query_start = Instant::now();
+        // Read all data the server has to offer, which can be multiple messages
+        // buffered in 8196 bytes chunks.
+        loop {
+            let response = self
+                .receive_server_message(server, address, pool, client_stats)
+                .await?;
+
+            match write_all_half(&mut self.write, &response).await {
+                Ok(_) => (),
+                Err(err) => {
+                    server.mark_bad();
+                    return Err(err);
+                }
+            };
+
+            if !server.is_data_available() {
+                break;
+            }
+        }
+
+        // Report query executed statistics.
+        client_stats.query();
+        server.stats().query(
+            Instant::now().duration_since(query_start).as_millis() as u64,
+            &self.application_name,
+        );
+
+        Ok(())
+    }
+
+    async fn send_server_message(
+        &self,
+        server: &mut Server,
+        message: &BytesMut,
+        address: &Address,
+        pool: &ConnectionPool,
+    ) -> Result<(), Error> {
+        match server.send(message).await {
+            Ok(_) => Ok(()),
+            Err(err) => {
+                pool.ban(address, BanReason::MessageSendFailed, Some(&self.stats));
+                Err(err)
+            }
+        }
+    }
+
+    async fn receive_server_message(
+        &mut self,
+        server: &mut Server,
+        address: &Address,
+        pool: &ConnectionPool,
+        client_stats: &ClientStats,
+    ) -> Result<BytesMut, Error> {
+        if pool.settings.user.statement_timeout > 0 {
+            match tokio::time::timeout(
+                tokio::time::Duration::from_millis(pool.settings.user.statement_timeout),
+                server.recv(),
+            )
+            .await
+            {
+                Ok(result) => match result {
+                    Ok(message) => Ok(message),
+                    Err(err) => {
+                        pool.ban(address, BanReason::MessageReceiveFailed, Some(client_stats));
+                        error_response_terminal(
+                            &mut self.write,
+                            &format!("error receiving data from server: {:?}", err),
+                        )
+                        .await?;
+                        Err(err)
+                    }
+                },
+                Err(_) => {
+                    error!(
+                        "Statement timeout while talking to {:?} with user {}",
+                        address, pool.settings.user.username
+                    );
+                    server.mark_bad();
+                    pool.ban(address, BanReason::StatementTimeout, Some(client_stats));
+                    error_response_terminal(&mut self.write, "pool statement timeout").await?;
+                    Err(Error::StatementTimeout)
+                }
+            }
+        } else {
+            match server.recv().await {
+                Ok(message) => Ok(message),
+                Err(err) => {
+                    pool.ban(address, BanReason::MessageReceiveFailed, Some(client_stats));
+                    error_response_terminal(
+                        &mut self.write,
+                        &format!("error receiving data from server: {:?}", err),
+                    )
+                    .await?;
+                    Err(err)
+                }
+            }
+        }
+    }
+}
+
+impl<S, T> Drop for Client<S, T> {
+    fn drop(&mut self) {
+        let mut guard = self.client_server_map.lock();
+        guard.remove(&(self.process_id, self.secret_key));
+
+        // Dirty shutdown
+        // TODO: refactor, this is not the best way to handle state management.
+
+        if self.connected_to_server && self.last_server_stats.is_some() {
+            self.last_server_stats.as_ref().unwrap().idle();
+        }
+    }
+}

src/config.rs

@@ -0,0 +1,1363 @@
+/// Parse the configuration file.
+use arc_swap::ArcSwap;
+use log::{error, info};
+use once_cell::sync::Lazy;
+use regex::Regex;
+use serde_derive::{Deserialize, Serialize};
+use std::collections::hash_map::DefaultHasher;
+use std::collections::{BTreeMap, HashMap, HashSet};
+use std::hash::{Hash, Hasher};
+use std::path::Path;
+use std::sync::Arc;
+use tokio::fs::File;
+use tokio::io::AsyncReadExt;
+
+use crate::dns_cache::CachedResolver;
+use crate::errors::Error;
+use crate::pool::{ClientServerMap, ConnectionPool};
+use crate::sharding::ShardingFunction;
+use crate::stats::AddressStats;
+use crate::tls::{load_certs, load_keys};
+
+pub const VERSION: &str = env!("CARGO_PKG_VERSION");
+
+/// Globally available configuration.
+static CONFIG: Lazy<ArcSwap<Config>> = Lazy::new(|| ArcSwap::from_pointee(Config::default()));
+
+/// Server role: primary or replica.
+#[derive(Clone, PartialEq, Serialize, Deserialize, Hash, std::cmp::Eq, Debug, Copy)]
+pub enum Role {
+    #[serde(alias = "primary", alias = "Primary")]
+    Primary,
+    #[serde(alias = "replica", alias = "Replica")]
+    Replica,
+    #[serde(alias = "mirror", alias = "Mirror")]
+    Mirror,
+}
+
+impl ToString for Role {
+    fn to_string(&self) -> String {
+        match *self {
+            Role::Primary => "primary".to_string(),
+            Role::Replica => "replica".to_string(),
+            Role::Mirror => "mirror".to_string(),
+        }
+    }
+}
+
+impl PartialEq<Option<Role>> for Role {
+    fn eq(&self, other: &Option<Role>) -> bool {
+        match other {
+            None => true,
+            Some(role) => *self == *role,
+        }
+    }
+}
+
+impl PartialEq<Role> for Option<Role> {
+    fn eq(&self, other: &Role) -> bool {
+        match *self {
+            None => true,
+            Some(role) => role == *other,
+        }
+    }
+}
+
+/// Address identifying a PostgreSQL server uniquely.
+#[derive(Clone, Debug)]
+pub struct Address {
+    /// Unique ID per addressable Postgres server.
+    pub id: usize,
+
+    /// Server host.
+    pub host: String,
+
+    /// Server port.
+    pub port: u16,
+
+    /// Shard number of this Postgres server.
+    pub shard: usize,
+
+    /// The name of the Postgres database.
+    pub database: String,
+
+    /// Server role: replica, primary.
+    pub role: Role,
+
+    /// If it's a replica, number it for reference and failover.
+    pub replica_number: usize,
+
+    /// Position of the server in the pool for failover.
+    pub address_index: usize,
+
+    /// The name of the user configured to use this pool.
+    pub username: String,
+
+    /// The name of this pool (i.e. database name visible to the client).
+    pub pool_name: String,
+
+    /// List of addresses to receive mirrored traffic.
+    pub mirrors: Vec<Address>,
+
+    /// Address stats
+    pub stats: Arc<AddressStats>,
+}
+
+impl Default for Address {
+    fn default() -> Address {
+        Address {
+            id: 0,
+            host: String::from("127.0.0.1"),
+            port: 5432,
+            shard: 0,
+            address_index: 0,
+            replica_number: 0,
+            database: String::from("database"),
+            role: Role::Replica,
+            username: String::from("username"),
+            pool_name: String::from("pool_name"),
+            mirrors: Vec::new(),
+            stats: Arc::new(AddressStats::default()),
+        }
+    }
+}
+
+impl std::fmt::Display for Address {
+    fn fmt(&self, f: &mut std::fmt::Formatter) -> std::fmt::Result {
+        write!(
+            f,
+            "[address: {}:{}][database: {}][user: {}]",
+            self.host, self.port, self.database, self.username
+        )
+    }
+}
+
+// We need to implement PartialEq by ourselves so we skip stats in the comparison
+impl PartialEq for Address {
+    fn eq(&self, other: &Self) -> bool {
+        self.id == other.id
+            && self.host == other.host
+            && self.port == other.port
+            && self.shard == other.shard
+            && self.address_index == other.address_index
+            && self.replica_number == other.replica_number
+            && self.database == other.database
+            && self.role == other.role
+            && self.username == other.username
+            && self.pool_name == other.pool_name
+            && self.mirrors == other.mirrors
+    }
+}
+impl Eq for Address {}
+
+// We need to implement Hash by ourselves so we skip stats in the comparison
+impl Hash for Address {
+    fn hash<H: Hasher>(&self, state: &mut H) {
+        self.id.hash(state);
+        self.host.hash(state);
+        self.port.hash(state);
+        self.shard.hash(state);
+        self.address_index.hash(state);
+        self.replica_number.hash(state);
+        self.database.hash(state);
+        self.role.hash(state);
+        self.username.hash(state);
+        self.pool_name.hash(state);
+        self.mirrors.hash(state);
+    }
+}
+
+impl Address {
+    /// Address name (aka database) used in `SHOW STATS`, `SHOW DATABASES`, and `SHOW POOLS`.
+    pub fn name(&self) -> String {
+        match self.role {
+            Role::Primary => format!("{}_shard_{}_primary", self.pool_name, self.shard),
+            Role::Replica => format!(
+                "{}_shard_{}_replica_{}",
+                self.pool_name, self.shard, self.replica_number
+            ),
+            Role::Mirror => format!(
+                "{}_shard_{}_mirror_{}",
+                self.pool_name, self.shard, self.replica_number
+            ),
+        }
+    }
+}
+
+/// PostgreSQL user.
+#[derive(Clone, PartialEq, Hash, Eq, Serialize, Deserialize, Debug)]
+pub struct User {
+    pub username: String,
+    pub password: Option<String>,
+    pub server_username: Option<String>,
+    pub server_password: Option<String>,
+    pub pool_size: u32,
+    pub min_pool_size: Option<u32>,
+    pub pool_mode: Option<PoolMode>,
+    pub server_lifetime: Option<u64>,
+    #[serde(default)] // 0
+    pub statement_timeout: u64,
+}
+
+impl Default for User {
+    fn default() -> User {
+        User {
+            username: String::from("postgres"),
+            password: None,
+            server_username: None,
+            server_password: None,
+            pool_size: 15,
+            min_pool_size: None,
+            statement_timeout: 0,
+            pool_mode: None,
+            server_lifetime: None,
+        }
+    }
+}
+
+impl User {
+    fn validate(&self) -> Result<(), Error> {
+        match self.min_pool_size {
+            Some(min_pool_size) => {
+                if min_pool_size > self.pool_size {
+                    error!(
+                        "min_pool_size of {} cannot be larger than pool_size of {}",
+                        min_pool_size, self.pool_size
+                    );
+                    return Err(Error::BadConfig);
+                }
+            }
+
+            None => (),
+        };
+
+        Ok(())
+    }
+}
+
+/// General configuration.
+#[derive(Serialize, Deserialize, Debug, Clone, PartialEq)]
+pub struct General {
+    #[serde(default = "General::default_host")]
+    pub host: String,
+
+    #[serde(default = "General::default_port")]
+    pub port: u16,
+
+    pub enable_prometheus_exporter: Option<bool>,
+
+    #[serde(default = "General::default_prometheus_exporter_port")]
+    pub prometheus_exporter_port: i16,
+
+    #[serde(default = "General::default_connect_timeout")]
+    pub connect_timeout: u64,
+
+    #[serde(default = "General::default_idle_timeout")]
+    pub idle_timeout: u64,
+
+    #[serde(default = "General::default_tcp_keepalives_idle")]
+    pub tcp_keepalives_idle: u64,
+    #[serde(default = "General::default_tcp_keepalives_count")]
+    pub tcp_keepalives_count: u32,
+    #[serde(default = "General::default_tcp_keepalives_interval")]
+    pub tcp_keepalives_interval: u64,
+
+    #[serde(default)] // False
+    pub log_client_connections: bool,
+
+    #[serde(default)] // False
+    pub log_client_disconnections: bool,
+
+    #[serde(default)] // False
+    pub dns_cache_enabled: bool,
+
+    #[serde(default = "General::default_dns_max_ttl")]
+    pub dns_max_ttl: u64,
+
+    #[serde(default = "General::default_shutdown_timeout")]
+    pub shutdown_timeout: u64,
+
+    #[serde(default = "General::default_healthcheck_timeout")]
+    pub healthcheck_timeout: u64,
+
+    #[serde(default = "General::default_healthcheck_delay")]
+    pub healthcheck_delay: u64,
+
+    #[serde(default = "General::default_ban_time")]
+    pub ban_time: i64,
+
+    #[serde(default = "General::default_idle_client_in_transaction_timeout")]
+    pub idle_client_in_transaction_timeout: u64,
+
+    #[serde(default = "General::default_server_lifetime")]
+    pub server_lifetime: u64,
+
+    #[serde(default = "General::default_worker_threads")]
+    pub worker_threads: usize,
+
+    #[serde(default)] // None
+    pub autoreload: Option<u64>,
+
+    pub tls_certificate: Option<String>,
+    pub tls_private_key: Option<String>,
+
+    #[serde(default)] // false
+    pub server_tls: bool,
+
+    #[serde(default)] // false
+    pub verify_server_certificate: bool,
+
+    pub admin_username: String,
+    pub admin_password: String,
+
+    #[serde(default = "General::default_validate_config")]
+    pub validate_config: bool,
+
+    // Support for auth query
+    pub auth_query: Option<String>,
+    pub auth_query_user: Option<String>,
+    pub auth_query_password: Option<String>,
+}
+
+impl General {
+    pub fn default_host() -> String {
+        "0.0.0.0".into()
+    }
+
+    pub fn default_port() -> u16 {
+        5432
+    }
+
+    pub fn default_server_lifetime() -> u64 {
+        1000 * 60 * 60 * 24 // 24 hours
+    }
+
+    pub fn default_connect_timeout() -> u64 {
+        1000
+    }
+
+    // These keepalive defaults should detect a dead connection within 30 seconds.
+    // Tokio defaults to disabling keepalives which keeps dead connections around indefinitely.
+    // This can lead to permanent server pool exhaustion
+    pub fn default_tcp_keepalives_idle() -> u64 {
+        5 // 5 seconds
+    }
+
+    pub fn default_tcp_keepalives_count() -> u32 {
+        5 // 5 time
+    }
+
+    pub fn default_tcp_keepalives_interval() -> u64 {
+        5 // 5 seconds
+    }
+
+    pub fn default_idle_timeout() -> u64 {
+        60000 // 10 minutes
+    }
+
+    pub fn default_shutdown_timeout() -> u64 {
+        60000
+    }
+
+    pub fn default_dns_max_ttl() -> u64 {
+        30
+    }
+
+    pub fn default_healthcheck_timeout() -> u64 {
+        1000
+    }
+
+    pub fn default_healthcheck_delay() -> u64 {
+        30000
+    }
+
+    pub fn default_ban_time() -> i64 {
+        60
+    }
+
+    pub fn default_worker_threads() -> usize {
+        4
+    }
+
+    pub fn default_idle_client_in_transaction_timeout() -> u64 {
+        0
+    }
+
+    pub fn default_validate_config() -> bool {
+        true
+    }
+
+    pub fn default_prometheus_exporter_port() -> i16 {
+        9930
+    }
+}
+
+impl Default for General {
+    fn default() -> General {
+        General {
+            host: Self::default_host(),
+            port: Self::default_port(),
+            enable_prometheus_exporter: Some(false),
+            prometheus_exporter_port: 9930,
+            connect_timeout: General::default_connect_timeout(),
+            idle_timeout: General::default_idle_timeout(),
+            shutdown_timeout: Self::default_shutdown_timeout(),
+            healthcheck_timeout: Self::default_healthcheck_timeout(),
+            healthcheck_delay: Self::default_healthcheck_delay(),
+            ban_time: Self::default_ban_time(),
+            worker_threads: Self::default_worker_threads(),
+            idle_client_in_transaction_timeout: Self::default_idle_client_in_transaction_timeout(),
+            tcp_keepalives_idle: Self::default_tcp_keepalives_idle(),
+            tcp_keepalives_count: Self::default_tcp_keepalives_count(),
+            tcp_keepalives_interval: Self::default_tcp_keepalives_interval(),
+            log_client_connections: false,
+            log_client_disconnections: false,
+            autoreload: None,
+            dns_cache_enabled: false,
+            dns_max_ttl: Self::default_dns_max_ttl(),
+            tls_certificate: None,
+            tls_private_key: None,
+            server_tls: false,
+            verify_server_certificate: false,
+            admin_username: String::from("admin"),
+            admin_password: String::from("admin"),
+            auth_query: None,
+            auth_query_user: None,
+            auth_query_password: None,
+            server_lifetime: 1000 * 3600 * 24, // 24 hours,
+            validate_config: true,
+        }
+    }
+}
+
+/// Pool mode:
+/// - transaction: server serves one transaction,
+/// - session: server is attached to the client.
+#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, Eq, Copy, Hash)]
+pub enum PoolMode {
+    #[serde(alias = "transaction", alias = "Transaction")]
+    Transaction,
+
+    #[serde(alias = "session", alias = "Session")]
+    Session,
+}
+
+impl ToString for PoolMode {
+    fn to_string(&self) -> String {
+        match *self {
+            PoolMode::Transaction => "transaction".to_string(),
+            PoolMode::Session => "session".to_string(),
+        }
+    }
+}
+
+#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, Eq, Copy, Hash)]
+pub enum LoadBalancingMode {
+    #[serde(alias = "random", alias = "Random")]
+    Random,
+
+    #[serde(alias = "loc", alias = "LOC", alias = "least_outstanding_connections")]
+    LeastOutstandingConnections,
+}
+impl ToString for LoadBalancingMode {
+    fn to_string(&self) -> String {
+        match *self {
+            LoadBalancingMode::Random => "random".to_string(),
+            LoadBalancingMode::LeastOutstandingConnections => {
+                "least_outstanding_connections".to_string()
+            }
+        }
+    }
+}
+
+#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, Eq, Hash)]
+pub struct Pool {
+    #[serde(default = "Pool::default_pool_mode")]
+    pub pool_mode: PoolMode,
+
+    #[serde(default = "Pool::default_load_balancing_mode")]
+    pub load_balancing_mode: LoadBalancingMode,
+
+    #[serde(default = "Pool::default_default_role")]
+    pub default_role: String,
+
+    #[serde(default)] // False
+    pub query_parser_enabled: bool,
+
+    #[serde(default)] // False
+    pub primary_reads_enabled: bool,
+
+    pub connect_timeout: Option<u64>,
+
+    pub idle_timeout: Option<u64>,
+
+    pub server_lifetime: Option<u64>,
+
+    #[serde(default = "Pool::default_sharding_function")]
+    pub sharding_function: ShardingFunction,
+
+    #[serde(default = "Pool::default_automatic_sharding_key")]
+    pub automatic_sharding_key: Option<String>,
+
+    pub sharding_key_regex: Option<String>,
+    pub shard_id_regex: Option<String>,
+    pub regex_search_limit: Option<usize>,
+
+    pub auth_query: Option<String>,
+    pub auth_query_user: Option<String>,
+    pub auth_query_password: Option<String>,
+
+    pub plugins: Option<Plugins>,
+    pub shards: BTreeMap<String, Shard>,
+    pub users: BTreeMap<String, User>,
+    // Note, don't put simple fields below these configs. There's a compatibility issue with TOML that makes it
+    // incompatible to have simple fields in TOML after complex objects. See
+    // https://users.rust-lang.org/t/why-toml-to-string-get-error-valueaftertable/85903
+}
+
+impl Pool {
+    pub fn hash_value(&self) -> u64 {
+        let mut s = DefaultHasher::new();
+        self.hash(&mut s);
+        s.finish()
+    }
+
+    pub fn is_auth_query_configured(&self) -> bool {
+        self.auth_query_password.is_some()
+            && self.auth_query_user.is_some()
+            && self.auth_query_password.is_some()
+    }
+
+    pub fn default_pool_mode() -> PoolMode {
+        PoolMode::Transaction
+    }
+
+    pub fn default_load_balancing_mode() -> LoadBalancingMode {
+        LoadBalancingMode::Random
+    }
+
+    pub fn default_automatic_sharding_key() -> Option<String> {
+        None
+    }
+
+    pub fn default_default_role() -> String {
+        "any".into()
+    }
+
+    pub fn default_sharding_function() -> ShardingFunction {
+        ShardingFunction::PgBigintHash
+    }
+
+    pub fn validate(&mut self) -> Result<(), Error> {
+        match self.default_role.as_ref() {
+            "any" => (),
+            "primary" => (),
+            "replica" => (),
+            other => {
+                error!(
+                    "Query router default_role must be 'primary', 'replica', or 'any', got: '{}'",
+                    other
+                );
+                return Err(Error::BadConfig);
+            }
+        };
+
+        for (shard_idx, shard) in &self.shards {
+            match shard_idx.parse::<usize>() {
+                Ok(_) => (),
+                Err(_) => {
+                    error!(
+                        "Shard '{}' is not a valid number, shards must be numbered starting at 0",
+                        shard_idx
+                    );
+                    return Err(Error::BadConfig);
+                }
+            };
+            shard.validate()?;
+        }
+
+        for (option, name) in [
+            (&self.shard_id_regex, "shard_id_regex"),
+            (&self.sharding_key_regex, "sharding_key_regex"),
+        ] {
+            if let Some(regex) = option {
+                if let Err(parse_err) = Regex::new(regex.as_str()) {
+                    error!("{} is not a valid Regex: {}", name, parse_err);
+                    return Err(Error::BadConfig);
+                }
+            }
+        }
+
+        self.automatic_sharding_key = match &self.automatic_sharding_key {
+            Some(key) => {
+                // No quotes in the key so we don't have to compare quoted
+                // to unquoted idents.
+                let key = key.replace("\"", "");
+
+                if key.split(".").count() != 2 {
+                    error!(
+                        "automatic_sharding_key '{}' must be fully qualified, e.g. t.{}`",
+                        key, key
+                    );
+                    return Err(Error::BadConfig);
+                }
+
+                Some(key)
+            }
+            None => None,
+        };
+
+        for (_, user) in &self.users {
+            user.validate()?;
+        }
+
+        Ok(())
+    }
+}
+
+impl Default for Pool {
+    fn default() -> Pool {
+        Pool {
+            pool_mode: Self::default_pool_mode(),
+            load_balancing_mode: Self::default_load_balancing_mode(),
+            shards: BTreeMap::from([(String::from("1"), Shard::default())]),
+            users: BTreeMap::default(),
+            default_role: String::from("any"),
+            query_parser_enabled: false,
+            primary_reads_enabled: false,
+            sharding_function: ShardingFunction::PgBigintHash,
+            automatic_sharding_key: None,
+            connect_timeout: None,
+            idle_timeout: None,
+            sharding_key_regex: None,
+            shard_id_regex: None,
+            regex_search_limit: Some(1000),
+            auth_query: None,
+            auth_query_user: None,
+            auth_query_password: None,
+            server_lifetime: None,
+            plugins: None,
+        }
+    }
+}
+
+#[derive(Clone, PartialEq, Serialize, Deserialize, Debug, Hash, Eq)]
+pub struct ServerConfig {
+    pub host: String,
+    pub port: u16,
+    pub role: Role,
+}
+
+#[derive(Clone, PartialEq, Serialize, Deserialize, Debug, Hash, Eq)]
+pub struct MirrorServerConfig {
+    pub host: String,
+    pub port: u16,
+    pub mirroring_target_index: usize,
+}
+
+/// Shard configuration.
+#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, Hash, Eq)]
+pub struct Shard {
+    pub database: String,
+    pub mirrors: Option<Vec<MirrorServerConfig>>,
+    pub servers: Vec<ServerConfig>,
+}
+
+impl Shard {
+    pub fn validate(&self) -> Result<(), Error> {
+        // We use addresses as unique identifiers,
+        // let's make sure they are unique in the config as well.
+        let mut dup_check = HashSet::new();
+        let mut primary_count = 0;
+
+        if self.servers.is_empty() {
+            error!("Shard {} has no servers configured", self.database);
+            return Err(Error::BadConfig);
+        }
+
+        for server in &self.servers {
+            dup_check.insert(server);
+
+            // Check that we define only zero or one primary.
+            if server.role == Role::Primary {
+                primary_count += 1
+            }
+        }
+
+        if primary_count > 1 {
+            error!(
+                "Shard {} has more than one primary configured",
+                self.database
+            );
+            return Err(Error::BadConfig);
+        }
+
+        if dup_check.len() != self.servers.len() {
+            error!("Shard {} contains duplicate server configs", self.database);
+            return Err(Error::BadConfig);
+        }
+
+        Ok(())
+    }
+}
+
+impl Default for Shard {
+    fn default() -> Shard {
+        Shard {
+            servers: vec![ServerConfig {
+                host: String::from("localhost"),
+                port: 5432,
+                role: Role::Primary,
+            }],
+            mirrors: None,
+            database: String::from("postgres"),
+        }
+    }
+}
+
+#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, Default, Hash, Eq)]
+pub struct Plugins {
+    pub intercept: Option<Intercept>,
+    pub table_access: Option<TableAccess>,
+    pub query_logger: Option<QueryLogger>,
+    pub prewarmer: Option<Prewarmer>,
+}
+
+impl std::fmt::Display for Plugins {
+    fn fmt(&self, f: &mut std::fmt::Formatter) -> std::fmt::Result {
+        write!(
+            f,
+            "interceptor: {}, table_access: {}, query_logger: {}, prewarmer: {}",
+            self.intercept.is_some(),
+            self.table_access.is_some(),
+            self.query_logger.is_some(),
+            self.prewarmer.is_some(),
+        )
+    }
+}
+
+#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, Default, Hash, Eq)]
+pub struct Intercept {
+    pub enabled: bool,
+    pub queries: BTreeMap<String, Query>,
+}
+
+#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, Default, Hash, Eq)]
+pub struct TableAccess {
+    pub enabled: bool,
+    pub tables: Vec<String>,
+}
+
+#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, Default, Hash, Eq)]
+pub struct QueryLogger {
+    pub enabled: bool,
+}
+
+#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, Default, Hash, Eq)]
+pub struct Prewarmer {
+    pub enabled: bool,
+    pub queries: Vec<String>,
+}
+
+impl Intercept {
+    pub fn substitute(&mut self, db: &str, user: &str) {
+        for (_, query) in self.queries.iter_mut() {
+            query.substitute(db, user);
+            query.query = query.query.to_ascii_lowercase();
+        }
+    }
+}
+
+#[derive(Serialize, Deserialize, Debug, Clone, PartialEq, Default, Hash, Eq)]
+pub struct Query {
+    pub query: String,
+    pub schema: Vec<Vec<String>>,
+    pub result: Vec<Vec<String>>,
+}
+
+impl Query {
+    pub fn substitute(&mut self, db: &str, user: &str) {
+        for col in self.result.iter_mut() {
+            for i in 0..col.len() {
+                col[i] = col[i].replace("${USER}", user).replace("${DATABASE}", db);
+            }
+        }
+    }
+}
+
+/// Configuration wrapper.
+#[derive(Serialize, Deserialize, Debug, Clone, PartialEq)]
+pub struct Config {
+    // Serializer maintains the order of fields in the struct
+    // so we should always put simple fields before nested fields
+    // in all serializable structs to avoid ValueAfterTable errors
+    // These errors occur when the toml serializer is about to produce
+    // ambiguous toml structure like the one below
+    // [main]
+    // field1_under_main = 1
+    // field2_under_main = 2
+    // [main.subconf]
+    // field1_under_subconf = 1
+    // field3_under_main = 3 # This field will be interpreted as being under subconf and not under main
+    #[serde(default = "Config::default_path")]
+    pub path: String,
+
+    // General and global settings.
+    pub general: General,
+
+    // Plugins that should run in all pools.
+    pub plugins: Option<Plugins>,
+
+    // Connection pools.
+    pub pools: HashMap<String, Pool>,
+}
+
+impl Config {
+    pub fn is_auth_query_configured(&self) -> bool {
+        self.pools
+            .iter()
+            .any(|(_name, pool)| pool.is_auth_query_configured())
+    }
+
+    pub fn default_path() -> String {
+        String::from("pgcat.toml")
+    }
+
+    pub fn fill_up_auth_query_config(&mut self) {
+        for (_name, pool) in self.pools.iter_mut() {
+            if pool.auth_query.is_none() {
+                pool.auth_query = self.general.auth_query.clone();
+            }
+
+            if pool.auth_query_user.is_none() {
+                pool.auth_query_user = self.general.auth_query_user.clone();
+            }
+
+            if pool.auth_query_password.is_none() {
+                pool.auth_query_password = self.general.auth_query_password.clone();
+            }
+        }
+    }
+}
+
+impl Default for Config {
+    fn default() -> Config {
+        Config {
+            path: Self::default_path(),
+            general: General::default(),
+            pools: HashMap::default(),
+            plugins: None,
+        }
+    }
+}
+
+impl From<&Config> for std::collections::HashMap<String, String> {
+    fn from(config: &Config) -> HashMap<String, String> {
+        let mut r: Vec<(String, String)> = config
+            .pools
+            .iter()
+            .flat_map(|(pool_name, pool)| {
+                [
+                    (
+                        format!("pools.{}.pool_mode", pool_name),
+                        pool.pool_mode.to_string(),
+                    ),
+                    (
+                        format!("pools.{}.load_balancing_mode", pool_name),
+                        pool.load_balancing_mode.to_string(),
+                    ),
+                    (
+                        format!("pools.{}.primary_reads_enabled", pool_name),
+                        pool.primary_reads_enabled.to_string(),
+                    ),
+                    (
+                        format!("pools.{}.query_parser_enabled", pool_name),
+                        pool.query_parser_enabled.to_string(),
+                    ),
+                    (
+                        format!("pools.{}.default_role", pool_name),
+                        pool.default_role.clone(),
+                    ),
+                    (
+                        format!("pools.{}.sharding_function", pool_name),
+                        pool.sharding_function.to_string(),
+                    ),
+                    (
+                        format!("pools.{:?}.shard_count", pool_name),
+                        pool.shards.len().to_string(),
+                    ),
+                    (
+                        format!("pools.{:?}.users", pool_name),
+                        pool.users
+                            .iter()
+                            .map(|(_username, user)| &user.username)
+                            .cloned()
+                            .collect::<Vec<String>>()
+                            .join(", "),
+                    ),
+                ]
+            })
+            .collect();
+
+        let mut static_settings = vec![
+            ("host".to_string(), config.general.host.to_string()),
+            ("port".to_string(), config.general.port.to_string()),
+            (
+                "prometheus_exporter_port".to_string(),
+                config.general.prometheus_exporter_port.to_string(),
+            ),
+            (
+                "connect_timeout".to_string(),
+                config.general.connect_timeout.to_string(),
+            ),
+            (
+                "idle_timeout".to_string(),
+                config.general.idle_timeout.to_string(),
+            ),
+            (
+                "healthcheck_timeout".to_string(),
+                config.general.healthcheck_timeout.to_string(),
+            ),
+            (
+                "shutdown_timeout".to_string(),
+                config.general.shutdown_timeout.to_string(),
+            ),
+            (
+                "healthcheck_delay".to_string(),
+                config.general.healthcheck_delay.to_string(),
+            ),
+            ("ban_time".to_string(), config.general.ban_time.to_string()),
+            (
+                "idle_client_in_transaction_timeout".to_string(),
+                config
+                    .general
+                    .idle_client_in_transaction_timeout
+                    .to_string(),
+            ),
+        ];
+
+        r.append(&mut static_settings);
+        return r.iter().cloned().collect();
+    }
+}
+
+impl Config {
+    /// Print current configuration.
+    pub fn show(&self) {
+        info!("Ban time: {}s", self.general.ban_time);
+        info!(
+            "Idle client in transaction timeout: {}ms",
+            self.general.idle_client_in_transaction_timeout
+        );
+        info!("Worker threads: {}", self.general.worker_threads);
+        info!(
+            "Healthcheck timeout: {}ms",
+            self.general.healthcheck_timeout
+        );
+        info!("Connection timeout: {}ms", self.general.connect_timeout);
+        info!("Idle timeout: {}ms", self.general.idle_timeout);
+        info!(
+            "Log client connections: {}",
+            self.general.log_client_connections
+        );
+        info!(
+            "Log client disconnections: {}",
+            self.general.log_client_disconnections
+        );
+        info!("Shutdown timeout: {}ms", self.general.shutdown_timeout);
+        info!("Healthcheck delay: {}ms", self.general.healthcheck_delay);
+        info!(
+            "Default max server lifetime: {}ms",
+            self.general.server_lifetime
+        );
+        match self.general.tls_certificate.clone() {
+            Some(tls_certificate) => {
+                info!("TLS certificate: {}", tls_certificate);
+
+                match self.general.tls_private_key.clone() {
+                    Some(tls_private_key) => {
+                        info!("TLS private key: {}", tls_private_key);
+                        info!("TLS support is enabled");
+                    }
+
+                    None => (),
+                }
+            }
+
+            None => {
+                info!("TLS support is disabled");
+            }
+        };
+        info!("Server TLS enabled: {}", self.general.server_tls);
+        info!(
+            "Server TLS certificate verification: {}",
+            self.general.verify_server_certificate
+        );
+        info!(
+            "Plugins: {}",
+            match self.plugins {
+                Some(ref plugins) => plugins.to_string(),
+                None => "not configured".into(),
+            }
+        );
+
+        for (pool_name, pool_config) in &self.pools {
+            // TODO: Make this output prettier (maybe a table?)
+            info!(
+                "[pool: {}] Maximum user connections: {}",
+                pool_name,
+                pool_config
+                    .users
+                    .iter()
+                    .map(|(_, user_cfg)| user_cfg.pool_size)
+                    .sum::<u32>()
+                    .to_string()
+            );
+            info!(
+                "[pool: {}] Default pool mode: {}",
+                pool_name,
+                pool_config.pool_mode.to_string()
+            );
+            info!(
+                "[pool: {}] Load Balancing mode: {:?}",
+                pool_name, pool_config.load_balancing_mode
+            );
+            let connect_timeout = match pool_config.connect_timeout {
+                Some(connect_timeout) => connect_timeout,
+                None => self.general.connect_timeout,
+            };
+            info!(
+                "[pool: {}] Connection timeout: {}ms",
+                pool_name, connect_timeout
+            );
+            let idle_timeout = match pool_config.idle_timeout {
+                Some(idle_timeout) => idle_timeout,
+                None => self.general.idle_timeout,
+            };
+            info!("[pool: {}] Idle timeout: {}ms", pool_name, idle_timeout);
+            info!(
+                "[pool: {}] Sharding function: {}",
+                pool_name,
+                pool_config.sharding_function.to_string()
+            );
+            info!(
+                "[pool: {}] Primary reads: {}",
+                pool_name, pool_config.primary_reads_enabled
+            );
+            info!(
+                "[pool: {}] Query router: {}",
+                pool_name, pool_config.query_parser_enabled
+            );
+            info!(
+                "[pool: {}] Number of shards: {}",
+                pool_name,
+                pool_config.shards.len()
+            );
+            info!(
+                "[pool: {}] Number of users: {}",
+                pool_name,
+                pool_config.users.len()
+            );
+            info!(
+                "[pool: {}] Max server lifetime: {}",
+                pool_name,
+                match pool_config.server_lifetime {
+                    Some(server_lifetime) => format!("{}ms", server_lifetime),
+                    None => "default".to_string(),
+                }
+            );
+            info!(
+                "[pool: {}] Plugins: {}",
+                pool_name,
+                match pool_config.plugins {
+                    Some(ref plugins) => plugins.to_string(),
+                    None => "not configured".into(),
+                }
+            );
+
+            for user in &pool_config.users {
+                info!(
+                    "[pool: {}][user: {}] Pool size: {}",
+                    pool_name, user.1.username, user.1.pool_size,
+                );
+                info!(
+                    "[pool: {}][user: {}] Minimum pool size: {}",
+                    pool_name,
+                    user.1.username,
+                    user.1.min_pool_size.unwrap_or(0)
+                );
+                info!(
+                    "[pool: {}][user: {}] Statement timeout: {}",
+                    pool_name, user.1.username, user.1.statement_timeout
+                );
+                info!(
+                    "[pool: {}][user: {}] Pool mode: {}",
+                    pool_name,
+                    user.1.username,
+                    match user.1.pool_mode {
+                        Some(pool_mode) => pool_mode.to_string(),
+                        None => pool_config.pool_mode.to_string(),
+                    }
+                );
+                info!(
+                    "[pool: {}][user: {}] Max server lifetime: {}",
+                    pool_name,
+                    user.1.username,
+                    match user.1.server_lifetime {
+                        Some(server_lifetime) => format!("{}ms", server_lifetime),
+                        None => "default".to_string(),
+                    }
+                );
+            }
+        }
+    }
+
+    pub fn validate(&mut self) -> Result<(), Error> {
+        // Validation for auth_query feature
+        if self.general.auth_query.is_some()
+            && (self.general.auth_query_user.is_none()
+                || self.general.auth_query_password.is_none())
+        {
+            error!(
+                "If auth_query is specified, \
+                you need to provide a value \
+                for `auth_query_user`, \
+                `auth_query_password`"
+            );
+
+            return Err(Error::BadConfig);
+        }
+
+        for (name, pool) in self.pools.iter() {
+            if pool.auth_query.is_some()
+                && (pool.auth_query_user.is_none() || pool.auth_query_password.is_none())
+            {
+                error!(
+                    "Error in pool {{ {} }}. \
+                    If auth_query is specified, you need \
+                    to provide a value for `auth_query_user`, \
+                    `auth_query_password`",
+                    name
+                );
+
+                return Err(Error::BadConfig);
+            }
+
+            for (_name, user_data) in pool.users.iter() {
+                if (pool.auth_query.is_none()
+                    || pool.auth_query_password.is_none()
+                    || pool.auth_query_user.is_none())
+                    && user_data.password.is_none()
+                {
+                    error!(
+                        "Error in pool {{ {} }}. \
+                        You have to specify a user password \
+                        for every pool if auth_query is not specified",
+                        name
+                    );
+
+                    return Err(Error::BadConfig);
+                }
+            }
+        }
+
+        // Validate TLS!
+        match self.general.tls_certificate.clone() {
+            Some(tls_certificate) => {
+                match load_certs(Path::new(&tls_certificate)) {
+                    Ok(_) => {
+                        // Cert is okay, but what about the private key?
+                        match self.general.tls_private_key.clone() {
+                            Some(tls_private_key) => match load_keys(Path::new(&tls_private_key)) {
+                                Ok(_) => (),
+                                Err(err) => {
+                                    error!("tls_private_key is incorrectly configured: {:?}", err);
+                                    return Err(Error::BadConfig);
+                                }
+                            },
+
+                            None => {
+                                error!("tls_certificate is set, but the tls_private_key is not");
+                                return Err(Error::BadConfig);
+                            }
+                        };
+                    }
+
+                    Err(err) => {
+                        error!("tls_certificate is incorrectly configured: {:?}", err);
+                        return Err(Error::BadConfig);
+                    }
+                }
+            }
+            None => (),
+        };
+
+        for pool in self.pools.values_mut() {
+            pool.validate()?;
+        }
+
+        Ok(())
+    }
+}
+
+/// Get a read-only instance of the configuration
+/// from anywhere in the app.
+/// ArcSwap makes this cheap and quick.
+pub fn get_config() -> Config {
+    (*(*CONFIG.load())).clone()
+}
+
+pub fn get_idle_client_in_transaction_timeout() -> u64 {
+    (*(*CONFIG.load()))
+        .general
+        .idle_client_in_transaction_timeout
+}
+
+/// Parse the configuration file located at the path.
+pub async fn parse(path: &str) -> Result<(), Error> {
+    let mut contents = String::new();
+    let mut file = match File::open(path).await {
+        Ok(file) => file,
+        Err(err) => {
+            error!("Could not open '{}': {}", path, err.to_string());
+            return Err(Error::BadConfig);
+        }
+    };
+
+    match file.read_to_string(&mut contents).await {
+        Ok(_) => (),
+        Err(err) => {
+            error!("Could not read config file: {}", err.to_string());
+            return Err(Error::BadConfig);
+        }
+    };
+
+    let mut config: Config = match toml::from_str(&contents) {
+        Ok(config) => config,
+        Err(err) => {
+            error!("Could not parse config file: {}", err.to_string());
+            return Err(Error::BadConfig);
+        }
+    };
+
+    config.fill_up_auth_query_config();
+    config.validate()?;
+
+    config.path = path.to_string();
+
+    // Update the configuration globally.
+    CONFIG.store(Arc::new(config.clone()));
+
+    Ok(())
+}
+
+pub async fn reload_config(client_server_map: ClientServerMap) -> Result<bool, Error> {
+    let old_config = get_config();
+
+    match parse(&old_config.path).await {
+        Ok(()) => (),
+        Err(err) => {
+            error!("Config reload error: {:?}", err);
+            return Err(Error::BadConfig);
+        }
+    };
+
+    let new_config = get_config();
+
+    match CachedResolver::from_config().await {
+        Ok(_) => (),
+        Err(err) => error!("DNS cache reinitialization error: {:?}", err),
+    };
+
+    if old_config != new_config {
+        info!("Config changed, reloading");
+        ConnectionPool::from_config(client_server_map).await?;
+        Ok(true)
+    } else {
+        Ok(false)
+    }
+}
+
+#[cfg(test)]
+mod test {
+    use super::*;
+
+    #[tokio::test]
+    async fn test_config() {
+        parse("pgcat.toml").await.unwrap();
+
+        assert_eq!(get_config().path, "pgcat.toml".to_string());
+
+        assert_eq!(get_config().general.ban_time, 60);
+        assert_eq!(get_config().general.idle_client_in_transaction_timeout, 0);
+        assert_eq!(get_config().general.idle_timeout, 30000);
+        assert_eq!(get_config().pools.len(), 2);
+        assert_eq!(get_config().pools["sharded_db"].shards.len(), 3);
+        assert_eq!(get_config().pools["sharded_db"].idle_timeout, Some(40000));
+        assert_eq!(get_config().pools["simple_db"].shards.len(), 1);
+        assert_eq!(get_config().pools["sharded_db"].users.len(), 2);
+        assert_eq!(get_config().pools["simple_db"].users.len(), 1);
+
+        assert_eq!(
+            get_config().pools["sharded_db"].shards["0"].servers[0].host,
+            "127.0.0.1"
+        );
+        assert_eq!(
+            get_config().pools["sharded_db"].shards["1"].servers[0].role,
+            Role::Primary
+        );
+        assert_eq!(
+            get_config().pools["sharded_db"].shards["1"].database,
+            "shard1"
+        );
+        assert_eq!(
+            get_config().pools["sharded_db"].users["0"].username,
+            "sharding_user"
+        );
+        assert_eq!(
+            get_config().pools["sharded_db"].users["1"]
+                .password
+                .as_ref()
+                .unwrap(),
+            "other_user"
+        );
+        assert_eq!(get_config().pools["sharded_db"].users["1"].pool_size, 21);
+        assert_eq!(get_config().pools["sharded_db"].default_role, "any");
+
+        assert_eq!(
+            get_config().pools["simple_db"].shards["0"].servers[0].host,
+            "127.0.0.1"
+        );
+        assert_eq!(
+            get_config().pools["simple_db"].shards["0"].servers[0].port,
+            5432
+        );
+        assert_eq!(
+            get_config().pools["simple_db"].shards["0"].database,
+            "some_db"
+        );
+        assert_eq!(get_config().pools["simple_db"].default_role, "primary");
+
+        assert_eq!(
+            get_config().pools["simple_db"].users["0"].username,
+            "simple_user"
+        );
+        assert_eq!(
+            get_config().pools["simple_db"].users["0"]
+                .password
+                .as_ref()
+                .unwrap(),
+            "simple_user"
+        );
+        assert_eq!(get_config().pools["simple_db"].users["0"].pool_size, 5);
+        assert_eq!(get_config().general.auth_query, None);
+        assert_eq!(get_config().general.auth_query_user, None);
+        assert_eq!(get_config().general.auth_query_password, None);
+    }
+
+    #[tokio::test]
+    async fn test_serialize_configs() {
+        parse("pgcat.toml").await.unwrap();
+        print!("{}", toml::to_string(&get_config()).unwrap());
+    }
+}

src/constants.rs

@@ -0,0 +1,33 @@
+/// Various protocol constants, as defined in
+/// <https://www.postgresql.org/docs/12/protocol-message-formats.html>
+/// and elsewhere in the source code.
+
+// Used in the StartupMessage to indicate regular handshake.
+pub const PROTOCOL_VERSION_NUMBER: i32 = 196608;
+
+// SSLRequest: used to indicate we want an SSL connection.
+pub const SSL_REQUEST_CODE: i32 = 80877103;
+
+// CancelRequest: the cancel request code.
+pub const CANCEL_REQUEST_CODE: i32 = 80877102;
+
+// AuthenticationMD5Password
+pub const MD5_ENCRYPTED_PASSWORD: i32 = 5;
+
+// SASL
+pub const SASL: i32 = 10;
+pub const SASL_CONTINUE: i32 = 11;
+pub const SASL_FINAL: i32 = 12;
+pub const SCRAM_SHA_256: &str = "SCRAM-SHA-256";
+pub const NONCE_LENGTH: usize = 24;
+
+// AuthenticationOk
+pub const AUTHENTICATION_SUCCESSFUL: i32 = 0;
+
+// ErrorResponse: A code identifying the field type; if zero, this is the message terminator and no string follows.
+pub const MESSAGE_TERMINATOR: u8 = 0;
+
+//
+// Data types
+//
+pub const _OID_INT8: i32 = 20; // bigint

src/dns_cache.rs

@@ -0,0 +1,410 @@
+use crate::config::get_config;
+use crate::errors::Error;
+use arc_swap::ArcSwap;
+use log::{debug, error, info, warn};
+use once_cell::sync::Lazy;
+use std::collections::{HashMap, HashSet};
+use std::io;
+use std::net::IpAddr;
+use std::sync::Arc;
+use std::sync::RwLock;
+use tokio::time::{sleep, Duration};
+use trust_dns_resolver::error::{ResolveError, ResolveResult};
+use trust_dns_resolver::lookup_ip::LookupIp;
+use trust_dns_resolver::TokioAsyncResolver;
+
+/// Cached Resolver Globally available
+pub static CACHED_RESOLVER: Lazy<ArcSwap<CachedResolver>> =
+    Lazy::new(|| ArcSwap::from_pointee(CachedResolver::default()));
+
+// Ip addressed are returned as a set of addresses
+// so we can compare.
+#[derive(Clone, PartialEq, Debug)]
+pub struct AddrSet {
+    set: HashSet<IpAddr>,
+}
+
+impl AddrSet {
+    fn new() -> AddrSet {
+        AddrSet {
+            set: HashSet::new(),
+        }
+    }
+}
+
+impl From<LookupIp> for AddrSet {
+    fn from(lookup_ip: LookupIp) -> Self {
+        let mut addr_set = AddrSet::new();
+        for address in lookup_ip.iter() {
+            addr_set.set.insert(address);
+        }
+        addr_set
+    }
+}
+
+///
+/// A CachedResolver is a DNS resolution cache mechanism with customizable expiration time.
+///
+/// The system works as follows:
+///
+/// When a host is to be resolved, if we have not resolved it before, a new resolution is
+/// executed and stored in the internal cache. Concurrently, every `dns_max_ttl` time, the
+/// cache is refreshed.
+///
+/// # Example:
+///
+/// ```
+/// use pgcat::dns_cache::{CachedResolverConfig, CachedResolver};
+///
+/// # tokio_test::block_on(async {
+/// let config = CachedResolverConfig::default();
+/// let resolver = CachedResolver::new(config, None).await.unwrap();
+/// let addrset = resolver.lookup_ip("www.example.com.").await.unwrap();
+/// # })
+/// ```
+///
+/// // Now the ip resolution is stored in local cache and subsequent
+/// // calls will be returned from cache. Also, the cache is refreshed
+/// // and updated every 10 seconds.
+///
+/// // You can now check if an 'old' lookup differs from what it's currently
+/// // store in cache by using `has_changed`.
+/// resolver.has_changed("www.example.com.", addrset)
+#[derive(Default)]
+pub struct CachedResolver {
+    // The configuration of the cached_resolver.
+    config: CachedResolverConfig,
+
+    // This is the hash that contains the hash.
+    data: Option<RwLock<HashMap<String, AddrSet>>>,
+
+    // The resolver to be used for DNS queries.
+    resolver: Option<TokioAsyncResolver>,
+
+    // The RefreshLoop
+    refresh_loop: RwLock<Option<tokio::task::JoinHandle<()>>>,
+}
+
+///
+/// Configuration
+#[derive(Clone, Debug, Default, PartialEq)]
+pub struct CachedResolverConfig {
+    /// Amount of time in secods that a resolved dns address is considered stale.
+    dns_max_ttl: u64,
+
+    /// Enabled or disabled? (this is so we can reload config)
+    enabled: bool,
+}
+
+impl CachedResolverConfig {
+    fn new(dns_max_ttl: u64, enabled: bool) -> Self {
+        CachedResolverConfig {
+            dns_max_ttl,
+            enabled,
+        }
+    }
+}
+
+impl From<crate::config::Config> for CachedResolverConfig {
+    fn from(config: crate::config::Config) -> Self {
+        CachedResolverConfig::new(config.general.dns_max_ttl, config.general.dns_cache_enabled)
+    }
+}
+
+impl CachedResolver {
+    ///
+    /// Returns a new Arc<CachedResolver> based on passed configuration.
+    /// It also starts the loop that will refresh cache entries.
+    ///
+    /// # Arguments:
+    ///
+    /// * `config` - The `CachedResolverConfig` to be used to create the resolver.
+    ///
+    /// # Example:
+    ///
+    /// ```
+    /// use pgcat::dns_cache::{CachedResolverConfig, CachedResolver};
+    ///
+    /// # tokio_test::block_on(async {
+    /// let config = CachedResolverConfig::default();
+    /// let resolver = CachedResolver::new(config, None).await.unwrap();
+    /// # })
+    /// ```
+    ///
+    pub async fn new(
+        config: CachedResolverConfig,
+        data: Option<HashMap<String, AddrSet>>,
+    ) -> Result<Arc<Self>, io::Error> {
+        // Construct a new Resolver with default configuration options
+        let resolver = Some(TokioAsyncResolver::tokio_from_system_conf()?);
+
+        let data = if let Some(hash) = data {
+            Some(RwLock::new(hash))
+        } else {
+            Some(RwLock::new(HashMap::new()))
+        };
+
+        let instance = Arc::new(Self {
+            config,
+            resolver,
+            data,
+            refresh_loop: RwLock::new(None),
+        });
+
+        if instance.enabled() {
+            info!("Scheduling DNS refresh loop");
+            let refresh_loop = tokio::task::spawn({
+                let instance = instance.clone();
+                async move {
+                    instance.refresh_dns_entries_loop().await;
+                }
+            });
+            *(instance.refresh_loop.write().unwrap()) = Some(refresh_loop);
+        }
+
+        Ok(instance)
+    }
+
+    pub fn enabled(&self) -> bool {
+        self.config.enabled
+    }
+
+    // Schedules the refresher
+    async fn refresh_dns_entries_loop(&self) {
+        let resolver = TokioAsyncResolver::tokio_from_system_conf().unwrap();
+        let interval = Duration::from_secs(self.config.dns_max_ttl);
+        loop {
+            debug!("Begin refreshing cached DNS addresses.");
+            // To minimize the time we hold the lock, we first create
+            // an array with keys.
+            let mut hostnames: Vec<String> = Vec::new();
+            {
+                if let Some(ref data) = self.data {
+                    for hostname in data.read().unwrap().keys() {
+                        hostnames.push(hostname.clone());
+                    }
+                }
+            }
+
+            for hostname in hostnames.iter() {
+                let addrset = self
+                    .fetch_from_cache(hostname.as_str())
+                    .expect("Could not obtain expected address from cache, this should not happen");
+
+                match resolver.lookup_ip(hostname).await {
+                    Ok(lookup_ip) => {
+                        let new_addrset = AddrSet::from(lookup_ip);
+                        debug!(
+                            "Obtained address for host ({}) -> ({:?})",
+                            hostname, new_addrset
+                        );
+
+                        if addrset != new_addrset {
+                            debug!(
+                                "Addr changed from {:?} to {:?} updating cache.",
+                                addrset, new_addrset
+                            );
+                            self.store_in_cache(hostname, new_addrset);
+                        }
+                    }
+                    Err(err) => {
+                        error!(
+                            "There was an error trying to resolv {}: ({}).",
+                            hostname, err
+                        );
+                    }
+                }
+            }
+            debug!("Finished refreshing cached DNS addresses.");
+            sleep(interval).await;
+        }
+    }
+
+    /// Returns a `AddrSet` given the specified hostname.
+    ///
+    /// This method first tries to fetch the value from the cache, if it misses
+    /// then it is resolved and stored in the cache. TTL from records is ignored.
+    ///
+    /// # Arguments
+    ///
+    /// * `host`      - A string slice referencing the hostname to be resolved.
+    ///
+    /// # Example:
+    ///
+    /// ```
+    /// use pgcat::dns_cache::{CachedResolverConfig, CachedResolver};
+    ///
+    /// # tokio_test::block_on(async {
+    /// let config = CachedResolverConfig::default();
+    /// let resolver = CachedResolver::new(config, None).await.unwrap();
+    /// let response = resolver.lookup_ip("www.google.com.");
+    /// # })
+    /// ```
+    ///
+    pub async fn lookup_ip(&self, host: &str) -> ResolveResult<AddrSet> {
+        debug!("Lookup up {} in cache", host);
+        match self.fetch_from_cache(host) {
+            Some(addr_set) => {
+                debug!("Cache hit!");
+                Ok(addr_set)
+            }
+            None => {
+                debug!("Not found, executing a dns query!");
+                if let Some(ref resolver) = self.resolver {
+                    let addr_set = AddrSet::from(resolver.lookup_ip(host).await?);
+                    debug!("Obtained: {:?}", addr_set);
+                    self.store_in_cache(host, addr_set.clone());
+                    Ok(addr_set)
+                } else {
+                    Err(ResolveError::from("No resolver available"))
+                }
+            }
+        }
+    }
+
+    //
+    // Returns true if the stored host resolution differs from the AddrSet passed.
+    pub fn has_changed(&self, host: &str, addr_set: &AddrSet) -> bool {
+        if let Some(fetched_addr_set) = self.fetch_from_cache(host) {
+            return fetched_addr_set != *addr_set;
+        }
+        false
+    }
+
+    // Fetches an AddrSet from the inner cache adquiring the read lock.
+    fn fetch_from_cache(&self, key: &str) -> Option<AddrSet> {
+        if let Some(ref hash) = self.data {
+            if let Some(addr_set) = hash.read().unwrap().get(key) {
+                return Some(addr_set.clone());
+            }
+        }
+        None
+    }
+
+    // Sets up the global CACHED_RESOLVER static variable so we can globally use DNS
+    // cache.
+    pub async fn from_config() -> Result<(), Error> {
+        let cached_resolver = CACHED_RESOLVER.load();
+        let desired_config = CachedResolverConfig::from(get_config());
+
+        if cached_resolver.config != desired_config {
+            if let Some(ref refresh_loop) = *(cached_resolver.refresh_loop.write().unwrap()) {
+                warn!("Killing Dnscache refresh loop as its configuration is being reloaded");
+                refresh_loop.abort()
+            }
+            let new_resolver = if let Some(ref data) = cached_resolver.data {
+                let data = Some(data.read().unwrap().clone());
+                CachedResolver::new(desired_config, data).await
+            } else {
+                CachedResolver::new(desired_config, None).await
+            };
+
+            match new_resolver {
+                Ok(ok) => {
+                    CACHED_RESOLVER.store(ok);
+                    Ok(())
+                }
+                Err(err) => {
+                    let message = format!("Error setting up cached_resolver. Error: {:?}, will continue without this feature.", err);
+                    Err(Error::DNSCachedError(message))
+                }
+            }
+        } else {
+            Ok(())
+        }
+    }
+
+    // Stores the AddrSet in cache adquiring the write lock.
+    fn store_in_cache(&self, host: &str, addr_set: AddrSet) {
+        if let Some(ref data) = self.data {
+            data.write().unwrap().insert(host.to_string(), addr_set);
+        } else {
+            error!("Could not insert, Hash not initialized");
+        }
+    }
+}
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use trust_dns_resolver::error::ResolveError;
+
+    #[tokio::test]
+    async fn new() {
+        let config = CachedResolverConfig {
+            dns_max_ttl: 10,
+            enabled: true,
+        };
+        let resolver = CachedResolver::new(config, None).await;
+        assert!(resolver.is_ok());
+    }
+
+    #[tokio::test]
+    async fn lookup_ip() {
+        let config = CachedResolverConfig {
+            dns_max_ttl: 10,
+            enabled: true,
+        };
+        let resolver = CachedResolver::new(config, None).await.unwrap();
+        let response = resolver.lookup_ip("www.google.com.").await;
+        assert!(response.is_ok());
+    }
+
+    #[tokio::test]
+    async fn has_changed() {
+        let config = CachedResolverConfig {
+            dns_max_ttl: 10,
+            enabled: true,
+        };
+        let resolver = CachedResolver::new(config, None).await.unwrap();
+        let hostname = "www.google.com.";
+        let response = resolver.lookup_ip(hostname).await;
+        let addr_set = response.unwrap();
+        assert!(!resolver.has_changed(hostname, &addr_set));
+    }
+
+    #[tokio::test]
+    async fn unknown_host() {
+        let config = CachedResolverConfig {
+            dns_max_ttl: 10,
+            enabled: true,
+        };
+        let resolver = CachedResolver::new(config, None).await.unwrap();
+        let hostname = "www.idontexists.";
+        let response = resolver.lookup_ip(hostname).await;
+        assert!(matches!(response, Err(ResolveError { .. })));
+    }
+
+    #[tokio::test]
+    async fn incorrect_address() {
+        let config = CachedResolverConfig {
+            dns_max_ttl: 10,
+            enabled: true,
+        };
+        let resolver = CachedResolver::new(config, None).await.unwrap();
+        let hostname = "w  ww.idontexists.";
+        let response = resolver.lookup_ip(hostname).await;
+        assert!(matches!(response, Err(ResolveError { .. })));
+        assert!(!resolver.has_changed(hostname, &AddrSet::new()));
+    }
+
+    #[tokio::test]
+    // Ok, this test is based on the fact that google does DNS RR
+    // and does not responds with every available ip everytime, so
+    // if I cache here, it will miss after one cache iteration or two.
+    async fn thread() {
+        let config = CachedResolverConfig {
+            dns_max_ttl: 10,
+            enabled: true,
+        };
+        let resolver = CachedResolver::new(config, None).await.unwrap();
+        let hostname = "www.google.com.";
+        let response = resolver.lookup_ip(hostname).await;
+        let addr_set = response.unwrap();
+        assert!(!resolver.has_changed(hostname, &addr_set));
+        let resolver_for_refresher = resolver.clone();
+        let _thread_handle = tokio::task::spawn(async move {
+            resolver_for_refresher.refresh_dns_entries_loop().await;
+        });
+        assert!(!resolver.has_changed(hostname, &addr_set));
+    }
+}

src/errors.rs

@@ -0,0 +1,123 @@
+//! Errors.
+
+/// Various errors.
+#[derive(Debug, PartialEq, Clone)]
+pub enum Error {
+    SocketError(String),
+    ClientSocketError(String, ClientIdentifier),
+    ClientGeneralError(String, ClientIdentifier),
+    ClientAuthImpossible(String),
+    ClientAuthPassthroughError(String, ClientIdentifier),
+    ClientBadStartup,
+    ProtocolSyncError(String),
+    BadQuery(String),
+    ServerError,
+    ServerStartupError(String, ServerIdentifier),
+    ServerAuthError(String, ServerIdentifier),
+    BadConfig,
+    AllServersDown,
+    ClientError(String),
+    TlsError,
+    StatementTimeout,
+    DNSCachedError(String),
+    ShuttingDown,
+    ParseBytesError(String),
+    AuthError(String),
+    AuthPassthroughError(String),
+    UnsupportedStatement,
+    QueryRouterParserError(String),
+}
+
+#[derive(Clone, PartialEq, Debug)]
+pub struct ClientIdentifier {
+    pub application_name: String,
+    pub username: String,
+    pub pool_name: String,
+}
+
+impl ClientIdentifier {
+    pub fn new(application_name: &str, username: &str, pool_name: &str) -> ClientIdentifier {
+        ClientIdentifier {
+            application_name: application_name.into(),
+            username: username.into(),
+            pool_name: pool_name.into(),
+        }
+    }
+}
+
+impl std::fmt::Display for ClientIdentifier {
+    fn fmt(&self, f: &mut std::fmt::Formatter) -> std::fmt::Result {
+        write!(
+            f,
+            "{{ application_name: {}, username: {}, pool_name: {} }}",
+            self.application_name, self.username, self.pool_name
+        )
+    }
+}
+
+#[derive(Clone, PartialEq, Debug)]
+pub struct ServerIdentifier {
+    pub username: String,
+    pub database: String,
+}
+
+impl ServerIdentifier {
+    pub fn new(username: &str, database: &str) -> ServerIdentifier {
+        ServerIdentifier {
+            username: username.into(),
+            database: database.into(),
+        }
+    }
+}
+
+impl std::fmt::Display for ServerIdentifier {
+    fn fmt(&self, f: &mut std::fmt::Formatter) -> std::fmt::Result {
+        write!(
+            f,
+            "{{ username: {}, database: {} }}",
+            self.username, self.database
+        )
+    }
+}
+
+impl std::fmt::Display for Error {
+    fn fmt(&self, f: &mut std::fmt::Formatter) -> std::fmt::Result {
+        match &self {
+            &Error::ClientSocketError(error, client_identifier) => write!(
+                f,
+                "Error reading {} from client {}",
+                error, client_identifier
+            ),
+            &Error::ClientGeneralError(error, client_identifier) => {
+                write!(f, "{} {}", error, client_identifier)
+            }
+            &Error::ClientAuthImpossible(username) => write!(
+                f,
+                "Client auth not possible, \
+                no cleartext password set for username: {} \
+                in config and auth passthrough (query_auth) \
+                is not set up.",
+                username
+            ),
+            &Error::ClientAuthPassthroughError(error, client_identifier) => write!(
+                f,
+                "No cleartext password set, \
+                    and no auth passthrough could not \
+                    obtain the hash from server for {}, \
+                    the error was: {}",
+                client_identifier, error
+            ),
+            &Error::ServerStartupError(error, server_identifier) => write!(
+                f,
+                "Error reading {} on server startup {}",
+                error, server_identifier,
+            ),
+            &Error::ServerAuthError(error, server_identifier) => {
+                write!(f, "{} for {}", error, server_identifier,)
+            }
+
+            // The rest can use Debug.
+            err => write!(f, "{:?}", err),
+        }
+    }
+}

src/lib.rs

@@ -0,0 +1,41 @@
+pub mod admin;
+pub mod auth_passthrough;
+pub mod client;
+pub mod config;
+pub mod constants;
+pub mod dns_cache;
+pub mod errors;
+pub mod messages;
+pub mod mirrors;
+pub mod multi_logger;
+pub mod plugins;
+pub mod pool;
+pub mod prometheus;
+pub mod query_router;
+pub mod scram;
+pub mod server;
+pub mod sharding;
+pub mod stats;
+pub mod tls;
+
+/// Format chrono::Duration to be more human-friendly.
+///
+/// # Arguments
+///
+/// * `duration` - A duration of time
+pub fn format_duration(duration: &chrono::Duration) -> String {
+    let milliseconds = format!("{:0>3}", duration.num_milliseconds() % 1000);
+
+    let seconds = format!("{:0>2}", duration.num_seconds() % 60);
+
+    let minutes = format!("{:0>2}", duration.num_minutes() % 60);
+
+    let hours = format!("{:0>2}", duration.num_hours() % 24);
+
+    let days = duration.num_days().to_string();
+
+    format!(
+        "{}d {}:{}:{}.{}",
+        days, hours, minutes, seconds, milliseconds
+    )
+}

src/main.rs

@@ -0,0 +1,346 @@
+// Copyright (c) 2022 Lev Kokotov <hi@levthe.dev>
+
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+extern crate arc_swap;
+extern crate async_trait;
+extern crate bb8;
+extern crate bytes;
+extern crate env_logger;
+extern crate exitcode;
+extern crate log;
+extern crate md5;
+extern crate num_cpus;
+extern crate once_cell;
+extern crate rustls_pemfile;
+extern crate serde;
+extern crate serde_derive;
+extern crate sqlparser;
+extern crate tokio;
+extern crate tokio_rustls;
+extern crate toml;
+extern crate trust_dns_resolver;
+
+#[cfg(not(target_env = "msvc"))]
+use jemallocator::Jemalloc;
+
+#[cfg(not(target_env = "msvc"))]
+#[global_allocator]
+static GLOBAL: Jemalloc = Jemalloc;
+
+use log::{debug, error, info, warn};
+use parking_lot::Mutex;
+use pgcat::format_duration;
+use tokio::net::TcpListener;
+#[cfg(not(windows))]
+use tokio::signal::unix::{signal as unix_signal, SignalKind};
+#[cfg(windows)]
+use tokio::signal::windows as win_signal;
+use tokio::{runtime::Builder, sync::mpsc};
+
+use std::collections::HashMap;
+use std::net::SocketAddr;
+use std::str::FromStr;
+use std::sync::Arc;
+use tokio::sync::broadcast;
+
+use pgcat::config::{get_config, reload_config, VERSION};
+use pgcat::dns_cache;
+use pgcat::messages::configure_socket;
+use pgcat::pool::{ClientServerMap, ConnectionPool};
+use pgcat::prometheus::start_metric_server;
+use pgcat::stats::{Collector, Reporter, REPORTER};
+
+fn main() -> Result<(), Box<dyn std::error::Error>> {
+    pgcat::multi_logger::MultiLogger::init().unwrap();
+
+    info!("Welcome to PgCat! Meow. (Version {})", VERSION);
+
+    if !pgcat::query_router::QueryRouter::setup() {
+        error!("Could not setup query router");
+        std::process::exit(exitcode::CONFIG);
+    }
+
+    let args = std::env::args().collect::<Vec<String>>();
+
+    let config_file = if args.len() == 2 {
+        args[1].to_string()
+    } else {
+        String::from("pgcat.toml")
+    };
+
+    // Create a transient runtime for loading the config for the first time.
+    {
+        let runtime = Builder::new_multi_thread().worker_threads(1).build()?;
+
+        runtime.block_on(async {
+            match pgcat::config::parse(&config_file).await {
+                Ok(_) => (),
+                Err(err) => {
+                    error!("Config parse error: {:?}", err);
+                    std::process::exit(exitcode::CONFIG);
+                }
+            };
+        });
+    }
+
+    let config = get_config();
+
+    // Create the runtime now we know required worker_threads.
+    let runtime = Builder::new_multi_thread()
+        .worker_threads(config.general.worker_threads)
+        .enable_all()
+        .build()?;
+
+    runtime.block_on(async move {
+
+        if let Some(true) = config.general.enable_prometheus_exporter {
+            let http_addr_str = format!(
+                "{}:{}",
+                config.general.host, config.general.prometheus_exporter_port
+            );
+
+            let http_addr = match SocketAddr::from_str(&http_addr_str) {
+                Ok(addr) => addr,
+                Err(err) => {
+                    error!("Invalid http address: {}", err);
+                    std::process::exit(exitcode::CONFIG);
+                }
+            };
+
+            tokio::task::spawn(async move {
+                start_metric_server(http_addr).await;
+            });
+        }
+
+        let addr = format!("{}:{}", config.general.host, config.general.port);
+
+        let listener = match TcpListener::bind(&addr).await {
+            Ok(sock) => sock,
+            Err(err) => {
+                error!("Listener socket error: {:?}", err);
+                std::process::exit(exitcode::CONFIG);
+            }
+        };
+
+        info!("Running on {}", addr);
+
+        config.show();
+
+        // Tracks which client is connected to which server for query cancellation.
+        let client_server_map: ClientServerMap = Arc::new(Mutex::new(HashMap::new()));
+
+        // Statistics reporting.
+        REPORTER.store(Arc::new(Reporter::default()));
+
+        // Starts (if enabled) dns cache before pools initialization
+        match dns_cache::CachedResolver::from_config().await {
+                Ok(_) => (),
+                Err(err) => error!("DNS cache initialization error: {:?}", err),
+        };
+
+        // Connection pool that allows to query all shards and replicas.
+        match ConnectionPool::from_config(client_server_map.clone()).await {
+            Ok(_) => (),
+            Err(err) => {
+                error!("Pool error: {:?}", err);
+                std::process::exit(exitcode::CONFIG);
+            }
+        };
+
+        tokio::task::spawn(async move {
+            let mut stats_collector = Collector::default();
+            stats_collector.collect().await;
+        });
+
+        info!("Config autoreloader: {}", match config.general.autoreload {
+            Some(interval) => format!("{} ms", interval),
+            None => "disabled".into(),
+        });
+
+        if let Some(interval) = config.general.autoreload {
+            let mut autoreload_interval = tokio::time::interval(tokio::time::Duration::from_millis(interval));
+            let autoreload_client_server_map = client_server_map.clone();
+
+            tokio::task::spawn(async move {
+                loop {
+                    autoreload_interval.tick().await;
+                    debug!("Automatically reloading config");
+
+                    if let Ok(changed) = reload_config(autoreload_client_server_map.clone()).await {
+                        if changed {
+                            get_config().show()
+                        }
+                    };
+                }
+            });
+        };
+
+
+
+        #[cfg(windows)]
+        let mut term_signal = win_signal::ctrl_close().unwrap();
+        #[cfg(windows)]
+        let mut interrupt_signal = win_signal::ctrl_c().unwrap();
+        #[cfg(windows)]
+        let mut sighup_signal = win_signal::ctrl_shutdown().unwrap();
+
+        #[cfg(not(windows))]
+        let mut term_signal = unix_signal(SignalKind::terminate()).unwrap();
+        #[cfg(not(windows))]
+        let mut interrupt_signal = unix_signal(SignalKind::interrupt()).unwrap();
+        #[cfg(not(windows))]
+        let mut sighup_signal = unix_signal(SignalKind::hangup()).unwrap();
+        let (shutdown_tx, _) = broadcast::channel::<()>(1);
+        let (drain_tx, mut drain_rx) = mpsc::channel::<i32>(2048);
+        let (exit_tx, mut exit_rx) = mpsc::channel::<()>(1);
+        let mut admin_only = false;
+        let mut total_clients = 0;
+
+        info!("Waiting for clients");
+
+        loop {
+            tokio::select! {
+                // Reload config:
+                // kill -SIGHUP $(pgrep pgcat)
+                _ = sighup_signal.recv() => {
+                    info!("Reloading config");
+
+                    _ = reload_config(client_server_map.clone()).await;
+
+                    get_config().show();
+                },
+
+                // Initiate graceful shutdown sequence on sig int
+                _ = interrupt_signal.recv() => {
+                    info!("Got SIGINT");
+
+                    // Don't want this to happen more than once
+                    if admin_only {
+                        continue;
+                    }
+
+                    admin_only = true;
+
+                    // Broadcast that client tasks need to finish
+                    let _ = shutdown_tx.send(());
+                    let exit_tx = exit_tx.clone();
+                    let _ = drain_tx.send(0).await;
+
+                    tokio::task::spawn(async move {
+                        let mut interval = tokio::time::interval(tokio::time::Duration::from_millis(config.general.shutdown_timeout));
+
+                        // First tick fires immediately.
+                        interval.tick().await;
+
+                        // Second one in the interval time.
+                        interval.tick().await;
+
+                        // We're done waiting.
+                        error!("Graceful shutdown timed out. {} active clients being closed", total_clients);
+
+                        let _ = exit_tx.send(()).await;
+                    });
+                },
+
+                _ = term_signal.recv() => {
+                    info!("Got SIGTERM, closing with {} clients active", total_clients);
+                    break;
+                },
+
+                new_client = listener.accept() => {
+                    let (socket, addr) = match new_client {
+                        Ok((socket, addr)) => (socket, addr),
+                        Err(err) => {
+                            error!("{:?}", err);
+                            continue;
+                        }
+                    };
+
+                    let shutdown_rx = shutdown_tx.subscribe();
+                    let drain_tx = drain_tx.clone();
+                    let client_server_map = client_server_map.clone();
+
+                    let tls_certificate = get_config().general.tls_certificate.clone();
+
+                    configure_socket(&socket);
+
+                    tokio::task::spawn(async move {
+                        let start = chrono::offset::Utc::now().naive_utc();
+
+                        match pgcat::client::client_entrypoint(
+                            socket,
+                            client_server_map,
+                            shutdown_rx,
+                            drain_tx,
+                            admin_only,
+                            tls_certificate,
+                            config.general.log_client_connections,
+                        )
+                        .await
+                        {
+                            Ok(()) => {
+                                let duration = chrono::offset::Utc::now().naive_utc() - start;
+
+                                if get_config().general.log_client_disconnections {
+                                    info!(
+                                        "Client {:?} disconnected, session duration: {}",
+                                        addr,
+                                        format_duration(&duration)
+                                    );
+                                } else {
+                                    debug!(
+                                        "Client {:?} disconnected, session duration: {}",
+                                        addr,
+                                        format_duration(&duration)
+                                    );
+                                }
+                            }
+
+                            Err(err) => {
+                                match err {
+                                    pgcat::errors::Error::ClientBadStartup => debug!("Client disconnected with error {:?}", err),
+                                    _ => warn!("Client disconnected with error {:?}", err),
+                                }
+
+                            }
+                        };
+                    });
+                }
+
+                _ = exit_rx.recv() => {
+                    break;
+                }
+
+                client_ping = drain_rx.recv() => {
+                    let client_ping = client_ping.unwrap();
+                    total_clients += client_ping;
+
+                    if total_clients == 0 && admin_only {
+                        let _ = exit_tx.send(()).await;
+                    }
+                }
+            }
+        }
+
+    info!("Shutting down...");
+    });
+    Ok(())
+}

src/messages.rs

@@ -0,0 +1,691 @@
+/// Helper functions to send one-off protocol messages
+/// and handle TcpStream (TCP socket).
+use bytes::{Buf, BufMut, BytesMut};
+use log::error;
+use md5::{Digest, Md5};
+use socket2::{SockRef, TcpKeepalive};
+use tokio::io::{AsyncReadExt, AsyncWriteExt};
+use tokio::net::TcpStream;
+
+use crate::config::get_config;
+use crate::errors::Error;
+use std::collections::HashMap;
+use std::io::{BufRead, Cursor};
+use std::mem;
+use std::time::Duration;
+
+/// Postgres data type mappings
+/// used in RowDescription ('T') message.
+pub enum DataType {
+    Text,
+    Int4,
+    Numeric,
+    Bool,
+    Oid,
+    AnyArray,
+    Any,
+}
+
+impl From<&DataType> for i32 {
+    fn from(data_type: &DataType) -> i32 {
+        match data_type {
+            DataType::Text => 25,
+            DataType::Int4 => 23,
+            DataType::Numeric => 1700,
+            DataType::Bool => 16,
+            DataType::Oid => 26,
+            DataType::AnyArray => 2277,
+            DataType::Any => 2276,
+        }
+    }
+}
+
+/// Tell the client that authentication handshake completed successfully.
+pub async fn auth_ok<S>(stream: &mut S) -> Result<(), Error>
+where
+    S: tokio::io::AsyncWrite + std::marker::Unpin,
+{
+    let mut auth_ok = BytesMut::with_capacity(9);
+
+    auth_ok.put_u8(b'R');
+    auth_ok.put_i32(8);
+    auth_ok.put_i32(0);
+
+    write_all(stream, auth_ok).await
+}
+
+/// Generate md5 password challenge.
+pub async fn md5_challenge<S>(stream: &mut S) -> Result<[u8; 4], Error>
+where
+    S: tokio::io::AsyncWrite + std::marker::Unpin,
+{
+    // let mut rng = rand::thread_rng();
+    let salt: [u8; 4] = [
+        rand::random(),
+        rand::random(),
+        rand::random(),
+        rand::random(),
+    ];
+
+    let mut res = BytesMut::new();
+    res.put_u8(b'R');
+    res.put_i32(12);
+    res.put_i32(5); // MD5
+    res.put_slice(&salt[..]);
+
+    write_all(stream, res).await?;
+    Ok(salt)
+}
+
+/// Give the client the process_id and secret we generated
+/// used in query cancellation.
+pub async fn backend_key_data<S>(
+    stream: &mut S,
+    backend_id: i32,
+    secret_key: i32,
+) -> Result<(), Error>
+where
+    S: tokio::io::AsyncWrite + std::marker::Unpin,
+{
+    let mut key_data = BytesMut::from(&b"K"[..]);
+    key_data.put_i32(12);
+    key_data.put_i32(backend_id);
+    key_data.put_i32(secret_key);
+
+    write_all(stream, key_data).await
+}
+
+/// Construct a `Q`: Query message.
+pub fn simple_query(query: &str) -> BytesMut {
+    let mut res = BytesMut::from(&b"Q"[..]);
+    let query = format!("{}\0", query);
+
+    res.put_i32(query.len() as i32 + 4);
+    res.put_slice(query.as_bytes());
+
+    res
+}
+
+/// Tell the client we're ready for another query.
+pub async fn ready_for_query<S>(stream: &mut S) -> Result<(), Error>
+where
+    S: tokio::io::AsyncWrite + std::marker::Unpin,
+{
+    let mut bytes = BytesMut::with_capacity(
+        mem::size_of::<u8>() + mem::size_of::<i32>() + mem::size_of::<u8>(),
+    );
+
+    bytes.put_u8(b'Z');
+    bytes.put_i32(5);
+    bytes.put_u8(b'I'); // Idle
+
+    write_all(stream, bytes).await
+}
+
+/// Send the startup packet the server. We're pretending we're a Pg client.
+/// This tells the server which user we are and what database we want.
+pub async fn startup<S>(stream: &mut S, user: &str, database: &str) -> Result<(), Error>
+where
+    S: tokio::io::AsyncWrite + std::marker::Unpin,
+{
+    let mut bytes = BytesMut::with_capacity(25);
+
+    bytes.put_i32(196608); // Protocol number
+
+    // User
+    bytes.put(&b"user\0"[..]);
+    bytes.put_slice(user.as_bytes());
+    bytes.put_u8(0);
+
+    // Database
+    bytes.put(&b"database\0"[..]);
+    bytes.put_slice(database.as_bytes());
+    bytes.put_u8(0);
+    bytes.put_u8(0); // Null terminator
+
+    let len = bytes.len() as i32 + 4i32;
+
+    let mut startup = BytesMut::with_capacity(len as usize);
+
+    startup.put_i32(len);
+    startup.put(bytes);
+
+    match stream.write_all(&startup).await {
+        Ok(_) => Ok(()),
+        Err(err) => {
+            return Err(Error::SocketError(format!(
+                "Error writing startup to server socket - Error: {:?}",
+                err
+            )))
+        }
+    }
+}
+
+pub async fn ssl_request(stream: &mut TcpStream) -> Result<(), Error> {
+    let mut bytes = BytesMut::with_capacity(12);
+
+    bytes.put_i32(8);
+    bytes.put_i32(80877103);
+
+    match stream.write_all(&bytes).await {
+        Ok(_) => Ok(()),
+        Err(err) => Err(Error::SocketError(format!(
+            "Error writing SSLRequest to server socket - Error: {:?}",
+            err
+        ))),
+    }
+}
+
+/// Parse the params the server sends as a key/value format.
+pub fn parse_params(mut bytes: BytesMut) -> Result<HashMap<String, String>, Error> {
+    let mut result = HashMap::new();
+    let mut buf = Vec::new();
+    let mut tmp = String::new();
+
+    while bytes.has_remaining() {
+        let mut c = bytes.get_u8();
+
+        // Null-terminated C-strings.
+        while c != 0 {
+            tmp.push(c as char);
+            c = bytes.get_u8();
+        }
+
+        if !tmp.is_empty() {
+            buf.push(tmp.clone());
+            tmp.clear();
+        }
+    }
+
+    // Expect pairs of name and value
+    // and at least one pair to be present.
+    if buf.len() % 2 != 0 || buf.len() < 2 {
+        return Err(Error::ClientBadStartup);
+    }
+
+    let mut i = 0;
+    while i < buf.len() {
+        let name = buf[i].clone();
+        let value = buf[i + 1].clone();
+        let _ = result.insert(name, value);
+        i += 2;
+    }
+
+    Ok(result)
+}
+
+/// Parse StartupMessage parameters.
+/// e.g. user, database, application_name, etc.
+pub fn parse_startup(bytes: BytesMut) -> Result<HashMap<String, String>, Error> {
+    let result = parse_params(bytes)?;
+
+    // Minimum required parameters
+    // I want to have the user at the very minimum, according to the protocol spec.
+    if !result.contains_key("user") {
+        return Err(Error::ClientBadStartup);
+    }
+
+    Ok(result)
+}
+
+/// Create md5 password hash given a salt.
+pub fn md5_hash_password(user: &str, password: &str, salt: &[u8]) -> Vec<u8> {
+    let mut md5 = Md5::new();
+
+    // First pass
+    md5.update(&password.as_bytes());
+    md5.update(&user.as_bytes());
+
+    let output = md5.finalize_reset();
+
+    // Second pass
+    md5_hash_second_pass(&(format!("{:x}", output)), salt)
+}
+
+pub fn md5_hash_second_pass(hash: &str, salt: &[u8]) -> Vec<u8> {
+    let mut md5 = Md5::new();
+    // Second pass
+    md5.update(hash);
+    md5.update(salt);
+
+    let mut password = format!("md5{:x}", md5.finalize())
+        .chars()
+        .map(|x| x as u8)
+        .collect::<Vec<u8>>();
+    password.push(0);
+
+    password
+}
+
+/// Send password challenge response to the server.
+/// This is the MD5 challenge.
+pub async fn md5_password<S>(
+    stream: &mut S,
+    user: &str,
+    password: &str,
+    salt: &[u8],
+) -> Result<(), Error>
+where
+    S: tokio::io::AsyncWrite + std::marker::Unpin,
+{
+    let password = md5_hash_password(user, password, salt);
+
+    let mut message = BytesMut::with_capacity(password.len() as usize + 5);
+
+    message.put_u8(b'p');
+    message.put_i32(password.len() as i32 + 4);
+    message.put_slice(&password[..]);
+
+    write_all(stream, message).await
+}
+
+pub async fn md5_password_with_hash<S>(stream: &mut S, hash: &str, salt: &[u8]) -> Result<(), Error>
+where
+    S: tokio::io::AsyncWrite + std::marker::Unpin,
+{
+    let password = md5_hash_second_pass(hash, salt);
+    let mut message = BytesMut::with_capacity(password.len() as usize + 5);
+
+    message.put_u8(b'p');
+    message.put_i32(password.len() as i32 + 4);
+    message.put_slice(&password[..]);
+
+    write_all(stream, message).await
+}
+
+/// Implements a response to our custom `SET SHARDING KEY`
+/// and `SET SERVER ROLE` commands.
+/// This tells the client we're ready for the next query.
+pub async fn custom_protocol_response_ok<S>(stream: &mut S, message: &str) -> Result<(), Error>
+where
+    S: tokio::io::AsyncWrite + std::marker::Unpin,
+{
+    let mut res = BytesMut::with_capacity(25);
+
+    let set_complete = BytesMut::from(&format!("{}\0", message)[..]);
+    let len = (set_complete.len() + 4) as i32;
+
+    // CommandComplete
+    res.put_u8(b'C');
+    res.put_i32(len);
+    res.put_slice(&set_complete[..]);
+
+    write_all_half(stream, &res).await?;
+    ready_for_query(stream).await
+}
+
+/// Send a custom error message to the client.
+/// Tell the client we are ready for the next query and no rollback is necessary.
+/// Docs on error codes: <https://www.postgresql.org/docs/12/errcodes-appendix.html>.
+pub async fn error_response<S>(stream: &mut S, message: &str) -> Result<(), Error>
+where
+    S: tokio::io::AsyncWrite + std::marker::Unpin,
+{
+    error_response_terminal(stream, message).await?;
+    ready_for_query(stream).await
+}
+
+/// Send a custom error message to the client.
+/// Tell the client we are ready for the next query and no rollback is necessary.
+/// Docs on error codes: <https://www.postgresql.org/docs/12/errcodes-appendix.html>.
+pub async fn error_response_terminal<S>(stream: &mut S, message: &str) -> Result<(), Error>
+where
+    S: tokio::io::AsyncWrite + std::marker::Unpin,
+{
+    let mut error = BytesMut::new();
+
+    // Error level
+    error.put_u8(b'S');
+    error.put_slice(&b"FATAL\0"[..]);
+
+    // Error level (non-translatable)
+    error.put_u8(b'V');
+    error.put_slice(&b"FATAL\0"[..]);
+
+    // Error code: not sure how much this matters.
+    error.put_u8(b'C');
+    error.put_slice(&b"58000\0"[..]); // system_error, see Appendix A.
+
+    // The short error message.
+    error.put_u8(b'M');
+    error.put_slice(format!("{}\0", message).as_bytes());
+
+    // No more fields follow.
+    error.put_u8(0);
+
+    // Compose the two message reply.
+    let mut res = BytesMut::with_capacity(error.len() + 5);
+
+    res.put_u8(b'E');
+    res.put_i32(error.len() as i32 + 4);
+    res.put(error);
+
+    write_all_half(stream, &res).await
+}
+
+pub async fn wrong_password<S>(stream: &mut S, user: &str) -> Result<(), Error>
+where
+    S: tokio::io::AsyncWrite + std::marker::Unpin,
+{
+    let mut error = BytesMut::new();
+
+    // Error level
+    error.put_u8(b'S');
+    error.put_slice(&b"FATAL\0"[..]);
+
+    // Error level (non-translatable)
+    error.put_u8(b'V');
+    error.put_slice(&b"FATAL\0"[..]);
+
+    // Error code: not sure how much this matters.
+    error.put_u8(b'C');
+    error.put_slice(&b"28P01\0"[..]); // system_error, see Appendix A.
+
+    // The short error message.
+    error.put_u8(b'M');
+    error.put_slice(format!("password authentication failed for user \"{}\"\0", user).as_bytes());
+
+    // No more fields follow.
+    error.put_u8(0);
+
+    // Compose the two message reply.
+    let mut res = BytesMut::new();
+
+    res.put_u8(b'E');
+    res.put_i32(error.len() as i32 + 4);
+
+    res.put(error);
+
+    write_all(stream, res).await
+}
+
+/// Respond to a SHOW SHARD command.
+pub async fn show_response<S>(stream: &mut S, name: &str, value: &str) -> Result<(), Error>
+where
+    S: tokio::io::AsyncWrite + std::marker::Unpin,
+{
+    // A SELECT response consists of:
+    // 1. RowDescription
+    // 2. One or more DataRow
+    // 3. CommandComplete
+    // 4. ReadyForQuery
+
+    // The final messages sent to the client
+    let mut res = BytesMut::new();
+
+    // RowDescription
+    res.put(row_description(&vec![(name, DataType::Text)]));
+
+    // DataRow
+    res.put(data_row(&vec![value.to_string()]));
+
+    // CommandComplete
+    res.put(command_complete("SELECT 1"));
+
+    write_all_half(stream, &res).await?;
+    ready_for_query(stream).await
+}
+
+pub fn row_description(columns: &Vec<(&str, DataType)>) -> BytesMut {
+    let mut res = BytesMut::new();
+    let mut row_desc = BytesMut::new();
+
+    // how many columns we are storing
+    row_desc.put_i16(columns.len() as i16);
+
+    for (name, data_type) in columns {
+        // Column name
+        row_desc.put_slice(format!("{}\0", name).as_bytes());
+
+        // Doesn't belong to any table
+        row_desc.put_i32(0);
+
+        // Doesn't belong to any table
+        row_desc.put_i16(0);
+
+        // Text
+        row_desc.put_i32(data_type.into());
+
+        // Text size = variable (-1)
+        let type_size = match data_type {
+            DataType::Text => -1,
+            DataType::Int4 => 4,
+            DataType::Numeric => -1,
+            DataType::Bool => 1,
+            DataType::Oid => 4,
+            DataType::AnyArray => -1,
+            DataType::Any => -1,
+        };
+
+        row_desc.put_i16(type_size);
+
+        // Type modifier: none that I know
+        row_desc.put_i32(-1);
+
+        // Format being used: text (0), binary (1)
+        row_desc.put_i16(0);
+    }
+
+    res.put_u8(b'T');
+    res.put_i32(row_desc.len() as i32 + 4);
+    res.put(row_desc);
+
+    res
+}
+
+/// Create a DataRow message.
+pub fn data_row(row: &Vec<String>) -> BytesMut {
+    let mut res = BytesMut::new();
+    let mut data_row = BytesMut::new();
+
+    data_row.put_i16(row.len() as i16);
+
+    for column in row {
+        let column = column.as_bytes();
+        data_row.put_i32(column.len() as i32);
+        data_row.put_slice(column);
+    }
+
+    res.put_u8(b'D');
+    res.put_i32(data_row.len() as i32 + 4);
+    res.put(data_row);
+
+    res
+}
+
+pub fn data_row_nullable(row: &Vec<Option<String>>) -> BytesMut {
+    let mut res = BytesMut::new();
+    let mut data_row = BytesMut::new();
+
+    data_row.put_i16(row.len() as i16);
+
+    for column in row {
+        if let Some(column) = column {
+            let column = column.as_bytes();
+            data_row.put_i32(column.len() as i32);
+            data_row.put_slice(column);
+        } else {
+            data_row.put_i32(-1 as i32);
+        }
+    }
+
+    res.put_u8(b'D');
+    res.put_i32(data_row.len() as i32 + 4);
+    res.put(data_row);
+
+    res
+}
+
+/// Create a CommandComplete message.
+pub fn command_complete(command: &str) -> BytesMut {
+    let cmd = BytesMut::from(format!("{}\0", command).as_bytes());
+    let mut res = BytesMut::new();
+    res.put_u8(b'C');
+    res.put_i32(cmd.len() as i32 + 4);
+    res.put(cmd);
+    res
+}
+
+/// Write all data in the buffer to the TcpStream.
+pub async fn write_all<S>(stream: &mut S, buf: BytesMut) -> Result<(), Error>
+where
+    S: tokio::io::AsyncWrite + std::marker::Unpin,
+{
+    match stream.write_all(&buf).await {
+        Ok(_) => Ok(()),
+        Err(err) => {
+            return Err(Error::SocketError(format!(
+                "Error writing to socket - Error: {:?}",
+                err
+            )))
+        }
+    }
+}
+
+/// Write all the data in the buffer to the TcpStream, write owned half (see mpsc).
+pub async fn write_all_half<S>(stream: &mut S, buf: &BytesMut) -> Result<(), Error>
+where
+    S: tokio::io::AsyncWrite + std::marker::Unpin,
+{
+    match stream.write_all(buf).await {
+        Ok(_) => Ok(()),
+        Err(err) => {
+            return Err(Error::SocketError(format!(
+                "Error writing to socket - Error: {:?}",
+                err
+            )))
+        }
+    }
+}
+
+pub async fn write_all_flush<S>(stream: &mut S, buf: &[u8]) -> Result<(), Error>
+where
+    S: tokio::io::AsyncWrite + std::marker::Unpin,
+{
+    match stream.write_all(buf).await {
+        Ok(_) => match stream.flush().await {
+            Ok(_) => Ok(()),
+            Err(err) => {
+                return Err(Error::SocketError(format!(
+                    "Error flushing socket - Error: {:?}",
+                    err
+                )))
+            }
+        },
+        Err(err) => {
+            return Err(Error::SocketError(format!(
+                "Error writing to socket - Error: {:?}",
+                err
+            )))
+        }
+    }
+}
+
+/// Read a complete message from the socket.
+pub async fn read_message<S>(stream: &mut S) -> Result<BytesMut, Error>
+where
+    S: tokio::io::AsyncRead + std::marker::Unpin,
+{
+    let code = match stream.read_u8().await {
+        Ok(code) => code,
+        Err(err) => {
+            return Err(Error::SocketError(format!(
+                "Error reading message code from socket - Error {:?}",
+                err
+            )))
+        }
+    };
+
+    let len = match stream.read_i32().await {
+        Ok(len) => len,
+        Err(err) => {
+            return Err(Error::SocketError(format!(
+                "Error reading message len from socket - Code: {:?}, Error: {:?}",
+                code, err
+            )))
+        }
+    };
+
+    let mut bytes = BytesMut::with_capacity(len as usize + 1);
+
+    bytes.put_u8(code);
+    bytes.put_i32(len);
+
+    bytes.resize(bytes.len() + len as usize - mem::size_of::<i32>(), b'0');
+
+    let slice_start = mem::size_of::<u8>() + mem::size_of::<i32>();
+    let slice_end = slice_start + len as usize - mem::size_of::<i32>();
+
+    // Avoids a panic
+    if slice_end < slice_start {
+        return Err(Error::SocketError(format!(
+            "Error reading message from socket - Code: {:?} - Length {:?}, Error: {:?}",
+            code, len, "Unexpected length value for message"
+        )));
+    }
+
+    match stream.read_exact(&mut bytes[slice_start..slice_end]).await {
+        Ok(_) => (),
+        Err(err) => {
+            return Err(Error::SocketError(format!(
+                "Error reading message from socket - Code: {:?}, Error: {:?}",
+                code, err
+            )))
+        }
+    };
+
+    Ok(bytes)
+}
+
+pub fn server_parameter_message(key: &str, value: &str) -> BytesMut {
+    let mut server_info = BytesMut::new();
+
+    let null_byte_size = 1;
+    let len: usize =
+        mem::size_of::<i32>() + key.len() + null_byte_size + value.len() + null_byte_size;
+
+    server_info.put_slice("S".as_bytes());
+    server_info.put_i32(len.try_into().unwrap());
+    server_info.put_slice(key.as_bytes());
+    server_info.put_bytes(0, 1);
+    server_info.put_slice(value.as_bytes());
+    server_info.put_bytes(0, 1);
+
+    server_info
+}
+
+pub fn configure_socket(stream: &TcpStream) {
+    let sock_ref = SockRef::from(stream);
+    let conf = get_config();
+
+    match sock_ref.set_keepalive(true) {
+        Ok(_) => {
+            match sock_ref.set_tcp_keepalive(
+                &TcpKeepalive::new()
+                    .with_interval(Duration::from_secs(conf.general.tcp_keepalives_interval))
+                    .with_retries(conf.general.tcp_keepalives_count)
+                    .with_time(Duration::from_secs(conf.general.tcp_keepalives_idle)),
+            ) {
+                Ok(_) => (),
+                Err(err) => error!("Could not configure socket: {}", err),
+            }
+        }
+        Err(err) => error!("Could not configure socket: {}", err),
+    }
+}
+
+pub trait BytesMutReader {
+    fn read_string(&mut self) -> Result<String, Error>;
+}
+
+impl BytesMutReader for Cursor<&BytesMut> {
+    /// Should only be used when reading strings from the message protocol.
+    /// Can be used to read multiple strings from the same message which are separated by the null byte
+    fn read_string(&mut self) -> Result<String, Error> {
+        let mut buf = vec![];
+        match self.read_until(b'\0', &mut buf) {
+            Ok(_) => Ok(String::from_utf8_lossy(&buf[..buf.len() - 1]).to_string()),
+            Err(err) => return Err(Error::ParseBytesError(err.to_string())),
+        }
+    }
+}

src/mirrors.rs

@@ -0,0 +1,188 @@
+use std::sync::Arc;
+
+/// A mirrored PostgreSQL client.
+/// Packets arrive to us through a channel from the main client and we send them to the server.
+use bb8::Pool;
+use bytes::{Bytes, BytesMut};
+use parking_lot::RwLock;
+
+use crate::config::{get_config, Address, Role, User};
+use crate::pool::{ClientServerMap, PoolIdentifier, ServerPool};
+use crate::stats::PoolStats;
+use log::{error, info, trace, warn};
+use tokio::sync::mpsc::{channel, Receiver, Sender};
+
+pub struct MirroredClient {
+    address: Address,
+    user: User,
+    database: String,
+    bytes_rx: Receiver<Bytes>,
+    disconnect_rx: Receiver<()>,
+}
+
+impl MirroredClient {
+    async fn create_pool(&self) -> Pool<ServerPool> {
+        let config = get_config();
+        let default = std::time::Duration::from_millis(10_000).as_millis() as u64;
+        let (connection_timeout, idle_timeout, cfg) =
+            match config.pools.get(&self.address.pool_name) {
+                Some(cfg) => (
+                    cfg.connect_timeout.unwrap_or(default),
+                    cfg.idle_timeout.unwrap_or(default),
+                    cfg.clone(),
+                ),
+                None => (default, default, crate::config::Pool::default()),
+            };
+
+        let identifier = PoolIdentifier::new(&self.database, &self.user.username);
+
+        let manager = ServerPool::new(
+            self.address.clone(),
+            self.user.clone(),
+            self.database.as_str(),
+            ClientServerMap::default(),
+            Arc::new(PoolStats::new(identifier, cfg.clone())),
+            Arc::new(RwLock::new(None)),
+            None,
+        );
+
+        Pool::builder()
+            .max_size(1)
+            .connection_timeout(std::time::Duration::from_millis(connection_timeout))
+            .idle_timeout(Some(std::time::Duration::from_millis(idle_timeout)))
+            .test_on_check_out(false)
+            .build(manager)
+            .await
+            .unwrap()
+    }
+
+    pub fn start(mut self) {
+        tokio::spawn(async move {
+            let pool = self.create_pool().await;
+            let address = self.address.clone();
+            loop {
+                let mut server = match pool.get().await {
+                    Ok(server) => server,
+                    Err(err) => {
+                        error!(
+                            "Failed to get connection from pool, Discarding message {:?}, {:?}",
+                            err,
+                            address.clone()
+                        );
+                        continue;
+                    }
+                };
+
+                tokio::select! {
+                    // Exit channel events
+                    _ = self.disconnect_rx.recv() => {
+                        info!("Got mirror exit signal, exiting {:?}", address.clone());
+                        break;
+                    }
+
+                    // Incoming data from server (we read to clear the socket buffer and discard the data)
+                    recv_result = server.recv() => {
+                        match recv_result {
+                            Ok(message) => trace!("Received from mirror: {} {:?}", String::from_utf8_lossy(&message[..]), address.clone()),
+                            Err(err) => {
+                                server.mark_bad();
+                                error!("Failed to receive from mirror {:?} {:?}", err, address.clone());
+                            }
+                        }
+                    }
+
+                    // Messages to send to the server
+                    message = self.bytes_rx.recv() => {
+                        match message {
+                            Some(bytes) => {
+                                match server.send(&BytesMut::from(&bytes[..])).await {
+                                    Ok(_) => trace!("Sent to mirror: {} {:?}", String::from_utf8_lossy(&bytes[..]), address.clone()),
+                                    Err(err) => {
+                                        server.mark_bad();
+                                        error!("Failed to send to mirror, Discarding message {:?}, {:?}", err, address.clone())
+                                    }
+                                }
+                            }
+                            None => {
+                                info!("Mirror channel closed, exiting {:?}", address.clone());
+                                break;
+                            },
+                        }
+                    }
+                }
+            }
+        });
+    }
+}
+pub struct MirroringManager {
+    pub byte_senders: Vec<Sender<Bytes>>,
+    pub disconnect_senders: Vec<Sender<()>>,
+}
+impl MirroringManager {
+    pub fn from_addresses(
+        user: User,
+        database: String,
+        addresses: Vec<Address>,
+    ) -> MirroringManager {
+        let mut byte_senders: Vec<Sender<Bytes>> = vec![];
+        let mut exit_senders: Vec<Sender<()>> = vec![];
+
+        addresses.iter().for_each(|mirror| {
+            let (bytes_tx, bytes_rx) = channel::<Bytes>(10);
+            let (exit_tx, exit_rx) = channel::<()>(1);
+            let mut addr = mirror.clone();
+            addr.role = Role::Mirror;
+            let client = MirroredClient {
+                user: user.clone(),
+                database: database.to_owned(),
+                address: addr,
+                bytes_rx,
+                disconnect_rx: exit_rx,
+            };
+            exit_senders.push(exit_tx.clone());
+            byte_senders.push(bytes_tx.clone());
+            client.start();
+        });
+
+        Self {
+            byte_senders: byte_senders,
+            disconnect_senders: exit_senders,
+        }
+    }
+
+    pub fn send(self: &mut Self, bytes: &BytesMut) {
+        // We want to avoid performing an allocation if we won't be able to send the message
+        // There is a possibility of a race here where we check the capacity and then the channel is
+        // closed or the capacity is reduced to 0, but mirroring is best effort anyway
+        if self
+            .byte_senders
+            .iter()
+            .all(|sender| sender.capacity() == 0 || sender.is_closed())
+        {
+            return;
+        }
+        let immutable_bytes = bytes.clone().freeze();
+        self.byte_senders.iter_mut().for_each(|sender| {
+            match sender.try_send(immutable_bytes.clone()) {
+                Ok(_) => {}
+                Err(err) => {
+                    warn!("Failed to send bytes to a mirror channel {}", err);
+                }
+            }
+        });
+    }
+
+    pub fn disconnect(self: &mut Self) {
+        self.disconnect_senders
+            .iter_mut()
+            .for_each(|sender| match sender.try_send(()) {
+                Ok(_) => {}
+                Err(err) => {
+                    warn!(
+                        "Failed to send disconnect signal to a mirror channel {}",
+                        err
+                    );
+                }
+            });
+    }
+}

src/multi_logger.rs

@@ -0,0 +1,80 @@
+use log::{Level, Log, Metadata, Record, SetLoggerError};
+
+// This is a special kind of logger that allows sending logs to different
+// targets depending on the log level.
+//
+// By default, if nothing is set, it acts as a regular env_log logger,
+// it sends everything to standard error.
+//
+// If the Env variable `STDOUT_LOG` is defined, it will be used for
+// configuring the standard out logger.
+//
+// The behavior is:
+//   - If it is an error, the message is written to standard error.
+//   - If it is not, and it matches the log level of the standard output logger (`STDOUT_LOG` env var), it will be send to standard output.
+//   - If the above is not true, it is sent to the stderr logger that will log it or not depending on the value
+//     of the RUST_LOG env var.
+//
+// So to summarize, if no `STDOUT_LOG` env var is present, the logger is the default logger. If `STDOUT_LOG` is set, everything
+// but errors, that matches the log level set in the `STDOUT_LOG` env var is sent to stdout. You can have also some esoteric configuration
+// where you set `RUST_LOG=debug` and `STDOUT_LOG=info`, in here, errors will go to stderr, warns and infos to stdout and debugs to stderr.
+//
+pub struct MultiLogger {
+    stderr_logger: env_logger::Logger,
+    stdout_logger: env_logger::Logger,
+}
+
+impl MultiLogger {
+    fn new() -> Self {
+        let stderr_logger = env_logger::builder().format_timestamp_micros().build();
+        let stdout_logger = env_logger::Builder::from_env("STDOUT_LOG")
+            .format_timestamp_micros()
+            .target(env_logger::Target::Stdout)
+            .build();
+
+        Self {
+            stderr_logger,
+            stdout_logger,
+        }
+    }
+
+    pub fn init() -> Result<(), SetLoggerError> {
+        let logger = Self::new();
+
+        log::set_max_level(logger.stderr_logger.filter());
+        log::set_boxed_logger(Box::new(logger))
+    }
+}
+
+impl Log for MultiLogger {
+    fn enabled(&self, metadata: &Metadata) -> bool {
+        self.stderr_logger.enabled(metadata) && self.stdout_logger.enabled(metadata)
+    }
+
+    fn log(&self, record: &Record) {
+        if record.level() == Level::Error {
+            self.stderr_logger.log(record);
+        } else {
+            if self.stdout_logger.matches(record) {
+                self.stdout_logger.log(record);
+            } else {
+                self.stderr_logger.log(record);
+            }
+        }
+    }
+
+    fn flush(&self) {
+        self.stderr_logger.flush();
+        self.stdout_logger.flush();
+    }
+}
+
+#[cfg(test)]
+mod test {
+    use super::*;
+
+    #[test]
+    fn test_init() {
+        MultiLogger::init().unwrap();
+    }
+}

src/plugins/intercept.rs

@@ -0,0 +1,120 @@
+//! The intercept plugin.
+//!
+//! It intercepts queries and returns fake results.
+
+use async_trait::async_trait;
+use bytes::{BufMut, BytesMut};
+use serde::{Deserialize, Serialize};
+use sqlparser::ast::Statement;
+
+use log::debug;
+
+use crate::{
+    config::Intercept as InterceptConfig,
+    errors::Error,
+    messages::{command_complete, data_row_nullable, row_description, DataType},
+    plugins::{Plugin, PluginOutput},
+    query_router::QueryRouter,
+};
+
+// TODO: use these structs for deserialization
+#[derive(Serialize, Deserialize)]
+pub struct Rule {
+    query: String,
+    schema: Vec<Column>,
+    result: Vec<Vec<String>>,
+}
+
+#[derive(Serialize, Deserialize)]
+pub struct Column {
+    name: String,
+    data_type: String,
+}
+
+/// The intercept plugin.
+pub struct Intercept<'a> {
+    pub enabled: bool,
+    pub config: &'a InterceptConfig,
+}
+
+#[async_trait]
+impl<'a> Plugin for Intercept<'a> {
+    async fn run(
+        &mut self,
+        query_router: &QueryRouter,
+        ast: &Vec<Statement>,
+    ) -> Result<PluginOutput, Error> {
+        if !self.enabled || ast.is_empty() {
+            return Ok(PluginOutput::Allow);
+        }
+
+        let mut config = self.config.clone();
+        config.substitute(
+            &query_router.pool_settings().db,
+            &query_router.pool_settings().user.username,
+        );
+
+        let mut result = BytesMut::new();
+
+        for q in ast {
+            // Normalization
+            let q = q.to_string().to_ascii_lowercase();
+
+            for (_, target) in config.queries.iter() {
+                if target.query.as_str() == q {
+                    debug!("Intercepting query: {}", q);
+
+                    let rd = target
+                        .schema
+                        .iter()
+                        .map(|row| {
+                            let name = &row[0];
+                            let data_type = &row[1];
+                            (
+                                name.as_str(),
+                                match data_type.as_str() {
+                                    "text" => DataType::Text,
+                                    "anyarray" => DataType::AnyArray,
+                                    "oid" => DataType::Oid,
+                                    "bool" => DataType::Bool,
+                                    "int4" => DataType::Int4,
+                                    _ => DataType::Any,
+                                },
+                            )
+                        })
+                        .collect::<Vec<(&str, DataType)>>();
+
+                    result.put(row_description(&rd));
+
+                    target.result.iter().for_each(|row| {
+                        let row = row
+                            .iter()
+                            .map(|s| {
+                                let s = s.as_str().to_string();
+
+                                if s == "" {
+                                    None
+                                } else {
+                                    Some(s)
+                                }
+                            })
+                            .collect::<Vec<Option<String>>>();
+                        result.put(data_row_nullable(&row));
+                    });
+
+                    result.put(command_complete("SELECT"));
+                }
+            }
+        }
+
+        if !result.is_empty() {
+            result.put_u8(b'Z');
+            result.put_i32(5);
+            result.put_u8(b'I');
+
+            return Ok(PluginOutput::Intercept(result));
+        } else {
+            Ok(PluginOutput::Allow)
+        }
+    }
+}

src/plugins/mod.rs

@@ -0,0 +1,44 @@
+//! The plugin ecosystem.
+//!
+//! Currently plugins only grant access or deny access to the database for a particual query.
+//! Example use cases:
+//!   - block known bad queries
+//!   - block access to system catalogs
+//!   - block dangerous modifications like `DROP TABLE`
+//!   - etc
+//!
+
+pub mod intercept;
+pub mod prewarmer;
+pub mod query_logger;
+pub mod table_access;
+
+use crate::{errors::Error, query_router::QueryRouter};
+use async_trait::async_trait;
+use bytes::BytesMut;
+use sqlparser::ast::Statement;
+
+pub use intercept::Intercept;
+pub use query_logger::QueryLogger;
+pub use table_access::TableAccess;
+
+#[derive(Clone, Debug, PartialEq)]
+pub enum PluginOutput {
+    Allow,
+    Deny(String),
+    Overwrite(Vec<Statement>),
+    Intercept(BytesMut),
+}
+
+#[async_trait]
+pub trait Plugin {
+    // Run before the query is sent to the server.
+    async fn run(
+        &mut self,
+        query_router: &QueryRouter,
+        ast: &Vec<Statement>,
+    ) -> Result<PluginOutput, Error>;
+
+    // TODO: run after the result is returned
+    // async fn callback(&mut self, query_router: &QueryRouter);
+}

src/plugins/prewarmer.rs

@@ -0,0 +1,28 @@
+//! Prewarm new connections before giving them to the client.
+use crate::{errors::Error, server::Server};
+use log::info;
+
+pub struct Prewarmer<'a> {
+    pub enabled: bool,
+    pub server: &'a mut Server,
+    pub queries: &'a Vec<String>,
+}
+
+impl<'a> Prewarmer<'a> {
+    pub async fn run(&mut self) -> Result<(), Error> {
+        if !self.enabled {
+            return Ok(());
+        }
+
+        for query in self.queries {
+            info!(
+                "{} Prewarning with query: `{}`",
+                self.server.address(),
+                query
+            );
+            self.server.query(&query).await?;
+        }
+
+        Ok(())
+    }
+}

src/plugins/query_logger.rs

@@ -0,0 +1,38 @@
+//! Log all queries to stdout (or somewhere else, why not).
+
+use crate::{
+    errors::Error,
+    plugins::{Plugin, PluginOutput},
+    query_router::QueryRouter,
+};
+use async_trait::async_trait;
+use log::info;
+use sqlparser::ast::Statement;
+
+pub struct QueryLogger<'a> {
+    pub enabled: bool,
+    pub user: &'a str,
+    pub db: &'a str,
+}
+
+#[async_trait]
+impl<'a> Plugin for QueryLogger<'a> {
+    async fn run(
+        &mut self,
+        _query_router: &QueryRouter,
+        ast: &Vec<Statement>,
+    ) -> Result<PluginOutput, Error> {
+        if !self.enabled {
+            return Ok(PluginOutput::Allow);
+        }
+
+        let query = ast
+            .iter()
+            .map(|q| q.to_string())
+            .collect::<Vec<String>>()
+            .join("; ");
+        info!("[pool: {}][user: {}] {}", self.user, self.db, query);
+
+        Ok(PluginOutput::Allow)
+    }
+}

src/plugins/table_access.rs

@@ -0,0 +1,59 @@
+//! This query router plugin will check if the user can access a particular
+//! table as part of their query. If they can't, the query will not be routed.
+
+use async_trait::async_trait;
+use sqlparser::ast::{visit_relations, Statement};
+
+use crate::{
+    errors::Error,
+    plugins::{Plugin, PluginOutput},
+    query_router::QueryRouter,
+};
+
+use log::debug;
+
+use core::ops::ControlFlow;
+
+pub struct TableAccess<'a> {
+    pub enabled: bool,
+    pub tables: &'a Vec<String>,
+}
+
+#[async_trait]
+impl<'a> Plugin for TableAccess<'a> {
+    async fn run(
+        &mut self,
+        _query_router: &QueryRouter,
+        ast: &Vec<Statement>,
+    ) -> Result<PluginOutput, Error> {
+        if !self.enabled {
+            return Ok(PluginOutput::Allow);
+        }
+
+        let mut found = None;
+
+        visit_relations(ast, |relation| {
+            let relation = relation.to_string();
+            let parts = relation.split(".").collect::<Vec<&str>>();
+            let table_name = parts.last().unwrap();
+
+            if self.tables.contains(&table_name.to_string()) {
+                found = Some(table_name.to_string());
+                ControlFlow::<()>::Break(())
+            } else {
+                ControlFlow::<()>::Continue(())
+            }
+        });
+
+        if let Some(found) = found {
+            debug!("Blocking access to table \"{}\"", found);
+
+            Ok(PluginOutput::Deny(format!(
+                "permission for table \"{}\" denied",
+                found
+            )))
+        } else {
+            Ok(PluginOutput::Allow)
+        }
+    }
+}

src/pool.rs

@@ -0,0 +1,1020 @@
+use arc_swap::ArcSwap;
+use async_trait::async_trait;
+use bb8::{ManageConnection, Pool, PooledConnection};
+use bytes::{BufMut, BytesMut};
+use chrono::naive::NaiveDateTime;
+use log::{debug, error, info, warn};
+use once_cell::sync::Lazy;
+use parking_lot::{Mutex, RwLock};
+use rand::seq::SliceRandom;
+use rand::thread_rng;
+use regex::Regex;
+use std::collections::HashMap;
+use std::sync::{
+    atomic::{AtomicBool, Ordering},
+    Arc,
+};
+use std::time::Instant;
+use tokio::sync::Notify;
+
+use crate::config::{
+    get_config, Address, General, LoadBalancingMode, Plugins, PoolMode, Role, User,
+};
+use crate::errors::Error;
+
+use crate::auth_passthrough::AuthPassthrough;
+use crate::plugins::prewarmer;
+use crate::server::Server;
+use crate::sharding::ShardingFunction;
+use crate::stats::{AddressStats, ClientStats, PoolStats, ServerStats};
+
+pub type ProcessId = i32;
+pub type SecretKey = i32;
+pub type ServerHost = String;
+pub type ServerPort = u16;
+
+pub type BanList = Arc<RwLock<Vec<HashMap<Address, (BanReason, NaiveDateTime)>>>>;
+pub type ClientServerMap =
+    Arc<Mutex<HashMap<(ProcessId, SecretKey), (ProcessId, SecretKey, ServerHost, ServerPort)>>>;
+pub type PoolMap = HashMap<PoolIdentifier, ConnectionPool>;
+/// The connection pool, globally available.
+/// This is atomic and safe and read-optimized.
+/// The pool is recreated dynamically when the config is reloaded.
+pub static POOLS: Lazy<ArcSwap<PoolMap>> = Lazy::new(|| ArcSwap::from_pointee(HashMap::default()));
+
+// Reasons for banning a server.
+#[derive(Debug, PartialEq, Clone)]
+pub enum BanReason {
+    FailedHealthCheck,
+    MessageSendFailed,
+    MessageReceiveFailed,
+    FailedCheckout,
+    StatementTimeout,
+    AdminBan(i64),
+}
+
+/// An identifier for a PgCat pool,
+/// a database visible to clients.
+#[derive(Hash, Debug, Clone, PartialEq, Eq, Default)]
+pub struct PoolIdentifier {
+    // The name of the database clients want to connect to.
+    pub db: String,
+
+    /// The username the client connects with. Each user gets its own pool.
+    pub user: String,
+}
+
+static POOL_REAPER_RATE: u64 = 30_000; // 30 seconds by default
+
+impl PoolIdentifier {
+    /// Create a new user/pool identifier.
+    pub fn new(db: &str, user: &str) -> PoolIdentifier {
+        PoolIdentifier {
+            db: db.to_string(),
+            user: user.to_string(),
+        }
+    }
+}
+
+impl From<&Address> for PoolIdentifier {
+    fn from(address: &Address) -> PoolIdentifier {
+        PoolIdentifier::new(&address.database, &address.username)
+    }
+}
+
+/// Pool settings.
+#[derive(Clone, Debug)]
+pub struct PoolSettings {
+    /// Transaction or Session.
+    pub pool_mode: PoolMode,
+
+    /// Random or LeastOutstandingConnections.
+    pub load_balancing_mode: LoadBalancingMode,
+
+    // Number of shards.
+    pub shards: usize,
+
+    // Connecting user.
+    pub user: User,
+    pub db: String,
+
+    // Default server role to connect to.
+    pub default_role: Option<Role>,
+
+    // Enable/disable query parser.
+    pub query_parser_enabled: bool,
+
+    // Read from the primary as well or not.
+    pub primary_reads_enabled: bool,
+
+    // Sharding function.
+    pub sharding_function: ShardingFunction,
+
+    // Sharding key
+    pub automatic_sharding_key: Option<String>,
+
+    // Health check timeout
+    pub healthcheck_timeout: u64,
+
+    // Health check delay
+    pub healthcheck_delay: u64,
+
+    // Ban time
+    pub ban_time: i64,
+
+    // Regex for searching for the sharding key in SQL statements
+    pub sharding_key_regex: Option<Regex>,
+
+    // Regex for searching for the shard id in SQL statements
+    pub shard_id_regex: Option<Regex>,
+
+    // Limit how much of each query is searched for a potential shard regex match
+    pub regex_search_limit: usize,
+
+    // Auth query parameters
+    pub auth_query: Option<String>,
+    pub auth_query_user: Option<String>,
+    pub auth_query_password: Option<String>,
+
+    /// Plugins
+    pub plugins: Option<Plugins>,
+}
+
+impl Default for PoolSettings {
+    fn default() -> PoolSettings {
+        PoolSettings {
+            pool_mode: PoolMode::Transaction,
+            load_balancing_mode: LoadBalancingMode::Random,
+            shards: 1,
+            user: User::default(),
+            db: String::default(),
+            default_role: None,
+            query_parser_enabled: false,
+            primary_reads_enabled: true,
+            sharding_function: ShardingFunction::PgBigintHash,
+            automatic_sharding_key: None,
+            healthcheck_delay: General::default_healthcheck_delay(),
+            healthcheck_timeout: General::default_healthcheck_timeout(),
+            ban_time: General::default_ban_time(),
+            sharding_key_regex: None,
+            shard_id_regex: None,
+            regex_search_limit: 1000,
+            auth_query: None,
+            auth_query_user: None,
+            auth_query_password: None,
+            plugins: None,
+        }
+    }
+}
+
+/// The globally accessible connection pool.
+#[derive(Clone, Debug, Default)]
+pub struct ConnectionPool {
+    /// The pools handled internally by bb8.
+    databases: Vec<Vec<Pool<ServerPool>>>,
+
+    /// The addresses (host, port, role) to handle
+    /// failover and load balancing deterministically.
+    addresses: Vec<Vec<Address>>,
+
+    /// List of banned addresses (see above)
+    /// that should not be queried.
+    banlist: BanList,
+
+    /// The server information (K messages) have to be passed to the
+    /// clients on startup. We pre-connect to all shards and replicas
+    /// on pool creation and save the K messages here.
+    server_info: Arc<RwLock<BytesMut>>,
+
+    /// Pool configuration.
+    pub settings: PoolSettings,
+
+    /// If not validated, we need to double check the pool is available before allowing a client
+    /// to use it.
+    validated: Arc<AtomicBool>,
+
+    /// Hash value for the pool configs. It is used to compare new configs
+    /// against current config to decide whether or not we need to recreate
+    /// the pool after a RELOAD command
+    pub config_hash: u64,
+
+    /// If the pool has been paused or not.
+    paused: Arc<AtomicBool>,
+    paused_waiter: Arc<Notify>,
+
+    /// Statistics.
+    pub stats: Arc<PoolStats>,
+
+    /// AuthInfo
+    pub auth_hash: Arc<RwLock<Option<String>>>,
+}
+
+impl ConnectionPool {
+    /// Construct the connection pool from the configuration.
+    pub async fn from_config(client_server_map: ClientServerMap) -> Result<(), Error> {
+        let config = get_config();
+
+        let mut new_pools = HashMap::new();
+        let mut address_id: usize = 0;
+
+        for (pool_name, pool_config) in &config.pools {
+            let new_pool_hash_value = pool_config.hash_value();
+
+            // There is one pool per database/user pair.
+            for user in pool_config.users.values() {
+                let old_pool_ref = get_pool(pool_name, &user.username);
+                let identifier = PoolIdentifier::new(pool_name, &user.username);
+
+                match old_pool_ref {
+                    Some(pool) => {
+                        // If the pool hasn't changed, get existing reference and insert it into the new_pools.
+                        // We replace all pools at the end, but if the reference is kept, the pool won't get re-created (bb8).
+                        if pool.config_hash == new_pool_hash_value {
+                            info!(
+                                "[pool: {}][user: {}] has not changed",
+                                pool_name, user.username
+                            );
+                            new_pools.insert(identifier.clone(), pool.clone());
+                            continue;
+                        }
+                    }
+                    None => (),
+                }
+
+                info!(
+                    "[pool: {}][user: {}] creating new pool",
+                    pool_name, user.username
+                );
+
+                let mut shards = Vec::new();
+                let mut addresses = Vec::new();
+                let mut banlist = Vec::new();
+                let mut shard_ids = pool_config
+                    .shards
+                    .clone()
+                    .into_keys()
+                    .collect::<Vec<String>>();
+                let pool_stats = Arc::new(PoolStats::new(identifier, pool_config.clone()));
+
+                // Allow the pool to be seen in statistics
+                pool_stats.register(pool_stats.clone());
+
+                // Sort by shard number to ensure consistency.
+                shard_ids.sort_by_key(|k| k.parse::<i64>().unwrap());
+                let pool_auth_hash: Arc<RwLock<Option<String>>> = Arc::new(RwLock::new(None));
+
+                for shard_idx in &shard_ids {
+                    let shard = &pool_config.shards[shard_idx];
+                    let mut pools = Vec::new();
+                    let mut servers = Vec::new();
+                    let mut replica_number = 0;
+
+                    // Load Mirror settings
+                    for (address_index, server) in shard.servers.iter().enumerate() {
+                        let mut mirror_addresses = vec![];
+                        if let Some(mirror_settings_vec) = &shard.mirrors {
+                            for (mirror_idx, mirror_settings) in
+                                mirror_settings_vec.iter().enumerate()
+                            {
+                                if mirror_settings.mirroring_target_index != address_index {
+                                    continue;
+                                }
+                                mirror_addresses.push(Address {
+                                    id: address_id,
+                                    database: shard.database.clone(),
+                                    host: mirror_settings.host.clone(),
+                                    port: mirror_settings.port,
+                                    role: server.role,
+                                    address_index: mirror_idx,
+                                    replica_number,
+                                    shard: shard_idx.parse::<usize>().unwrap(),
+                                    username: user.username.clone(),
+                                    pool_name: pool_name.clone(),
+                                    mirrors: vec![],
+                                    stats: Arc::new(AddressStats::default()),
+                                });
+                                address_id += 1;
+                            }
+                        }
+
+                        let address = Address {
+                            id: address_id,
+                            database: shard.database.clone(),
+                            host: server.host.clone(),
+                            port: server.port,
+                            role: server.role,
+                            address_index,
+                            replica_number,
+                            shard: shard_idx.parse::<usize>().unwrap(),
+                            username: user.username.clone(),
+                            pool_name: pool_name.clone(),
+                            mirrors: mirror_addresses,
+                            stats: Arc::new(AddressStats::default()),
+                        };
+
+                        address_id += 1;
+
+                        if server.role == Role::Replica {
+                            replica_number += 1;
+                        }
+
+                        // We assume every server in the pool share user/passwords
+                        let auth_passthrough = AuthPassthrough::from_pool_config(pool_config);
+
+                        if let Some(apt) = &auth_passthrough {
+                            match apt.fetch_hash(&address).await {
+                                Ok(ok) => {
+                                    if let Some(ref pool_auth_hash_value) = *(pool_auth_hash.read())
+                                    {
+                                        if ok != *pool_auth_hash_value {
+                                            warn!(
+                                                "Hash is not the same across shards \
+                                                of the same pool, client auth will \
+                                                be done using last obtained hash. \
+                                                Server: {}:{}, Database: {}",
+                                                server.host, server.port, shard.database,
+                                            );
+                                        }
+                                    }
+
+                                    debug!("Hash obtained for {:?}", address);
+
+                                    {
+                                        let mut pool_auth_hash = pool_auth_hash.write();
+                                        *pool_auth_hash = Some(ok.clone());
+                                    }
+                                }
+                                Err(err) => warn!(
+                                    "Could not obtain password hashes \
+                                        using auth_query config, ignoring. \
+                                        Error: {:?}",
+                                    err,
+                                ),
+                            }
+                        }
+
+                        let manager = ServerPool::new(
+                            address.clone(),
+                            user.clone(),
+                            &shard.database,
+                            client_server_map.clone(),
+                            pool_stats.clone(),
+                            pool_auth_hash.clone(),
+                            match pool_config.plugins {
+                                Some(ref plugins) => Some(plugins.clone()),
+                                None => config.plugins.clone(),
+                            },
+                        );
+
+                        let connect_timeout = match pool_config.connect_timeout {
+                            Some(connect_timeout) => connect_timeout,
+                            None => config.general.connect_timeout,
+                        };
+
+                        let idle_timeout = match pool_config.idle_timeout {
+                            Some(idle_timeout) => idle_timeout,
+                            None => config.general.idle_timeout,
+                        };
+
+                        let server_lifetime = match user.server_lifetime {
+                            Some(server_lifetime) => server_lifetime,
+                            None => match pool_config.server_lifetime {
+                                Some(server_lifetime) => server_lifetime,
+                                None => config.general.server_lifetime,
+                            },
+                        };
+
+                        let reaper_rate = *vec![idle_timeout, server_lifetime, POOL_REAPER_RATE]
+                            .iter()
+                            .min()
+                            .unwrap();
+
+                        debug!(
+                            "[pool: {}][user: {}] Pool reaper rate: {}ms",
+                            pool_name, user.username, reaper_rate
+                        );
+
+                        let pool = Pool::builder()
+                            .max_size(user.pool_size)
+                            .min_idle(user.min_pool_size)
+                            .connection_timeout(std::time::Duration::from_millis(connect_timeout))
+                            .idle_timeout(Some(std::time::Duration::from_millis(idle_timeout)))
+                            .max_lifetime(Some(std::time::Duration::from_millis(server_lifetime)))
+                            .reaper_rate(std::time::Duration::from_millis(reaper_rate))
+                            .test_on_check_out(false);
+
+                        let pool = if config.general.validate_config {
+                            pool.build(manager).await?
+                        } else {
+                            pool.build_unchecked(manager)
+                        };
+
+                        pools.push(pool);
+                        servers.push(address);
+                    }
+
+                    shards.push(pools);
+                    addresses.push(servers);
+                    banlist.push(HashMap::new());
+                }
+
+                assert_eq!(shards.len(), addresses.len());
+                if let Some(ref _auth_hash) = *(pool_auth_hash.clone().read()) {
+                    info!(
+                        "Auth hash obtained from query_auth for pool {{ name: {}, user: {} }}",
+                        pool_name, user.username
+                    );
+                }
+
+                let pool = ConnectionPool {
+                    databases: shards,
+                    stats: pool_stats,
+                    addresses,
+                    banlist: Arc::new(RwLock::new(banlist)),
+                    config_hash: new_pool_hash_value,
+                    server_info: Arc::new(RwLock::new(BytesMut::new())),
+                    auth_hash: pool_auth_hash,
+                    settings: PoolSettings {
+                        pool_mode: match user.pool_mode {
+                            Some(pool_mode) => pool_mode,
+                            None => pool_config.pool_mode,
+                        },
+                        load_balancing_mode: pool_config.load_balancing_mode,
+                        // shards: pool_config.shards.clone(),
+                        shards: shard_ids.len(),
+                        user: user.clone(),
+                        db: pool_name.clone(),
+                        default_role: match pool_config.default_role.as_str() {
+                            "any" => None,
+                            "replica" => Some(Role::Replica),
+                            "primary" => Some(Role::Primary),
+                            _ => unreachable!(),
+                        },
+                        query_parser_enabled: pool_config.query_parser_enabled,
+                        primary_reads_enabled: pool_config.primary_reads_enabled,
+                        sharding_function: pool_config.sharding_function,
+                        automatic_sharding_key: pool_config.automatic_sharding_key.clone(),
+                        healthcheck_delay: config.general.healthcheck_delay,
+                        healthcheck_timeout: config.general.healthcheck_timeout,
+                        ban_time: config.general.ban_time,
+                        sharding_key_regex: pool_config
+                            .sharding_key_regex
+                            .clone()
+                            .map(|regex| Regex::new(regex.as_str()).unwrap()),
+                        shard_id_regex: pool_config
+                            .shard_id_regex
+                            .clone()
+                            .map(|regex| Regex::new(regex.as_str()).unwrap()),
+                        regex_search_limit: pool_config.regex_search_limit.unwrap_or(1000),
+                        auth_query: pool_config.auth_query.clone(),
+                        auth_query_user: pool_config.auth_query_user.clone(),
+                        auth_query_password: pool_config.auth_query_password.clone(),
+                        plugins: match pool_config.plugins {
+                            Some(ref plugins) => Some(plugins.clone()),
+                            None => config.plugins.clone(),
+                        },
+                    },
+                    validated: Arc::new(AtomicBool::new(false)),
+                    paused: Arc::new(AtomicBool::new(false)),
+                    paused_waiter: Arc::new(Notify::new()),
+                };
+
+                // Connect to the servers to make sure pool configuration is valid
+                // before setting it globally.
+                // Do this async and somewhere else, we don't have to wait here.
+                if config.general.validate_config {
+                    let mut validate_pool = pool.clone();
+                    tokio::task::spawn(async move {
+                        let _ = validate_pool.validate().await;
+                    });
+                }
+
+                // There is one pool per database/user pair.
+                new_pools.insert(PoolIdentifier::new(pool_name, &user.username), pool);
+            }
+        }
+
+        POOLS.store(Arc::new(new_pools.clone()));
+        Ok(())
+    }
+
+    /// Connect to all shards, grab server information, and possibly
+    /// passwords to use in client auth.
+    /// Return server information we will pass to the clients
+    /// when they connect.
+    /// This also warms up the pool for clients that connect when
+    /// the pooler starts up.
+    pub async fn validate(&mut self) -> Result<(), Error> {
+        let mut futures = Vec::new();
+        let validated = Arc::clone(&self.validated);
+
+        for shard in 0..self.shards() {
+            for server in 0..self.servers(shard) {
+                let databases = self.databases.clone();
+                let validated = Arc::clone(&validated);
+                let pool_server_info = Arc::clone(&self.server_info);
+
+                let task = tokio::task::spawn(async move {
+                    let connection = match databases[shard][server].get().await {
+                        Ok(conn) => conn,
+                        Err(err) => {
+                            error!("Shard {} down or misconfigured: {:?}", shard, err);
+                            return;
+                        }
+                    };
+
+                    let proxy = connection;
+                    let server = &*proxy;
+                    let server_info = server.server_info();
+
+                    let mut guard = pool_server_info.write();
+                    guard.clear();
+                    guard.put(server_info.clone());
+                    validated.store(true, Ordering::Relaxed);
+                });
+
+                futures.push(task);
+            }
+        }
+
+        futures::future::join_all(futures).await;
+
+        // TODO: compare server information to make sure
+        // all shards are running identical configurations.
+        if self.server_info.read().is_empty() {
+            error!("Could not validate connection pool");
+            return Err(Error::AllServersDown);
+        }
+
+        Ok(())
+    }
+
+    /// The pool can be used by clients.
+    ///
+    /// If not, we need to validate it first by connecting to servers.
+    /// Call `validate()` to do so.
+    pub fn validated(&self) -> bool {
+        self.validated.load(Ordering::Relaxed)
+    }
+
+    /// Pause the pool, allowing no more queries and make clients wait.
+    pub fn pause(&self) {
+        self.paused.store(true, Ordering::Relaxed);
+    }
+
+    /// Resume the pool, allowing queries and resuming any pending queries.
+    pub fn resume(&self) {
+        self.paused.store(false, Ordering::Relaxed);
+        self.paused_waiter.notify_waiters();
+    }
+
+    /// Check if the pool is paused.
+    pub fn paused(&self) -> bool {
+        self.paused.load(Ordering::Relaxed)
+    }
+
+    /// Check if the pool is paused and wait until it's resumed.
+    pub async fn wait_paused(&self) -> bool {
+        let waiter = self.paused_waiter.notified();
+        let paused = self.paused.load(Ordering::Relaxed);
+
+        if paused {
+            waiter.await;
+        }
+
+        paused
+    }
+
+    /// Get a connection from the pool.
+    pub async fn get(
+        &self,
+        shard: usize,               // shard number
+        role: Option<Role>,         // primary or replica
+        client_stats: &ClientStats, // client id
+    ) -> Result<(PooledConnection<'_, ServerPool>, Address), Error> {
+        let mut candidates: Vec<&Address> = self.addresses[shard]
+            .iter()
+            .filter(|address| address.role == role)
+            .collect();
+
+        // We shuffle even if least_outstanding_queries is used to avoid imbalance
+        // in cases where all candidates have more or less the same number of outstanding
+        // queries
+        candidates.shuffle(&mut thread_rng());
+        if self.settings.load_balancing_mode == LoadBalancingMode::LeastOutstandingConnections {
+            candidates.sort_by(|a, b| {
+                self.busy_connection_count(b)
+                    .partial_cmp(&self.busy_connection_count(a))
+                    .unwrap()
+            });
+        }
+
+        while !candidates.is_empty() {
+            // Get the next candidate
+            let address = match candidates.pop() {
+                Some(address) => address,
+                None => break,
+            };
+
+            let mut force_healthcheck = false;
+
+            if self.is_banned(address) {
+                if self.try_unban(&address).await {
+                    force_healthcheck = true;
+                } else {
+                    debug!("Address {:?} is banned", address);
+                    continue;
+                }
+            }
+
+            // Indicate we're waiting on a server connection from a pool.
+            let now = Instant::now();
+            client_stats.waiting();
+
+            // Check if we can connect
+            let mut conn = match self.databases[address.shard][address.address_index]
+                .get()
+                .await
+            {
+                Ok(conn) => conn,
+                Err(err) => {
+                    error!(
+                        "Connection checkout error for instance {:?}, error: {:?}",
+                        address, err
+                    );
+                    self.ban(address, BanReason::FailedCheckout, Some(client_stats));
+                    address.stats.error();
+                    client_stats.idle();
+                    client_stats.checkout_error();
+                    continue;
+                }
+            };
+
+            // // Check if this server is alive with a health check.
+            let server = &mut *conn;
+
+            // Will return error if timestamp is greater than current system time, which it should never be set to
+            let require_healthcheck = force_healthcheck
+                || server.last_activity().elapsed().unwrap().as_millis()
+                    > self.settings.healthcheck_delay as u128;
+
+            // Do not issue a health check unless it's been a little while
+            // since we last checked the server is ok.
+            // Health checks are pretty expensive.
+            if !require_healthcheck {
+                let checkout_time: u64 = now.elapsed().as_micros() as u64;
+                client_stats.checkout_time(checkout_time);
+                server
+                    .stats()
+                    .checkout_time(checkout_time, client_stats.application_name());
+                server.stats().active(client_stats.application_name());
+
+                return Ok((conn, address.clone()));
+            }
+
+            if self
+                .run_health_check(address, server, now, client_stats)
+                .await
+            {
+                return Ok((conn, address.clone()));
+            } else {
+                continue;
+            }
+        }
+        Err(Error::AllServersDown)
+    }
+
+    async fn run_health_check(
+        &self,
+        address: &Address,
+        server: &mut Server,
+        start: Instant,
+        client_info: &ClientStats,
+    ) -> bool {
+        debug!("Running health check on server {:?}", address);
+
+        server.stats().tested();
+
+        match tokio::time::timeout(
+            tokio::time::Duration::from_millis(self.settings.healthcheck_timeout),
+            server.query(";"), // Cheap query as it skips the query planner
+        )
+        .await
+        {
+            // Check if health check succeeded.
+            Ok(res) => match res {
+                Ok(_) => {
+                    let checkout_time: u64 = start.elapsed().as_micros() as u64;
+                    client_info.checkout_time(checkout_time);
+                    server
+                        .stats()
+                        .checkout_time(checkout_time, client_info.application_name());
+                    server.stats().active(client_info.application_name());
+
+                    return true;
+                }
+
+                // Health check failed.
+                Err(err) => {
+                    error!(
+                        "Failed health check on instance {:?}, error: {:?}",
+                        address, err
+                    );
+                }
+            },
+
+            // Health check timed out.
+            Err(err) => {
+                error!(
+                    "Health check timeout on instance {:?}, error: {:?}",
+                    address, err
+                );
+            }
+        }
+
+        // Don't leave a bad connection in the pool.
+        server.mark_bad();
+
+        self.ban(&address, BanReason::FailedHealthCheck, Some(client_info));
+        return false;
+    }
+
+    /// Ban an address (i.e. replica). It no longer will serve
+    /// traffic for any new transactions. Existing transactions on that replica
+    /// will finish successfully or error out to the clients.
+    pub fn ban(&self, address: &Address, reason: BanReason, client_info: Option<&ClientStats>) {
+        // Primary can never be banned
+        if address.role == Role::Primary {
+            return;
+        }
+
+        error!("Banning instance {:?}, reason: {:?}", address, reason);
+
+        let now = chrono::offset::Utc::now().naive_utc();
+        let mut guard = self.banlist.write();
+
+        if let Some(client_info) = client_info {
+            client_info.ban_error();
+            address.stats.error();
+        }
+
+        guard[address.shard].insert(address.clone(), (reason, now));
+    }
+
+    /// Clear the replica to receive traffic again. Takes effect immediately
+    /// for all new transactions.
+    pub fn unban(&self, address: &Address) {
+        let mut guard = self.banlist.write();
+        guard[address.shard].remove(address);
+    }
+
+    /// Check if address is banned
+    /// true if banned, false otherwise
+    pub fn is_banned(&self, address: &Address) -> bool {
+        let guard = self.banlist.read();
+
+        match guard[address.shard].get(address) {
+            Some(_) => true,
+            None => {
+                debug!("{:?} is ok", address);
+                false
+            }
+        }
+    }
+
+    /// Determines trying to unban this server was successful
+    pub async fn try_unban(&self, address: &Address) -> bool {
+        // If somehow primary ends up being banned we should return true here
+        if address.role == Role::Primary {
+            return true;
+        }
+
+        // Check if all replicas are banned, in that case unban all of them
+        let replicas_available = self.addresses[address.shard]
+            .iter()
+            .filter(|addr| addr.role == Role::Replica)
+            .count();
+
+        debug!("Available targets: {}", replicas_available);
+
+        let read_guard = self.banlist.read();
+        let all_replicas_banned = read_guard[address.shard].len() == replicas_available;
+        drop(read_guard);
+
+        if all_replicas_banned {
+            let mut write_guard = self.banlist.write();
+            warn!("Unbanning all replicas.");
+            write_guard[address.shard].clear();
+
+            return true;
+        }
+
+        // Check if ban time is expired
+        let read_guard = self.banlist.read();
+        let exceeded_ban_time = match read_guard[address.shard].get(address) {
+            Some((ban_reason, timestamp)) => {
+                let now = chrono::offset::Utc::now().naive_utc();
+                match ban_reason {
+                    BanReason::AdminBan(duration) => {
+                        now.timestamp() - timestamp.timestamp() > *duration
+                    }
+                    _ => now.timestamp() - timestamp.timestamp() > self.settings.ban_time,
+                }
+            }
+            None => return true,
+        };
+        drop(read_guard);
+
+        if exceeded_ban_time {
+            warn!("Unbanning {:?}", address);
+            let mut write_guard = self.banlist.write();
+            write_guard[address.shard].remove(address);
+            drop(write_guard);
+
+            true
+        } else {
+            debug!("{:?} is banned", address);
+            false
+        }
+    }
+
+    /// Get the number of configured shards.
+    pub fn shards(&self) -> usize {
+        self.databases.len()
+    }
+
+    pub fn get_bans(&self) -> Vec<(Address, (BanReason, NaiveDateTime))> {
+        let mut bans: Vec<(Address, (BanReason, NaiveDateTime))> = Vec::new();
+        let guard = self.banlist.read();
+        for banlist in guard.iter() {
+            for (address, (reason, timestamp)) in banlist.iter() {
+                bans.push((address.clone(), (reason.clone(), timestamp.clone())));
+            }
+        }
+        return bans;
+    }
+
+    /// Get the address from the host url
+    pub fn get_addresses_from_host(&self, host: &str) -> Vec<Address> {
+        let mut addresses = Vec::new();
+        for shard in 0..self.shards() {
+            for server in 0..self.servers(shard) {
+                let address = self.address(shard, server);
+                if address.host == host {
+                    addresses.push(address.clone());
+                }
+            }
+        }
+        addresses
+    }
+
+    /// Get the number of servers (primary and replicas)
+    /// configured for a shard.
+    pub fn servers(&self, shard: usize) -> usize {
+        self.addresses[shard].len()
+    }
+
+    /// Get the total number of servers (databases) we are connected to.
+    pub fn databases(&self) -> usize {
+        let mut databases = 0;
+        for shard in 0..self.shards() {
+            databases += self.servers(shard);
+        }
+        databases
+    }
+
+    /// Get pool state for a particular shard server as reported by bb8.
+    pub fn pool_state(&self, shard: usize, server: usize) -> bb8::State {
+        self.databases[shard][server].state()
+    }
+
+    /// Get the address information for a shard server.
+    pub fn address(&self, shard: usize, server: usize) -> &Address {
+        &self.addresses[shard][server]
+    }
+
+    pub fn server_info(&self) -> BytesMut {
+        self.server_info.read().clone()
+    }
+
+    fn busy_connection_count(&self, address: &Address) -> u32 {
+        let state = self.pool_state(address.shard, address.address_index);
+        let idle = state.idle_connections;
+        let provisioned = state.connections;
+
+        if idle > provisioned {
+            // Unlikely but avoids an overflow panic if this ever happens
+            return 0;
+        }
+        let busy = provisioned - idle;
+        debug!("{:?} has {:?} busy connections", address, busy);
+        return busy;
+    }
+}
+
+/// Wrapper for the bb8 connection pool.
+pub struct ServerPool {
+    address: Address,
+    user: User,
+    database: String,
+    client_server_map: ClientServerMap,
+    stats: Arc<PoolStats>,
+    auth_hash: Arc<RwLock<Option<String>>>,
+    plugins: Option<Plugins>,
+}
+
+impl ServerPool {
+    pub fn new(
+        address: Address,
+        user: User,
+        database: &str,
+        client_server_map: ClientServerMap,
+        stats: Arc<PoolStats>,
+        auth_hash: Arc<RwLock<Option<String>>>,
+        plugins: Option<Plugins>,
+    ) -> ServerPool {
+        ServerPool {
+            address,
+            user: user.clone(),
+            database: database.to_string(),
+            client_server_map,
+            stats,
+            auth_hash,
+            plugins,
+        }
+    }
+}
+
+#[async_trait]
+impl ManageConnection for ServerPool {
+    type Connection = Server;
+    type Error = Error;
+
+    /// Attempts to create a new connection.
+    async fn connect(&self) -> Result<Self::Connection, Self::Error> {
+        info!("Creating a new server connection {:?}", self.address);
+
+        let stats = Arc::new(ServerStats::new(
+            self.address.clone(),
+            self.stats.clone(),
+            tokio::time::Instant::now(),
+        ));
+
+        stats.register(stats.clone());
+
+        // Connect to the PostgreSQL server.
+        match Server::startup(
+            &self.address,
+            &self.user,
+            &self.database,
+            self.client_server_map.clone(),
+            stats.clone(),
+            self.auth_hash.clone(),
+        )
+        .await
+        {
+            Ok(mut conn) => {
+                if let Some(ref plugins) = self.plugins {
+                    if let Some(ref prewarmer) = plugins.prewarmer {
+                        let mut prewarmer = prewarmer::Prewarmer {
+                            enabled: prewarmer.enabled,
+                            server: &mut conn,
+                            queries: &prewarmer.queries,
+                        };
+
+                        prewarmer.run().await?;
+                    }
+                }
+
+                stats.idle();
+                Ok(conn)
+            }
+            Err(err) => {
+                stats.disconnect();
+                Err(err)
+            }
+        }
+    }
+
+    /// Determines if the connection is still connected to the database.
+    async fn is_valid(&self, _conn: &mut Self::Connection) -> Result<(), Self::Error> {
+        Ok(())
+    }
+
+    /// Synchronously determine if the connection is no longer usable, if possible.
+    fn has_broken(&self, conn: &mut Self::Connection) -> bool {
+        conn.is_bad()
+    }
+}
+
+/// Get the connection pool
+pub fn get_pool(db: &str, user: &str) -> Option<ConnectionPool> {
+    (*(*POOLS.load()))
+        .get(&PoolIdentifier::new(db, user))
+        .cloned()
+}
+
+/// Get a pointer to all configured pools.
+pub fn get_all_pools() -> HashMap<PoolIdentifier, ConnectionPool> {
+    (*(*POOLS.load())).clone()
+}

src/prometheus.rs

@@ -0,0 +1,389 @@
+use hyper::service::{make_service_fn, service_fn};
+use hyper::{Body, Method, Request, Response, Server, StatusCode};
+use log::{error, info, warn};
+use phf::phf_map;
+use std::collections::HashMap;
+use std::fmt;
+use std::net::SocketAddr;
+use std::sync::atomic::Ordering;
+use std::sync::Arc;
+
+use crate::config::Address;
+use crate::pool::get_all_pools;
+use crate::stats::{get_pool_stats, get_server_stats, ServerStats};
+
+struct MetricHelpType {
+    help: &'static str,
+    ty: &'static str,
+}
+
+// reference for metric types: https://prometheus.io/docs/concepts/metric_types/
+// counters only increase
+// gauges can arbitrarily increase or decrease
+static METRIC_HELP_AND_TYPES_LOOKUP: phf::Map<&'static str, MetricHelpType> = phf_map! {
+    "stats_total_query_count" => MetricHelpType {
+        help: "Number of queries sent by all clients",
+        ty: "counter",
+    },
+    "stats_total_query_time" => MetricHelpType {
+        help: "Total amount of time for queries to execute",
+        ty: "counter",
+    },
+    "stats_total_received" => MetricHelpType {
+        help: "Number of bytes received from the server",
+        ty: "counter",
+    },
+    "stats_total_sent" => MetricHelpType {
+        help: "Number of bytes sent to the server",
+        ty: "counter",
+    },
+    "stats_total_xact_count" => MetricHelpType {
+        help: "Total number of transactions started by the client",
+        ty: "counter",
+    },
+    "stats_total_xact_time" => MetricHelpType {
+        help: "Total amount of time for all transactions to execute",
+        ty: "counter",
+    },
+    "stats_total_wait_time" => MetricHelpType {
+        help: "Total time client waited for a server connection",
+        ty: "counter",
+    },
+    "stats_avg_query_count" => MetricHelpType {
+        help: "Average of total_query_count every 15 seconds",
+        ty: "gauge",
+    },
+    "stats_avg_query_time" => MetricHelpType {
+        help: "Average time taken for queries to execute every 15 seconds",
+        ty: "gauge",
+    },
+    "stats_avg_recv" => MetricHelpType {
+        help: "Average of total_received bytes every 15 seconds",
+        ty: "gauge",
+    },
+    "stats_avg_sent" => MetricHelpType {
+        help: "Average of total_sent bytes every 15 seconds",
+        ty: "gauge",
+    },
+    "stats_avg_errors" => MetricHelpType {
+        help: "Average number of errors every 15 seconds",
+        ty: "gauge",
+    },
+    "stats_avg_xact_count" => MetricHelpType {
+        help: "Average of total_xact_count every 15 seconds",
+        ty: "gauge",
+    },
+    "stats_avg_xact_time" => MetricHelpType {
+        help: "Average of total_xact_time every 15 seconds",
+        ty: "gauge",
+    },
+    "stats_avg_wait_time" => MetricHelpType {
+        help: "Average of total_wait_time every 15 seconds",
+        ty: "gauge",
+    },
+    "pools_maxwait_us" => MetricHelpType {
+        help: "The time a client waited for a server connection in microseconds",
+        ty: "gauge",
+    },
+    "pools_maxwait" => MetricHelpType {
+        help: "The time a client waited for a server connection in seconds",
+        ty: "gauge",
+    },
+    "pools_cl_waiting" => MetricHelpType {
+        help: "How many clients are waiting for a connection from the pool",
+        ty: "gauge",
+    },
+    "pools_cl_active" => MetricHelpType {
+        help: "How many clients are actively communicating with a server",
+        ty: "gauge",
+    },
+    "pools_cl_idle" => MetricHelpType {
+        help: "How many clients are idle",
+        ty: "gauge",
+    },
+    "pools_sv_idle" => MetricHelpType {
+        help: "How many server connections are idle",
+        ty: "gauge",
+    },
+    "pools_sv_active" => MetricHelpType {
+        help: "How many server connections are actively communicating with a client",
+        ty: "gauge",
+    },
+    "pools_sv_login" => MetricHelpType {
+        help: "How many server connections are currently being created",
+        ty: "gauge",
+    },
+    "pools_sv_tested" => MetricHelpType {
+        help: "How many server connections are currently waiting on a health check to succeed",
+        ty: "gauge",
+    },
+    "servers_bytes_received" => MetricHelpType {
+        help: "Volume in bytes of network traffic received by server",
+        ty: "gauge",
+    },
+    "servers_bytes_sent" => MetricHelpType {
+        help: "Volume in bytes of network traffic sent by server",
+        ty: "gauge",
+    },
+    "servers_transaction_count" => MetricHelpType {
+        help: "Number of transactions executed by server",
+        ty: "gauge",
+    },
+    "servers_query_count" => MetricHelpType {
+        help: "Number of queries executed by server",
+        ty: "gauge",
+    },
+    "servers_error_count" => MetricHelpType {
+        help: "Number of errors",
+        ty: "gauge",
+    },
+    "databases_pool_size" => MetricHelpType {
+        help: "Maximum number of server connections",
+        ty: "gauge",
+    },
+    "databases_current_connections" => MetricHelpType {
+        help: "Current number of connections for this database",
+        ty: "gauge",
+    },
+};
+
+struct PrometheusMetric<Value: fmt::Display> {
+    name: String,
+    help: String,
+    ty: String,
+    labels: HashMap<&'static str, String>,
+    value: Value,
+}
+
+impl<Value: fmt::Display> fmt::Display for PrometheusMetric<Value> {
+    fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
+        let formatted_labels = self
+            .labels
+            .iter()
+            .map(|(key, value)| format!("{}=\"{}\"", key, value))
+            .collect::<Vec<_>>()
+            .join(",");
+        write!(
+            f,
+            "# HELP {name} {help}\n# TYPE {name} {ty}\n{name}{{{formatted_labels}}} {value}\n",
+            name = format_args!("pgcat_{}", self.name),
+            help = self.help,
+            ty = self.ty,
+            formatted_labels = formatted_labels,
+            value = self.value
+        )
+    }
+}
+
+impl<Value: fmt::Display> PrometheusMetric<Value> {
+    fn from_name<V: fmt::Display>(
+        name: &str,
+        value: V,
+        labels: HashMap<&'static str, String>,
+    ) -> Option<PrometheusMetric<V>> {
+        METRIC_HELP_AND_TYPES_LOOKUP
+            .get(name)
+            .map(|metric| PrometheusMetric::<V> {
+                name: name.to_owned(),
+                help: metric.help.to_owned(),
+                ty: metric.ty.to_owned(),
+                value,
+                labels,
+            })
+    }
+
+    fn from_database_info(
+        address: &Address,
+        name: &str,
+        value: u32,
+    ) -> Option<PrometheusMetric<u32>> {
+        let mut labels = HashMap::new();
+        labels.insert("host", address.host.clone());
+        labels.insert("shard", address.shard.to_string());
+        labels.insert("role", address.role.to_string());
+        labels.insert("pool", address.pool_name.clone());
+        labels.insert("database", address.database.to_string());
+
+        Self::from_name(&format!("databases_{}", name), value, labels)
+    }
+
+    fn from_server_info(
+        address: &Address,
+        name: &str,
+        value: u64,
+    ) -> Option<PrometheusMetric<u64>> {
+        let mut labels = HashMap::new();
+        labels.insert("host", address.host.clone());
+        labels.insert("shard", address.shard.to_string());
+        labels.insert("role", address.role.to_string());
+        labels.insert("pool", address.pool_name.clone());
+        labels.insert("database", address.database.to_string());
+
+        Self::from_name(&format!("servers_{}", name), value, labels)
+    }
+
+    fn from_address(address: &Address, name: &str, value: u64) -> Option<PrometheusMetric<u64>> {
+        let mut labels = HashMap::new();
+        labels.insert("host", address.host.clone());
+        labels.insert("shard", address.shard.to_string());
+        labels.insert("pool", address.pool_name.clone());
+        labels.insert("role", address.role.to_string());
+        labels.insert("database", address.database.to_string());
+
+        Self::from_name(&format!("stats_{}", name), value, labels)
+    }
+
+    fn from_pool(pool: &(String, String), name: &str, value: u64) -> Option<PrometheusMetric<u64>> {
+        let mut labels = HashMap::new();
+        labels.insert("pool", pool.0.clone());
+        labels.insert("user", pool.1.clone());
+
+        Self::from_name(&format!("pools_{}", name), value, labels)
+    }
+}
+
+async fn prometheus_stats(request: Request<Body>) -> Result<Response<Body>, hyper::http::Error> {
+    match (request.method(), request.uri().path()) {
+        (&Method::GET, "/metrics") => {
+            let mut lines = Vec::new();
+            push_address_stats(&mut lines);
+            push_pool_stats(&mut lines);
+            push_server_stats(&mut lines);
+            push_database_stats(&mut lines);
+
+            Response::builder()
+                .header("content-type", "text/plain; version=0.0.4")
+                .body(lines.join("\n").into())
+        }
+        _ => Response::builder()
+            .status(StatusCode::NOT_FOUND)
+            .body("".into()),
+    }
+}
+
+// Adds metrics shown in a SHOW STATS admin command.
+fn push_address_stats(lines: &mut Vec<String>) {
+    for (_, pool) in get_all_pools() {
+        for shard in 0..pool.shards() {
+            for server in 0..pool.servers(shard) {
+                let address = pool.address(shard, server);
+                let stats = &*address.stats;
+                for (key, value) in stats.clone() {
+                    if let Some(prometheus_metric) =
+                        PrometheusMetric::<u64>::from_address(address, &key, value)
+                    {
+                        lines.push(prometheus_metric.to_string());
+                    } else {
+                        warn!("Metric {} not implemented for {}", key, address.name());
+                    }
+                }
+            }
+        }
+    }
+}
+
+// Adds relevant metrics shown in a SHOW POOLS admin command.
+fn push_pool_stats(lines: &mut Vec<String>) {
+    let pool_stats = get_pool_stats();
+    for (pool, stats) in pool_stats.iter() {
+        let stats = &**stats;
+        for (name, value) in stats.clone() {
+            if let Some(prometheus_metric) = PrometheusMetric::<u64>::from_pool(pool, &name, value)
+            {
+                lines.push(prometheus_metric.to_string());
+            } else {
+                warn!(
+                    "Metric {} not implemented for ({},{})",
+                    name, pool.0, pool.1
+                );
+            }
+        }
+    }
+}
+
+// Adds relevant metrics shown in a SHOW DATABASES admin command.
+fn push_database_stats(lines: &mut Vec<String>) {
+    for (_, pool) in get_all_pools() {
+        let pool_config = pool.settings.clone();
+        for shard in 0..pool.shards() {
+            for server in 0..pool.servers(shard) {
+                let address = pool.address(shard, server);
+                let pool_state = pool.pool_state(shard, server);
+
+                let metrics = vec![
+                    ("pool_size", pool_config.user.pool_size),
+                    ("current_connections", pool_state.connections),
+                ];
+                for (key, value) in metrics {
+                    if let Some(prometheus_metric) =
+                        PrometheusMetric::<u32>::from_database_info(address, key, value)
+                    {
+                        lines.push(prometheus_metric.to_string());
+                    } else {
+                        warn!("Metric {} not implemented for {}", key, address.name());
+                    }
+                }
+            }
+        }
+    }
+}
+
+// Adds relevant metrics shown in a SHOW SERVERS admin command.
+fn push_server_stats(lines: &mut Vec<String>) {
+    let server_stats = get_server_stats();
+    let mut server_stats_by_addresses = HashMap::<String, Arc<ServerStats>>::new();
+    for (_, stats) in server_stats {
+        server_stats_by_addresses.insert(stats.address_name(), stats);
+    }
+
+    for (_, pool) in get_all_pools() {
+        for shard in 0..pool.shards() {
+            for server in 0..pool.servers(shard) {
+                let address = pool.address(shard, server);
+                if let Some(server_info) = server_stats_by_addresses.get(&address.name()) {
+                    let metrics = [
+                        (
+                            "bytes_received",
+                            server_info.bytes_received.load(Ordering::Relaxed),
+                        ),
+                        ("bytes_sent", server_info.bytes_sent.load(Ordering::Relaxed)),
+                        (
+                            "transaction_count",
+                            server_info.transaction_count.load(Ordering::Relaxed),
+                        ),
+                        (
+                            "query_count",
+                            server_info.query_count.load(Ordering::Relaxed),
+                        ),
+                        (
+                            "error_count",
+                            server_info.error_count.load(Ordering::Relaxed),
+                        ),
+                    ];
+                    for (key, value) in metrics {
+                        if let Some(prometheus_metric) =
+                            PrometheusMetric::<u64>::from_server_info(address, key, value)
+                        {
+                            lines.push(prometheus_metric.to_string());
+                        } else {
+                            warn!("Metric {} not implemented for {}", key, address.name());
+                        }
+                    }
+                }
+            }
+        }
+    }
+}
+
+pub async fn start_metric_server(http_addr: SocketAddr) {
+    let http_service_factory =
+        make_service_fn(|_conn| async { Ok::<_, hyper::Error>(service_fn(prometheus_stats)) });
+    let server = Server::bind(&http_addr).serve(http_service_factory);
+    info!(
+        "Exposing prometheus metrics on http://{}/metrics.",
+        http_addr
+    );
+    if let Err(e) = server.await {
+        error!("Failed to run HTTP server: {}.", e);
+    }
+}

src/query_router.rs

@@ -0,0 +1,1445 @@
+/// Route queries automatically based on explicitly requested
+/// or implied query characteristics.
+use bytes::{Buf, BytesMut};
+use log::{debug, error};
+use once_cell::sync::OnceCell;
+use regex::{Regex, RegexSet};
+use sqlparser::ast::Statement::{Query, StartTransaction};
+use sqlparser::ast::{
+    BinaryOperator, Expr, Ident, JoinConstraint, JoinOperator, SetExpr, Statement, TableFactor,
+    Value,
+};
+use sqlparser::dialect::PostgreSqlDialect;
+use sqlparser::parser::Parser;
+
+use crate::config::Role;
+use crate::errors::Error;
+use crate::messages::BytesMutReader;
+use crate::plugins::{Intercept, Plugin, PluginOutput, QueryLogger, TableAccess};
+use crate::pool::PoolSettings;
+use crate::sharding::Sharder;
+
+use std::cmp;
+use std::collections::BTreeSet;
+use std::io::Cursor;
+
+/// Regexes used to parse custom commands.
+const CUSTOM_SQL_REGEXES: [&str; 7] = [
+    r"(?i)^ *SET SHARDING KEY TO '?([0-9]+)'? *;? *$",
+    r"(?i)^ *SET SHARD TO '?([0-9]+|ANY)'? *;? *$",
+    r"(?i)^ *SHOW SHARD *;? *$",
+    r"(?i)^ *SET SERVER ROLE TO '(PRIMARY|REPLICA|ANY|AUTO|DEFAULT)' *;? *$",
+    r"(?i)^ *SHOW SERVER ROLE *;? *$",
+    r"(?i)^ *SET PRIMARY READS TO '?(on|off|default)'? *;? *$",
+    r"(?i)^ *SHOW PRIMARY READS *;? *$",
+];
+
+/// Custom commands.
+#[derive(PartialEq, Debug)]
+pub enum Command {
+    SetShardingKey,
+    SetShard,
+    ShowShard,
+    SetServerRole,
+    ShowServerRole,
+    SetPrimaryReads,
+    ShowPrimaryReads,
+}
+
+#[derive(PartialEq, Debug)]
+pub enum ShardingKey {
+    Value(i64),
+    Placeholder(i16),
+}
+
+#[derive(Clone, Debug)]
+enum ParameterFormat {
+    Text,
+    Binary,
+    Uniform(Box<ParameterFormat>),
+    Specified(Vec<ParameterFormat>),
+}
+
+/// Quickly test for match when a query is received.
+static CUSTOM_SQL_REGEX_SET: OnceCell<RegexSet> = OnceCell::new();
+
+// Get the value inside the custom command.
+static CUSTOM_SQL_REGEX_LIST: OnceCell<Vec<Regex>> = OnceCell::new();
+
+/// The query router.
+pub struct QueryRouter {
+    /// Which shard we should be talking to right now.
+    active_shard: Option<usize>,
+
+    /// Which server should we be talking to.
+    active_role: Option<Role>,
+
+    /// Should we try to parse queries to route them to replicas or primary automatically
+    query_parser_enabled: Option<bool>,
+
+    /// Include the primary into the replica pool for reads.
+    primary_reads_enabled: Option<bool>,
+
+    /// Pool configuration.
+    pool_settings: PoolSettings,
+
+    // Placeholders from prepared statement.
+    placeholders: Vec<i16>,
+}
+
+impl QueryRouter {
+    /// One-time initialization of regexes
+    /// that parse our custom SQL protocol.
+    pub fn setup() -> bool {
+        let set = match RegexSet::new(&CUSTOM_SQL_REGEXES) {
+            Ok(rgx) => rgx,
+            Err(err) => {
+                error!("QueryRouter::setup Could not compile regex set: {:?}", err);
+                return false;
+            }
+        };
+
+        let list: Vec<_> = CUSTOM_SQL_REGEXES
+            .iter()
+            .map(|rgx| Regex::new(rgx).unwrap())
+            .collect();
+
+        assert_eq!(list.len(), set.len());
+
+        match CUSTOM_SQL_REGEX_LIST.set(list) {
+            Ok(_) => true,
+            Err(_) => return false,
+        };
+
+        CUSTOM_SQL_REGEX_SET.set(set).is_ok()
+    }
+
+    /// Create a new instance of the query router.
+    /// Each client gets its own.
+    pub fn new() -> QueryRouter {
+        QueryRouter {
+            active_shard: None,
+            active_role: None,
+            query_parser_enabled: None,
+            primary_reads_enabled: None,
+            pool_settings: PoolSettings::default(),
+            placeholders: Vec::new(),
+        }
+    }
+
+    /// Pool settings can change because of a config reload.
+    pub fn update_pool_settings(&mut self, pool_settings: PoolSettings) {
+        self.pool_settings = pool_settings;
+    }
+
+    pub fn pool_settings<'a>(&'a self) -> &'a PoolSettings {
+        &self.pool_settings
+    }
+
+    /// Try to parse a command and execute it.
+    pub fn try_execute_command(&mut self, message_buffer: &BytesMut) -> Option<(Command, String)> {
+        let mut message_cursor = Cursor::new(message_buffer);
+
+        let code = message_cursor.get_u8() as char;
+
+        // Check for any sharding regex matches in any queries
+        match code as char {
+            // For Parse and Query messages peek to see if they specify a shard_id as a comment early in the statement
+            'P' | 'Q' => {
+                if self.pool_settings.shard_id_regex.is_some()
+                    || self.pool_settings.sharding_key_regex.is_some()
+                {
+                    // Check only the first block of bytes configured by the pool settings
+                    let len = message_cursor.get_i32() as usize;
+                    let seg = cmp::min(len - 5, self.pool_settings.regex_search_limit);
+                    let initial_segment = String::from_utf8_lossy(&message_buffer[0..seg]);
+
+                    // Check for a shard_id included in the query
+                    if let Some(shard_id_regex) = &self.pool_settings.shard_id_regex {
+                        let shard_id = shard_id_regex.captures(&initial_segment).and_then(|cap| {
+                            cap.get(1).and_then(|id| id.as_str().parse::<usize>().ok())
+                        });
+                        if let Some(shard_id) = shard_id {
+                            debug!("Setting shard to {:?}", shard_id);
+                            self.set_shard(shard_id);
+                            // Skip other command processing since a sharding command was found
+                            return None;
+                        }
+                    }
+
+                    // Check for a sharding_key included in the query
+                    if let Some(sharding_key_regex) = &self.pool_settings.sharding_key_regex {
+                        let sharding_key =
+                            sharding_key_regex
+                                .captures(&initial_segment)
+                                .and_then(|cap| {
+                                    cap.get(1).and_then(|id| id.as_str().parse::<i64>().ok())
+                                });
+                        if let Some(sharding_key) = sharding_key {
+                            debug!("Setting sharding_key to {:?}", sharding_key);
+                            self.set_sharding_key(sharding_key);
+                            // Skip other command processing since a sharding command was found
+                            return None;
+                        }
+                    }
+                }
+            }
+            _ => {}
+        }
+
+        // Only simple protocol supported for commands processed below
+        if code != 'Q' {
+            return None;
+        }
+
+        let _len = message_cursor.get_i32() as usize;
+        let query = message_cursor.read_string().unwrap();
+
+        let regex_set = match CUSTOM_SQL_REGEX_SET.get() {
+            Some(regex_set) => regex_set,
+            None => return None,
+        };
+
+        let regex_list = match CUSTOM_SQL_REGEX_LIST.get() {
+            Some(regex_list) => regex_list,
+            None => return None,
+        };
+
+        let matches: Vec<_> = regex_set.matches(&query).into_iter().collect();
+
+        // This is not a custom query, try to infer which
+        // server it'll go to if the query parser is enabled.
+        if matches.len() != 1 {
+            debug!("Regular query, not a command");
+            return None;
+        }
+
+        let command = match matches[0] {
+            0 => Command::SetShardingKey,
+            1 => Command::SetShard,
+            2 => Command::ShowShard,
+            3 => Command::SetServerRole,
+            4 => Command::ShowServerRole,
+            5 => Command::SetPrimaryReads,
+            6 => Command::ShowPrimaryReads,
+            _ => unreachable!(),
+        };
+
+        let mut value = match command {
+            Command::SetShardingKey
+            | Command::SetShard
+            | Command::SetServerRole
+            | Command::SetPrimaryReads => {
+                // Capture value. I know this re-runs the regex engine, but I haven't
+                // figured out a better way just yet. I think I can write a single Regex
+                // that matches all 5 custom SQL patterns, but maybe that's not very legible?
+                //
+                // I think this is faster than running the Regex engine 5 times.
+                match regex_list[matches[0]].captures(&query) {
+                    Some(captures) => match captures.get(1) {
+                        Some(value) => value.as_str().to_string(),
+                        None => return None,
+                    },
+                    None => return None,
+                }
+            }
+
+            Command::ShowShard => self.shard().to_string(),
+            Command::ShowServerRole => match self.active_role {
+                Some(Role::Primary) => Role::Primary.to_string(),
+                Some(Role::Replica) => Role::Replica.to_string(),
+                Some(Role::Mirror) => Role::Mirror.to_string(),
+                None => {
+                    if self.query_parser_enabled() {
+                        String::from("auto")
+                    } else {
+                        String::from("any")
+                    }
+                }
+            },
+
+            Command::ShowPrimaryReads => match self.primary_reads_enabled() {
+                true => String::from("on"),
+                false => String::from("off"),
+            },
+        };
+
+        match command {
+            Command::SetShardingKey => {
+                // TODO: some error handling here
+                value = self
+                    .set_sharding_key(value.parse::<i64>().unwrap())
+                    .unwrap()
+                    .to_string();
+            }
+
+            Command::SetShard => {
+                self.active_shard = match value.to_ascii_uppercase().as_ref() {
+                    "ANY" => Some(rand::random::<usize>() % self.pool_settings.shards),
+                    _ => Some(value.parse::<usize>().unwrap()),
+                };
+            }
+
+            Command::SetServerRole => {
+                self.active_role = match value.to_ascii_lowercase().as_ref() {
+                    "primary" => {
+                        self.query_parser_enabled = Some(false);
+                        Some(Role::Primary)
+                    }
+
+                    "replica" => {
+                        self.query_parser_enabled = Some(false);
+                        Some(Role::Replica)
+                    }
+
+                    "any" => {
+                        self.query_parser_enabled = Some(false);
+                        None
+                    }
+
+                    "auto" => {
+                        self.query_parser_enabled = Some(true);
+                        None
+                    }
+
+                    "default" => {
+                        self.active_role = self.pool_settings.default_role;
+                        self.query_parser_enabled = None;
+                        self.active_role
+                    }
+
+                    _ => unreachable!(),
+                };
+            }
+
+            Command::SetPrimaryReads => {
+                if value == "on" {
+                    debug!("Setting primary reads to on");
+                    self.primary_reads_enabled = Some(true);
+                } else if value == "off" {
+                    debug!("Setting primary reads to off");
+                    self.primary_reads_enabled = Some(false);
+                } else if value == "default" {
+                    debug!("Setting primary reads to default");
+                    self.primary_reads_enabled = None;
+                }
+            }
+
+            _ => (),
+        }
+
+        Some((command, value))
+    }
+
+    pub fn parse(message: &BytesMut) -> Result<Vec<sqlparser::ast::Statement>, Error> {
+        let mut message_cursor = Cursor::new(message);
+
+        let code = message_cursor.get_u8() as char;
+        let _len = message_cursor.get_i32() as usize;
+
+        let query = match code {
+            // Query
+            'Q' => {
+                let query = message_cursor.read_string().unwrap();
+                debug!("Query: '{}'", query);
+                query
+            }
+
+            // Parse (prepared statement)
+            'P' => {
+                // Reads statement name
+                message_cursor.read_string().unwrap();
+
+                // Reads query string
+                let query = message_cursor.read_string().unwrap();
+
+                debug!("Prepared statement: '{}'", query);
+                query
+            }
+
+            _ => return Err(Error::UnsupportedStatement),
+        };
+
+        match Parser::parse_sql(&PostgreSqlDialect {}, &query) {
+            Ok(ast) => Ok(ast),
+            Err(err) => {
+                debug!("{}: {}", err, query);
+                Err(Error::QueryRouterParserError(err.to_string()))
+            }
+        }
+    }
+
+    /// Try to infer which server to connect to based on the contents of the query.
+    pub fn infer(&mut self, ast: &Vec<sqlparser::ast::Statement>) -> Result<(), Error> {
+        debug!("Inferring role");
+
+        if ast.is_empty() {
+            // That's weird, no idea, let's go to primary
+            self.active_role = Some(Role::Primary);
+            return Err(Error::QueryRouterParserError("empty query".into()));
+        }
+
+        for q in ast {
+            match q {
+                // All transactions go to the primary, probably a write.
+                StartTransaction { .. } => {
+                    self.active_role = Some(Role::Primary);
+                    break;
+                }
+
+                // Likely a read-only query
+                Query(query) => {
+                    match &self.pool_settings.automatic_sharding_key {
+                        Some(_) => {
+                            // TODO: if we have multiple queries in the same message,
+                            // we can either split them and execute them individually
+                            // or discard shard selection. If they point to the same shard though,
+                            // we can let them through as-is.
+                            // This is basically building a database now :)
+                            match self.infer_shard(query) {
+                                Some(shard) => {
+                                    self.active_shard = Some(shard);
+                                    debug!("Automatically using shard: {:?}", self.active_shard);
+                                }
+
+                                None => (),
+                            };
+                        }
+
+                        None => (),
+                    };
+
+                    self.active_role = match self.primary_reads_enabled() {
+                        false => Some(Role::Replica), // If primary should not be receiving reads, use a replica.
+                        true => None,                 // Any server role is fine in this case.
+                    }
+                }
+
+                // Likely a write
+                _ => {
+                    self.active_role = Some(Role::Primary);
+                    break;
+                }
+            };
+        }
+
+        Ok(())
+    }
+
+    /// Parse the shard number from the Bind message
+    /// which contains the arguments for a prepared statement.
+    ///
+    /// N.B.: Only supports anonymous prepared statements since we don't
+    /// keep a cache of them in PgCat.
+    pub fn infer_shard_from_bind(&mut self, message: &BytesMut) -> bool {
+        debug!("Parsing bind message");
+
+        let mut message_cursor = Cursor::new(message);
+
+        let code = message_cursor.get_u8() as char;
+        let len = message_cursor.get_i32();
+
+        if code != 'B' {
+            debug!("Not a bind packet");
+            return false;
+        }
+
+        // Check message length
+        if message.len() != len as usize + 1 {
+            debug!(
+                "Message has wrong length, expected {}, but have {}",
+                len,
+                message.len()
+            );
+            return false;
+        }
+
+        // There are no shard keys in the prepared statement.
+        if self.placeholders.is_empty() {
+            debug!("There are no placeholders in the prepared statement that matched the automatic sharding key");
+            return false;
+        }
+
+        let sharder = Sharder::new(
+            self.pool_settings.shards,
+            self.pool_settings.sharding_function,
+        );
+
+        let mut shards = BTreeSet::new();
+
+        let _portal = message_cursor.read_string();
+        let _name = message_cursor.read_string();
+
+        let num_params = message_cursor.get_i16();
+        let parameter_format = match num_params {
+            0 => ParameterFormat::Text, // Text
+            1 => {
+                let param_format = message_cursor.get_i16();
+                ParameterFormat::Uniform(match param_format {
+                    0 => Box::new(ParameterFormat::Text),
+                    1 => Box::new(ParameterFormat::Binary),
+                    _ => unreachable!(),
+                })
+            }
+            n => {
+                let mut v = Vec::with_capacity(n as usize);
+                for _ in 0..n {
+                    let param_format = message_cursor.get_i16();
+                    v.push(match param_format {
+                        0 => ParameterFormat::Text,
+                        1 => ParameterFormat::Binary,
+                        _ => unreachable!(),
+                    });
+                }
+                ParameterFormat::Specified(v)
+            }
+        };
+
+        let num_parameters = message_cursor.get_i16();
+
+        for i in 0..num_parameters {
+            let mut len = message_cursor.get_i32() as usize;
+            let format = match &parameter_format {
+                ParameterFormat::Text => ParameterFormat::Text,
+                ParameterFormat::Uniform(format) => *format.clone(),
+                ParameterFormat::Specified(formats) => formats[i as usize].clone(),
+                _ => unreachable!(),
+            };
+
+            debug!("Parameter {} (len: {}): {:?}", i, len, format);
+
+            // Postgres counts placeholders starting at 1
+            let placeholder = i + 1;
+
+            if self.placeholders.contains(&placeholder) {
+                let value = match format {
+                    ParameterFormat::Text => {
+                        let mut value = String::new();
+                        while len > 0 {
+                            value.push(message_cursor.get_u8() as char);
+                            len -= 1;
+                        }
+
+                        match value.parse::<i64>() {
+                            Ok(value) => value,
+                            Err(_) => {
+                                debug!("Error parsing bind value: {}", value);
+                                continue;
+                            }
+                        }
+                    }
+
+                    ParameterFormat::Binary => match len {
+                        2 => message_cursor.get_i16() as i64,
+                        4 => message_cursor.get_i32() as i64,
+                        8 => message_cursor.get_i64(),
+                        _ => {
+                            error!(
+                                "Got wrong length for integer type parameter in bind: {}",
+                                len
+                            );
+                            continue;
+                        }
+                    },
+
+                    _ => unreachable!(),
+                };
+
+                shards.insert(sharder.shard(value));
+            }
+        }
+
+        self.placeholders.clear();
+        self.placeholders.shrink_to_fit();
+
+        // We only support querying one shard at a time.
+        // TODO: Support multi-shard queries some day.
+        if shards.len() == 1 {
+            debug!("Found one sharding key");
+            self.set_shard(*shards.first().unwrap());
+            true
+        } else {
+            debug!("Found no sharding keys");
+            false
+        }
+    }
+
+    /// A `selection` is the `WHERE` clause. This parses
+    /// the clause and extracts the sharding key, if present.
+    fn selection_parser(&self, expr: &Expr, table_names: &Vec<Vec<Ident>>) -> Vec<ShardingKey> {
+        let mut result = Vec::new();
+        let mut found = false;
+
+        let sharding_key = self
+            .pool_settings
+            .automatic_sharding_key
+            .as_ref()
+            .unwrap()
+            .split(".")
+            .map(|ident| Ident::new(ident))
+            .collect::<Vec<Ident>>();
+
+        // Sharding key must be always fully qualified
+        assert_eq!(sharding_key.len(), 2);
+
+        // This parses `sharding_key = 5`. But it's technically
+        // legal to write `5 = sharding_key`. I don't judge the people
+        // who do that, but I think ORMs will still use the first variant,
+        // so we can leave the second as a TODO.
+        if let Expr::BinaryOp { left, op, right } = expr {
+            match &**left {
+                Expr::BinaryOp { .. } => result.extend(self.selection_parser(left, table_names)),
+                Expr::Identifier(ident) => {
+                    // Only if we're dealing with only one table
+                    // and there is no ambiguity
+                    if &ident.value == &sharding_key[1].value {
+                        // Sharding key is unique enough, don't worry about
+                        // table names.
+                        if &sharding_key[0].value == "*" {
+                            found = true;
+                        } else if table_names.len() == 1 {
+                            let table = &table_names[0];
+
+                            if table.len() == 1 {
+                                // Table is not fully qualified, e.g.
+                                //      SELECT * FROM t WHERE sharding_key = 5
+                                // Make sure the table name from the sharding key matches
+                                // the table name from the query.
+                                found = &sharding_key[0].value == &table[0].value;
+                            } else if table.len() == 2 {
+                                // Table name is fully qualified with the schema: e.g.
+                                //      SELECT * FROM public.t WHERE sharding_key = 5
+                                // Ignore the schema (TODO: at some point, we want schema support)
+                                // and use the table name only.
+                                found = &sharding_key[0].value == &table[1].value;
+                            } else {
+                                debug!("Got table name with more than two idents, which is not possible");
+                            }
+                        }
+                    }
+                }
+
+                Expr::CompoundIdentifier(idents) => {
+                    // The key is fully qualified in the query,
+                    // it will exist or Postgres will throw an error.
+                    if idents.len() == 2 {
+                        found = &sharding_key[0].value == &idents[0].value
+                            && &sharding_key[1].value == &idents[1].value;
+                    }
+                    // TODO: key can have schema as well, e.g. public.data.id (len == 3)
+                }
+                _ => (),
+            };
+
+            match op {
+                BinaryOperator::Eq => (),
+                BinaryOperator::Or => (),
+                BinaryOperator::And => (),
+                _ => {
+                    // TODO: support other operators than equality.
+                    debug!("Unsupported operation: {:?}", op);
+                    return Vec::new();
+                }
+            };
+
+            match &**right {
+                Expr::BinaryOp { .. } => result.extend(self.selection_parser(right, table_names)),
+                Expr::Value(Value::Number(value, ..)) => {
+                    if found {
+                        match value.parse::<i64>() {
+                            Ok(value) => result.push(ShardingKey::Value(value)),
+                            Err(_) => {
+                                debug!("Sharding key was not an integer: {}", value);
+                            }
+                        };
+                    }
+                }
+
+                Expr::Value(Value::Placeholder(placeholder)) => {
+                    match placeholder.replace("$", "").parse::<i16>() {
+                        Ok(placeholder) => result.push(ShardingKey::Placeholder(placeholder)),
+                        Err(_) => {
+                            debug!(
+                                "Prepared statement didn't have integer placeholders: {}",
+                                placeholder
+                            );
+                        }
+                    }
+                }
+                _ => (),
+            };
+        }
+
+        debug!("Sharding keys found: {:?}", result);
+
+        result
+    }
+
+    /// Try to figure out which shard the query should go to.
+    fn infer_shard(&mut self, query: &sqlparser::ast::Query) -> Option<usize> {
+        let mut shards = BTreeSet::new();
+        let mut exprs = Vec::new();
+
+        match &*query.body {
+            SetExpr::Query(query) => {
+                match self.infer_shard(&*query) {
+                    Some(shard) => {
+                        shards.insert(shard);
+                    }
+                    None => (),
+                };
+            }
+
+            // SELECT * FROM ...
+            // We understand that pretty well.
+            SetExpr::Select(select) => {
+                // Collect all table names from the query.
+                let mut table_names = Vec::new();
+
+                for table in select.from.iter() {
+                    match &table.relation {
+                        TableFactor::Table { name, .. } => {
+                            table_names.push(name.0.clone());
+                        }
+
+                        _ => (),
+                    };
+
+                    // Get table names from all the joins.
+                    for join in table.joins.iter() {
+                        match &join.relation {
+                            TableFactor::Table { name, .. } => {
+                                table_names.push(name.0.clone());
+                            }
+
+                            _ => (),
+                        };
+
+                        // We can filter results based on join conditions, e.g.
+                        // SELECT * FROM t INNER JOIN B ON B.sharding_key = 5;
+                        match &join.join_operator {
+                            JoinOperator::Inner(inner_join) => match &inner_join {
+                                JoinConstraint::On(expr) => {
+                                    // Parse the selection criteria later.
+                                    exprs.push(expr.clone());
+                                }
+
+                                _ => (),
+                            },
+
+                            _ => (),
+                        };
+                    }
+                }
+
+                // Parse the actual "FROM ..."
+                match &select.selection {
+                    Some(selection) => {
+                        exprs.push(selection.clone());
+                    }
+
+                    None => (),
+                };
+
+                let sharder = Sharder::new(
+                    self.pool_settings.shards,
+                    self.pool_settings.sharding_function,
+                );
+
+                // Look for sharding keys in either the join condition
+                // or the selection.
+                for expr in exprs.iter() {
+                    let sharding_keys = self.selection_parser(expr, &table_names);
+
+                    // TODO: Add support for prepared statements here.
+                    // This should just give us the position of the value in the `B` message.
+
+                    for value in sharding_keys {
+                        match value {
+                            ShardingKey::Value(value) => {
+                                let shard = sharder.shard(value);
+                                shards.insert(shard);
+                            }
+
+                            ShardingKey::Placeholder(position) => {
+                                self.placeholders.push(position);
+                            }
+                        };
+                    }
+                }
+            }
+            _ => (),
+        };
+
+        match shards.len() {
+            // Didn't find a sharding key, you're on your own.
+            0 => {
+                debug!("No sharding keys found");
+                None
+            }
+
+            1 => Some(shards.into_iter().last().unwrap()),
+
+            // TODO: support querying multiple shards (some day...)
+            _ => {
+                debug!("More than one sharding key found");
+                None
+            }
+        }
+    }
+
+    /// Add your plugins here and execute them.
+    pub async fn execute_plugins(&self, ast: &Vec<Statement>) -> Result<PluginOutput, Error> {
+        let plugins = match self.pool_settings.plugins {
+            Some(ref plugins) => plugins,
+            None => return Ok(PluginOutput::Allow),
+        };
+
+        if let Some(ref query_logger) = plugins.query_logger {
+            let mut query_logger = QueryLogger {
+                enabled: query_logger.enabled,
+                user: &self.pool_settings.user.username,
+                db: &self.pool_settings.db,
+            };
+
+            let _ = query_logger.run(&self, ast).await;
+        }
+
+        if let Some(ref intercept) = plugins.intercept {
+            let mut intercept = Intercept {
+                enabled: intercept.enabled,
+                config: &intercept,
+            };
+
+            let result = intercept.run(&self, ast).await;
+
+            if let Ok(PluginOutput::Intercept(output)) = result {
+                return Ok(PluginOutput::Intercept(output));
+            }
+        }
+
+        if let Some(ref table_access) = plugins.table_access {
+            let mut table_access = TableAccess {
+                enabled: table_access.enabled,
+                tables: &table_access.tables,
+            };
+
+            let result = table_access.run(&self, ast).await;
+
+            if let Ok(PluginOutput::Deny(error)) = result {
+                return Ok(PluginOutput::Deny(error));
+            }
+        }
+
+        Ok(PluginOutput::Allow)
+    }
+
+    fn set_sharding_key(&mut self, sharding_key: i64) -> Option<usize> {
+        let sharder = Sharder::new(
+            self.pool_settings.shards,
+            self.pool_settings.sharding_function,
+        );
+        let shard = sharder.shard(sharding_key);
+        self.set_shard(shard);
+        self.active_shard
+    }
+
+    /// Get the current desired server role we should be talking to.
+    pub fn role(&self) -> Option<Role> {
+        self.active_role
+    }
+
+    /// Get desired shard we should be talking to.
+    pub fn shard(&self) -> usize {
+        self.active_shard.unwrap_or(0)
+    }
+
+    pub fn set_shard(&mut self, shard: usize) {
+        self.active_shard = Some(shard);
+    }
+
+    /// Should we attempt to parse queries?
+    pub fn query_parser_enabled(&self) -> bool {
+        let enabled = match self.query_parser_enabled {
+            None => {
+                debug!(
+                    "Using pool settings, query_parser_enabled: {}",
+                    self.pool_settings.query_parser_enabled
+                );
+                self.pool_settings.query_parser_enabled
+            }
+
+            Some(value) => {
+                debug!(
+                    "Using query parser override, query_parser_enabled: {}",
+                    value
+                );
+                value
+            }
+        };
+
+        enabled
+    }
+
+    pub fn primary_reads_enabled(&self) -> bool {
+        match self.primary_reads_enabled {
+            None => self.pool_settings.primary_reads_enabled,
+            Some(value) => value,
+        }
+    }
+}
+
+#[cfg(test)]
+mod test {
+    use super::*;
+    use crate::config::PoolMode;
+    use crate::messages::simple_query;
+    use crate::sharding::ShardingFunction;
+    use bytes::BufMut;
+
+    #[test]
+    fn test_defaults() {
+        QueryRouter::setup();
+        let qr = QueryRouter::new();
+
+        assert_eq!(qr.role(), None);
+    }
+
+    #[test]
+    fn test_infer_replica() {
+        QueryRouter::setup();
+        let mut qr = QueryRouter::new();
+        assert!(qr.try_execute_command(&simple_query("SET SERVER ROLE TO 'auto'")) != None);
+        assert!(qr.query_parser_enabled());
+
+        assert!(qr.try_execute_command(&simple_query("SET PRIMARY READS TO off")) != None);
+
+        let queries = vec![
+            simple_query("SELECT * FROM items WHERE id = 5"),
+            simple_query(
+                "SELECT id, name, value FROM items INNER JOIN prices ON item.id = prices.item_id",
+            ),
+            simple_query("WITH t AS (SELECT * FROM items) SELECT * FROM t"),
+        ];
+
+        for query in queries {
+            // It's a recognized query
+            assert!(qr.infer(&QueryRouter::parse(&query).unwrap()).is_ok());
+            assert_eq!(qr.role(), Some(Role::Replica));
+        }
+    }
+
+    #[test]
+    fn test_infer_primary() {
+        QueryRouter::setup();
+        let mut qr = QueryRouter::new();
+
+        let queries = vec![
+            simple_query("UPDATE items SET name = 'pumpkin' WHERE id = 5"),
+            simple_query("INSERT INTO items (id, name) VALUES (5, 'pumpkin')"),
+            simple_query("DELETE FROM items WHERE id = 5"),
+            simple_query("BEGIN"), // Transaction start
+        ];
+
+        for query in queries {
+            // It's a recognized query
+            assert!(qr.infer(&QueryRouter::parse(&query).unwrap()).is_ok());
+            assert_eq!(qr.role(), Some(Role::Primary));
+        }
+    }
+
+    #[test]
+    fn test_infer_primary_reads_enabled() {
+        QueryRouter::setup();
+        let mut qr = QueryRouter::new();
+        let query = simple_query("SELECT * FROM items WHERE id = 5");
+        assert!(qr.try_execute_command(&simple_query("SET PRIMARY READS TO on")) != None);
+
+        assert!(qr.infer(&QueryRouter::parse(&query).unwrap()).is_ok());
+        assert_eq!(qr.role(), None);
+    }
+
+    #[test]
+    fn test_infer_parse_prepared() {
+        QueryRouter::setup();
+        let mut qr = QueryRouter::new();
+        qr.try_execute_command(&simple_query("SET SERVER ROLE TO 'auto'"));
+        assert!(qr.try_execute_command(&simple_query("SET PRIMARY READS TO off")) != None);
+
+        let prepared_stmt = BytesMut::from(
+            &b"WITH t AS (SELECT * FROM items WHERE name = $1) SELECT * FROM t WHERE id = $2\0"[..],
+        );
+        let mut res = BytesMut::from(&b"P"[..]);
+        res.put_i32(prepared_stmt.len() as i32 + 4 + 1 + 2);
+        res.put_u8(0);
+        res.put(prepared_stmt);
+        res.put_i16(0);
+
+        assert!(qr.infer(&QueryRouter::parse(&res).unwrap()).is_ok());
+        assert_eq!(qr.role(), Some(Role::Replica));
+    }
+
+    #[test]
+    fn test_regex_set() {
+        QueryRouter::setup();
+
+        let tests = [
+            // Upper case
+            "SET SHARDING KEY TO '1'",
+            "SET SHARD TO '1'",
+            "SHOW SHARD",
+            "SET SERVER ROLE TO 'replica'",
+            "SET SERVER ROLE TO 'primary'",
+            "SET SERVER ROLE TO 'any'",
+            "SET SERVER ROLE TO 'auto'",
+            "SHOW SERVER ROLE",
+            "SET PRIMARY READS TO 'on'",
+            "SET PRIMARY READS TO 'off'",
+            "SET PRIMARY READS TO 'default'",
+            "SHOW PRIMARY READS",
+            // Lower case
+            "set sharding key to '1'",
+            "set shard to '1'",
+            "show shard",
+            "set server role to 'replica'",
+            "set server role to 'primary'",
+            "set server role to 'any'",
+            "set server role to 'auto'",
+            "show server role",
+            "set primary reads to 'on'",
+            "set primary reads to 'OFF'",
+            "set primary reads to 'deFaUlt'",
+            // No quotes
+            "SET SHARDING KEY TO 11235",
+            "SET SHARD TO 15",
+            "SET PRIMARY READS TO off",
+            // Spaces and semicolon
+            "  SET SHARDING KEY TO 11235  ; ",
+            "  SET SHARD TO 15;   ",
+            "  SET SHARDING KEY TO 11235  ;",
+            " SET SERVER ROLE TO 'primary';   ",
+            "    SET SERVER ROLE TO 'primary'  ; ",
+            "  SET SERVER ROLE TO 'primary'  ;",
+            "  SET PRIMARY READS TO 'off'    ;",
+        ];
+
+        // Which regexes it'll match to in the list
+        let matches = [
+            0, 1, 2, 3, 3, 3, 3, 4, 5, 5, 5, 6, 0, 1, 2, 3, 3, 3, 3, 4, 5, 5, 5, 0, 1, 5, 0, 1, 0,
+            3, 3, 3, 5,
+        ];
+
+        let list = CUSTOM_SQL_REGEX_LIST.get().unwrap();
+        let set = CUSTOM_SQL_REGEX_SET.get().unwrap();
+
+        for (i, test) in tests.iter().enumerate() {
+            if !list[matches[i]].is_match(test) {
+                println!("{} does not match {}", test, list[matches[i]]);
+                panic!();
+            }
+            assert_eq!(set.matches(test).into_iter().count(), 1);
+        }
+
+        let bad = [
+            "SELECT * FROM table",
+            "SELECT * FROM table WHERE value = 'set sharding key to 5'", // Don't capture things in the middle of the query
+        ];
+
+        for query in &bad {
+            assert_eq!(set.matches(query).into_iter().count(), 0);
+        }
+    }
+
+    #[test]
+    fn test_try_execute_command() {
+        QueryRouter::setup();
+        let mut qr = QueryRouter::new();
+
+        // SetShardingKey
+        let query = simple_query("SET SHARDING KEY TO 13");
+        assert_eq!(
+            qr.try_execute_command(&query),
+            Some((Command::SetShardingKey, String::from("0")))
+        );
+        assert_eq!(qr.shard(), 0);
+
+        // SetShard
+        let query = simple_query("SET SHARD TO '1'");
+        assert_eq!(
+            qr.try_execute_command(&query),
+            Some((Command::SetShard, String::from("1")))
+        );
+        assert_eq!(qr.shard(), 1);
+
+        // ShowShard
+        let query = simple_query("SHOW SHARD");
+        assert_eq!(
+            qr.try_execute_command(&query),
+            Some((Command::ShowShard, String::from("1")))
+        );
+
+        // SetServerRole
+        let roles = ["primary", "replica", "any", "auto", "primary"];
+        let verify_roles = [
+            Some(Role::Primary),
+            Some(Role::Replica),
+            None,
+            None,
+            Some(Role::Primary),
+        ];
+        let query_parser_enabled = [false, false, false, true, false];
+
+        for (idx, role) in roles.iter().enumerate() {
+            let query = simple_query(&format!("SET SERVER ROLE TO '{}'", role));
+            assert_eq!(
+                qr.try_execute_command(&query),
+                Some((Command::SetServerRole, String::from(*role)))
+            );
+            assert_eq!(qr.role(), verify_roles[idx],);
+            assert_eq!(qr.query_parser_enabled(), query_parser_enabled[idx],);
+
+            // ShowServerRole
+            let query = simple_query("SHOW SERVER ROLE");
+            assert_eq!(
+                qr.try_execute_command(&query),
+                Some((Command::ShowServerRole, String::from(*role)))
+            );
+        }
+
+        let primary_reads = ["on", "off", "default"];
+        let primary_reads_enabled = ["on", "off", "on"];
+
+        for (idx, primary_reads) in primary_reads.iter().enumerate() {
+            assert_eq!(
+                qr.try_execute_command(&simple_query(&format!(
+                    "SET PRIMARY READS TO {}",
+                    primary_reads
+                ))),
+                Some((Command::SetPrimaryReads, String::from(*primary_reads)))
+            );
+            assert_eq!(
+                qr.try_execute_command(&simple_query("SHOW PRIMARY READS")),
+                Some((
+                    Command::ShowPrimaryReads,
+                    String::from(primary_reads_enabled[idx])
+                ))
+            );
+        }
+    }
+
+    #[test]
+    fn test_enable_query_parser() {
+        QueryRouter::setup();
+        let mut qr = QueryRouter::new();
+        let query = simple_query("SET SERVER ROLE TO 'auto'");
+        assert!(qr.try_execute_command(&simple_query("SET PRIMARY READS TO off")) != None);
+
+        assert!(qr.try_execute_command(&query) != None);
+        assert!(qr.query_parser_enabled());
+        assert_eq!(qr.role(), None);
+
+        let query = simple_query("INSERT INTO test_table VALUES (1)");
+        assert!(qr.infer(&QueryRouter::parse(&query).unwrap()).is_ok());
+        assert_eq!(qr.role(), Some(Role::Primary));
+
+        let query = simple_query("SELECT * FROM test_table");
+        assert!(qr.infer(&QueryRouter::parse(&query).unwrap()).is_ok());
+        assert_eq!(qr.role(), Some(Role::Replica));
+
+        assert!(qr.query_parser_enabled());
+        let query = simple_query("SET SERVER ROLE TO 'default'");
+        assert!(qr.try_execute_command(&query) != None);
+        assert!(!qr.query_parser_enabled());
+    }
+
+    #[test]
+    fn test_update_from_pool_settings() {
+        QueryRouter::setup();
+
+        let pool_settings = PoolSettings {
+            pool_mode: PoolMode::Transaction,
+            load_balancing_mode: crate::config::LoadBalancingMode::Random,
+            shards: 2,
+            user: crate::config::User::default(),
+            default_role: Some(Role::Replica),
+            query_parser_enabled: true,
+            primary_reads_enabled: false,
+            sharding_function: ShardingFunction::PgBigintHash,
+            automatic_sharding_key: Some(String::from("test.id")),
+            healthcheck_delay: PoolSettings::default().healthcheck_delay,
+            healthcheck_timeout: PoolSettings::default().healthcheck_timeout,
+            ban_time: PoolSettings::default().ban_time,
+            sharding_key_regex: None,
+            shard_id_regex: None,
+            regex_search_limit: 1000,
+            auth_query: None,
+            auth_query_password: None,
+            auth_query_user: None,
+            db: "test".to_string(),
+            plugins: None,
+        };
+        let mut qr = QueryRouter::new();
+        assert_eq!(qr.active_role, None);
+        assert_eq!(qr.active_shard, None);
+        assert_eq!(qr.query_parser_enabled, None);
+        assert_eq!(qr.primary_reads_enabled, None);
+
+        // Internal state must not be changed due to this, only defaults
+        qr.update_pool_settings(pool_settings.clone());
+
+        assert_eq!(qr.active_role, None);
+        assert_eq!(qr.active_shard, None);
+        assert!(qr.query_parser_enabled());
+        assert!(!qr.primary_reads_enabled());
+
+        let q1 = simple_query("SET SERVER ROLE TO 'primary'");
+        assert!(qr.try_execute_command(&q1) != None);
+        assert_eq!(qr.active_role.unwrap(), Role::Primary);
+
+        let q2 = simple_query("SET SERVER ROLE TO 'default'");
+        assert!(qr.try_execute_command(&q2) != None);
+        assert_eq!(qr.active_role.unwrap(), pool_settings.default_role);
+    }
+
+    #[test]
+    fn test_parse_multiple_queries() {
+        QueryRouter::setup();
+
+        let mut qr = QueryRouter::new();
+        assert!(qr
+            .infer(&QueryRouter::parse(&simple_query("BEGIN; SELECT 1; COMMIT;")).unwrap())
+            .is_ok());
+        assert_eq!(qr.role(), Role::Primary);
+
+        assert!(qr
+            .infer(&QueryRouter::parse(&simple_query("SELECT 1; SELECT 2;")).unwrap())
+            .is_ok());
+        assert_eq!(qr.role(), Role::Replica);
+
+        assert!(qr
+            .infer(
+                &QueryRouter::parse(&simple_query(
+                    "SELECT 123; INSERT INTO t VALUES (5); SELECT 1;"
+                ))
+                .unwrap()
+            )
+            .is_ok());
+        assert_eq!(qr.role(), Role::Primary);
+    }
+
+    #[test]
+    fn test_regex_shard_parsing() {
+        QueryRouter::setup();
+
+        let pool_settings = PoolSettings {
+            pool_mode: PoolMode::Transaction,
+            load_balancing_mode: crate::config::LoadBalancingMode::Random,
+            shards: 5,
+            user: crate::config::User::default(),
+            default_role: Some(Role::Replica),
+            query_parser_enabled: true,
+            primary_reads_enabled: false,
+            sharding_function: ShardingFunction::PgBigintHash,
+            automatic_sharding_key: None,
+            healthcheck_delay: PoolSettings::default().healthcheck_delay,
+            healthcheck_timeout: PoolSettings::default().healthcheck_timeout,
+            ban_time: PoolSettings::default().ban_time,
+            sharding_key_regex: Some(Regex::new(r"/\* sharding_key: (\d+) \*/").unwrap()),
+            shard_id_regex: Some(Regex::new(r"/\* shard_id: (\d+) \*/").unwrap()),
+            regex_search_limit: 1000,
+            auth_query: None,
+            auth_query_password: None,
+            auth_query_user: None,
+            db: "test".to_string(),
+            plugins: None,
+        };
+
+        let mut qr = QueryRouter::new();
+        qr.update_pool_settings(pool_settings.clone());
+
+        // Shard should start out unset
+        assert_eq!(qr.active_shard, None);
+
+        // Make sure setting it works
+        let q1 = simple_query("/* shard_id: 1 */ select 1 from foo;");
+        assert!(qr.try_execute_command(&q1) == None);
+        assert_eq!(qr.active_shard, Some(1));
+
+        // And make sure changing it works
+        let q2 = simple_query("/* shard_id: 0 */ select 1 from foo;");
+        assert!(qr.try_execute_command(&q2) == None);
+        assert_eq!(qr.active_shard, Some(0));
+
+        // Validate setting by shard with expected shard copied from sharding.rs tests
+        let q2 = simple_query("/* sharding_key: 6 */ select 1 from foo;");
+        assert!(qr.try_execute_command(&q2) == None);
+        assert_eq!(qr.active_shard, Some(2));
+    }
+
+    #[test]
+    fn test_automatic_sharding_key() {
+        QueryRouter::setup();
+
+        let mut qr = QueryRouter::new();
+        qr.pool_settings.automatic_sharding_key = Some("data.id".to_string());
+        qr.pool_settings.shards = 3;
+
+        assert!(qr
+            .infer(&QueryRouter::parse(&simple_query("SELECT * FROM data WHERE id = 5")).unwrap())
+            .is_ok());
+        assert_eq!(qr.shard(), 2);
+
+        assert!(qr
+            .infer(
+                &QueryRouter::parse(&simple_query(
+                    "SELECT one, two, three FROM public.data WHERE id = 6"
+                ))
+                .unwrap()
+            )
+            .is_ok());
+        assert_eq!(qr.shard(), 0);
+
+        assert!(qr
+            .infer(
+                &QueryRouter::parse(&simple_query(
+                    "SELECT * FROM data
+            INNER JOIN t2 ON data.id = 5
+            AND t2.data_id = data.id
+        WHERE data.id = 5"
+                ))
+                .unwrap()
+            )
+            .is_ok());
+        assert_eq!(qr.shard(), 2);
+
+        // Shard did not move because we couldn't determine the sharding key since it could be ambiguous
+        // in the query.
+        assert!(qr
+            .infer(
+                &QueryRouter::parse(&simple_query(
+                    "SELECT * FROM t2 INNER JOIN data ON id = 6 AND data.id = t2.data_id"
+                ))
+                .unwrap()
+            )
+            .is_ok());
+        assert_eq!(qr.shard(), 2);
+
+        assert!(qr
+            .infer(
+                &QueryRouter::parse(&simple_query(
+                    r#"SELECT * FROM "public"."data" WHERE "id" = 6"#
+                ))
+                .unwrap()
+            )
+            .is_ok());
+        assert_eq!(qr.shard(), 0);
+
+        assert!(qr
+            .infer(
+                &QueryRouter::parse(&simple_query(
+                    r#"SELECT * FROM "public"."data" WHERE "data"."id" = 5"#
+                ))
+                .unwrap()
+            )
+            .is_ok());
+        assert_eq!(qr.shard(), 2);
+
+        // Super unique sharding key
+        qr.pool_settings.automatic_sharding_key = Some("*.unique_enough_column_name".to_string());
+        assert!(qr
+            .infer(
+                &QueryRouter::parse(&simple_query(
+                    "SELECT * FROM table_x WHERE unique_enough_column_name = 6"
+                ))
+                .unwrap()
+            )
+            .is_ok());
+        assert_eq!(qr.shard(), 0);
+
+        assert!(qr
+            .infer(
+                &QueryRouter::parse(&simple_query("SELECT * FROM table_y WHERE another_key = 5"))
+                    .unwrap()
+            )
+            .is_ok());
+        assert_eq!(qr.shard(), 0);
+    }
+
+    #[test]
+    fn test_prepared_statements() {
+        let stmt = "SELECT * FROM data WHERE id = $1";
+
+        let mut bind = BytesMut::from(&b"B"[..]);
+
+        let mut payload = BytesMut::from(&b"\0\0"[..]);
+        payload.put_i16(0);
+        payload.put_i16(1);
+        payload.put_i32(1);
+        payload.put(&b"5"[..]);
+        payload.put_i16(0);
+
+        bind.put_i32(payload.len() as i32 + 4);
+        bind.put(payload);
+
+        let mut qr = QueryRouter::new();
+        qr.pool_settings.automatic_sharding_key = Some("data.id".to_string());
+        qr.pool_settings.shards = 3;
+
+        assert!(qr
+            .infer(&QueryRouter::parse(&simple_query(stmt)).unwrap())
+            .is_ok());
+        assert_eq!(qr.placeholders.len(), 1);
+
+        assert!(qr.infer_shard_from_bind(&bind));
+        assert_eq!(qr.shard(), 2);
+        assert!(qr.placeholders.is_empty());
+    }
+
+    #[tokio::test]
+    async fn test_table_access_plugin() {
+        use crate::config::{Plugins, TableAccess};
+        let table_access = TableAccess {
+            enabled: true,
+            tables: vec![String::from("pg_database")],
+        };
+        let plugins = Plugins {
+            table_access: Some(table_access),
+            intercept: None,
+            query_logger: None,
+            prewarmer: None,
+        };
+
+        QueryRouter::setup();
+        let mut pool_settings = PoolSettings::default();
+        pool_settings.query_parser_enabled = true;
+        pool_settings.plugins = Some(plugins);
+
+        let mut qr = QueryRouter::new();
+        qr.update_pool_settings(pool_settings);
+
+        let query = simple_query("SELECT * FROM pg_database");
+        let ast = QueryRouter::parse(&query).unwrap();
+
+        let res = qr.execute_plugins(&ast).await;
+
+        assert_eq!(
+            res,
+            Ok(PluginOutput::Deny(
+                "permission for table \"pg_database\" denied".to_string()
+            ))
+        );
+    }
+
+    #[tokio::test]
+    async fn test_plugins_disabled_by_defaault() {
+        QueryRouter::setup();
+        let qr = QueryRouter::new();
+
+        let query = simple_query("SELECT * FROM pg_database");
+        let ast = QueryRouter::parse(&query).unwrap();
+
+        let res = qr.execute_plugins(&ast).await;
+
+        assert_eq!(res, Ok(PluginOutput::Allow));
+    }
+}

src/scram.rs

@@ -0,0 +1,325 @@
+// SCRAM-SHA-256 authentication. Heavily inspired by
+// https://github.com/sfackler/rust-postgres/
+// SASL implementation.
+
+use base64::{engine::general_purpose, Engine as _};
+use bytes::BytesMut;
+use hmac::{Hmac, Mac};
+use rand::{self, Rng};
+use sha2::digest::FixedOutput;
+use sha2::{Digest, Sha256};
+
+use std::fmt::Write;
+
+use crate::constants::*;
+use crate::errors::Error;
+
+/// Normalize a password string. Postgres
+/// passwords don't have to be UTF-8.
+fn normalize(pass: &[u8]) -> Vec<u8> {
+    let pass = match std::str::from_utf8(pass) {
+        Ok(pass) => pass,
+        Err(_) => return pass.to_vec(),
+    };
+
+    match stringprep::saslprep(pass) {
+        Ok(pass) => pass.into_owned().into_bytes(),
+        Err(_) => pass.as_bytes().to_vec(),
+    }
+}
+
+/// Keep the SASL state through the exchange.
+/// It takes 3 messages to complete the authentication.
+pub struct ScramSha256 {
+    password: String,
+    salted_password: [u8; 32],
+    auth_message: String,
+    message: BytesMut,
+    nonce: String,
+}
+
+impl ScramSha256 {
+    /// Create the Scram state from a password. It'll automatically
+    /// generate a nonce.
+    pub fn new(password: &str) -> ScramSha256 {
+        let mut rng = rand::thread_rng();
+        let nonce = (0..NONCE_LENGTH)
+            .map(|_| {
+                let mut v = rng.gen_range(0x21u8..0x7e);
+                if v == 0x2c {
+                    v = 0x7e
+                }
+                v as char
+            })
+            .collect::<String>();
+
+        Self::from_nonce(password, &nonce)
+    }
+
+    /// Used for testing.
+    pub fn from_nonce(password: &str, nonce: &str) -> ScramSha256 {
+        let message = BytesMut::from(format!("{}n=,r={}", "n,,", nonce).as_bytes());
+
+        ScramSha256 {
+            password: password.to_string(),
+            nonce: String::from(nonce),
+            message,
+            salted_password: [0u8; 32],
+            auth_message: String::new(),
+        }
+    }
+
+    /// Get the current state of the SASL authentication.
+    pub fn message(&mut self) -> BytesMut {
+        self.message.clone()
+    }
+
+    /// Update the state with message received from server.
+    pub fn update(&mut self, message: &BytesMut) -> Result<BytesMut, Error> {
+        let server_message = Message::parse(message)?;
+
+        if !server_message.nonce.starts_with(&self.nonce) {
+            return Err(Error::ProtocolSyncError(format!("SCRAM")));
+        }
+
+        let salt = match general_purpose::STANDARD.decode(&server_message.salt) {
+            Ok(salt) => salt,
+            Err(_) => return Err(Error::ProtocolSyncError(format!("SCRAM"))),
+        };
+
+        let salted_password = Self::hi(
+            &normalize(self.password.as_bytes()),
+            &salt,
+            server_message.iterations,
+        );
+
+        // Save for verification of final server message.
+        self.salted_password = salted_password;
+
+        let mut hmac = match Hmac::<Sha256>::new_from_slice(&salted_password) {
+            Ok(hmac) => hmac,
+            Err(_) => return Err(Error::ServerError),
+        };
+
+        hmac.update(b"Client Key");
+
+        let client_key = hmac.finalize().into_bytes();
+
+        let mut hash = Sha256::default();
+        hash.update(client_key.as_slice());
+
+        let stored_key = hash.finalize_fixed();
+        let mut cbind_input = vec![];
+        cbind_input.extend("n,,".as_bytes());
+
+        let cbind_input = general_purpose::STANDARD.encode(&cbind_input);
+
+        self.message.clear();
+
+        // Start writing the client reply.
+        match write!(
+            &mut self.message,
+            "c={},r={}",
+            cbind_input, server_message.nonce
+        ) {
+            Ok(_) => (),
+            Err(_) => return Err(Error::ServerError),
+        };
+
+        let auth_message = format!(
+            "n=,r={},{},{}",
+            self.nonce,
+            String::from_utf8_lossy(&message[..]),
+            String::from_utf8_lossy(&self.message[..])
+        );
+
+        let mut hmac = match Hmac::<Sha256>::new_from_slice(&stored_key) {
+            Ok(hmac) => hmac,
+            Err(_) => return Err(Error::ServerError),
+        };
+        hmac.update(auth_message.as_bytes());
+
+        // Save the auth message for server final message verification.
+        self.auth_message = auth_message;
+
+        let client_signature = hmac.finalize().into_bytes();
+
+        // Sign the client proof.
+        let mut client_proof = client_key;
+        for (proof, signature) in client_proof.iter_mut().zip(client_signature) {
+            *proof ^= signature;
+        }
+
+        match write!(
+            &mut self.message,
+            ",p={}",
+            general_purpose::STANDARD.encode(&*client_proof)
+        ) {
+            Ok(_) => (),
+            Err(_) => return Err(Error::ServerError),
+        };
+
+        Ok(self.message.clone())
+    }
+
+    /// Verify final server message.
+    pub fn finish(&mut self, message: &BytesMut) -> Result<(), Error> {
+        let final_message = FinalMessage::parse(message)?;
+
+        let verifier = match general_purpose::STANDARD.decode(&final_message.value) {
+            Ok(verifier) => verifier,
+            Err(_) => return Err(Error::ProtocolSyncError(format!("SCRAM"))),
+        };
+
+        let mut hmac = match Hmac::<Sha256>::new_from_slice(&self.salted_password) {
+            Ok(hmac) => hmac,
+            Err(_) => return Err(Error::ServerError),
+        };
+        hmac.update(b"Server Key");
+        let server_key = hmac.finalize().into_bytes();
+
+        let mut hmac = match Hmac::<Sha256>::new_from_slice(&server_key) {
+            Ok(hmac) => hmac,
+            Err(_) => return Err(Error::ServerError),
+        };
+        hmac.update(self.auth_message.as_bytes());
+
+        match hmac.verify_slice(&verifier) {
+            Ok(_) => Ok(()),
+            Err(_) => Err(Error::ServerError),
+        }
+    }
+
+    /// Hash the password with the salt i-times.
+    fn hi(str: &[u8], salt: &[u8], i: u32) -> [u8; 32] {
+        let mut hmac =
+            Hmac::<Sha256>::new_from_slice(str).expect("HMAC is able to accept all key sizes");
+        hmac.update(salt);
+        hmac.update(&[0, 0, 0, 1]);
+        let mut prev = hmac.finalize().into_bytes();
+
+        let mut hi = prev;
+
+        for _ in 1..i {
+            let mut hmac = Hmac::<Sha256>::new_from_slice(str).expect("already checked above");
+            hmac.update(&prev);
+            prev = hmac.finalize().into_bytes();
+
+            for (hi, prev) in hi.iter_mut().zip(prev) {
+                *hi ^= prev;
+            }
+        }
+
+        hi.into()
+    }
+}
+
+/// Parse the server challenge.
+struct Message {
+    nonce: String,
+    salt: String,
+    iterations: u32,
+}
+
+impl Message {
+    /// Parse the server SASL challenge.
+    fn parse(message: &BytesMut) -> Result<Message, Error> {
+        let parts = String::from_utf8_lossy(&message[..])
+            .split(',')
+            .map(|s| s.to_string())
+            .collect::<Vec<String>>();
+
+        if parts.len() != 3 {
+            return Err(Error::ProtocolSyncError(format!("SCRAM")));
+        }
+
+        let nonce = str::replace(&parts[0], "r=", "");
+        let salt = str::replace(&parts[1], "s=", "");
+        let iterations = match str::replace(&parts[2], "i=", "").parse::<u32>() {
+            Ok(iterations) => iterations,
+            Err(_) => return Err(Error::ProtocolSyncError(format!("SCRAM"))),
+        };
+
+        Ok(Message {
+            nonce,
+            salt,
+            iterations,
+        })
+    }
+}
+
+/// Parse server final validation message.
+struct FinalMessage {
+    value: String,
+}
+
+impl FinalMessage {
+    /// Parse the server final validation message.
+    pub fn parse(message: &BytesMut) -> Result<FinalMessage, Error> {
+        if !message.starts_with(b"v=") || message.len() < 4 {
+            return Err(Error::ProtocolSyncError(format!("SCRAM")));
+        }
+
+        Ok(FinalMessage {
+            value: String::from_utf8_lossy(&message[2..]).to_string(),
+        })
+    }
+}
+
+#[cfg(test)]
+mod test {
+    use super::*;
+
+    #[test]
+    fn parse_server_first_message() {
+        let message = BytesMut::from(
+            "r=fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j,s=QSXCR+Q6sek8bf92,i=4096".as_bytes(),
+        );
+        let message = Message::parse(&message).unwrap();
+        assert_eq!(message.nonce, "fyko+d2lbbFgONRv9qkxdawL3rfcNHYJY1ZVvWVs7j");
+        assert_eq!(message.salt, "QSXCR+Q6sek8bf92");
+        assert_eq!(message.iterations, 4096);
+    }
+
+    #[test]
+    fn parse_server_last_message() {
+        let f = FinalMessage::parse(&BytesMut::from(
+            "v=U+ppxD5XUKtradnv8e2MkeupiA8FU87Sg8CXzXHDAzw".as_bytes(),
+        ))
+        .unwrap();
+        assert_eq!(
+            f.value,
+            "U+ppxD5XUKtradnv8e2MkeupiA8FU87Sg8CXzXHDAzw".to_string()
+        );
+    }
+
+    // recorded auth exchange from psql
+    #[test]
+    fn exchange() {
+        let password = "foobar";
+        let nonce = "9IZ2O01zb9IgiIZ1WJ/zgpJB";
+
+        let client_first = "n,,n=,r=9IZ2O01zb9IgiIZ1WJ/zgpJB";
+        let server_first =
+            "r=9IZ2O01zb9IgiIZ1WJ/zgpJBjx/oIRLs02gGSHcw1KEty3eY,s=fs3IXBy7U7+IvVjZ,i\
+             =4096";
+        let client_final =
+            "c=biws,r=9IZ2O01zb9IgiIZ1WJ/zgpJBjx/oIRLs02gGSHcw1KEty3eY,p=AmNKosjJzS3\
+             1NTlQYNs5BTeQjdHdk7lOflDo5re2an8=";
+        let server_final = "v=U+ppxD5XUKtradnv8e2MkeupiA8FU87Sg8CXzXHDAzw=";
+
+        let mut scram = ScramSha256::from_nonce(password, nonce);
+
+        let message = scram.message();
+        assert_eq!(std::str::from_utf8(&message).unwrap(), client_first);
+
+        let result = scram
+            .update(&BytesMut::from(server_first.as_bytes()))
+            .unwrap();
+        assert_eq!(std::str::from_utf8(&result).unwrap(), client_final);
+
+        scram
+            .finish(&BytesMut::from(server_final.as_bytes()))
+            .unwrap();
+    }
+}

src/server.rs

@@ -0,0 +1,1205 @@
+/// Implementation of the PostgreSQL server (database) protocol.
+/// Here we are pretending to the a Postgres client.
+use bytes::{Buf, BufMut, BytesMut};
+use fallible_iterator::FallibleIterator;
+use log::{debug, error, info, trace, warn};
+use parking_lot::{Mutex, RwLock};
+use postgres_protocol::message;
+use std::collections::HashMap;
+use std::io::Read;
+use std::net::IpAddr;
+use std::sync::Arc;
+use std::time::SystemTime;
+use tokio::io::{AsyncRead, AsyncReadExt, AsyncWrite, BufStream};
+use tokio::net::TcpStream;
+use tokio_rustls::rustls::{OwnedTrustAnchor, RootCertStore};
+use tokio_rustls::{client::TlsStream, TlsConnector};
+
+use crate::config::{get_config, Address, User};
+use crate::constants::*;
+use crate::dns_cache::{AddrSet, CACHED_RESOLVER};
+use crate::errors::{Error, ServerIdentifier};
+use crate::messages::*;
+use crate::mirrors::MirroringManager;
+use crate::pool::ClientServerMap;
+use crate::scram::ScramSha256;
+use crate::stats::ServerStats;
+use std::io::Write;
+
+use pin_project::pin_project;
+
+#[pin_project(project = SteamInnerProj)]
+pub enum StreamInner {
+    Plain {
+        #[pin]
+        stream: TcpStream,
+    },
+    Tls {
+        #[pin]
+        stream: TlsStream<TcpStream>,
+    },
+}
+
+impl AsyncWrite for StreamInner {
+    fn poll_write(
+        self: std::pin::Pin<&mut Self>,
+        cx: &mut std::task::Context<'_>,
+        buf: &[u8],
+    ) -> std::task::Poll<Result<usize, std::io::Error>> {
+        let this = self.project();
+        match this {
+            SteamInnerProj::Tls { stream } => stream.poll_write(cx, buf),
+            SteamInnerProj::Plain { stream } => stream.poll_write(cx, buf),
+        }
+    }
+
+    fn poll_flush(
+        self: std::pin::Pin<&mut Self>,
+        cx: &mut std::task::Context<'_>,
+    ) -> std::task::Poll<Result<(), std::io::Error>> {
+        let this = self.project();
+        match this {
+            SteamInnerProj::Tls { stream } => stream.poll_flush(cx),
+            SteamInnerProj::Plain { stream } => stream.poll_flush(cx),
+        }
+    }
+
+    fn poll_shutdown(
+        self: std::pin::Pin<&mut Self>,
+        cx: &mut std::task::Context<'_>,
+    ) -> std::task::Poll<Result<(), std::io::Error>> {
+        let this = self.project();
+        match this {
+            SteamInnerProj::Tls { stream } => stream.poll_shutdown(cx),
+            SteamInnerProj::Plain { stream } => stream.poll_shutdown(cx),
+        }
+    }
+}
+
+impl AsyncRead for StreamInner {
+    fn poll_read(
+        self: std::pin::Pin<&mut Self>,
+        cx: &mut std::task::Context<'_>,
+        buf: &mut tokio::io::ReadBuf<'_>,
+    ) -> std::task::Poll<std::io::Result<()>> {
+        let this = self.project();
+        match this {
+            SteamInnerProj::Tls { stream } => stream.poll_read(cx, buf),
+            SteamInnerProj::Plain { stream } => stream.poll_read(cx, buf),
+        }
+    }
+}
+
+impl StreamInner {
+    pub fn try_write(&mut self, buf: &[u8]) -> std::io::Result<usize> {
+        match self {
+            StreamInner::Tls { stream } => {
+                let r = stream.get_mut();
+                let mut w = r.1.writer();
+                w.write(buf)
+            }
+            StreamInner::Plain { stream } => stream.try_write(buf),
+        }
+    }
+}
+
+#[derive(Copy, Clone)]
+struct CleanupState {
+    /// If server connection requires DISCARD ALL before checkin because of set statement
+    needs_cleanup_set: bool,
+
+    /// If server connection requires DISCARD ALL before checkin because of prepare statement
+    needs_cleanup_prepare: bool,
+}
+
+impl CleanupState {
+    fn new() -> Self {
+        CleanupState {
+            needs_cleanup_set: false,
+            needs_cleanup_prepare: false,
+        }
+    }
+
+    fn needs_cleanup(&self) -> bool {
+        self.needs_cleanup_set || self.needs_cleanup_prepare
+    }
+
+    fn set_true(&mut self) {
+        self.needs_cleanup_set = true;
+        self.needs_cleanup_prepare = true;
+    }
+
+    fn reset(&mut self) {
+        self.needs_cleanup_set = false;
+        self.needs_cleanup_prepare = false;
+    }
+}
+
+impl std::fmt::Display for CleanupState {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        write!(
+            f,
+            "SET: {}, PREPARE: {}",
+            self.needs_cleanup_set, self.needs_cleanup_prepare
+        )
+    }
+}
+
+/// Server state.
+pub struct Server {
+    /// Server host, e.g. localhost,
+    /// port, e.g. 5432, and role, e.g. primary or replica.
+    address: Address,
+
+    /// Server TCP connection.
+    stream: BufStream<StreamInner>,
+
+    /// Our server response buffer. We buffer data before we give it to the client.
+    buffer: BytesMut,
+
+    /// Server information the server sent us over on startup.
+    server_info: BytesMut,
+
+    /// Backend id and secret key used for query cancellation.
+    process_id: i32,
+    secret_key: i32,
+
+    /// Is the server inside a transaction or idle.
+    in_transaction: bool,
+
+    /// Is there more data for the client to read.
+    data_available: bool,
+
+    /// Is the server broken? We'll remote it from the pool if so.
+    bad: bool,
+
+    /// If server connection requires DISCARD ALL before checkin
+    cleanup_state: CleanupState,
+
+    /// Mapping of clients and servers used for query cancellation.
+    client_server_map: ClientServerMap,
+
+    /// Server connected at.
+    connected_at: chrono::naive::NaiveDateTime,
+
+    /// Reports various metrics, e.g. data sent & received.
+    stats: Arc<ServerStats>,
+
+    /// Application name using the server at the moment.
+    application_name: String,
+
+    // Last time that a successful server send or response happened
+    last_activity: SystemTime,
+
+    mirror_manager: Option<MirroringManager>,
+
+    // Associated addresses used
+    addr_set: Option<AddrSet>,
+}
+
+impl Server {
+    /// Pretend to be the Postgres client and connect to the server given host, port and credentials.
+    /// Perform the authentication and return the server in a ready for query state.
+    pub async fn startup(
+        address: &Address,
+        user: &User,
+        database: &str,
+        client_server_map: ClientServerMap,
+        stats: Arc<ServerStats>,
+        auth_hash: Arc<RwLock<Option<String>>>,
+    ) -> Result<Server, Error> {
+        let cached_resolver = CACHED_RESOLVER.load();
+        let mut addr_set: Option<AddrSet> = None;
+
+        // If we are caching addresses and hostname is not an IP
+        if cached_resolver.enabled() && address.host.parse::<IpAddr>().is_err() {
+            debug!("Resolving {}", &address.host);
+            addr_set = match cached_resolver.lookup_ip(&address.host).await {
+                Ok(ok) => {
+                    debug!("Obtained: {:?}", ok);
+                    Some(ok)
+                }
+                Err(err) => {
+                    warn!("Error trying to resolve {}, ({:?})", &address.host, err);
+                    None
+                }
+            }
+        };
+
+        let mut stream =
+            match TcpStream::connect(&format!("{}:{}", &address.host, address.port)).await {
+                Ok(stream) => stream,
+                Err(err) => {
+                    error!("Could not connect to server: {}", err);
+                    return Err(Error::SocketError(format!(
+                        "Could not connect to server: {}",
+                        err
+                    )));
+                }
+            };
+
+        // TCP timeouts.
+        configure_socket(&stream);
+
+        let config = get_config();
+
+        let mut stream = if config.general.server_tls {
+            // Request a TLS connection
+            ssl_request(&mut stream).await?;
+
+            let response = match stream.read_u8().await {
+                Ok(response) => response as char,
+                Err(err) => {
+                    return Err(Error::SocketError(format!(
+                        "Server socket error: {:?}",
+                        err
+                    )))
+                }
+            };
+
+            match response {
+                // Server supports TLS
+                'S' => {
+                    debug!("Connecting to server using TLS");
+
+                    let mut root_store = RootCertStore::empty();
+                    root_store.add_server_trust_anchors(
+                        webpki_roots::TLS_SERVER_ROOTS.0.iter().map(|ta| {
+                            OwnedTrustAnchor::from_subject_spki_name_constraints(
+                                ta.subject,
+                                ta.spki,
+                                ta.name_constraints,
+                            )
+                        }),
+                    );
+
+                    let mut tls_config = rustls::ClientConfig::builder()
+                        .with_safe_defaults()
+                        .with_root_certificates(root_store)
+                        .with_no_client_auth();
+
+                    // Equivalent to sslmode=prefer which is fine most places.
+                    // If you want verify-full, change `verify_server_certificate` to true.
+                    if !config.general.verify_server_certificate {
+                        let mut dangerous = tls_config.dangerous();
+                        dangerous.set_certificate_verifier(Arc::new(
+                            crate::tls::NoCertificateVerification {},
+                        ));
+                    }
+
+                    let connector = TlsConnector::from(Arc::new(tls_config));
+                    let stream = match connector
+                        .connect(address.host.as_str().try_into().unwrap(), stream)
+                        .await
+                    {
+                        Ok(stream) => stream,
+                        Err(err) => {
+                            return Err(Error::SocketError(format!("Server TLS error: {:?}", err)))
+                        }
+                    };
+
+                    StreamInner::Tls { stream }
+                }
+
+                // Server does not support TLS
+                'N' => StreamInner::Plain { stream },
+
+                // Something else?
+                m => {
+                    return Err(Error::SocketError(format!(
+                        "Unknown message: {}",
+                        m as char
+                    )));
+                }
+            }
+        } else {
+            StreamInner::Plain { stream }
+        };
+
+        // let (read, write) = split(stream);
+        // let (mut read, mut write) = (ReadInner::Plain { stream: read }, WriteInner::Plain { stream: write });
+
+        trace!("Sending StartupMessage");
+
+        // StartupMessage
+        let username = match user.server_username {
+            Some(ref server_username) => server_username,
+            None => &user.username,
+        };
+
+        let password = match user.server_password {
+            Some(ref server_password) => Some(server_password),
+            None => match user.password {
+                Some(ref password) => Some(password),
+                None => None,
+            },
+        };
+
+        startup(&mut stream, username, database).await?;
+
+        let mut server_info = BytesMut::new();
+        let mut process_id: i32 = 0;
+        let mut secret_key: i32 = 0;
+        let server_identifier = ServerIdentifier::new(username, &database);
+
+        // We'll be handling multiple packets, but they will all be structured the same.
+        // We'll loop here until this exchange is complete.
+        let mut scram: Option<ScramSha256> = match password {
+            Some(password) => Some(ScramSha256::new(password)),
+            None => None,
+        };
+
+        loop {
+            let code = match stream.read_u8().await {
+                Ok(code) => code as char,
+                Err(_) => {
+                    return Err(Error::ServerStartupError(
+                        "message code".into(),
+                        server_identifier,
+                    ))
+                }
+            };
+
+            let len = match stream.read_i32().await {
+                Ok(len) => len,
+                Err(_) => {
+                    return Err(Error::ServerStartupError(
+                        "message len".into(),
+                        server_identifier,
+                    ))
+                }
+            };
+
+            trace!("Message: {}", code);
+
+            match code {
+                // Authentication
+                'R' => {
+                    // Determine which kind of authentication is required, if any.
+                    let auth_code = match stream.read_i32().await {
+                        Ok(auth_code) => auth_code,
+                        Err(_) => {
+                            return Err(Error::ServerStartupError(
+                                "auth code".into(),
+                                server_identifier,
+                            ))
+                        }
+                    };
+
+                    trace!("Auth: {}", auth_code);
+
+                    match auth_code {
+                        MD5_ENCRYPTED_PASSWORD => {
+                            // The salt is 4 bytes.
+                            // See: https://www.postgresql.org/docs/12/protocol-message-formats.html
+                            let mut salt = vec![0u8; 4];
+
+                            match stream.read_exact(&mut salt).await {
+                                Ok(_) => (),
+                                Err(_) => {
+                                    return Err(Error::ServerStartupError(
+                                        "salt".into(),
+                                        server_identifier,
+                                    ))
+                                }
+                            };
+
+                            match password {
+                                // Using plaintext password
+                                Some(password) => {
+                                    md5_password(&mut stream, username, password, &salt[..]).await?
+                                }
+
+                                // Using auth passthrough, in this case we should already have a
+                                // hash obtained when the pool was validated. If we reach this point
+                                // and don't have a hash, we return an error.
+                                None => {
+                                    let option_hash = (*auth_hash.read()).clone();
+                                    match option_hash {
+                                        Some(hash) =>
+                                            md5_password_with_hash(
+                                                &mut stream,
+                                                &hash,
+                                                &salt[..],
+                                            )
+                                            .await?,
+                                        None => return Err(
+                                            Error::ServerAuthError(
+                                                "Auth passthrough (auth_query) failed and no user password is set in cleartext".into(),
+                                                server_identifier
+                                            )
+                                        ),
+                                    }
+                                }
+                            }
+                        }
+
+                        AUTHENTICATION_SUCCESSFUL => (),
+
+                        SASL => {
+                            if scram.is_none() {
+                                return Err(Error::ServerAuthError(
+                                    "SASL auth required and no password specified. \
+                                    Auth passthrough (auth_query) method is currently \
+                                    unsupported for SASL auth"
+                                        .into(),
+                                    server_identifier,
+                                ));
+                            }
+
+                            debug!("Starting SASL authentication");
+
+                            let sasl_len = (len - 8) as usize;
+                            let mut sasl_auth = vec![0u8; sasl_len];
+
+                            match stream.read_exact(&mut sasl_auth).await {
+                                Ok(_) => (),
+                                Err(_) => {
+                                    return Err(Error::ServerStartupError(
+                                        "sasl message".into(),
+                                        server_identifier,
+                                    ))
+                                }
+                            };
+
+                            let sasl_type = String::from_utf8_lossy(&sasl_auth[..sasl_len - 2]);
+
+                            if sasl_type.contains(SCRAM_SHA_256) {
+                                debug!("Using {}", SCRAM_SHA_256);
+
+                                // Generate client message.
+                                let sasl_response = scram.as_mut().unwrap().message();
+
+                                // SASLInitialResponse (F)
+                                let mut res = BytesMut::new();
+                                res.put_u8(b'p');
+
+                                // length + String length + length + length of sasl response
+                                res.put_i32(
+                                    4 // i32 size
+                                        + SCRAM_SHA_256.len() as i32 // length of SASL version string,
+                                        + 1 // Null terminator for the SASL version string,
+                                        + 4 // i32 size
+                                        + sasl_response.len() as i32, // length of SASL response
+                                );
+
+                                res.put_slice(format!("{}\0", SCRAM_SHA_256).as_bytes());
+                                res.put_i32(sasl_response.len() as i32);
+                                res.put(sasl_response);
+
+                                write_all_flush(&mut stream, &res).await?;
+                            } else {
+                                error!("Unsupported SCRAM version: {}", sasl_type);
+                                return Err(Error::ServerError);
+                            }
+                        }
+
+                        SASL_CONTINUE => {
+                            trace!("Continuing SASL");
+
+                            let mut sasl_data = vec![0u8; (len - 8) as usize];
+
+                            match stream.read_exact(&mut sasl_data).await {
+                                Ok(_) => (),
+                                Err(_) => {
+                                    return Err(Error::ServerStartupError(
+                                        "sasl cont message".into(),
+                                        server_identifier,
+                                    ))
+                                }
+                            };
+
+                            let msg = BytesMut::from(&sasl_data[..]);
+                            let sasl_response = scram.as_mut().unwrap().update(&msg)?;
+
+                            // SASLResponse
+                            let mut res = BytesMut::new();
+                            res.put_u8(b'p');
+                            res.put_i32(4 + sasl_response.len() as i32);
+                            res.put(sasl_response);
+
+                            write_all_flush(&mut stream, &res).await?;
+                        }
+
+                        SASL_FINAL => {
+                            trace!("Final SASL");
+
+                            let mut sasl_final = vec![0u8; len as usize - 8];
+                            match stream.read_exact(&mut sasl_final).await {
+                                Ok(_) => (),
+                                Err(_) => {
+                                    return Err(Error::ServerStartupError(
+                                        "sasl final message".into(),
+                                        server_identifier,
+                                    ))
+                                }
+                            };
+
+                            match scram
+                                .as_mut()
+                                .unwrap()
+                                .finish(&BytesMut::from(&sasl_final[..]))
+                            {
+                                Ok(_) => {
+                                    debug!("SASL authentication successful");
+                                }
+
+                                Err(err) => {
+                                    debug!("SASL authentication failed");
+                                    return Err(err);
+                                }
+                            };
+                        }
+
+                        _ => {
+                            error!("Unsupported authentication mechanism: {}", auth_code);
+                            return Err(Error::ServerError);
+                        }
+                    }
+                }
+
+                // ErrorResponse
+                'E' => {
+                    let error_code = match stream.read_u8().await {
+                        Ok(error_code) => error_code,
+                        Err(_) => {
+                            return Err(Error::ServerStartupError(
+                                "error code message".into(),
+                                server_identifier,
+                            ))
+                        }
+                    };
+
+                    trace!("Error: {}", error_code);
+
+                    match error_code {
+                        // No error message is present in the message.
+                        MESSAGE_TERMINATOR => (),
+
+                        // An error message will be present.
+                        _ => {
+                            // Read the error message without the terminating null character.
+                            let mut error = vec![0u8; len as usize - 4 - 1];
+
+                            match stream.read_exact(&mut error).await {
+                                Ok(_) => (),
+                                Err(_) => {
+                                    return Err(Error::ServerStartupError(
+                                        "error message".into(),
+                                        server_identifier,
+                                    ))
+                                }
+                            };
+
+                            // TODO: the error message contains multiple fields; we can decode them and
+                            // present a prettier message to the user.
+                            // See: https://www.postgresql.org/docs/12/protocol-error-fields.html
+                            error!("Server error: {}", String::from_utf8_lossy(&error));
+                        }
+                    };
+
+                    return Err(Error::ServerError);
+                }
+
+                // ParameterStatus
+                'S' => {
+                    let mut param = vec![0u8; len as usize - 4];
+
+                    match stream.read_exact(&mut param).await {
+                        Ok(_) => (),
+                        Err(_) => {
+                            return Err(Error::ServerStartupError(
+                                "parameter status message".into(),
+                                server_identifier,
+                            ))
+                        }
+                    };
+
+                    // Save the parameter so we can pass it to the client later.
+                    // These can be server_encoding, client_encoding, server timezone, Postgres version,
+                    // and many more interesting things we should know about the Postgres server we are talking to.
+                    server_info.put_u8(b'S');
+                    server_info.put_i32(len);
+                    server_info.put_slice(&param[..]);
+                }
+
+                // BackendKeyData
+                'K' => {
+                    // The frontend must save these values if it wishes to be able to issue CancelRequest messages later.
+                    // See: <https://www.postgresql.org/docs/12/protocol-message-formats.html>.
+                    process_id = match stream.read_i32().await {
+                        Ok(id) => id,
+                        Err(_) => {
+                            return Err(Error::ServerStartupError(
+                                "process id message".into(),
+                                server_identifier,
+                            ))
+                        }
+                    };
+
+                    secret_key = match stream.read_i32().await {
+                        Ok(id) => id,
+                        Err(_) => {
+                            return Err(Error::ServerStartupError(
+                                "secret key message".into(),
+                                server_identifier,
+                            ))
+                        }
+                    };
+                }
+
+                // ReadyForQuery
+                'Z' => {
+                    let mut idle = vec![0u8; len as usize - 4];
+
+                    match stream.read_exact(&mut idle).await {
+                        Ok(_) => (),
+                        Err(_) => {
+                            return Err(Error::ServerStartupError(
+                                "transaction status message".into(),
+                                server_identifier,
+                            ))
+                        }
+                    };
+
+                    let mut server = Server {
+                        address: address.clone(),
+                        stream: BufStream::new(stream),
+                        buffer: BytesMut::with_capacity(8196),
+                        server_info,
+                        process_id,
+                        secret_key,
+                        in_transaction: false,
+                        data_available: false,
+                        bad: false,
+                        cleanup_state: CleanupState::new(),
+                        client_server_map,
+                        addr_set,
+                        connected_at: chrono::offset::Utc::now().naive_utc(),
+                        stats,
+                        application_name: String::new(),
+                        last_activity: SystemTime::now(),
+                        mirror_manager: match address.mirrors.len() {
+                            0 => None,
+                            _ => Some(MirroringManager::from_addresses(
+                                user.clone(),
+                                database.to_owned(),
+                                address.mirrors.clone(),
+                            )),
+                        },
+                    };
+
+                    server.set_name("pgcat").await?;
+
+                    return Ok(server);
+                }
+
+                // We have an unexpected message from the server during this exchange.
+                // Means we implemented the protocol wrong or we're not talking to a Postgres server.
+                _ => {
+                    error!("Unknown code: {}", code);
+                    return Err(Error::ProtocolSyncError(format!(
+                        "Unknown server code: {}",
+                        code
+                    )));
+                }
+            };
+        }
+    }
+
+    /// Issue a query cancellation request to the server.
+    /// Uses a separate connection that's not part of the connection pool.
+    pub async fn cancel(
+        host: &str,
+        port: u16,
+        process_id: i32,
+        secret_key: i32,
+    ) -> Result<(), Error> {
+        let mut stream = match TcpStream::connect(&format!("{}:{}", host, port)).await {
+            Ok(stream) => stream,
+            Err(err) => {
+                error!("Could not connect to server: {}", err);
+                return Err(Error::SocketError("Error reading cancel message".into()));
+            }
+        };
+        configure_socket(&stream);
+
+        debug!("Sending CancelRequest");
+
+        let mut bytes = BytesMut::with_capacity(16);
+        bytes.put_i32(16);
+        bytes.put_i32(CANCEL_REQUEST_CODE);
+        bytes.put_i32(process_id);
+        bytes.put_i32(secret_key);
+
+        write_all_flush(&mut stream, &bytes).await
+    }
+
+    /// Send messages to the server from the client.
+    pub async fn send(&mut self, messages: &BytesMut) -> Result<(), Error> {
+        self.mirror_send(messages);
+        self.stats().data_sent(messages.len());
+
+        match write_all_flush(&mut self.stream, &messages).await {
+            Ok(_) => {
+                // Successfully sent to server
+                self.last_activity = SystemTime::now();
+                Ok(())
+            }
+            Err(err) => {
+                error!(
+                    "Terminating server {:?} because of: {:?}",
+                    self.address, err
+                );
+                self.bad = true;
+                Err(err)
+            }
+        }
+    }
+
+    /// Receive data from the server in response to a client request.
+    /// This method must be called multiple times while `self.is_data_available()` is true
+    /// in order to receive all data the server has to offer.
+    pub async fn recv(&mut self) -> Result<BytesMut, Error> {
+        loop {
+            let mut message = match read_message(&mut self.stream).await {
+                Ok(message) => message,
+                Err(err) => {
+                    error!(
+                        "Terminating server {:?} because of: {:?}",
+                        self.address, err
+                    );
+                    self.bad = true;
+                    return Err(err);
+                }
+            };
+
+            // Buffer the message we'll forward to the client later.
+            self.buffer.put(&message[..]);
+
+            let code = message.get_u8() as char;
+            let _len = message.get_i32();
+
+            trace!("Message: {}", code);
+
+            match code {
+                // ReadyForQuery
+                'Z' => {
+                    let transaction_state = message.get_u8() as char;
+
+                    match transaction_state {
+                        // In transaction.
+                        'T' => {
+                            self.in_transaction = true;
+                        }
+
+                        // Idle, transaction over.
+                        'I' => {
+                            self.in_transaction = false;
+                        }
+
+                        // Some error occurred, the transaction was rolled back.
+                        'E' => {
+                            self.in_transaction = true;
+                        }
+
+                        // Something totally unexpected, this is not a Postgres server we know.
+                        _ => {
+                            self.bad = true;
+                            return Err(Error::ProtocolSyncError(format!(
+                                "Unknown transaction state: {}",
+                                transaction_state
+                            )));
+                        }
+                    };
+
+                    // There is no more data available from the server.
+                    self.data_available = false;
+
+                    break;
+                }
+
+                // CommandComplete
+                'C' => {
+                    let mut command_tag = String::new();
+                    match message.reader().read_to_string(&mut command_tag) {
+                        Ok(_) => {
+                            // Non-exhaustive list of commands that are likely to change session variables/resources
+                            // which can leak between clients. This is a best effort to block bad clients
+                            // from poisoning a transaction-mode pool by setting inappropriate session variables
+                            match command_tag.as_str() {
+                                "SET\0" => {
+                                    // We don't detect set statements in transactions
+                                    // No great way to differentiate between set and set local
+                                    // As a result, we will miss cases when set statements are used in transactions
+                                    // This will reduce amount of discard statements sent
+                                    if !self.in_transaction {
+                                        debug!("Server connection marked for clean up");
+                                        self.cleanup_state.needs_cleanup_set = true;
+                                    }
+                                }
+                                "PREPARE\0" => {
+                                    debug!("Server connection marked for clean up");
+                                    self.cleanup_state.needs_cleanup_prepare = true;
+                                }
+                                _ => (),
+                            }
+                        }
+
+                        Err(err) => {
+                            warn!("Encountered an error while parsing CommandTag {}", err);
+                        }
+                    }
+                }
+
+                // DataRow
+                'D' => {
+                    // More data is available after this message, this is not the end of the reply.
+                    self.data_available = true;
+
+                    // Don't flush yet, the more we buffer, the faster this goes...up to a limit.
+                    if self.buffer.len() >= 8196 {
+                        break;
+                    }
+                }
+
+                // CopyInResponse: copy is starting from client to server.
+                'G' => break,
+
+                // CopyOutResponse: copy is starting from the server to the client.
+                'H' => {
+                    self.data_available = true;
+                    break;
+                }
+
+                // CopyData
+                'd' => {
+                    // Don't flush yet, buffer until we reach limit
+                    if self.buffer.len() >= 8196 {
+                        break;
+                    }
+                }
+
+                // CopyDone
+                // Buffer until ReadyForQuery shows up, so don't exit the loop yet.
+                'c' => (),
+
+                // Anything else, e.g. errors, notices, etc.
+                // Keep buffering until ReadyForQuery shows up.
+                _ => (),
+            };
+        }
+
+        let bytes = self.buffer.clone();
+
+        // Keep track of how much data we got from the server for stats.
+        self.stats().data_received(bytes.len());
+
+        // Clear the buffer for next query.
+        self.buffer.clear();
+
+        // Successfully received data from server
+        self.last_activity = SystemTime::now();
+
+        // Pass the data back to the client.
+        Ok(bytes)
+    }
+
+    /// If the server is still inside a transaction.
+    /// If the client disconnects while the server is in a transaction, we will clean it up.
+    pub fn in_transaction(&self) -> bool {
+        debug!("Server in transaction: {}", self.in_transaction);
+        self.in_transaction
+    }
+
+    /// We don't buffer all of server responses, e.g. COPY OUT produces too much data.
+    /// The client is responsible to call `self.recv()` while this method returns true.
+    pub fn is_data_available(&self) -> bool {
+        self.data_available
+    }
+
+    /// Server & client are out of sync, we must discard this connection.
+    /// This happens with clients that misbehave.
+    pub fn is_bad(&self) -> bool {
+        if self.bad {
+            return self.bad;
+        };
+        let cached_resolver = CACHED_RESOLVER.load();
+        if cached_resolver.enabled() {
+            if let Some(addr_set) = &self.addr_set {
+                if cached_resolver.has_changed(self.address.host.as_str(), addr_set) {
+                    warn!(
+                        "DNS changed for {}, it was {:?}. Dropping server connection.",
+                        self.address.host.as_str(),
+                        addr_set
+                    );
+                    return true;
+                }
+            }
+        }
+        false
+    }
+
+    /// Get server startup information to forward it to the client.
+    /// Not used at the moment.
+    pub fn server_info(&self) -> BytesMut {
+        self.server_info.clone()
+    }
+
+    /// Indicate that this server connection cannot be re-used and must be discarded.
+    pub fn mark_bad(&mut self) {
+        error!("Server {:?} marked bad", self.address);
+        self.bad = true;
+    }
+
+    /// Claim this server as mine for the purposes of query cancellation.
+    pub fn claim(&mut self, process_id: i32, secret_key: i32) {
+        let mut guard = self.client_server_map.lock();
+        guard.insert(
+            (process_id, secret_key),
+            (
+                self.process_id,
+                self.secret_key,
+                self.address.host.clone(),
+                self.address.port,
+            ),
+        );
+    }
+
+    /// Execute an arbitrary query against the server.
+    /// It will use the simple query protocol.
+    /// Result will not be returned, so this is useful for things like `SET` or `ROLLBACK`.
+    pub async fn query(&mut self, query: &str) -> Result<(), Error> {
+        debug!("Running `{}` on server {:?}", query, self.address);
+
+        let query = simple_query(query);
+
+        self.send(&query).await?;
+
+        loop {
+            let _ = self.recv().await?;
+
+            if !self.data_available {
+                break;
+            }
+        }
+
+        Ok(())
+    }
+
+    /// Perform any necessary cleanup before putting the server
+    /// connection back in the pool
+    pub async fn checkin_cleanup(&mut self) -> Result<(), Error> {
+        // Client disconnected with an open transaction on the server connection.
+        // Pgbouncer behavior is to close the server connection but that can cause
+        // server connection thrashing if clients repeatedly do this.
+        // Instead, we ROLLBACK that transaction before putting the connection back in the pool
+        if self.in_transaction() {
+            warn!("Server returned while still in transaction, rolling back transaction");
+            self.query("ROLLBACK").await?;
+        }
+
+        // Client disconnected but it performed session-altering operations such as
+        // SET statement_timeout to 1 or create a prepared statement. We clear that
+        // to avoid leaking state between clients. For performance reasons we only
+        // send `DISCARD ALL` if we think the session is altered instead of just sending
+        // it before each checkin.
+        if self.cleanup_state.needs_cleanup() {
+            warn!("Server returned with session state altered, discarding state ({}) for application {}", self.cleanup_state, self.application_name);
+            self.query("DISCARD ALL").await?;
+            self.query("RESET ROLE").await?;
+            self.cleanup_state.reset();
+        }
+
+        Ok(())
+    }
+
+    /// A shorthand for `SET application_name = $1`.
+    pub async fn set_name(&mut self, name: &str) -> Result<(), Error> {
+        if self.application_name != name {
+            self.application_name = name.to_string();
+            // We don't want `SET application_name` to mark the server connection
+            // as needing cleanup
+            let needs_cleanup_before = self.cleanup_state;
+
+            let result = Ok(self
+                .query(&format!("SET application_name = '{}'", name))
+                .await?);
+            self.cleanup_state = needs_cleanup_before;
+            result
+        } else {
+            Ok(())
+        }
+    }
+
+    /// get Server stats
+    pub fn stats(&self) -> Arc<ServerStats> {
+        self.stats.clone()
+    }
+
+    /// Get the servers address.
+    #[allow(dead_code)]
+    pub fn address(&self) -> Address {
+        self.address.clone()
+    }
+
+    // Get server's latest response timestamp
+    pub fn last_activity(&self) -> SystemTime {
+        self.last_activity
+    }
+
+    // Marks a connection as needing DISCARD ALL at checkin
+    pub fn mark_dirty(&mut self) {
+        self.cleanup_state.set_true();
+    }
+
+    pub fn mirror_send(&mut self, bytes: &BytesMut) {
+        match self.mirror_manager.as_mut() {
+            Some(manager) => manager.send(bytes),
+            None => (),
+        }
+    }
+
+    pub fn mirror_disconnect(&mut self) {
+        match self.mirror_manager.as_mut() {
+            Some(manager) => manager.disconnect(),
+            None => (),
+        }
+    }
+
+    // This is so we can execute out of band queries to the server.
+    // The connection will be opened, the query executed and closed.
+    pub async fn exec_simple_query(
+        address: &Address,
+        user: &User,
+        query: &str,
+    ) -> Result<Vec<String>, Error> {
+        let client_server_map: ClientServerMap = Arc::new(Mutex::new(HashMap::new()));
+
+        debug!("Connecting to server to obtain auth hashes.");
+        let mut server = Server::startup(
+            address,
+            user,
+            &address.database,
+            client_server_map,
+            Arc::new(ServerStats::default()),
+            Arc::new(RwLock::new(None)),
+        )
+        .await?;
+        debug!("Connected!, sending query.");
+        server.send(&simple_query(query)).await?;
+        let mut message = server.recv().await?;
+
+        Ok(parse_query_message(&mut message).await?)
+    }
+}
+
+async fn parse_query_message(message: &mut BytesMut) -> Result<Vec<String>, Error> {
+    let mut pair = Vec::<String>::new();
+    match message::backend::Message::parse(message) {
+        Ok(Some(message::backend::Message::RowDescription(_description))) => {}
+        Ok(Some(message::backend::Message::ErrorResponse(err))) => {
+            return Err(Error::ProtocolSyncError(format!(
+                "Protocol error parsing response. Err: {:?}",
+                err.fields()
+                    .iterator()
+                    .fold(String::default(), |acc, element| acc
+                        + element.unwrap().value())
+            )))
+        }
+        Ok(_) => {
+            return Err(Error::ProtocolSyncError(
+                "Protocol error, expected Row Description.".to_string(),
+            ))
+        }
+        Err(err) => {
+            return Err(Error::ProtocolSyncError(format!(
+                "Protocol error parsing response. Err: {:?}",
+                err
+            )))
+        }
+    }
+
+    while !message.is_empty() {
+        match message::backend::Message::parse(message) {
+            Ok(postgres_message) => {
+                match postgres_message {
+                    Some(message::backend::Message::DataRow(data)) => {
+                        let buf = data.buffer();
+                        trace!("Data: {:?}", buf);
+
+                        for item in data.ranges().iterator() {
+                            match item.as_ref() {
+                                Ok(range) => match range {
+                                    Some(range) => {
+                                        pair.push(String::from_utf8_lossy(&buf[range.clone()]).to_string());
+                                    }
+                                    None => return Err(Error::ProtocolSyncError(String::from(
+                                        "Data expected while receiving query auth data, found nothing.",
+                                    ))),
+                                },
+                                Err(err) => {
+                                    return Err(Error::ProtocolSyncError(format!(
+                                        "Data error, err: {:?}",
+                                        err
+                                    )))
+                                }
+                            }
+                        }
+                    }
+                    Some(message::backend::Message::CommandComplete(_)) => {}
+                    Some(message::backend::Message::ReadyForQuery(_)) => {}
+                    _ => {
+                        return Err(Error::ProtocolSyncError(
+                            "Unexpected message while receiving auth query data.".to_string(),
+                        ))
+                    }
+                }
+            }
+            Err(err) => {
+                return Err(Error::ProtocolSyncError(format!(
+                    "Parse error, err: {:?}",
+                    err
+                )))
+            }
+        };
+    }
+    Ok(pair)
+}
+
+impl Drop for Server {
+    /// Try to do a clean shut down. Best effort because
+    /// the socket is in non-blocking mode, so it may not be ready
+    /// for a write.
+    fn drop(&mut self) {
+        self.mirror_disconnect();
+
+        // Update statistics
+        self.stats.disconnect();
+
+        let mut bytes = BytesMut::with_capacity(5);
+        bytes.put_u8(b'X');
+        bytes.put_i32(4);
+
+        match self.stream.get_mut().try_write(&bytes) {
+            Ok(5) => (),
+            _ => debug!("Dirty shutdown"),
+        };
+
+        let now = chrono::offset::Utc::now().naive_utc();
+        let duration = now - self.connected_at;
+
+        let message = if self.bad {
+            "Server connection terminated"
+        } else {
+            "Server connection closed"
+        };
+
+        info!(
+            "{} {:?}, session duration: {}",
+            message,
+            self.address,
+            crate::format_duration(&duration)
+        );
+    }
+}

src/sharding.rs

@@ -0,0 +1,216 @@
+use serde_derive::{Deserialize, Serialize};
+/// Implements various sharding functions.
+use sha1::{Digest, Sha1};
+
+/// See: <https://github.com/postgres/postgres/blob/27b77ecf9f4d5be211900eda54d8155ada50d696/src/include/catalog/partition.h#L20>.
+const PARTITION_HASH_SEED: u64 = 0x7A5B22367996DCFD;
+
+/// The sharding functions we support.
+#[derive(Debug, PartialEq, Copy, Clone, Serialize, Deserialize, Hash, std::cmp::Eq)]
+pub enum ShardingFunction {
+    #[serde(alias = "pg_bigint_hash", alias = "PgBigintHash")]
+    PgBigintHash,
+    #[serde(alias = "sha1", alias = "Sha1")]
+    Sha1,
+}
+
+impl ToString for ShardingFunction {
+    fn to_string(&self) -> String {
+        match *self {
+            ShardingFunction::PgBigintHash => "pg_bigint_hash".to_string(),
+            ShardingFunction::Sha1 => "sha1".to_string(),
+        }
+    }
+}
+
+/// The sharder.
+pub struct Sharder {
+    /// Number of shards in the cluster.
+    shards: usize,
+
+    /// The sharding function in use.
+    sharding_function: ShardingFunction,
+}
+
+impl Sharder {
+    /// Create new instance of the sharder.
+    pub fn new(shards: usize, sharding_function: ShardingFunction) -> Sharder {
+        Sharder {
+            shards,
+            sharding_function,
+        }
+    }
+
+    /// Compute the shard given sharding key.
+    pub fn shard(&self, key: i64) -> usize {
+        match self.sharding_function {
+            ShardingFunction::PgBigintHash => self.pg_bigint_hash(key),
+            ShardingFunction::Sha1 => self.sha1(key),
+        }
+    }
+
+    /// Hash function used by Postgres to determine which partition
+    /// to put the row in when using HASH(column) partitioning.
+    /// Source: <https://github.com/postgres/postgres/blob/27b77ecf9f4d5be211900eda54d8155ada50d696/src/common/hashfn.c#L631>.
+    /// Supports only 1 bigint at the moment, but we can add more later.
+    fn pg_bigint_hash(&self, key: i64) -> usize {
+        let mut lohalf = key as u32;
+        let hihalf = (key >> 32) as u32;
+        lohalf ^= if key >= 0 { hihalf } else { !hihalf };
+        Self::combine(0, Self::pg_u32_hash(lohalf)) as usize % self.shards
+    }
+
+    /// Example of a hashing function based on SHA1.
+    fn sha1(&self, key: i64) -> usize {
+        let mut hasher = Sha1::new();
+
+        hasher.update(&key.to_string().as_bytes());
+
+        let result = hasher.finalize();
+
+        // Convert the SHA1 hash into hex so we can parse it as a large integer.
+        let hex = format!("{:x}", result);
+
+        // Parse the last 8 bytes as an integer (8 bytes = bigint).
+        let key = i64::from_str_radix(&hex[hex.len() - 8..], 16).unwrap() as usize;
+
+        key % self.shards
+    }
+
+    #[inline]
+    fn rot(x: u32, k: u32) -> u32 {
+        (x << k) | (x >> (32 - k))
+    }
+
+    #[inline]
+    fn mix(mut a: u32, mut b: u32, mut c: u32) -> (u32, u32, u32) {
+        a = a.wrapping_sub(c);
+        a ^= Self::rot(c, 4);
+        c = c.wrapping_add(b);
+
+        b = b.wrapping_sub(a);
+        b ^= Self::rot(a, 6);
+        a = a.wrapping_add(c);
+
+        c = c.wrapping_sub(b);
+        c ^= Self::rot(b, 8);
+        b = b.wrapping_add(a);
+
+        a = a.wrapping_sub(c);
+        a ^= Self::rot(c, 16);
+        c = c.wrapping_add(b);
+
+        b = b.wrapping_sub(a);
+        b ^= Self::rot(a, 19);
+        a = a.wrapping_add(c);
+
+        c = c.wrapping_sub(b);
+        c ^= Self::rot(b, 4);
+        b = b.wrapping_add(a);
+
+        (a, b, c)
+    }
+
+    #[inline]
+    fn _final(mut a: u32, mut b: u32, mut c: u32) -> (u32, u32, u32) {
+        c ^= b;
+        c = c.wrapping_sub(Self::rot(b, 14));
+        a ^= c;
+        a = a.wrapping_sub(Self::rot(c, 11));
+        b ^= a;
+        b = b.wrapping_sub(Self::rot(a, 25));
+        c ^= b;
+        c = c.wrapping_sub(Self::rot(b, 16));
+        a ^= c;
+        a = a.wrapping_sub(Self::rot(c, 4));
+        b ^= a;
+        b = b.wrapping_sub(Self::rot(a, 14));
+        c ^= b;
+        c = c.wrapping_sub(Self::rot(b, 24));
+        (a, b, c)
+    }
+
+    #[inline]
+    fn combine(mut a: u64, b: u64) -> u64 {
+        a ^= b
+            .wrapping_add(0x49a0f4dd15e5a8e3_u64)
+            .wrapping_add(a << 54)
+            .wrapping_add(a >> 7);
+        a
+    }
+
+    #[inline]
+    fn pg_u32_hash(k: u32) -> u64 {
+        let mut a: u32 = 0x9e3779b9_u32 + std::mem::size_of::<u32>() as u32 + 3923095_u32;
+        let mut b = a;
+        let c = a;
+
+        a = a.wrapping_add((PARTITION_HASH_SEED >> 32) as u32);
+        b = b.wrapping_add(PARTITION_HASH_SEED as u32);
+        let (mut a, b, c) = Self::mix(a, b, c);
+
+        a = a.wrapping_add(k);
+
+        let (_a, b, c) = Self::_final(a, b, c);
+
+        ((b as u64) << 32) | (c as u64)
+    }
+}
+
+#[cfg(test)]
+mod test {
+    use super::*;
+
+    // See tests/sharding/partition_hash_test_setup.sql
+    // The output of those SELECT statements will match this test,
+    // confirming that we implemented Postgres BIGINT hashing correctly.
+    #[test]
+    fn test_pg_bigint_hash() {
+        let sharder = Sharder::new(5, ShardingFunction::PgBigintHash);
+
+        let shard_0 = vec![1, 4, 5, 14, 19, 39, 40, 46, 47, 53];
+
+        for v in shard_0 {
+            assert_eq!(sharder.shard(v), 0);
+        }
+
+        let shard_1 = vec![2, 3, 11, 17, 21, 23, 30, 49, 51, 54];
+
+        for v in shard_1 {
+            assert_eq!(sharder.shard(v), 1);
+        }
+
+        let shard_2 = vec![6, 7, 15, 16, 18, 20, 25, 28, 34, 35];
+
+        for v in shard_2 {
+            assert_eq!(sharder.shard(v), 2);
+        }
+
+        let shard_3 = vec![8, 12, 13, 22, 29, 31, 33, 36, 41, 43];
+
+        for v in shard_3 {
+            assert_eq!(sharder.shard(v), 3);
+        }
+
+        let shard_4 = vec![9, 10, 24, 26, 27, 32, 37, 38, 42, 45];
+
+        for v in shard_4 {
+            assert_eq!(sharder.shard(v), 4);
+        }
+    }
+
+    #[test]
+    fn test_sha1_hash() {
+        let sharder = Sharder::new(12, ShardingFunction::Sha1);
+        let ids = vec![
+            0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19,
+        ];
+        let shards = vec![
+            4, 7, 8, 3, 6, 0, 0, 10, 3, 11, 1, 7, 4, 4, 11, 2, 5, 0, 8, 3,
+        ];
+
+        for (i, id) in ids.iter().enumerate() {
+            assert_eq!(sharder.shard(*id), shards[i]);
+        }
+    }
+}

src/stats.rs

@@ -0,0 +1,150 @@
+use crate::pool::PoolIdentifier;
+/// Statistics and reporting.
+use arc_swap::ArcSwap;
+
+use log::{info, warn};
+use once_cell::sync::Lazy;
+use parking_lot::RwLock;
+use std::collections::HashMap;
+
+use std::sync::Arc;
+
+// Structs that hold stats for different resources
+pub mod address;
+pub mod client;
+pub mod pool;
+pub mod server;
+pub use address::AddressStats;
+pub use client::{ClientState, ClientStats};
+pub use pool::PoolStats;
+pub use server::{ServerState, ServerStats};
+
+/// Convenience types for various stats
+type ClientStatesLookup = HashMap<i32, Arc<ClientStats>>;
+type ServerStatesLookup = HashMap<i32, Arc<ServerStats>>;
+type PoolStatsLookup = HashMap<(String, String), Arc<PoolStats>>;
+
+/// Stats for individual client connections
+/// Used in SHOW CLIENTS.
+static CLIENT_STATS: Lazy<Arc<RwLock<ClientStatesLookup>>> =
+    Lazy::new(|| Arc::new(RwLock::new(ClientStatesLookup::default())));
+
+/// Stats for individual server connections
+/// Used in SHOW SERVERS.
+static SERVER_STATS: Lazy<Arc<RwLock<ServerStatesLookup>>> =
+    Lazy::new(|| Arc::new(RwLock::new(ServerStatesLookup::default())));
+
+/// Aggregate stats for each pool (a pool is identified by database name and username)
+/// Used in SHOW POOLS.
+static POOL_STATS: Lazy<Arc<RwLock<PoolStatsLookup>>> =
+    Lazy::new(|| Arc::new(RwLock::new(PoolStatsLookup::default())));
+
+/// The statistics reporter. An instance is given to each possible source of statistics,
+/// e.g. client stats, server stats, connection pool stats.
+pub static REPORTER: Lazy<ArcSwap<Reporter>> =
+    Lazy::new(|| ArcSwap::from_pointee(Reporter::default()));
+
+/// Statistics period used for average calculations.
+/// 15 seconds.
+static STAT_PERIOD: u64 = 15000;
+
+/// The statistics reporter. An instance is given
+/// to each possible source of statistics,
+/// e.g. clients, servers, connection pool.
+#[derive(Clone, Debug, Default)]
+pub struct Reporter {}
+
+impl Reporter {
+    /// Register a client with the stats system. The stats system uses client_id
+    /// to track and aggregate statistics from all source that relate to that client
+    fn client_register(&self, client_id: i32, stats: Arc<ClientStats>) {
+        if CLIENT_STATS.read().get(&client_id).is_some() {
+            warn!("Client {:?} was double registered!", client_id);
+            return;
+        }
+
+        CLIENT_STATS.write().insert(client_id, stats);
+    }
+
+    /// Reports a client is disconnecting from the pooler.
+    fn client_disconnecting(&self, client_id: i32) {
+        CLIENT_STATS.write().remove(&client_id);
+    }
+
+    /// Register a server connection with the stats system. The stats system uses server_id
+    /// to track and aggregate statistics from all source that relate to that server
+    fn server_register(&self, server_id: i32, stats: Arc<ServerStats>) {
+        SERVER_STATS.write().insert(server_id, stats);
+    }
+    /// Reports a server connection is disconnecting from the pooler.
+    fn server_disconnecting(&self, server_id: i32) {
+        SERVER_STATS.write().remove(&server_id);
+    }
+
+    /// Register a pool with the stats system.
+    fn pool_register(&self, identifier: PoolIdentifier, stats: Arc<PoolStats>) {
+        POOL_STATS
+            .write()
+            .insert((identifier.db, identifier.user), stats);
+    }
+}
+
+/// The statistics collector which used for calculating averages
+/// There is only one collector (kind of like a singleton)
+/// it updates averages every 15 seconds.
+#[derive(Default)]
+pub struct Collector {}
+
+impl Collector {
+    /// The statistics collection handler. It will collect statistics
+    /// for `address_id`s starting at 0 up to `addresses`.
+    pub async fn collect(&mut self) {
+        info!("Events reporter started");
+
+        tokio::task::spawn(async move {
+            let mut interval =
+                tokio::time::interval(tokio::time::Duration::from_millis(STAT_PERIOD));
+            loop {
+                interval.tick().await;
+
+                // Hold read lock for duration of update to retain all server stats
+                let server_stats = SERVER_STATS.read();
+
+                for stats in server_stats.values() {
+                    if !stats.check_address_stat_average_is_updated_status() {
+                        stats.address_stats().update_averages();
+                        stats.set_address_stat_average_is_updated_status(true);
+                    }
+                }
+
+                // Reset to false for next update
+                for stats in server_stats.values() {
+                    stats.set_address_stat_average_is_updated_status(false);
+                }
+            }
+        });
+    }
+}
+
+/// Get a snapshot of client statistics.
+/// by the `Collector`.
+pub fn get_client_stats() -> ClientStatesLookup {
+    CLIENT_STATS.read().clone()
+}
+
+/// Get a snapshot of server statistics.
+/// by the `Collector`.
+pub fn get_server_stats() -> ServerStatesLookup {
+    SERVER_STATS.read().clone()
+}
+
+/// Get a snapshot of pool statistics.
+/// by the `Collector`.
+pub fn get_pool_stats() -> PoolStatsLookup {
+    POOL_STATS.read().clone()
+}
+
+/// Get the statistics reporter used to update stats across the pools/clients.
+pub fn get_reporter() -> Reporter {
+    (*(*REPORTER.load())).clone()
+}

src/stats/address.rs

@@ -0,0 +1,175 @@
+use std::sync::atomic::*;
+use std::sync::Arc;
+
+/// Internal address stats
+#[derive(Debug, Clone, Default)]
+pub struct AddressStats {
+    pub total_xact_count: Arc<AtomicU64>,
+    pub total_query_count: Arc<AtomicU64>,
+    pub total_received: Arc<AtomicU64>,
+    pub total_sent: Arc<AtomicU64>,
+    pub total_xact_time: Arc<AtomicU64>,
+    pub total_query_time: Arc<AtomicU64>,
+    pub total_wait_time: Arc<AtomicU64>,
+    pub total_errors: Arc<AtomicU64>,
+
+    pub old_total_xact_count: Arc<AtomicU64>,
+    pub old_total_query_count: Arc<AtomicU64>,
+    pub old_total_received: Arc<AtomicU64>,
+    pub old_total_sent: Arc<AtomicU64>,
+    pub old_total_xact_time: Arc<AtomicU64>,
+    pub old_total_query_time: Arc<AtomicU64>,
+    pub old_total_wait_time: Arc<AtomicU64>,
+    pub old_total_errors: Arc<AtomicU64>,
+
+    pub avg_query_count: Arc<AtomicU64>,
+    pub avg_query_time: Arc<AtomicU64>,
+    pub avg_recv: Arc<AtomicU64>,
+    pub avg_sent: Arc<AtomicU64>,
+    pub avg_errors: Arc<AtomicU64>,
+    pub avg_xact_time: Arc<AtomicU64>,
+    pub avg_xact_count: Arc<AtomicU64>,
+    pub avg_wait_time: Arc<AtomicU64>,
+
+    // Determines if the averages have been updated since the last time they were reported
+    pub averages_updated: Arc<AtomicBool>,
+}
+
+impl IntoIterator for AddressStats {
+    type Item = (String, u64);
+    type IntoIter = std::vec::IntoIter<Self::Item>;
+
+    fn into_iter(self) -> Self::IntoIter {
+        vec![
+            (
+                "total_xact_count".to_string(),
+                self.total_xact_count.load(Ordering::Relaxed),
+            ),
+            (
+                "total_query_count".to_string(),
+                self.total_query_count.load(Ordering::Relaxed),
+            ),
+            (
+                "total_received".to_string(),
+                self.total_received.load(Ordering::Relaxed),
+            ),
+            (
+                "total_sent".to_string(),
+                self.total_sent.load(Ordering::Relaxed),
+            ),
+            (
+                "total_xact_time".to_string(),
+                self.total_xact_time.load(Ordering::Relaxed),
+            ),
+            (
+                "total_query_time".to_string(),
+                self.total_query_time.load(Ordering::Relaxed),
+            ),
+            (
+                "total_wait_time".to_string(),
+                self.total_wait_time.load(Ordering::Relaxed),
+            ),
+            (
+                "total_errors".to_string(),
+                self.total_errors.load(Ordering::Relaxed),
+            ),
+            (
+                "avg_xact_count".to_string(),
+                self.avg_xact_count.load(Ordering::Relaxed),
+            ),
+            (
+                "avg_query_count".to_string(),
+                self.avg_query_count.load(Ordering::Relaxed),
+            ),
+            (
+                "avg_recv".to_string(),
+                self.avg_recv.load(Ordering::Relaxed),
+            ),
+            (
+                "avg_sent".to_string(),
+                self.avg_sent.load(Ordering::Relaxed),
+            ),
+            (
+                "avg_errors".to_string(),
+                self.avg_errors.load(Ordering::Relaxed),
+            ),
+            (
+                "avg_xact_time".to_string(),
+                self.avg_xact_time.load(Ordering::Relaxed),
+            ),
+            (
+                "avg_query_time".to_string(),
+                self.avg_query_time.load(Ordering::Relaxed),
+            ),
+            (
+                "avg_wait_time".to_string(),
+                self.avg_wait_time.load(Ordering::Relaxed),
+            ),
+        ]
+        .into_iter()
+    }
+}
+
+impl AddressStats {
+    pub fn error(&self) {
+        self.total_errors.fetch_add(1, Ordering::Relaxed);
+    }
+
+    pub fn update_averages(&self) {
+        let (totals, averages, old_totals) = self.fields_iterators();
+        for (total, average, old_total) in itertools::izip!(totals, averages, old_totals) {
+            let total_value = total.load(Ordering::Relaxed);
+            let old_total_value = old_total.load(Ordering::Relaxed);
+            average.store(
+                (total_value - old_total_value) / (crate::stats::STAT_PERIOD / 1_000),
+                Ordering::Relaxed,
+            ); // Avg / second
+            old_total.store(total_value, Ordering::Relaxed);
+        }
+    }
+
+    pub fn populate_row(&self, row: &mut Vec<String>) {
+        for (_key, value) in self.clone() {
+            row.push(value.to_string());
+        }
+    }
+
+    fn fields_iterators(
+        &self,
+    ) -> (
+        Vec<Arc<AtomicU64>>,
+        Vec<Arc<AtomicU64>>,
+        Vec<Arc<AtomicU64>>,
+    ) {
+        let mut totals: Vec<Arc<AtomicU64>> = Vec::new();
+        let mut averages: Vec<Arc<AtomicU64>> = Vec::new();
+        let mut old_totals: Vec<Arc<AtomicU64>> = Vec::new();
+
+        totals.push(self.total_xact_count.clone());
+        old_totals.push(self.old_total_xact_count.clone());
+        averages.push(self.avg_xact_count.clone());
+        totals.push(self.total_query_count.clone());
+        old_totals.push(self.old_total_query_count.clone());
+        averages.push(self.avg_query_count.clone());
+        totals.push(self.total_received.clone());
+        old_totals.push(self.old_total_received.clone());
+        averages.push(self.avg_recv.clone());
+        totals.push(self.total_sent.clone());
+        old_totals.push(self.old_total_sent.clone());
+        averages.push(self.avg_sent.clone());
+        totals.push(self.total_xact_time.clone());
+        old_totals.push(self.old_total_xact_time.clone());
+        averages.push(self.avg_xact_time.clone());
+        totals.push(self.total_query_time.clone());
+        old_totals.push(self.old_total_query_time.clone());
+        averages.push(self.avg_query_time.clone());
+        totals.push(self.total_wait_time.clone());
+        old_totals.push(self.old_total_wait_time.clone());
+        averages.push(self.avg_wait_time.clone());
+        totals.push(self.total_errors.clone());
+        old_totals.push(self.old_total_errors.clone());
+        averages.push(self.avg_errors.clone());
+
+        (totals, averages, old_totals)
+    }
+}

src/stats/client.rs

@@ -0,0 +1,182 @@
+use super::PoolStats;
+use super::{get_reporter, Reporter};
+use atomic_enum::atomic_enum;
+use std::sync::atomic::*;
+use std::sync::Arc;
+use tokio::time::Instant;
+/// The various states that a client can be in
+#[atomic_enum]
+#[derive(PartialEq)]
+pub enum ClientState {
+    Idle = 0,
+    Waiting,
+    Active,
+}
+impl std::fmt::Display for ClientState {
+    fn fmt(&self, f: &mut std::fmt::Formatter) -> std::fmt::Result {
+        match *self {
+            ClientState::Idle => write!(f, "idle"),
+            ClientState::Waiting => write!(f, "waiting"),
+            ClientState::Active => write!(f, "active"),
+        }
+    }
+}
+
+#[derive(Debug, Clone)]
+/// Information we keep track of which can be queried by SHOW CLIENTS
+pub struct ClientStats {
+    /// A random integer assigned to the client and used by stats to track the client
+    client_id: i32,
+
+    /// Data associated with the client, not writable, only set when we construct the ClientStat
+    application_name: String,
+    username: String,
+    pool_name: String,
+    connect_time: Instant,
+
+    pool_stats: Arc<PoolStats>,
+    reporter: Reporter,
+
+    /// Total time spent waiting for a connection from pool, measures in microseconds
+    pub total_wait_time: Arc<AtomicU64>,
+
+    /// Current state of the client
+    pub state: Arc<AtomicClientState>,
+
+    /// Number of transactions executed by this client
+    pub transaction_count: Arc<AtomicU64>,
+
+    /// Number of queries executed by this client
+    pub query_count: Arc<AtomicU64>,
+
+    /// Number of errors made by this client
+    pub error_count: Arc<AtomicU64>,
+}
+
+impl Default for ClientStats {
+    fn default() -> Self {
+        ClientStats {
+            client_id: 0,
+            connect_time: Instant::now(),
+            application_name: String::new(),
+            username: String::new(),
+            pool_name: String::new(),
+            pool_stats: Arc::new(PoolStats::default()),
+            total_wait_time: Arc::new(AtomicU64::new(0)),
+            state: Arc::new(AtomicClientState::new(ClientState::Idle)),
+            transaction_count: Arc::new(AtomicU64::new(0)),
+            query_count: Arc::new(AtomicU64::new(0)),
+            error_count: Arc::new(AtomicU64::new(0)),
+            reporter: get_reporter(),
+        }
+    }
+}
+
+impl ClientStats {
+    pub fn new(
+        client_id: i32,
+        application_name: &str,
+        username: &str,
+        pool_name: &str,
+        connect_time: Instant,
+        pool_stats: Arc<PoolStats>,
+    ) -> Self {
+        Self {
+            client_id,
+            pool_stats,
+            connect_time,
+            application_name: application_name.to_string(),
+            username: username.to_string(),
+            pool_name: pool_name.to_string(),
+            ..Default::default()
+        }
+    }
+
+    /// Reports a client is disconnecting from the pooler and
+    /// update metrics on the corresponding pool.
+    pub fn disconnect(&self) {
+        self.reporter.client_disconnecting(self.client_id);
+        self.pool_stats
+            .client_disconnect(self.state.load(Ordering::Relaxed))
+    }
+
+    /// Register a client with the stats system. The stats system uses client_id
+    /// to track and aggregate statistics from all source that relate to that client
+    pub fn register(&self, stats: Arc<ClientStats>) {
+        self.reporter.client_register(self.client_id, stats);
+        self.state.store(ClientState::Idle, Ordering::Relaxed);
+        self.pool_stats.cl_idle.fetch_add(1, Ordering::Relaxed);
+    }
+
+    /// Reports a client is done querying the server and is no longer assigned a server connection
+    pub fn idle(&self) {
+        self.pool_stats
+            .client_idle(self.state.load(Ordering::Relaxed));
+        self.state.store(ClientState::Idle, Ordering::Relaxed);
+    }
+
+    /// Reports a client is waiting for a connection
+    pub fn waiting(&self) {
+        self.pool_stats
+            .client_waiting(self.state.load(Ordering::Relaxed));
+        self.state.store(ClientState::Waiting, Ordering::Relaxed);
+    }
+
+    /// Reports a client is done waiting for a connection and is about to query the server.
+    pub fn active(&self) {
+        self.pool_stats
+            .client_active(self.state.load(Ordering::Relaxed));
+        self.state.store(ClientState::Active, Ordering::Relaxed);
+    }
+
+    /// Reports a client has failed to obtain a connection from a connection pool
+    pub fn checkout_error(&self) {
+        self.state.store(ClientState::Idle, Ordering::Relaxed);
+    }
+
+    /// Reports a client has had the server assigned to it be banned
+    pub fn ban_error(&self) {
+        self.state.store(ClientState::Idle, Ordering::Relaxed);
+        self.error_count.fetch_add(1, Ordering::Relaxed);
+    }
+
+    /// Reporters the time spent by a client waiting to get a healthy connection from the pool
+    pub fn checkout_time(&self, microseconds: u64) {
+        self.total_wait_time
+            .fetch_add(microseconds, Ordering::Relaxed);
+    }
+
+    /// Report a query executed by a client against a server
+    pub fn query(&self) {
+        self.query_count.fetch_add(1, Ordering::Relaxed);
+    }
+
+    /// Report a transaction executed by a client a server
+    /// we report each individual queries outside a transaction as a transaction
+    /// We only count the initial BEGIN as a transaction, all queries within do not
+    /// count as transactions
+    pub fn transaction(&self) {
+        self.transaction_count.fetch_add(1, Ordering::Relaxed);
+    }
+
+    // Helper methods for show clients
+    pub fn connect_time(&self) -> Instant {
+        self.connect_time
+    }
+
+    pub fn client_id(&self) -> i32 {
+        self.client_id
+    }
+
+    pub fn application_name(&self) -> String {
+        self.application_name.clone()
+    }
+
+    pub fn username(&self) -> String {
+        self.username.clone()
+    }
+
+    pub fn pool_name(&self) -> String {
+        self.pool_name.clone()
+    }
+}

src/stats/pool.rs

@@ -0,0 +1,274 @@
+use crate::config::Pool;
+use crate::config::PoolMode;
+use crate::pool::PoolIdentifier;
+use std::sync::atomic::*;
+use std::sync::Arc;
+
+use super::get_reporter;
+use super::Reporter;
+use super::{ClientState, ServerState};
+
+#[derive(Debug, Clone, Default)]
+/// A struct that holds information about a Pool .
+pub struct PoolStats {
+    // Pool identifier, cannot be changed after creating the instance
+    identifier: PoolIdentifier,
+
+    // Pool Config, cannot be changed after creating the instance
+    config: Pool,
+
+    // A reference to the global reporter.
+    reporter: Reporter,
+
+    /// Counters (atomics)
+    pub cl_idle: Arc<AtomicU64>,
+    pub cl_active: Arc<AtomicU64>,
+    pub cl_waiting: Arc<AtomicU64>,
+    pub cl_cancel_req: Arc<AtomicU64>,
+    pub sv_active: Arc<AtomicU64>,
+    pub sv_idle: Arc<AtomicU64>,
+    pub sv_used: Arc<AtomicU64>,
+    pub sv_tested: Arc<AtomicU64>,
+    pub sv_login: Arc<AtomicU64>,
+    pub maxwait: Arc<AtomicU64>,
+}
+
+impl IntoIterator for PoolStats {
+    type Item = (String, u64);
+    type IntoIter = std::vec::IntoIter<Self::Item>;
+
+    fn into_iter(self) -> Self::IntoIter {
+        vec![
+            ("cl_idle".to_string(), self.cl_idle.load(Ordering::Relaxed)),
+            (
+                "cl_active".to_string(),
+                self.cl_active.load(Ordering::Relaxed),
+            ),
+            (
+                "cl_waiting".to_string(),
+                self.cl_waiting.load(Ordering::Relaxed),
+            ),
+            (
+                "cl_cancel_req".to_string(),
+                self.cl_cancel_req.load(Ordering::Relaxed),
+            ),
+            (
+                "sv_active".to_string(),
+                self.sv_active.load(Ordering::Relaxed),
+            ),
+            ("sv_idle".to_string(), self.sv_idle.load(Ordering::Relaxed)),
+            ("sv_used".to_string(), self.sv_used.load(Ordering::Relaxed)),
+            (
+                "sv_tested".to_string(),
+                self.sv_tested.load(Ordering::Relaxed),
+            ),
+            (
+                "sv_login".to_string(),
+                self.sv_login.load(Ordering::Relaxed),
+            ),
+            (
+                "maxwait".to_string(),
+                self.maxwait.load(Ordering::Relaxed) / 1_000_000,
+            ),
+            (
+                "maxwait_us".to_string(),
+                self.maxwait.load(Ordering::Relaxed) % 1_000_000,
+            ),
+        ]
+        .into_iter()
+    }
+}
+
+impl PoolStats {
+    pub fn new(identifier: PoolIdentifier, config: Pool) -> Self {
+        Self {
+            identifier,
+            config,
+            reporter: get_reporter(),
+            ..Default::default()
+        }
+    }
+
+    // Getters
+    pub fn register(&self, stats: Arc<PoolStats>) {
+        self.reporter.pool_register(self.identifier.clone(), stats);
+    }
+
+    pub fn database(&self) -> String {
+        self.identifier.db.clone()
+    }
+
+    pub fn user(&self) -> String {
+        self.identifier.user.clone()
+    }
+
+    pub fn pool_mode(&self) -> PoolMode {
+        self.config.pool_mode
+    }
+
+    /// Populates an array of strings with counters (used by admin in show pools)
+    pub fn populate_row(&self, row: &mut Vec<String>) {
+        for (_key, value) in self.clone() {
+            row.push(value.to_string());
+        }
+    }
+
+    /// Deletes the maxwait counter, this is done everytime we obtain metrics
+    pub fn clear_maxwait(&self) {
+        self.maxwait.store(0, Ordering::Relaxed);
+    }
+
+    /// Notified when a server of the pool enters login state.
+    ///
+    /// Arguments:
+    ///
+    /// `from`: The state of the server that notifies.
+    pub fn server_login(&self, from: ServerState) {
+        self.sv_login.fetch_add(1, Ordering::Relaxed);
+        if from != ServerState::Login {
+            self.decrease_from_server_state(from);
+        }
+    }
+
+    /// Notified when a server of the pool become 'active'
+    ///
+    /// Arguments:
+    ///
+    /// `from`: The state of the server that notifies.
+    pub fn server_active(&self, from: ServerState) {
+        self.sv_active.fetch_add(1, Ordering::Relaxed);
+        if from != ServerState::Active {
+            self.decrease_from_server_state(from);
+        }
+    }
+
+    /// Notified when a server of the pool become 'tested'
+    ///
+    /// Arguments:
+    ///
+    /// `from`: The state of the server that notifies.
+    pub fn server_tested(&self, from: ServerState) {
+        self.sv_tested.fetch_add(1, Ordering::Relaxed);
+        if from != ServerState::Tested {
+            self.decrease_from_server_state(from);
+        }
+    }
+
+    /// Notified when a server of the pool become 'idle'
+    ///
+    /// Arguments:
+    ///
+    /// `from`: The state of the server that notifies.
+    pub fn server_idle(&self, from: ServerState) {
+        self.sv_idle.fetch_add(1, Ordering::Relaxed);
+        if from != ServerState::Idle {
+            self.decrease_from_server_state(from);
+        }
+    }
+
+    /// Notified when a client of the pool become 'waiting'
+    ///
+    /// Arguments:
+    ///
+    /// `from`: The state of the client that notifies.
+    pub fn client_waiting(&self, from: ClientState) {
+        if from != ClientState::Waiting {
+            self.cl_waiting.fetch_add(1, Ordering::Relaxed);
+            self.decrease_from_client_state(from);
+        }
+    }
+
+    /// Notified when a client of the pool become 'active'
+    ///
+    /// Arguments:
+    ///
+    /// `from`: The state of the client that notifies.
+    pub fn client_active(&self, from: ClientState) {
+        if from != ClientState::Active {
+            self.cl_active.fetch_add(1, Ordering::Relaxed);
+            self.decrease_from_client_state(from);
+        }
+    }
+
+    /// Notified when a client of the pool become 'idle'
+    ///
+    /// Arguments:
+    ///
+    /// `from`: The state of the client that notifies.
+    pub fn client_idle(&self, from: ClientState) {
+        if from != ClientState::Idle {
+            self.cl_idle.fetch_add(1, Ordering::Relaxed);
+            self.decrease_from_client_state(from);
+        }
+    }
+
+    /// Notified when a client disconnects.
+    ///
+    /// Arguments:
+    ///
+    /// `from`: The state of the client that notifies.
+    pub fn client_disconnect(&self, from: ClientState) {
+        let counter = match from {
+            ClientState::Idle => &self.cl_idle,
+            ClientState::Waiting => &self.cl_waiting,
+            ClientState::Active => &self.cl_active,
+        };
+
+        Self::decrease_counter(counter.clone());
+    }
+
+    /// Notified when a server disconnects.
+    ///
+    /// Arguments:
+    ///
+    /// `from`: The state of the client that notifies.
+    pub fn server_disconnect(&self, from: ServerState) {
+        let counter = match from {
+            ServerState::Active => &self.sv_active,
+            ServerState::Idle => &self.sv_idle,
+            ServerState::Login => &self.sv_login,
+            ServerState::Tested => &self.sv_tested,
+        };
+        Self::decrease_counter(counter.clone());
+    }
+
+    // helpers for counter decrease
+    fn decrease_from_server_state(&self, from: ServerState) {
+        let counter = match from {
+            ServerState::Tested => &self.sv_tested,
+            ServerState::Active => &self.sv_active,
+            ServerState::Idle => &self.sv_idle,
+            ServerState::Login => &self.sv_login,
+        };
+        Self::decrease_counter(counter.clone());
+    }
+
+    fn decrease_from_client_state(&self, from: ClientState) {
+        let counter = match from {
+            ClientState::Active => &self.cl_active,
+            ClientState::Idle => &self.cl_idle,
+            ClientState::Waiting => &self.cl_waiting,
+        };
+        Self::decrease_counter(counter.clone());
+    }
+
+    fn decrease_counter(value: Arc<AtomicU64>) {
+        if value.load(Ordering::Relaxed) > 0 {
+            value.fetch_sub(1, Ordering::Relaxed);
+        }
+    }
+}
+
+#[cfg(test)]
+mod test {
+    use super::*;
+
+    #[test]
+    fn test_decrease() {
+        let stat: PoolStats = PoolStats::default();
+        stat.server_login(ServerState::Login);
+        stat.server_idle(ServerState::Login);
+        assert_eq!(stat.sv_login.load(Ordering::Relaxed), 0);
+        assert_eq!(stat.sv_idle.load(Ordering::Relaxed), 1);
+    }
+}

src/stats/server.rs

@@ -0,0 +1,236 @@
+use super::AddressStats;
+use super::PoolStats;
+use super::{get_reporter, Reporter};
+use crate::config::Address;
+use atomic_enum::atomic_enum;
+use parking_lot::RwLock;
+use std::sync::atomic::*;
+use std::sync::Arc;
+use tokio::time::Instant;
+
+/// The various states that a server can be in
+#[atomic_enum]
+#[derive(PartialEq)]
+pub enum ServerState {
+    Login = 0,
+    Active,
+    Tested,
+    Idle,
+}
+impl std::fmt::Display for ServerState {
+    fn fmt(&self, f: &mut std::fmt::Formatter) -> std::fmt::Result {
+        match *self {
+            ServerState::Login => write!(f, "login"),
+            ServerState::Active => write!(f, "active"),
+            ServerState::Tested => write!(f, "tested"),
+            ServerState::Idle => write!(f, "idle"),
+        }
+    }
+}
+
+/// Information we keep track of which can be queried by SHOW SERVERS
+#[derive(Debug, Clone)]
+pub struct ServerStats {
+    /// A random integer assigned to the server and used by stats to track the server
+    server_id: i32,
+
+    /// Context information, only to be read
+    address: Address,
+    connect_time: Instant,
+
+    pool_stats: Arc<PoolStats>,
+    reporter: Reporter,
+
+    /// Data
+    pub application_name: Arc<RwLock<String>>,
+    pub state: Arc<AtomicServerState>,
+    pub bytes_sent: Arc<AtomicU64>,
+    pub bytes_received: Arc<AtomicU64>,
+    pub transaction_count: Arc<AtomicU64>,
+    pub query_count: Arc<AtomicU64>,
+    pub error_count: Arc<AtomicU64>,
+}
+
+impl Default for ServerStats {
+    fn default() -> Self {
+        ServerStats {
+            server_id: 0,
+            application_name: Arc::new(RwLock::new(String::new())),
+            address: Address::default(),
+            pool_stats: Arc::new(PoolStats::default()),
+            connect_time: Instant::now(),
+            state: Arc::new(AtomicServerState::new(ServerState::Login)),
+            bytes_sent: Arc::new(AtomicU64::new(0)),
+            bytes_received: Arc::new(AtomicU64::new(0)),
+            transaction_count: Arc::new(AtomicU64::new(0)),
+            query_count: Arc::new(AtomicU64::new(0)),
+            error_count: Arc::new(AtomicU64::new(0)),
+            reporter: get_reporter(),
+        }
+    }
+}
+
+impl ServerStats {
+    pub fn new(address: Address, pool_stats: Arc<PoolStats>, connect_time: Instant) -> Self {
+        Self {
+            address,
+            pool_stats,
+            connect_time,
+            server_id: rand::random::<i32>(),
+            ..Default::default()
+        }
+    }
+
+    pub fn server_id(&self) -> i32 {
+        self.server_id
+    }
+
+    /// Register a server connection with the stats system. The stats system uses server_id
+    /// to track and aggregate statistics from all source that relate to that server
+    // Delegates to reporter
+    pub fn register(&self, stats: Arc<ServerStats>) {
+        self.reporter.server_register(self.server_id, stats);
+        self.login();
+    }
+
+    /// Reports a server connection is no longer assigned to a client
+    /// and is available for the next client to pick it up
+    pub fn idle(&self) {
+        self.pool_stats
+            .server_idle(self.state.load(Ordering::Relaxed));
+
+        self.state.store(ServerState::Idle, Ordering::Relaxed);
+    }
+
+    /// Reports a server connection is disconnecting from the pooler.
+    /// Also updates metrics on the pool regarding server usage.
+    pub fn disconnect(&self) {
+        self.reporter.server_disconnecting(self.server_id);
+        self.pool_stats
+            .server_disconnect(self.state.load(Ordering::Relaxed))
+    }
+
+    /// Reports a server connection is being tested before being given to a client.
+    pub fn tested(&self) {
+        self.set_undefined_application();
+        self.pool_stats
+            .server_tested(self.state.load(Ordering::Relaxed));
+        self.state.store(ServerState::Tested, Ordering::Relaxed);
+    }
+
+    /// Reports a server connection is attempting to login.
+    pub fn login(&self) {
+        self.pool_stats
+            .server_login(self.state.load(Ordering::Relaxed));
+        self.state.store(ServerState::Login, Ordering::Relaxed);
+        self.set_undefined_application();
+    }
+
+    /// Reports a server connection has been assigned to a client that
+    /// is about to query the server
+    pub fn active(&self, application_name: String) {
+        self.pool_stats
+            .server_active(self.state.load(Ordering::Relaxed));
+        self.state.store(ServerState::Active, Ordering::Relaxed);
+        self.set_application(application_name);
+    }
+
+    pub fn address_stats(&self) -> Arc<AddressStats> {
+        self.address.stats.clone()
+    }
+
+    pub fn check_address_stat_average_is_updated_status(&self) -> bool {
+        self.address.stats.averages_updated.load(Ordering::Relaxed)
+    }
+
+    pub fn set_address_stat_average_is_updated_status(&self, is_checked: bool) {
+        self.address
+            .stats
+            .averages_updated
+            .store(is_checked, Ordering::Relaxed);
+    }
+
+    // Helper methods for show_servers
+    pub fn pool_name(&self) -> String {
+        self.pool_stats.database()
+    }
+
+    pub fn username(&self) -> String {
+        self.pool_stats.user()
+    }
+
+    pub fn address_name(&self) -> String {
+        self.address.name()
+    }
+
+    pub fn connect_time(&self) -> Instant {
+        self.connect_time
+    }
+
+    fn set_application(&self, name: String) {
+        let mut application_name = self.application_name.write();
+        *application_name = name;
+    }
+
+    fn set_undefined_application(&self) {
+        self.set_application(String::from("Undefined"))
+    }
+
+    pub fn checkout_time(&self, microseconds: u64, application_name: String) {
+        // Update server stats and address aggergation stats
+        self.set_application(application_name);
+        self.address
+            .stats
+            .total_wait_time
+            .fetch_add(microseconds, Ordering::Relaxed);
+        self.pool_stats
+            .maxwait
+            .fetch_max(microseconds, Ordering::Relaxed);
+    }
+
+    /// Report a query executed by a client against a server
+    pub fn query(&self, milliseconds: u64, application_name: &str) {
+        self.set_application(application_name.to_string());
+        let address_stats = self.address_stats();
+        address_stats
+            .total_query_count
+            .fetch_add(1, Ordering::Relaxed);
+        address_stats
+            .total_query_time
+            .fetch_add(milliseconds, Ordering::Relaxed);
+    }
+
+    /// Report a transaction executed by a client a server
+    /// we report each individual queries outside a transaction as a transaction
+    /// We only count the initial BEGIN as a transaction, all queries within do not
+    /// count as transactions
+    pub fn transaction(&self, application_name: &str) {
+        self.set_application(application_name.to_string());
+
+        self.transaction_count.fetch_add(1, Ordering::Relaxed);
+        self.address
+            .stats
+            .total_xact_count
+            .fetch_add(1, Ordering::Relaxed);
+    }
+
+    /// Report data sent to a server
+    pub fn data_sent(&self, amount_bytes: usize) {
+        self.bytes_sent
+            .fetch_add(amount_bytes as u64, Ordering::Relaxed);
+        self.address
+            .stats
+            .total_sent
+            .fetch_add(amount_bytes as u64, Ordering::Relaxed);
+    }
+
+    /// Report data received from a server
+    pub fn data_received(&self, amount_bytes: usize) {
+        self.bytes_received
+            .fetch_add(amount_bytes as u64, Ordering::Relaxed);
+        self.address
+            .stats
+            .total_received
+            .fetch_add(amount_bytes as u64, Ordering::Relaxed);
+    }
+}

src/tls.rs

@@ -0,0 +1,87 @@
+// Stream wrapper.
+
+use rustls_pemfile::{certs, read_one, Item};
+use std::iter;
+use std::path::Path;
+use std::sync::Arc;
+use std::time::SystemTime;
+use tokio_rustls::rustls::{
+    self,
+    client::{ServerCertVerified, ServerCertVerifier},
+    Certificate, PrivateKey, ServerName,
+};
+use tokio_rustls::TlsAcceptor;
+
+use crate::config::get_config;
+use crate::errors::Error;
+
+// TLS
+pub fn load_certs(path: &Path) -> std::io::Result<Vec<Certificate>> {
+    certs(&mut std::io::BufReader::new(std::fs::File::open(path)?))
+        .map_err(|_| std::io::Error::new(std::io::ErrorKind::InvalidInput, "invalid cert"))
+        .map(|mut certs| certs.drain(..).map(Certificate).collect())
+}
+
+pub fn load_keys(path: &Path) -> std::io::Result<Vec<PrivateKey>> {
+    let mut rd = std::io::BufReader::new(std::fs::File::open(path)?);
+
+    iter::from_fn(|| read_one(&mut rd).transpose())
+        .filter_map(|item| match item {
+            Err(err) => Some(Err(err)),
+            Ok(Item::RSAKey(key)) => Some(Ok(PrivateKey(key))),
+            Ok(Item::ECKey(key)) => Some(Ok(PrivateKey(key))),
+            Ok(Item::PKCS8Key(key)) => Some(Ok(PrivateKey(key))),
+            _ => None,
+        })
+        .collect()
+}
+
+pub struct Tls {
+    pub acceptor: TlsAcceptor,
+}
+
+impl Tls {
+    pub fn new() -> Result<Self, Error> {
+        let config = get_config();
+
+        let certs = match load_certs(Path::new(&config.general.tls_certificate.unwrap())) {
+            Ok(certs) => certs,
+            Err(_) => return Err(Error::TlsError),
+        };
+
+        let mut keys = match load_keys(Path::new(&config.general.tls_private_key.unwrap())) {
+            Ok(keys) => keys,
+            Err(_) => return Err(Error::TlsError),
+        };
+
+        let config = match rustls::ServerConfig::builder()
+            .with_safe_defaults()
+            .with_no_client_auth()
+            .with_single_cert(certs, keys.remove(0))
+            .map_err(|err| std::io::Error::new(std::io::ErrorKind::InvalidInput, err))
+        {
+            Ok(c) => c,
+            Err(_) => return Err(Error::TlsError),
+        };
+
+        Ok(Tls {
+            acceptor: TlsAcceptor::from(Arc::new(config)),
+        })
+    }
+}
+
+pub struct NoCertificateVerification;
+
+impl ServerCertVerifier for NoCertificateVerification {
+    fn verify_server_cert(
+        &self,
+        _end_entity: &Certificate,
+        _intermediates: &[Certificate],
+        _server_name: &ServerName,
+        _scts: &mut dyn Iterator<Item = &[u8]>,
+        _ocsp_response: &[u8],
+        _now: SystemTime,
+    ) -> Result<ServerCertVerified, rustls::Error> {
+        Ok(ServerCertVerified::assertion())
+    }
+}

tests/docker/Dockerfile

@@ -0,0 +1,8 @@
+FROM rust:bullseye
+
+RUN apt-get update && apt-get install llvm-11 psmisc postgresql-contrib postgresql-client ruby ruby-dev libpq-dev python3 python3-pip lcov curl sudo iproute2 -y
+RUN cargo install cargo-binutils rustfilt
+RUN rustup component add llvm-tools-preview
+RUN sudo gem install bundler
+RUN wget -O toxiproxy-2.4.0.deb https://github.com/Shopify/toxiproxy/releases/download/v2.4.0/toxiproxy_2.4.0_linux_$(dpkg --print-architecture).deb && \
+	sudo dpkg -i toxiproxy-2.4.0.deb

tests/docker/docker-compose.yml

@@ -0,0 +1,53 @@
+version: "3"
+services:
+  pg1:
+    image: postgres:14
+    network_mode: "service:main"
+    environment:
+      POSTGRES_USER: postgres
+      POSTGRES_DB: postgres
+      POSTGRES_PASSWORD: postgres
+      POSTGRES_INITDB_ARGS: --auth-local=md5 --auth-host=md5 --auth=md5
+    command: ["postgres", "-p", "5432", "-c", "shared_preload_libraries=pg_stat_statements", "-c", "pg_stat_statements.track=all", "-c", "pg_stat_statements.max=100000"]
+  pg2:
+    image: postgres:14
+    network_mode: "service:main"
+    environment:
+      POSTGRES_USER: postgres
+      POSTGRES_DB: postgres
+      POSTGRES_PASSWORD: postgres
+      POSTGRES_INITDB_ARGS: --auth-local=scram-sha-256 --auth-host=scram-sha-256 --auth=scram-sha-256
+    command: ["postgres", "-p", "7432", "-c", "shared_preload_libraries=pg_stat_statements", "-c", "pg_stat_statements.track=all", "-c", "pg_stat_statements.max=100000"]
+  pg3:
+    image: postgres:14
+    network_mode: "service:main"
+    environment:
+      POSTGRES_USER: postgres
+      POSTGRES_DB: postgres
+      POSTGRES_PASSWORD: postgres
+      POSTGRES_INITDB_ARGS: --auth-local=scram-sha-256 --auth-host=scram-sha-256 --auth=scram-sha-256
+    command: ["postgres", "-p", "8432", "-c", "shared_preload_libraries=pg_stat_statements", "-c", "pg_stat_statements.track=all", "-c", "pg_stat_statements.max=100000"]
+  pg4:
+    image: postgres:14
+    network_mode: "service:main"
+    environment:
+      POSTGRES_USER: postgres
+      POSTGRES_DB: postgres
+      POSTGRES_PASSWORD: postgres
+      POSTGRES_INITDB_ARGS: --auth-local=scram-sha-256 --auth-host=scram-sha-256 --auth=scram-sha-256
+    command: ["postgres", "-p", "9432", "-c", "shared_preload_libraries=pg_stat_statements", "-c", "pg_stat_statements.track=all", "-c", "pg_stat_statements.max=100000"]
+  pg5:
+    image: postgres:14
+    network_mode: "service:main"
+    environment:
+      POSTGRES_USER: postgres
+      POSTGRES_DB: postgres
+      POSTGRES_PASSWORD: postgres
+      POSTGRES_INITDB_ARGS: --auth-local=md5 --auth-host=md5 --auth=md5
+    command: ["postgres", "-c", "shared_preload_libraries=pg_stat_statements", "-c", "pg_stat_statements.track=all", "-p", "10432"]
+  main:
+    build: .
+    command: ["bash", "/app/tests/docker/run.sh"]
+    volumes:
+      - ../../:/app/
+      - /app/target/

tests/docker/run.sh

@@ -0,0 +1,37 @@
+#!/bin/bash
+
+rm -rf /app/target/ || true
+rm /app/*.profraw || true
+rm /app/pgcat.profdata || true
+rm -rf /app/cov || true
+
+export LLVM_PROFILE_FILE="/app/pgcat-%m-%p.profraw"
+export RUSTC_BOOTSTRAP=1
+export CARGO_INCREMENTAL=0
+export RUSTFLAGS="-Zprofile -Ccodegen-units=1 -Copt-level=0 -Clink-dead-code -Coverflow-checks=off -Zpanic_abort_tests -Cpanic=abort -Cinstrument-coverage"
+export RUSTDOCFLAGS="-Cpanic=abort"
+
+cd /app/
+cargo clean
+cargo build
+cargo test --tests
+
+bash .circleci/run_tests.sh
+
+TEST_OBJECTS=$( \
+    for file in $(cargo test --no-run 2>&1 | grep "target/debug/deps/pgcat-[[:alnum:]]\+" -o); \
+    do \
+        printf "%s %s " --object $file; \
+    done \
+)
+
+echo "Generating coverage report"
+
+rust-profdata merge -sparse /app/pgcat-*.profraw -o /app/pgcat.profdata
+
+bash -c "rust-cov export -ignore-filename-regex='rustc|registry' -Xdemangler=rustfilt -instr-profile=/app/pgcat.profdata $TEST_OBJECTS --object ./target/debug/pgcat --format lcov > ./lcov.info"
+
+genhtml lcov.info --title "PgCat Code Coverage" --css-file ./cov-style.css --highlight --no-function-coverage --ignore-errors source --legend  --output-directory cov --prefix $(pwd)
+
+rm /app/*.profraw
+rm /app/pgcat.profdata

tests/pgbench/simple.sql

@@ -0,0 +1,39 @@
+
+-- \setrandom aid 1 :naccounts
+\set aid random(1, 100000)
+-- \setrandom bid 1 :nbranches
+\set bid random(1, 100000)
+-- \setrandom tid 1 :ntellers
+\set tid random(1, 100000)
+-- \setrandom delta -5000 5000
+\set delta random(-5000,5000)
+
+\set shard random(0, 2)
+
+SET SHARD TO :shard;
+
+SET SERVER ROLE TO 'auto';
+
+BEGIN;
+
+UPDATE pgbench_accounts SET abalance = abalance + :delta WHERE aid = :aid;
+
+SELECT abalance FROM pgbench_accounts WHERE aid = :aid;
+
+UPDATE pgbench_tellers SET tbalance = tbalance + :delta WHERE tid = :tid;
+
+UPDATE pgbench_branches SET bbalance = bbalance + :delta WHERE bid = :bid;
+
+INSERT INTO pgbench_history (tid, bid, aid, delta, mtime) VALUES (:tid, :bid, :aid, :delta, CURRENT_TIMESTAMP);
+
+END;
+
+SET SHARDING KEY TO :aid;
+
+-- Read load balancing
+SELECT abalance FROM pgbench_accounts WHERE aid = :aid;
+
+SET SERVER ROLE TO 'replica';
+
+-- Read load balancing
+SELECT abalance FROM pgbench_accounts WHERE aid = :aid;

tests/python/.gitignore

@@ -0,0 +1 @@
+venv/

tests/python/requirements.txt

@@ -0,0 +1,2 @@
+psycopg2==2.9.3
+psutil==5.9.1

tests/python/tests.py

@@ -0,0 +1,318 @@
+from typing import Tuple
+import psycopg2
+import psutil
+import os
+import signal
+import time
+
+SHUTDOWN_TIMEOUT = 5
+
+PGCAT_HOST = "127.0.0.1"
+PGCAT_PORT = "6432"
+
+
+def pgcat_start():
+    pg_cat_send_signal(signal.SIGTERM)
+    os.system("./target/debug/pgcat .circleci/pgcat.toml &")
+    time.sleep(2)
+
+
+def pg_cat_send_signal(signal: signal.Signals):
+    try:
+        for proc in psutil.process_iter(["pid", "name"]):
+            if "pgcat" == proc.name():
+                os.kill(proc.pid, signal)
+    except Exception as e:
+        # The process can be gone when we send this signal
+        print(e)
+
+    if signal == signal.SIGTERM:
+        # Returns 0 if pgcat process exists
+        time.sleep(2)
+        if not os.system('pgrep pgcat'):
+            raise Exception("pgcat not closed after SIGTERM")
+
+
+def connect_db(
+    autocommit: bool = True,
+    admin: bool = False,
+) -> Tuple[psycopg2.extensions.connection, psycopg2.extensions.cursor]:
+
+    if admin:
+        user = "admin_user"
+        password = "admin_pass"
+        db = "pgcat"
+    else:
+        user = "sharding_user"
+        password = "sharding_user"
+        db = "sharded_db"
+
+    conn = psycopg2.connect(
+        f"postgres://{user}:{password}@{PGCAT_HOST}:{PGCAT_PORT}/{db}?application_name=testing_pgcat",
+        connect_timeout=2,
+    )
+    conn.autocommit = autocommit
+    cur = conn.cursor()
+
+    return (conn, cur)
+
+
+def cleanup_conn(conn: psycopg2.extensions.connection, cur: psycopg2.extensions.cursor):
+    cur.close()
+    conn.close()
+
+
+def test_normal_db_access():
+    conn, cur = connect_db(autocommit=False)
+    cur.execute("SELECT 1")
+    res = cur.fetchall()
+    print(res)
+    cleanup_conn(conn, cur)
+
+
+def test_admin_db_access():
+    conn, cur = connect_db(admin=True)
+
+    cur.execute("SHOW POOLS")
+    res = cur.fetchall()
+    print(res)
+    cleanup_conn(conn, cur)
+
+
+def test_shutdown_logic():
+
+    # - - - - - - - - - - - - - - - - - -
+    # NO ACTIVE QUERIES SIGINT HANDLING
+
+    # Start pgcat
+    pgcat_start()
+
+    # Create client connection and send query (not in transaction)
+    conn, cur = connect_db()
+
+    cur.execute("BEGIN;")
+    cur.execute("SELECT 1;")
+    cur.execute("COMMIT;")
+
+    # Send sigint to pgcat
+    pg_cat_send_signal(signal.SIGINT)
+    time.sleep(1)
+
+    # Check that any new queries fail after sigint since server should close with no active transactions
+    try:
+        cur.execute("SELECT 1;")
+    except psycopg2.OperationalError as e:
+        pass
+    else:
+        # Fail if query execution succeeded
+        raise Exception("Server not closed after sigint")
+
+    cleanup_conn(conn, cur)
+    pg_cat_send_signal(signal.SIGTERM)
+
+    # - - - - - - - - - - - - - - - - - -
+    # NO ACTIVE QUERIES ADMIN SHUTDOWN COMMAND
+
+    # Start pgcat
+    pgcat_start()
+
+    # Create client connection and begin transaction
+    conn, cur = connect_db()
+    admin_conn, admin_cur = connect_db(admin=True)
+
+    cur.execute("BEGIN;")
+    cur.execute("SELECT 1;")
+    cur.execute("COMMIT;")
+
+    # Send SHUTDOWN command pgcat while not in transaction
+    admin_cur.execute("SHUTDOWN;")
+    time.sleep(1)
+
+    # Check that any new queries fail after SHUTDOWN command since server should close with no active transactions
+    try:
+        cur.execute("SELECT 1;")
+    except psycopg2.OperationalError as e:
+        pass
+    else:
+        # Fail if query execution succeeded
+        raise Exception("Server not closed after sigint")
+
+    cleanup_conn(conn, cur)
+    cleanup_conn(admin_conn, admin_cur)
+    pg_cat_send_signal(signal.SIGTERM)
+
+    # - - - - - - - - - - - - - - - - - -
+    # HANDLE TRANSACTION WITH SIGINT
+
+    # Start pgcat
+    pgcat_start()
+
+    # Create client connection and begin transaction
+    conn, cur = connect_db()
+
+    cur.execute("BEGIN;")
+    cur.execute("SELECT 1;")
+
+    # Send sigint to pgcat while still in transaction
+    pg_cat_send_signal(signal.SIGINT)
+    time.sleep(1)
+
+    # Check that any new queries succeed after sigint since server should still allow transaction to complete
+    try:
+        cur.execute("SELECT 1;")
+    except psycopg2.OperationalError as e:
+        # Fail if query fails since server closed
+        raise Exception("Server closed while in transaction", e.pgerror)
+
+    cleanup_conn(conn, cur)
+    pg_cat_send_signal(signal.SIGTERM)
+
+    # - - - - - - - - - - - - - - - - - -
+    # HANDLE TRANSACTION WITH ADMIN SHUTDOWN COMMAND
+
+    # Start pgcat
+    pgcat_start()
+
+    # Create client connection and begin transaction
+    conn, cur = connect_db()
+    admin_conn, admin_cur = connect_db(admin=True)
+
+    cur.execute("BEGIN;")
+    cur.execute("SELECT 1;")
+
+    # Send SHUTDOWN command pgcat while still in transaction
+    admin_cur.execute("SHUTDOWN;")
+    if admin_cur.fetchall()[0][0] != "t":
+        raise Exception("PgCat unable to send signal")
+    time.sleep(1)
+
+    # Check that any new queries succeed after SHUTDOWN command since server should still allow transaction to complete
+    try:
+        cur.execute("SELECT 1;")
+    except psycopg2.OperationalError as e:
+        # Fail if query fails since server closed
+        raise Exception("Server closed while in transaction", e.pgerror)
+
+    cleanup_conn(conn, cur)
+    cleanup_conn(admin_conn, admin_cur)
+    pg_cat_send_signal(signal.SIGTERM)
+
+    # - - - - - - - - - - - - - - - - - -
+    # NO NEW NON-ADMIN CONNECTIONS DURING SHUTDOWN
+    # Start pgcat
+    pgcat_start()
+
+    # Create client connection and begin transaction
+    transaction_conn, transaction_cur = connect_db()
+
+    transaction_cur.execute("BEGIN;")
+    transaction_cur.execute("SELECT 1;")
+
+    # Send sigint to pgcat while still in transaction
+    pg_cat_send_signal(signal.SIGINT)
+    time.sleep(1)
+
+    start = time.perf_counter()
+    try:
+        conn, cur = connect_db()
+        cur.execute("SELECT 1;")
+        cleanup_conn(conn, cur)
+    except psycopg2.OperationalError as e:
+        time_taken = time.perf_counter() - start
+        if time_taken > 0.1:
+            raise Exception(
+                "Failed to reject connection within 0.1 seconds, got", time_taken, "seconds")
+        pass
+    else:
+        raise Exception("Able connect to database during shutdown")
+
+    cleanup_conn(transaction_conn, transaction_cur)
+    pg_cat_send_signal(signal.SIGTERM)
+
+    # - - - - - - - - - - - - - - - - - -
+    # ALLOW NEW ADMIN CONNECTIONS DURING SHUTDOWN
+    # Start pgcat
+    pgcat_start()
+
+    # Create client connection and begin transaction
+    transaction_conn, transaction_cur = connect_db()
+
+    transaction_cur.execute("BEGIN;")
+    transaction_cur.execute("SELECT 1;")
+
+    # Send sigint to pgcat while still in transaction
+    pg_cat_send_signal(signal.SIGINT)
+    time.sleep(1)
+
+    try:
+        conn, cur = connect_db(admin=True)
+        cur.execute("SHOW DATABASES;")
+        cleanup_conn(conn, cur)
+    except psycopg2.OperationalError as e:
+        raise Exception(e)
+
+    cleanup_conn(transaction_conn, transaction_cur)
+    pg_cat_send_signal(signal.SIGTERM)
+
+    # - - - - - - - - - - - - - - - - - -
+    # ADMIN CONNECTIONS CONTINUING TO WORK AFTER SHUTDOWN
+    # Start pgcat
+    pgcat_start()
+
+    # Create client connection and begin transaction
+    transaction_conn, transaction_cur = connect_db()
+    transaction_cur.execute("BEGIN;")
+    transaction_cur.execute("SELECT 1;")
+
+    admin_conn, admin_cur = connect_db(admin=True)
+    admin_cur.execute("SHOW DATABASES;")
+
+    # Send sigint to pgcat while still in transaction
+    pg_cat_send_signal(signal.SIGINT)
+    time.sleep(1)
+
+    try:
+        admin_cur.execute("SHOW DATABASES;")
+    except psycopg2.OperationalError as e:
+        raise Exception("Could not execute admin command:", e)
+
+    cleanup_conn(transaction_conn, transaction_cur)
+    cleanup_conn(admin_conn, admin_cur)
+    pg_cat_send_signal(signal.SIGTERM)
+
+    # - - - - - - - - - - - - - - - - - -
+    # HANDLE SHUTDOWN TIMEOUT WITH SIGINT
+
+    # Start pgcat
+    pgcat_start()
+
+    # Create client connection and begin transaction, which should prevent server shutdown unless shutdown timeout is reached
+    conn, cur = connect_db()
+
+    cur.execute("BEGIN;")
+    cur.execute("SELECT 1;")
+
+    # Send sigint to pgcat while still in transaction
+    pg_cat_send_signal(signal.SIGINT)
+
+    # pgcat shutdown timeout is set to SHUTDOWN_TIMEOUT seconds, so we sleep for SHUTDOWN_TIMEOUT + 1 seconds
+    time.sleep(SHUTDOWN_TIMEOUT + 1)
+
+    # Check that any new queries succeed after sigint since server should still allow transaction to complete
+    try:
+        cur.execute("SELECT 1;")
+    except psycopg2.OperationalError as e:
+        pass
+    else:
+        # Fail if query execution succeeded
+        raise Exception("Server not closed after sigint and expected timeout")
+
+    cleanup_conn(conn, cur)
+    pg_cat_send_signal(signal.SIGTERM)
+
+    # - - - - - - - - - - - - - - - - - -
+
+
+test_normal_db_access()
+test_admin_db_access()
+test_shutdown_logic()

tests/ruby/.ruby-version

@@ -0,0 +1,2 @@
+3.0.0
+

tests/ruby/Gemfile

@@ -0,0 +1,8 @@
+source "https://rubygems.org"
+
+gem "pg"
+gem "toml"
+gem "rspec"
+gem "rubocop"
+gem "toxiproxy"
+gem "activerecord"

tests/ruby/Gemfile.lock

@@ -0,0 +1,74 @@
+GEM
+  remote: https://rubygems.org/
+  specs:
+    activemodel (7.0.4.1)
+      activesupport (= 7.0.4.1)
+    activerecord (7.0.4.1)
+      activemodel (= 7.0.4.1)
+      activesupport (= 7.0.4.1)
+    activesupport (7.0.4.1)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (>= 1.6, < 2)
+      minitest (>= 5.1)
+      tzinfo (~> 2.0)
+    ast (2.4.2)
+    concurrent-ruby (1.1.10)
+    diff-lcs (1.5.0)
+    i18n (1.12.0)
+      concurrent-ruby (~> 1.0)
+    minitest (5.17.0)
+    parallel (1.22.1)
+    parser (3.1.2.0)
+      ast (~> 2.4.1)
+    parslet (2.0.0)
+    pg (1.3.2)
+    rainbow (3.1.1)
+    regexp_parser (2.3.1)
+    rexml (3.2.5)
+    rspec (3.11.0)
+      rspec-core (~> 3.11.0)
+      rspec-expectations (~> 3.11.0)
+      rspec-mocks (~> 3.11.0)
+    rspec-core (3.11.0)
+      rspec-support (~> 3.11.0)
+    rspec-expectations (3.11.0)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.11.0)
+    rspec-mocks (3.11.1)
+      diff-lcs (>= 1.2.0, < 2.0)
+      rspec-support (~> 3.11.0)
+    rspec-support (3.11.0)
+    rubocop (1.29.0)
+      parallel (~> 1.10)
+      parser (>= 3.1.0.0)
+      rainbow (>= 2.2.2, < 4.0)
+      regexp_parser (>= 1.8, < 3.0)
+      rexml (>= 3.2.5, < 4.0)
+      rubocop-ast (>= 1.17.0, < 2.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (>= 1.4.0, < 3.0)
+    rubocop-ast (1.17.0)
+      parser (>= 3.1.1.0)
+    ruby-progressbar (1.11.0)
+    toml (0.3.0)
+      parslet (>= 1.8.0, < 3.0.0)
+    toxiproxy (2.0.1)
+    tzinfo (2.0.5)
+      concurrent-ruby (~> 1.0)
+    unicode-display_width (2.1.0)
+
+PLATFORMS
+  aarch64-linux
+  arm64-darwin-21
+  x86_64-linux
+
+DEPENDENCIES
+  activerecord
+  pg
+  rspec
+  rubocop
+  toml
+  toxiproxy
+
+BUNDLED WITH
+   2.3.21

tests/ruby/admin_spec.rb

@@ -0,0 +1,413 @@
+# frozen_string_literal: true
+require 'uri'
+require_relative 'spec_helper'
+
+describe "Admin" do
+  let(:processes) { Helpers::Pgcat.single_instance_setup("sharded_db", 10) }
+  let(:pgcat_conn_str) { processes.pgcat.connection_string("sharded_db", "sharding_user") }
+
+  after do
+    processes.all_databases.map(&:reset)
+    processes.pgcat.shutdown
+  end
+
+  describe "SHOW STATS" do
+    context "clients connect and make one query" do
+      it "updates *_query_time and *_wait_time" do
+        connections = Array.new(3) { PG::connect("#{pgcat_conn_str}?application_name=one_query") }
+        connections.each do |c|
+          Thread.new { c.async_exec("SELECT pg_sleep(0.25)") }
+        end
+        sleep(1)
+        connections.map(&:close)
+
+        # wait for averages to be calculated, we shouldn't do this too often
+        sleep(15.5)
+        admin_conn = PG::connect(processes.pgcat.admin_connection_string)
+        results = admin_conn.async_exec("SHOW STATS")[0]
+        admin_conn.close
+        expect(results["total_query_time"].to_i).to be_within(200).of(750)
+        expect(results["avg_query_time"].to_i).to be_within(20).of(50)
+
+        expect(results["total_wait_time"].to_i).to_not eq(0)
+        expect(results["avg_wait_time"].to_i).to_not eq(0)
+      end
+    end
+  end
+
+  describe "SHOW POOLS" do
+    context "bad credentials" do
+      it "does not change any stats" do
+        bad_password_url = URI(pgcat_conn_str)
+        bad_password_url.password = "wrong"
+        expect { PG::connect("#{bad_password_url.to_s}?application_name=bad_password") }.to raise_error(PG::ConnectionBad)
+
+        sleep(1)
+        admin_conn = PG::connect(processes.pgcat.admin_connection_string)
+        results = admin_conn.async_exec("SHOW POOLS")[0]
+        %w[cl_idle cl_active cl_waiting cl_cancel_req sv_active sv_used sv_tested sv_login maxwait].each do |s|
+          raise StandardError, "Field #{s} was expected to be 0 but found to be #{results[s]}" if results[s] != "0"
+        end
+
+        expect(results["sv_idle"]).to eq("1")
+      end
+    end
+
+    context "bad database name" do
+      it "does not change any stats" do
+        bad_db_url = URI(pgcat_conn_str)
+        bad_db_url.path = "/wrong_db"
+        expect { PG::connect("#{bad_db_url.to_s}?application_name=bad_db") }.to raise_error(PG::ConnectionBad)
+
+        sleep(1)
+        admin_conn = PG::connect(processes.pgcat.admin_connection_string)
+        results = admin_conn.async_exec("SHOW POOLS")[0]
+        %w[cl_idle cl_active cl_waiting cl_cancel_req sv_active sv_used sv_tested sv_login maxwait].each do |s|
+          raise StandardError, "Field #{s} was expected to be 0 but found to be #{results[s]}" if results[s] != "0"
+        end
+
+        expect(results["sv_idle"]).to eq("1")
+      end
+    end
+
+    context "client connects but issues no queries" do
+      it "only affects cl_idle stats" do
+        admin_conn = PG::connect(processes.pgcat.admin_connection_string)
+
+        before_test = admin_conn.async_exec("SHOW POOLS")[0]["sv_idle"]
+        connections = Array.new(20) { PG::connect(pgcat_conn_str) }
+        sleep(1)
+        results = admin_conn.async_exec("SHOW POOLS")[0]
+        %w[cl_active cl_waiting cl_cancel_req sv_active sv_used sv_tested sv_login maxwait].each do |s|
+          raise StandardError, "Field #{s} was expected to be 0 but found to be #{results[s]}" if results[s] != "0"
+        end
+        expect(results["cl_idle"]).to eq("20")
+        expect(results["sv_idle"]).to eq(before_test)
+
+        connections.map(&:close)
+        sleep(1.1)
+        results = admin_conn.async_exec("SHOW POOLS")[0]
+        %w[cl_active cl_idle cl_waiting cl_cancel_req sv_active sv_used sv_tested sv_login maxwait].each do |s|
+          raise StandardError, "Field #{s} was expected to be 0 but found to be #{results[s]}" if results[s] != "0"
+        end
+        expect(results["sv_idle"]).to eq(before_test)
+      end
+    end
+
+    context "clients connect and make one query" do
+      it "only affects cl_idle, sv_idle stats" do
+        connections = Array.new(5) { PG::connect("#{pgcat_conn_str}?application_name=one_query") }
+        connections.each do |c|
+          Thread.new { c.async_exec("SELECT pg_sleep(2.5)") }
+        end
+
+        sleep(1.1)
+        admin_conn = PG::connect(processes.pgcat.admin_connection_string)
+        results = admin_conn.async_exec("SHOW POOLS")[0]
+        %w[cl_idle cl_waiting cl_cancel_req sv_idle sv_used sv_tested sv_login maxwait].each do |s|
+          raise StandardError, "Field #{s} was expected to be 0 but found to be #{results[s]}" if results[s] != "0"
+        end
+        expect(results["cl_active"]).to eq("5")
+        expect(results["sv_active"]).to eq("5")
+
+        sleep(3)
+        results = admin_conn.async_exec("SHOW POOLS")[0]
+        %w[cl_active cl_waiting cl_cancel_req sv_active sv_used sv_tested sv_login maxwait].each do |s|
+          raise StandardError, "Field #{s} was expected to be 0 but found to be #{results[s]}" if results[s] != "0"
+        end
+        expect(results["cl_idle"]).to eq("5")
+        expect(results["sv_idle"]).to eq("5")
+
+        connections.map(&:close)
+        sleep(1)
+        results = admin_conn.async_exec("SHOW POOLS")[0]
+        %w[cl_idle cl_active cl_waiting cl_cancel_req sv_active sv_used sv_tested sv_login maxwait].each do |s|
+          raise StandardError, "Field #{s} was expected to be 0 but found to be #{results[s]}" if results[s] != "0"
+        end
+        expect(results["sv_idle"]).to eq("5")
+      end
+    end
+
+    context "client connects and opens a transaction and closes connection uncleanly" do
+      it "produces correct statistics" do
+        connections = Array.new(5) { PG::connect("#{pgcat_conn_str}?application_name=one_query") }
+        connections.each do |c|
+          Thread.new do
+            c.async_exec("BEGIN")
+            c.async_exec("SELECT pg_sleep(0.01)")
+            c.close
+          end
+        end
+
+        sleep(1.1)
+        admin_conn = PG::connect(processes.pgcat.admin_connection_string)
+        results = admin_conn.async_exec("SHOW POOLS")[0]
+        %w[cl_idle cl_active cl_waiting cl_cancel_req sv_active sv_used sv_tested sv_login maxwait].each do |s|
+          raise StandardError, "Field #{s} was expected to be 0 but found to be #{results[s]}" if results[s] != "0"
+        end
+        expect(results["sv_idle"]).to eq("5")
+      end
+    end
+
+    context "client fail to checkout connection from the pool" do
+      it "counts clients as idle" do
+        new_configs = processes.pgcat.current_config
+        new_configs["general"]["connect_timeout"] = 500
+        new_configs["general"]["ban_time"] = 1
+        new_configs["general"]["shutdown_timeout"] = 1
+        new_configs["pools"]["sharded_db"]["users"]["0"]["pool_size"] = 1
+        processes.pgcat.update_config(new_configs)
+        processes.pgcat.reload_config
+
+        threads = []
+        connections = Array.new(5) { PG::connect("#{pgcat_conn_str}?application_name=one_query") }
+        connections.each do |c|
+          threads << Thread.new { c.async_exec("SELECT pg_sleep(1)") rescue PG::SystemError }
+        end
+
+        sleep(2)
+        admin_conn = PG::connect(processes.pgcat.admin_connection_string)
+        results = admin_conn.async_exec("SHOW POOLS")[0]
+        %w[cl_active cl_waiting cl_cancel_req sv_active sv_used sv_tested sv_login maxwait].each do |s|
+          raise StandardError, "Field #{s} was expected to be 0 but found to be #{results[s]}" if results[s] != "0"
+        end
+        expect(results["cl_idle"]).to eq("5")
+        expect(results["sv_idle"]).to eq("1")
+
+        threads.map(&:join)
+        connections.map(&:close)
+      end
+    end
+
+    context "clients connects and disconnect normally" do
+      let(:processes) { Helpers::Pgcat.single_instance_setup("sharded_db", 2) }
+
+      it 'shows the same number of clients before and after' do
+        clients_before = clients_connected_to_pool(processes: processes)
+        threads = []
+        connections = Array.new(4) { PG::connect("#{pgcat_conn_str}?application_name=one_query") }
+        connections.each do |c|
+          threads << Thread.new { c.async_exec("SELECT 1") }
+        end
+        clients_between = clients_connected_to_pool(processes: processes)
+        expect(clients_before).not_to eq(clients_between)
+        connections.each(&:close)
+        clients_after = clients_connected_to_pool(processes: processes)
+        expect(clients_before).to eq(clients_after)
+      end
+    end
+
+    context "clients connects and disconnect abruptly" do
+      let(:processes) { Helpers::Pgcat.single_instance_setup("sharded_db", 10) }
+
+      it 'shows the same number of clients before and after' do
+        threads = []
+        connections = Array.new(2) { PG::connect("#{pgcat_conn_str}?application_name=one_query") }
+        connections.each do |c|
+          threads << Thread.new { c.async_exec("SELECT 1") }
+        end
+        clients_before = clients_connected_to_pool(processes: processes)
+        random_string = (0...8).map { (65 + rand(26)).chr }.join
+        connection_string = "#{pgcat_conn_str}?application_name=#{random_string}"
+        faulty_client = Process.spawn("psql -Atx #{connection_string} >/dev/null")
+        sleep(1)
+        # psql starts two processes, we only know the pid of the parent, this
+        # ensure both are killed
+        `pkill -9 -f '#{random_string}'`
+        Process.wait(faulty_client)
+        clients_after = clients_connected_to_pool(processes: processes)
+        expect(clients_before).to eq(clients_after)
+      end
+    end
+
+    context "clients overwhelm server pools" do
+      let(:processes) { Helpers::Pgcat.single_instance_setup("sharded_db", 2) }
+
+      it "cl_waiting is updated to show it" do
+        threads = []
+        connections = Array.new(4) { PG::connect("#{pgcat_conn_str}?application_name=one_query") }
+        connections.each do |c|
+          threads << Thread.new { c.async_exec("SELECT pg_sleep(1.5)") }
+        end
+
+        sleep(1.1) # Allow time for stats to update
+        admin_conn = PG::connect(processes.pgcat.admin_connection_string)
+        results = admin_conn.async_exec("SHOW POOLS")[0]
+        %w[cl_idle cl_cancel_req sv_idle sv_used sv_tested sv_login maxwait].each do |s|
+          raise StandardError, "Field #{s} was expected to be 0 but found to be #{results[s]}" if results[s] != "0"
+        end
+
+        expect(results["cl_waiting"]).to eq("2")
+        expect(results["cl_active"]).to eq("2")
+        expect(results["sv_active"]).to eq("2")
+
+        sleep(2.5) # Allow time for stats to update
+        results = admin_conn.async_exec("SHOW POOLS")[0]
+        %w[cl_active cl_waiting cl_cancel_req sv_active sv_used sv_tested sv_login].each do |s|
+          raise StandardError, "Field #{s} was expected to be 0 but found to be #{results[s]}" if results[s] != "0"
+        end
+        expect(results["cl_idle"]).to eq("4")
+        expect(results["sv_idle"]).to eq("2")
+
+        threads.map(&:join)
+        connections.map(&:close)
+      end
+
+      it "show correct max_wait" do
+        threads = []
+        connections = Array.new(4) { PG::connect("#{pgcat_conn_str}?application_name=one_query") }
+        connections.each do |c|
+          threads << Thread.new { c.async_exec("SELECT pg_sleep(1.5)") }
+        end
+
+        sleep(2.5) # Allow time for stats to update
+        admin_conn = PG::connect(processes.pgcat.admin_connection_string)
+        results = admin_conn.async_exec("SHOW POOLS")[0]
+
+        expect(results["maxwait"]).to eq("1")
+        expect(results["maxwait_us"].to_i).to be_within(200_000).of(500_000)
+
+        sleep(4.5) # Allow time for stats to update
+        results = admin_conn.async_exec("SHOW POOLS")[0]
+        expect(results["maxwait"]).to eq("0")
+
+        threads.map(&:join)
+        connections.map(&:close)
+      end
+    end
+  end
+
+  describe "SHOW CLIENTS" do
+    it "reports correct number and application names" do
+      conn_str = processes.pgcat.connection_string("sharded_db", "sharding_user")
+      connections = Array.new(20) { |i| PG::connect("#{conn_str}?application_name=app#{i % 5}") }
+
+      admin_conn = PG::connect(processes.pgcat.admin_connection_string)
+      sleep(1) # Wait for stats to be updated
+
+      results = admin_conn.async_exec("SHOW CLIENTS")
+      expect(results.count).to eq(21) # count admin clients
+      expect(results.select { |c| c["application_name"] == "app3" ||  c["application_name"] == "app4" }.count).to eq(8)
+      expect(results.select { |c| c["database"] == "pgcat" }.count).to eq(1)
+
+      connections[0..5].map(&:close)
+      sleep(1) # Wait for stats to be updated
+      results = admin_conn.async_exec("SHOW CLIENTS")
+      expect(results.count).to eq(15)
+
+      connections[6..].map(&:close)
+      sleep(1) # Wait for stats to be updated
+      expect(admin_conn.async_exec("SHOW CLIENTS").count).to eq(1)
+      admin_conn.close
+    end
+
+    it "reports correct number of queries and transactions" do
+      conn_str = processes.pgcat.connection_string("sharded_db", "sharding_user")
+
+      connections = Array.new(2) { |i| PG::connect("#{conn_str}?application_name=app#{i}") }
+      connections.each do |c|
+        c.async_exec("SELECT 1")
+        c.async_exec("SELECT 2")
+        c.async_exec("SELECT 3")
+        c.async_exec("BEGIN")
+        c.async_exec("SELECT 4")
+        c.async_exec("SELECT 5")
+        c.async_exec("COMMIT")
+      end
+
+      admin_conn = PG::connect(processes.pgcat.admin_connection_string)
+      sleep(1) # Wait for stats to be updated
+
+      results = admin_conn.async_exec("SHOW CLIENTS")
+      expect(results.count).to eq(3)
+      normal_client_results = results.reject { |r| r["database"] == "pgcat" }
+      expect(normal_client_results[0]["transaction_count"]).to eq("4")
+      expect(normal_client_results[1]["transaction_count"]).to eq("4")
+      expect(normal_client_results[0]["query_count"]).to eq("7")
+      expect(normal_client_results[1]["query_count"]).to eq("7")
+
+      admin_conn.close
+      connections.map(&:close)
+    end
+  end
+
+  describe "Manual Banning" do
+    let(:processes) { Helpers::Pgcat.single_shard_setup("sharded_db", 10) }
+    before do
+      new_configs = processes.pgcat.current_config
+      # Prevent immediate unbanning when we ban localhost
+      new_configs["pools"]["sharded_db"]["shards"]["0"]["servers"][0][0] = "127.0.0.1"
+      new_configs["pools"]["sharded_db"]["shards"]["0"]["servers"][1][0] = "127.0.0.1"
+      processes.pgcat.update_config(new_configs)
+      processes.pgcat.reload_config
+    end
+
+    describe "BAN/UNBAN and SHOW BANS" do
+      it "bans/unbans hosts" do
+        admin_conn = PG::connect(processes.pgcat.admin_connection_string)
+
+        # Returns a list of the banned addresses
+        results = admin_conn.async_exec("BAN localhost 10").to_a
+        expect(results.count).to eq(2)
+        expect(results.map{ |r| r["host"] }.uniq).to eq(["localhost"])
+
+        # Subsequent calls should yield no results
+        results = admin_conn.async_exec("BAN localhost 10").to_a
+        expect(results.count).to eq(0)
+
+        results = admin_conn.async_exec("SHOW BANS").to_a
+        expect(results.count).to eq(2)
+        expect(results.map{ |r| r["host"] }.uniq).to eq(["localhost"])
+
+        # Returns a list of the unbanned addresses
+        results = admin_conn.async_exec("UNBAN localhost").to_a
+        expect(results.count).to eq(2)
+        expect(results.map{ |r| r["host"] }.uniq).to eq(["localhost"])
+
+        # Subsequent calls should yield no results
+        results = admin_conn.async_exec("UNBAN localhost").to_a
+        expect(results.count).to eq(0)
+
+        results = admin_conn.async_exec("SHOW BANS").to_a
+        expect(results.count).to eq(0)
+      end
+
+      it "honors ban duration" do
+        admin_conn = PG::connect(processes.pgcat.admin_connection_string)
+
+        # Returns a list of the banned addresses
+        results = admin_conn.async_exec("BAN localhost 1").to_a
+        expect(results.count).to eq(2)
+        expect(results.map{ |r| r["host"] }.uniq).to eq(["localhost"])
+
+        sleep(2)
+
+        # After 2 seconds the ban should be lifted
+        results = admin_conn.async_exec("SHOW BANS").to_a
+        expect(results.count).to eq(0)
+      end
+
+      it "can handle bad input" do
+        admin_conn = PG::connect(processes.pgcat.admin_connection_string)
+
+        expect { admin_conn.async_exec("BAN").to_a }.to raise_error(PG::SystemError)
+        expect { admin_conn.async_exec("BAN a").to_a }.to raise_error(PG::SystemError)
+        expect { admin_conn.async_exec("BAN a a").to_a }.to raise_error(PG::SystemError)
+        expect { admin_conn.async_exec("BAN a -5").to_a }.to raise_error(PG::SystemError)
+        expect { admin_conn.async_exec("BAN a 0").to_a }.to raise_error(PG::SystemError)
+        expect { admin_conn.async_exec("BAN a a a").to_a }.to raise_error(PG::SystemError)
+        expect { admin_conn.async_exec("UNBAN").to_a }.to raise_error(PG::SystemError)
+      end
+    end
+  end
+
+  describe "SHOW users" do
+    it "returns the right users" do
+      admin_conn = PG::connect(processes.pgcat.admin_connection_string)
+      results = admin_conn.async_exec("SHOW USERS")[0]
+      admin_conn.close
+      expect(results["name"]).to eq("sharding_user")
+      expect(results["pool_mode"]).to eq("transaction")
+    end
+  end
+end

tests/ruby/auth_query_spec.rb

@@ -0,0 +1,215 @@
+# frozen_string_literal: true
+
+require_relative 'spec_helper'
+require_relative 'helpers/auth_query_helper'
+
+describe "Auth Query" do
+  let(:configured_instances) {[5432, 10432]}
+  let(:config_user) { { 'username' => 'sharding_user', 'password' => 'sharding_user' } }
+  let(:pg_user) { { 'username' => 'sharding_user', 'password' => 'sharding_user' } }
+  let(:processes) { Helpers::AuthQuery.single_shard_auth_query(pool_name: "sharded_db", pg_user: pg_user, config_user: config_user, extra_conf: config, wait_until_ready: wait_until_ready ) }
+  let(:config) { {} }
+  let(:wait_until_ready) { true }
+
+  after do
+    unless @failing_process
+      processes.all_databases.map(&:reset)
+      processes.pgcat.shutdown
+    end
+    @failing_process = false
+  end
+
+  context "when auth_query is not configured" do
+    context 'and cleartext passwords are set' do
+      it "uses local passwords" do
+        conn = PG.connect(processes.pgcat.connection_string("sharded_db", config_user['username'], config_user['password']))
+
+        expect(conn.async_exec("SELECT 1 + 2")).not_to be_nil
+      end
+    end
+
+    context 'and cleartext passwords are not set' do
+      let(:config_user) { { 'username' => 'sharding_user' } }
+
+      it "does not start because it is not possible to authenticate" do
+        @failing_process = true
+        expect { processes.pgcat }.to raise_error(StandardError, /You have to specify a user password for every pool if auth_query is not specified/)
+      end
+    end
+  end
+
+  context 'when auth_query is configured' do
+    context 'with global configuration' do
+      around(:example) do |example|
+
+        # Set up auth query
+        Helpers::AuthQuery.set_up_auth_query_for_user(
+          user: 'md5_auth_user',
+          password: 'secret'
+        );
+
+        example.run
+
+        # Drop auth query support
+        Helpers::AuthQuery.tear_down_auth_query_for_user(
+          user: 'md5_auth_user',
+          password: 'secret'
+        );
+      end
+
+      context 'with correct global parameters' do
+        let(:config) { { 'general' => { 'auth_query' => "SELECT * FROM public.user_lookup('$1');", 'auth_query_user' => 'md5_auth_user', 'auth_query_password' => 'secret' } } }
+        context 'and with cleartext passwords set' do
+          it 'it uses local passwords' do
+            conn = PG.connect(processes.pgcat.connection_string("sharded_db", pg_user['username'], pg_user['password']))
+            expect(conn.exec("SELECT 1 + 2")).not_to be_nil
+          end
+        end
+
+        context 'and with cleartext passwords not set' do
+          let(:config_user) { { 'username' => 'sharding_user', 'password' => 'sharding_user' } }
+
+          it 'it uses obtained passwords' do
+            connection_string = processes.pgcat.connection_string("sharded_db", pg_user['username'], pg_user['password'])
+            conn = PG.connect(connection_string)
+            expect(conn.async_exec("SELECT 1 + 2")).not_to be_nil
+          end
+
+          it 'allows passwords to be changed without closing existing connections' do
+            pgconn = PG.connect(processes.pgcat.connection_string("sharded_db", pg_user['username']))
+            expect(pgconn.exec("SELECT 1 + 2")).not_to be_nil
+            Helpers::AuthQuery.exec_in_instances(query: "ALTER USER #{pg_user['username']} WITH ENCRYPTED PASSWORD 'secret2';")
+            expect(pgconn.exec("SELECT 1 + 4")).not_to be_nil
+            Helpers::AuthQuery.exec_in_instances(query: "ALTER USER #{pg_user['username']} WITH ENCRYPTED PASSWORD '#{pg_user['password']}';")
+          end
+
+          it 'allows passwords to be changed and that new password is needed when reconnecting' do
+            pgconn = PG.connect(processes.pgcat.connection_string("sharded_db", pg_user['username']))
+            expect(pgconn.exec("SELECT 1 + 2")).not_to be_nil
+            Helpers::AuthQuery.exec_in_instances(query: "ALTER USER #{pg_user['username']} WITH ENCRYPTED PASSWORD 'secret2';")
+            newconn = PG.connect(processes.pgcat.connection_string("sharded_db", pg_user['username'], 'secret2'))
+            expect(newconn.exec("SELECT 1 + 2")).not_to be_nil
+            Helpers::AuthQuery.exec_in_instances(query: "ALTER USER #{pg_user['username']} WITH ENCRYPTED PASSWORD '#{pg_user['password']}';")
+          end
+        end
+      end
+
+      context 'with wrong parameters' do
+        let(:config) { { 'general' => { 'auth_query' => 'SELECT 1', 'auth_query_user' => 'wrong_user', 'auth_query_password' => 'wrong' } } }
+
+        context 'and with clear text passwords set' do
+          it "it uses local passwords" do
+            conn = PG.connect(processes.pgcat.connection_string("sharded_db", pg_user['username'], pg_user['password']))
+
+            expect(conn.async_exec("SELECT 1 + 2")).not_to be_nil
+          end
+        end
+
+        context 'and with cleartext passwords not set' do
+          let(:config_user) { { 'username' => 'sharding_user' } }
+          it "it fails to start as it cannot authenticate against servers" do
+            @failing_process = true
+            expect { PG.connect(processes.pgcat.connection_string("sharded_db", pg_user['username'], pg_user['password'])) }.to raise_error(StandardError, /Error trying to obtain password from auth_query/ )
+          end
+
+          context 'and we fix the issue and reload' do
+            let(:wait_until_ready) { false }
+
+            it 'fails in the beginning but starts working after reloading config' do
+              connection_string = processes.pgcat.connection_string("sharded_db", pg_user['username'], pg_user['password'])
+              while !(processes.pgcat.logs =~ /Waiting for clients/) do
+                sleep 0.5
+              end
+
+              expect { PG.connect(connection_string)}.to raise_error(PG::ConnectionBad)
+              expect(processes.pgcat.logs).to match(/Error trying to obtain password from auth_query/)
+
+              current_config = processes.pgcat.current_config
+              config = { 'general' => { 'auth_query' => "SELECT * FROM public.user_lookup('$1');", 'auth_query_user' => 'md5_auth_user', 'auth_query_password' => 'secret' } }
+              processes.pgcat.update_config(current_config.deep_merge(config))
+              processes.pgcat.reload_config
+
+              conn = nil
+              expect { conn = PG.connect(connection_string)}.not_to raise_error
+              expect(conn.async_exec("SELECT 1 + 2")).not_to be_nil
+            end
+          end
+        end
+      end
+    end
+
+    context 'with per pool configuration' do
+      around(:example) do |example|
+
+        # Set up auth query
+        Helpers::AuthQuery.set_up_auth_query_for_user(
+          user: 'md5_auth_user',
+          password: 'secret'
+        );
+
+        Helpers::AuthQuery.set_up_auth_query_for_user(
+          user: 'md5_auth_user1',
+          password: 'secret',
+          database: 'shard1'
+        );
+
+        example.run
+
+        # Tear down auth query
+        Helpers::AuthQuery.tear_down_auth_query_for_user(
+          user: 'md5_auth_user',
+          password: 'secret'
+        );
+
+        Helpers::AuthQuery.tear_down_auth_query_for_user(
+          user: 'md5_auth_user1',
+          password: 'secret',
+          database: 'shard1'
+        );
+      end
+
+      context 'with correct parameters' do
+        let(:processes) { Helpers::AuthQuery.two_pools_auth_query(pool_names: ["sharded_db0", "sharded_db1"], pg_user: pg_user, config_user: config_user, extra_conf: config ) }
+        let(:config) {
+          { 'pools' =>
+            {
+              'sharded_db0' => {
+                'auth_query' => "SELECT * FROM public.user_lookup('$1');",
+                'auth_query_user' => 'md5_auth_user',
+                'auth_query_password' => 'secret'
+              },
+              'sharded_db1' => {
+                'auth_query' => "SELECT * FROM public.user_lookup('$1');",
+                'auth_query_user' => 'md5_auth_user1',
+                'auth_query_password' => 'secret'
+              },
+            }
+          }
+        } 
+
+        context 'and with cleartext passwords set' do
+          it 'it uses local passwords' do
+            conn = PG.connect(processes.pgcat.connection_string("sharded_db0", pg_user['username'], pg_user['password']))
+            expect(conn.exec("SELECT 1 + 2")).not_to be_nil
+            conn = PG.connect(processes.pgcat.connection_string("sharded_db1", pg_user['username'], pg_user['password']))
+            expect(conn.exec("SELECT 1 + 2")).not_to be_nil
+          end
+        end
+
+        context 'and with cleartext passwords not set' do
+          let(:config_user) { { 'username' => 'sharding_user' } }
+
+          it 'it uses obtained passwords' do
+            connection_string = processes.pgcat.connection_string("sharded_db0", pg_user['username'], pg_user['password'])
+            conn = PG.connect(connection_string)
+            expect(conn.async_exec("SELECT 1 + 2")).not_to be_nil
+            connection_string = processes.pgcat.connection_string("sharded_db1", pg_user['username'], pg_user['password'])
+            conn = PG.connect(connection_string)
+            expect(conn.async_exec("SELECT 1 + 2")).not_to be_nil
+          end
+        end
+
+      end
+    end
+  end
+end

tests/ruby/helpers/auth_query_helper.rb

@@ -0,0 +1,173 @@
+module Helpers
+  module AuthQuery
+    def self.single_shard_auth_query(
+          pg_user:,
+          config_user:,
+          pool_name:,
+          extra_conf: {},
+          log_level: 'debug',
+          wait_until_ready: true
+        )
+
+      user = {
+        "pool_size" => 10,
+        "statement_timeout" => 0,
+      }
+
+      pgcat = PgcatProcess.new(log_level)
+      pgcat_cfg = pgcat.current_config.deep_merge(extra_conf)
+
+      primary  = PgInstance.new(5432,  pg_user["username"], pg_user["password"], "shard0")
+      replica  = PgInstance.new(10432, pg_user["username"], pg_user["password"], "shard0")
+
+      # Main proxy configs
+      pgcat_cfg["pools"] = {
+        "#{pool_name}" => {
+          "default_role" => "any",
+          "pool_mode" => "transaction",
+          "load_balancing_mode" => "random",
+          "primary_reads_enabled" => false,
+          "query_parser_enabled" => false,
+          "sharding_function" => "pg_bigint_hash",
+          "shards" => {
+            "0" => {
+              "database" => "shard0",
+              "servers" => [
+                ["localhost", primary.port.to_s, "primary"],
+                ["localhost", replica.port.to_s, "replica"],
+              ]
+            },
+          },
+          "users" => { "0" => user.merge(config_user) }
+        }
+      }
+      pgcat_cfg["general"]["port"] = pgcat.port
+      pgcat.update_config(pgcat_cfg)
+      pgcat.start
+      
+      pgcat.wait_until_ready(
+        pgcat.connection_string(
+          "sharded_db",
+          pg_user['username'],
+          pg_user['password']
+        )
+      ) if wait_until_ready
+
+      OpenStruct.new.tap do |struct|
+        struct.pgcat = pgcat
+        struct.primary = primary
+        struct.replicas = [replica]
+        struct.all_databases = [primary]
+      end
+    end
+
+    def self.two_pools_auth_query(
+          pg_user:,
+          config_user:,
+          pool_names:,
+          extra_conf: {},
+          log_level: 'debug'
+        )
+
+      user = {
+        "pool_size" => 10,
+        "statement_timeout" => 0,
+      }
+
+      pgcat = PgcatProcess.new(log_level)
+      pgcat_cfg = pgcat.current_config
+
+      primary  = PgInstance.new(5432,  pg_user["username"], pg_user["password"], "shard0")
+      replica  = PgInstance.new(10432, pg_user["username"], pg_user["password"], "shard0")
+
+      pool_template = Proc.new do |database|
+        {
+          "default_role" => "any",
+          "pool_mode" => "transaction",
+          "load_balancing_mode" => "random",
+          "primary_reads_enabled" => false,
+          "query_parser_enabled" => false,
+          "sharding_function" => "pg_bigint_hash",
+          "shards" => {
+            "0" => {
+              "database" => database,
+              "servers" => [
+                ["localhost", primary.port.to_s, "primary"],
+                ["localhost", replica.port.to_s, "replica"],
+              ]
+            },
+          },
+          "users" => { "0" => user.merge(config_user) }
+        }                                  
+      end
+      # Main proxy configs
+      pgcat_cfg["pools"] = {
+        "#{pool_names[0]}" => pool_template.call("shard0"),
+        "#{pool_names[1]}" => pool_template.call("shard1")
+      }
+
+      pgcat_cfg["general"]["port"] = pgcat.port
+      pgcat.update_config(pgcat_cfg.deep_merge(extra_conf))
+      pgcat.start
+      
+      pgcat.wait_until_ready(pgcat.connection_string("sharded_db0", pg_user['username'], pg_user['password']))
+
+      OpenStruct.new.tap do |struct|
+        struct.pgcat = pgcat
+        struct.primary = primary
+        struct.replicas = [replica]
+        struct.all_databases = [primary]
+      end
+    end
+
+    def self.create_query_auth_function(user)
+      return <<-SQL
+CREATE OR REPLACE FUNCTION public.user_lookup(in i_username text, out uname text, out phash text)
+RETURNS record AS $$
+BEGIN
+    SELECT usename, passwd FROM pg_catalog.pg_shadow
+    WHERE usename = i_username INTO uname, phash;
+    RETURN;
+END;
+$$ LANGUAGE plpgsql SECURITY DEFINER;
+
+GRANT EXECUTE ON FUNCTION public.user_lookup(text) TO #{user};
+SQL
+    end
+
+    def self.exec_in_instances(query:, instance_ports: [ 5432, 10432 ], database: 'postgres', user: 'postgres', password: 'postgres')
+      instance_ports.each do |port|
+        c = PG.connect("postgres://#{user}:#{password}@localhost:#{port}/#{database}")
+        c.exec(query)
+        c.close
+      end
+    end
+
+    def self.set_up_auth_query_for_user(user:, password:, instance_ports: [ 5432, 10432 ], database: 'shard0' )
+      instance_ports.each do |port|
+        connection = PG.connect("postgres://postgres:postgres@localhost:#{port}/#{database}")
+        connection.exec(self.drop_query_auth_function(user)) rescue PG::UndefinedFunction
+        connection.exec("DROP ROLE #{user}") rescue PG::UndefinedObject
+        connection.exec("CREATE ROLE #{user} ENCRYPTED PASSWORD '#{password}' LOGIN;")
+        connection.exec(self.create_query_auth_function(user))
+        connection.close
+      end
+    end
+
+    def self.tear_down_auth_query_for_user(user:, password:, instance_ports: [ 5432, 10432 ], database: 'shard0' )
+      instance_ports.each do |port|
+        connection = PG.connect("postgres://postgres:postgres@localhost:#{port}/#{database}")
+        connection.exec(self.drop_query_auth_function(user)) rescue PG::UndefinedFunction
+        connection.exec("DROP ROLE #{user}")
+        connection.close
+      end
+    end
+
+    def self.drop_query_auth_function(user)
+      return <<-SQL
+REVOKE ALL ON FUNCTION public.user_lookup(text) FROM public, #{user};
+DROP FUNCTION public.user_lookup(in i_username text, out uname text, out phash text);
+SQL
+    end
+  end
+end

tests/ruby/helpers/pg_instance.rb

@@ -0,0 +1,94 @@
+require 'pg'
+require 'toxiproxy'
+
+class PgInstance
+  attr_reader :port
+  attr_reader :username
+  attr_reader :password
+  attr_reader :database_name
+
+  def initialize(port, username, password, database_name)
+    @original_port = port
+    @toxiproxy_port = 10000 + port.to_i
+    @port = @toxiproxy_port
+
+    @username = username
+    @password = password
+    @database_name = database_name
+    @toxiproxy_name = "database_#{@original_port}"
+    Toxiproxy.populate([{
+      name: @toxiproxy_name,
+      listen: "0.0.0.0:#{@toxiproxy_port}",
+      upstream: "localhost:#{@original_port}",
+    }])
+
+    # Toxiproxy server will outlive our PgInstance objects
+    # so we want to destroy our proxies before exiting
+    # Ruby finalizer is ideal for doing this
+    ObjectSpace.define_finalizer(@toxiproxy_name, proc { Toxiproxy[@toxiproxy_name].destroy })
+  end
+
+  def with_connection
+    conn = PG.connect("postgres://#{@username}:#{@password}@localhost:#{port}/#{database_name}")
+    yield conn
+  ensure
+    conn&.close
+  end
+
+  def reset
+    reset_toxics
+    reset_stats
+    drop_connections
+    sleep 0.1
+  end
+
+  def toxiproxy
+    Toxiproxy[@toxiproxy_name]
+  end
+
+  def take_down
+    if block_given?
+      Toxiproxy[@toxiproxy_name].toxic(:limit_data, bytes: 5).apply { yield }
+    else
+      Toxiproxy[@toxiproxy_name].toxic(:limit_data, bytes: 5).toxics.each(&:save)
+    end
+  end
+
+  def add_latency(latency)
+    if block_given?
+      Toxiproxy[@toxiproxy_name].toxic(:latency, latency: latency).apply { yield }
+    else
+      Toxiproxy[@toxiproxy_name].toxic(:latency, latency: latency).toxics.each(&:save)
+    end
+  end
+
+  def delete_proxy
+    Toxiproxy[@toxiproxy_name].delete
+  end
+
+  def reset_toxics
+    Toxiproxy[@toxiproxy_name].toxics.each(&:destroy)
+    sleep 0.1
+  end
+
+  def reset_stats
+    with_connection { |c| c.async_exec("SELECT pg_stat_statements_reset()") }
+  end
+
+  def drop_connections
+    username = with_connection { |c| c.async_exec("SELECT current_user")[0]["current_user"] }
+    with_connection { |c| c.async_exec("SELECT pg_terminate_backend(pid) FROM pg_stat_activity WHERE pid <> pg_backend_pid() AND usename='#{username}'") }
+  end
+
+  def count_connections
+    with_connection { |c| c.async_exec("SELECT COUNT(*) as count FROM pg_stat_activity")[0]["count"].to_i }
+  end
+
+  def count_query(query)
+    with_connection { |c| c.async_exec("SELECT SUM(calls) FROM pg_stat_statements WHERE query = '#{query}'")[0]["sum"].to_i }
+  end
+
+  def count_select_1_plus_2
+    with_connection { |c| c.async_exec("SELECT SUM(calls) FROM pg_stat_statements WHERE query = 'SELECT $1 + $2'")[0]["sum"].to_i }
+  end
+end

tests/ruby/helpers/pg_socket.rb

@@ -0,0 +1,259 @@
+require 'socket'
+require 'digest/md5'
+
+BACKEND_MESSAGE_CODES = {
+  'Z' => "ReadyForQuery",
+  'C' => "CommandComplete",
+  'T' => "RowDescription",
+  'D' => "DataRow",
+  '1' => "ParseComplete",
+  '2' => "BindComplete",
+  'E' => "ErrorResponse",
+  's' => "PortalSuspended",
+}
+
+class PostgresSocket
+  def initialize(host, port)
+    @port = port
+    @host = host
+    @socket = TCPSocket.new @host, @port
+    @parameters = {}
+    @verbose = true
+  end
+
+  def send_md5_password_message(username, password, salt)
+    m = Digest::MD5.hexdigest(password + username)
+    m = Digest::MD5.hexdigest(m + salt.map(&:chr).join(""))
+    m = 'md5' + m
+    bytes = (m.split("").map(&:ord) + [0]).flatten
+    message_size = bytes.count + 4
+
+    message = []
+
+    message << 'p'.ord
+    message << [message_size].pack('l>').unpack('CCCC') # 4
+    message << bytes
+    message.flatten!
+
+
+    @socket.write(message.pack('C*'))
+  end
+
+  def send_startup_message(username, database, password)
+    message = []
+
+    message << [196608].pack('l>').unpack('CCCC') # 4
+    message << "user".split('').map(&:ord) # 4, 8
+    message << 0 # 1, 9
+    message << username.split('').map(&:ord) # 2, 11
+    message << 0 # 1, 12
+    message << "database".split('').map(&:ord) # 8, 20
+    message << 0 # 1, 21
+    message << database.split('').map(&:ord) # 2, 23
+    message << 0 # 1, 24
+    message << 0 # 1, 25
+    message.flatten!
+
+    total_message_size = message.size + 4
+
+    message_len = [total_message_size].pack('l>').unpack('CCCC')
+
+    @socket.write([message_len + message].flatten.pack('C*'))
+
+    sleep 0.1
+
+    read_startup_response(username, password)
+  end
+
+  def read_startup_response(username, password)
+    message_code, message_len = @socket.recv(5).unpack("al>")
+    while message_code == 'R'
+      auth_code = @socket.recv(4).unpack('l>').pop
+      case auth_code
+      when 5 # md5
+        salt = @socket.recv(4).unpack('CCCC')
+        send_md5_password_message(username, password, salt)
+        message_code, message_len = @socket.recv(5).unpack("al>")
+      when 0 # trust
+        break
+      end
+    end
+    loop do
+      message_code, message_len = @socket.recv(5).unpack("al>")
+      if message_code == 'Z'
+        @socket.recv(1).unpack("a") # most likely I
+        break # We are good to go
+      end
+      if message_code == 'S'
+        actual_message = @socket.recv(message_len - 4).unpack("C*")
+        k,v = actual_message.pack('U*').split(/\x00/)
+        @parameters[k] = v
+      end
+      if message_code == 'K'
+        process_id, secret_key = @socket.recv(message_len - 4).unpack("l>l>")
+        @parameters["process_id"] = process_id
+        @parameters["secret_key"] = secret_key
+      end
+    end
+    return @parameters
+  end
+
+  def cancel_query
+    socket = TCPSocket.new @host, @port
+    process_key = @parameters["process_id"]
+    secret_key =  @parameters["secret_key"]
+    message = []
+    message << [16].pack('l>').unpack('CCCC') # 4
+    message << [80877102].pack('l>').unpack('CCCC') # 4
+    message << [process_key.to_i].pack('l>').unpack('CCCC') # 4
+    message << [secret_key.to_i].pack('l>').unpack('CCCC') # 4
+    message.flatten!
+    socket.write(message.flatten.pack('C*'))
+    socket.close
+    log "[F] Sent CancelRequest message"
+  end
+
+  def send_query_message(query)
+    query_size = query.length
+    message_size = 1 + 4 + query_size
+    message = []
+    message << "Q".ord
+    message << [message_size].pack('l>').unpack('CCCC') # 4
+    message << query.split('').map(&:ord) # 2, 11
+    message << 0 # 1, 12
+    message.flatten!
+    @socket.write(message.flatten.pack('C*'))
+    log "[F] Sent Q message (#{query})"
+  end
+
+  def send_parse_message(query)
+    query_size = query.length
+    message_size = 2 + 2 + 4 + query_size
+    message = []
+    message << "P".ord
+    message << [message_size].pack('l>').unpack('CCCC') # 4
+    message << 0 # unnamed statement
+    message << query.split('').map(&:ord) # 2, 11
+    message << 0 # 1, 12
+    message << [0, 0]
+    message.flatten!
+    @socket.write(message.flatten.pack('C*'))
+    log "[F] Sent P message (#{query})"
+  end
+
+  def send_bind_message
+    message = []
+    message << "B".ord
+    message << [12].pack('l>').unpack('CCCC') # 4
+    message << 0 # unnamed statement
+    message << 0 # unnamed statement
+    message << [0, 0] # 2
+    message << [0, 0] # 2
+    message << [0, 0] # 2
+    message.flatten!
+    @socket.write(message.flatten.pack('C*'))
+    log "[F] Sent B message"
+  end
+
+  def send_describe_message(mode)
+    message = []
+    message << "D".ord
+    message << [6].pack('l>').unpack('CCCC') # 4
+    message << mode.ord
+    message << 0 # unnamed statement
+    message.flatten!
+    @socket.write(message.flatten.pack('C*'))
+    log "[F] Sent D message"
+  end
+
+  def send_execute_message(limit=0)
+    message = []
+    message << "E".ord
+    message << [9].pack('l>').unpack('CCCC') # 4
+    message << 0 # unnamed statement
+    message << [limit].pack('l>').unpack('CCCC') # 4
+    message.flatten!
+    @socket.write(message.flatten.pack('C*'))
+    log "[F] Sent E message"
+  end
+
+  def send_sync_message
+    message = []
+    message << "S".ord
+    message << [4].pack('l>').unpack('CCCC') # 4
+    message.flatten!
+    @socket.write(message.flatten.pack('C*'))
+    log "[F] Sent S message"
+  end
+
+  def send_copydone_message
+    message = []
+    message << "c".ord
+    message << [4].pack('l>').unpack('CCCC') # 4
+    message.flatten!
+    @socket.write(message.flatten.pack('C*'))
+    log "[F] Sent c message"
+  end
+
+  def send_copyfail_message
+    message = []
+    message << "f".ord
+    message << [5].pack('l>').unpack('CCCC') # 4
+    message << 0
+    message.flatten!
+    @socket.write(message.flatten.pack('C*'))
+    log "[F] Sent f message"
+  end
+
+  def send_flush_message
+    message = []
+    message << "H".ord
+    message << [4].pack('l>').unpack('CCCC') # 4
+    message.flatten!
+    @socket.write(message.flatten.pack('C*'))
+    log "[F] Sent H message"
+  end
+
+  def read_from_server()
+    output_messages = []
+    retry_count = 0
+    message_code = nil
+    message_len = 0
+    loop do
+      begin
+        message_code, message_len = @socket.recv_nonblock(5).unpack("al>")
+      rescue IO::WaitReadable
+        return output_messages if retry_count > 50
+
+        retry_count += 1
+        sleep(0.01)
+        next
+      end
+      message = {
+        code: message_code,
+        len: message_len,
+        bytes: []
+      }
+      log "[B] #{BACKEND_MESSAGE_CODES[message_code] || ('UnknownMessage(' + message_code + ')')}"
+
+      actual_message_length = message_len - 4
+      if actual_message_length > 0
+        message[:bytes] = @socket.recv(message_len - 4).unpack("C*")
+        log "\t#{message[:bytes].join(",")}"
+        log "\t#{message[:bytes].map(&:chr).join(" ")}"
+      end
+      output_messages << message
+      return output_messages if message_code == 'Z'
+    end
+  end
+
+  def log(msg)
+    return unless @verbose
+
+    puts msg
+  end
+
+  def close
+    @socket.close
+  end
+end

tests/ruby/helpers/pgcat_helper.rb

@@ -0,0 +1,173 @@
+require 'json'
+require 'ostruct'
+require_relative 'pgcat_process'
+require_relative 'pg_instance'
+require_relative 'pg_socket'
+
+class ::Hash
+    def deep_merge(second)
+        merger = proc { |key, v1, v2| Hash === v1 && Hash === v2 ? v1.merge(v2, &merger) : v2 }
+        self.merge(second, &merger)
+    end
+end
+
+module Helpers
+  module Pgcat
+    def self.three_shard_setup(pool_name, pool_size, pool_mode="transaction", lb_mode="random", log_level="info")
+      user = {
+        "password" => "sharding_user",
+        "pool_size" => pool_size,
+        "statement_timeout" => 0,
+        "username" => "sharding_user"
+      }
+
+      pgcat    = PgcatProcess.new(log_level)
+      primary0 = PgInstance.new(5432, user["username"], user["password"], "shard0")
+      primary1 = PgInstance.new(7432, user["username"], user["password"], "shard1")
+      primary2 = PgInstance.new(8432, user["username"], user["password"], "shard2")
+
+      pgcat_cfg = pgcat.current_config
+      pgcat_cfg["pools"] = {
+        "#{pool_name}" => {
+          "default_role" => "any",
+          "pool_mode" => pool_mode,
+          "load_balancing_mode" => lb_mode,
+          "primary_reads_enabled" => true,
+          "query_parser_enabled" => true,
+          "automatic_sharding_key" => "data.id",
+          "sharding_function" => "pg_bigint_hash",
+          "shards" => {
+            "0" => { "database" => "shard0", "servers" => [["localhost", primary0.port.to_s, "primary"]] },
+            "1" => { "database" => "shard1", "servers" => [["localhost", primary1.port.to_s, "primary"]] },
+            "2" => { "database" => "shard2", "servers" => [["localhost", primary2.port.to_s, "primary"]] },
+          },
+          "users" => { "0" => user },
+          "plugins" => {
+            "intercept" => {
+              "enabled" => true,
+              "queries" => {
+                "0" => {
+                  "query" => "select current_database() as a, current_schemas(false) as b",
+                  "schema" => [
+                      ["a", "text"],
+                      ["b", "text"],
+                  ],
+                  "result" => [
+                    ["${DATABASE}", "{public}"],
+                  ]
+                }
+              }
+            }
+          }
+        }
+      }
+      pgcat.update_config(pgcat_cfg)
+
+      pgcat.start
+      pgcat.wait_until_ready
+
+      OpenStruct.new.tap do |struct|
+        struct.pgcat = pgcat
+        struct.shards = [primary0, primary1, primary2]
+        struct.all_databases = [primary0, primary1, primary2]
+      end
+    end
+
+    def self.single_instance_setup(pool_name, pool_size, pool_mode="transaction", lb_mode="random", log_level="trace")
+      user = {
+        "password" => "sharding_user",
+        "pool_size" => pool_size,
+        "statement_timeout" => 0,
+        "username" => "sharding_user"
+      }
+
+      pgcat = PgcatProcess.new(log_level)
+      pgcat_cfg = pgcat.current_config
+
+      primary  = PgInstance.new(5432, user["username"], user["password"], "shard0")
+
+      # Main proxy configs
+      pgcat_cfg["pools"] = {
+        "#{pool_name}" => {
+          "default_role" => "primary",
+          "pool_mode" => pool_mode,
+          "load_balancing_mode" => lb_mode,
+          "primary_reads_enabled" => false,
+          "query_parser_enabled" => false,
+          "sharding_function" => "pg_bigint_hash",
+          "shards" => {
+            "0" => {
+              "database" => "shard0",
+              "servers" => [
+                ["localhost", primary.port.to_s, "primary"]
+              ]
+            },
+          },
+          "users" => { "0" => user }
+        }
+      }
+      pgcat_cfg["general"]["port"] = pgcat.port
+      pgcat.update_config(pgcat_cfg)
+      pgcat.start
+      pgcat.wait_until_ready
+
+      OpenStruct.new.tap do |struct|
+        struct.pgcat = pgcat
+        struct.primary = primary
+        struct.all_databases = [primary]
+      end
+    end
+
+    def self.single_shard_setup(pool_name, pool_size, pool_mode="transaction", lb_mode="random", log_level="info")
+      user = {
+        "password" => "sharding_user",
+        "pool_size" => pool_size,
+        "statement_timeout" => 0,
+        "username" => "sharding_user"
+      }
+
+      pgcat = PgcatProcess.new(log_level)
+      pgcat_cfg = pgcat.current_config
+
+      primary  = PgInstance.new(5432, user["username"], user["password"], "shard0")
+      replica0 = PgInstance.new(7432, user["username"], user["password"], "shard0")
+      replica1 = PgInstance.new(8432, user["username"], user["password"], "shard0")
+      replica2 = PgInstance.new(9432, user["username"], user["password"], "shard0")
+
+      # Main proxy configs
+      pgcat_cfg["pools"] = {
+        "#{pool_name}" => {
+          "default_role" => "any",
+          "pool_mode" => pool_mode,
+          "load_balancing_mode" => lb_mode,
+          "primary_reads_enabled" => false,
+          "query_parser_enabled" => false,
+          "sharding_function" => "pg_bigint_hash",
+          "shards" => {
+            "0" => {
+              "database" => "shard0",
+              "servers" => [
+                ["localhost", primary.port.to_s, "primary"],
+                ["localhost", replica0.port.to_s, "replica"],
+                ["localhost", replica1.port.to_s, "replica"],
+                ["localhost", replica2.port.to_s, "replica"]
+              ]
+            },
+          },
+          "users" => { "0" => user }
+        }
+      }
+      pgcat_cfg["general"]["port"] = pgcat.port
+      pgcat.update_config(pgcat_cfg)
+      pgcat.start
+      pgcat.wait_until_ready
+
+      OpenStruct.new.tap do |struct|
+        struct.pgcat = pgcat
+        struct.primary = primary
+        struct.replicas = [replica0, replica1, replica2]
+        struct.all_databases = [primary, replica0, replica1, replica2]
+      end
+    end
+  end
+end

tests/ruby/helpers/pgcat_process.rb

@@ -0,0 +1,132 @@
+require 'pg'
+require 'toml'
+require 'fileutils'
+require 'securerandom'
+
+class PgcatProcess
+  attr_reader :port
+  attr_reader :pid
+
+  def self.finalize(pid, log_filename, config_filename)
+    if pid
+      Process.kill("TERM", pid)
+      Process.wait(pid)
+    end
+
+    File.delete(config_filename) if File.exist?(config_filename)
+    File.delete(log_filename) if File.exist?(log_filename)
+  end
+
+  def initialize(log_level)
+    @env = {"RUST_LOG" => log_level}
+    @port = rand(20000..32760)
+    @log_level = log_level
+    @log_filename = "/tmp/pgcat_log_#{SecureRandom.urlsafe_base64}.log"
+    @config_filename = "/tmp/pgcat_cfg_#{SecureRandom.urlsafe_base64}.toml"
+
+    command_path = if ENV['CARGO_TARGET_DIR'] then
+                     "#{ENV['CARGO_TARGET_DIR']}/debug/pgcat"
+                   else
+                     '../../target/debug/pgcat'
+                   end
+
+    @command = "#{command_path} #{@config_filename}"
+
+    FileUtils.cp("../../pgcat.toml", @config_filename)
+    cfg = current_config
+    cfg["general"]["port"] = @port.to_i
+    cfg["general"]["enable_prometheus_exporter"] = false
+
+    update_config(cfg)
+  end
+
+  def logs
+    File.read(@log_filename)
+  end
+
+  def update_config(config_hash)
+    @original_config = current_config
+    output_to_write = TOML::Generator.new(config_hash).body
+    output_to_write = output_to_write.gsub(/,\s*["|'](\d+)["|']\s*,/, ',\1,')
+    output_to_write = output_to_write.gsub(/,\s*["|'](\d+)["|']\s*\]/, ',\1]')
+    File.write(@config_filename, output_to_write)
+  end
+
+  def current_config
+    loadable_string = File.read(@config_filename)
+    loadable_string = loadable_string.gsub(/,\s*(\d+)\s*,/,  ', "\1",')
+    loadable_string = loadable_string.gsub(/,\s*(\d+)\s*\]/, ', "\1"]')
+    TOML.load(loadable_string)
+  end
+
+  def reload_config
+    `kill -s HUP #{@pid}`
+    sleep 0.5
+  end
+
+  def start
+    raise StandardError, "Process is already started" unless @pid.nil?
+    @pid = Process.spawn(@env, @command, err: @log_filename, out: @log_filename)
+    Process.detach(@pid)
+    ObjectSpace.define_finalizer(@log_filename, proc { PgcatProcess.finalize(@pid, @log_filename, @config_filename) })
+
+    return self
+  end
+
+  def wait_until_ready(connection_string = nil)
+    exc = nil
+    10.times do
+      Process.kill 0, @pid
+      PG::connect(connection_string || example_connection_string).close
+
+      return self
+    rescue Errno::ESRCH
+      raise StandardError, "Process #{@pid} died. #{logs}"
+    rescue => e
+      exc = e
+      sleep(0.5)
+    end
+    puts exc
+    raise StandardError, "Process #{@pid} never became ready. Logs #{logs}"
+  end
+
+  def stop
+    return unless @pid
+
+    Process.kill("TERM", @pid)
+    Process.wait(@pid)
+    @pid = nil
+  end
+
+  def shutdown
+    stop
+    File.delete(@config_filename) if File.exist?(@config_filename)
+    File.delete(@log_filename) if File.exist?(@log_filename)
+  end
+
+  def admin_connection_string
+    cfg = current_config
+    username = cfg["general"]["admin_username"]
+    password = cfg["general"]["admin_password"]
+
+    "postgresql://#{username}:#{password}@0.0.0.0:#{@port}/pgcat"
+  end
+
+  def connection_string(pool_name, username, password = nil)
+    cfg = current_config
+    user_idx, user_obj = cfg["pools"][pool_name]["users"].detect { |k, user| user["username"] == username }
+    "postgresql://#{username}:#{password || user_obj["password"]}@0.0.0.0:#{@port}/#{pool_name}"
+  end
+
+  def example_connection_string
+    cfg = current_config
+    first_pool_name = cfg["pools"].keys[0]
+
+    db_name = first_pool_name
+
+    username = cfg["pools"][first_pool_name]["users"]["0"]["username"]
+    password = cfg["pools"][first_pool_name]["users"]["0"]["password"]
+
+    "postgresql://#{username}:#{password}@0.0.0.0:#{@port}/#{db_name}?application_name=example_app"
+  end
+end

tests/ruby/load_balancing_spec.rb

@@ -0,0 +1,164 @@
+# frozen_string_literal: true
+require_relative 'spec_helper'
+
+describe "Random Load Balancing" do
+  let(:processes) { Helpers::Pgcat.single_shard_setup("sharded_db", 5) }
+  after do
+    processes.all_databases.map(&:reset)
+    processes.pgcat.shutdown
+  end
+
+  context "under regular circumstances" do
+    it "balances query volume between all instances" do
+      conn = PG.connect(processes.pgcat.connection_string("sharded_db", "sharding_user"))
+
+      query_count = QUERY_COUNT
+      expected_share = query_count / processes.all_databases.count
+      failed_count = 0
+
+      query_count.times do
+        conn.async_exec("SELECT 1 + 2")
+      rescue
+        failed_count += 1
+      end
+
+      expect(failed_count).to eq(0)
+      processes.all_databases.map(&:count_select_1_plus_2).each do |instance_share|
+        expect(instance_share).to be_within(expected_share * MARGIN_OF_ERROR).of(expected_share)
+      end
+    end
+  end
+
+  context "when some replicas are down" do
+    it "balances query volume between working instances" do
+      conn = PG.connect(processes.pgcat.connection_string("sharded_db", "sharding_user"))
+      expected_share = QUERY_COUNT / (processes.all_databases.count - 2)
+      failed_count = 0
+
+      processes[:replicas][0].take_down do
+        processes[:replicas][1].take_down do
+          QUERY_COUNT.times do
+            conn.async_exec("SELECT 1 + 2")
+          rescue
+            conn = PG.connect(processes.pgcat.connection_string("sharded_db", "sharding_user"))
+            failed_count += 1
+          end
+        end
+      end
+
+      processes.all_databases.each do |instance|
+        queries_routed = instance.count_select_1_plus_2
+        if processes.replicas[0..1].include?(instance)
+          expect(queries_routed).to eq(0)
+        else
+          expect(queries_routed).to be_within(expected_share * MARGIN_OF_ERROR).of(expected_share)
+        end
+      end
+    end
+  end
+end
+
+describe "Least Outstanding Queries Load Balancing" do
+  let(:processes) { Helpers::Pgcat.single_shard_setup("sharded_db", 1, "transaction", "loc") }
+  after do
+    processes.all_databases.map(&:reset)
+    processes.pgcat.shutdown
+  end
+
+  context "under homogeneous load" do
+    it "balances query volume between all instances" do
+      conn = PG.connect(processes.pgcat.connection_string("sharded_db", "sharding_user"))
+
+      query_count = QUERY_COUNT
+      expected_share = query_count / processes.all_databases.count
+      failed_count = 0
+
+      query_count.times do
+        conn.async_exec("SELECT 1 + 2")
+      rescue
+        failed_count += 1
+      end
+
+      expect(failed_count).to eq(0)
+      processes.all_databases.map(&:count_select_1_plus_2).each do |instance_share|
+        expect(instance_share).to be_within(expected_share * MARGIN_OF_ERROR).of(expected_share)
+      end
+    end
+  end
+
+  context "under heterogeneous load" do
+    xit "balances query volume between all instances based on how busy they are" do
+      slow_query_count = 2
+      threads = Array.new(slow_query_count) do
+        Thread.new do
+          conn = PG.connect(processes.pgcat.connection_string("sharded_db", "sharding_user"))
+          conn.async_exec("BEGIN")
+        end
+      end
+
+      conn = PG.connect(processes.pgcat.connection_string("sharded_db", "sharding_user"))
+
+      query_count = QUERY_COUNT
+      expected_share = query_count / (processes.all_databases.count - slow_query_count)
+      failed_count = 0
+
+      query_count.times do
+        conn.async_exec("SELECT 1 + 2")
+      rescue
+        failed_count += 1
+      end
+
+      expect(failed_count).to eq(0)
+      # Under LOQ, we expect replicas running the slow pg_sleep
+      # to get no selects
+      expect(
+        processes.
+          all_databases.
+          map(&:count_select_1_plus_2).
+          count { |instance_share| instance_share == 0 }
+      ).to eq(slow_query_count)
+
+      # We also expect the quick queries to be spread across
+      # the idle servers only
+      processes.
+        all_databases.
+        map(&:count_select_1_plus_2).
+        reject { |instance_share| instance_share == 0 }.
+        each do |instance_share|
+          expect(instance_share).to be_within(expected_share * MARGIN_OF_ERROR).of(expected_share)
+      end
+
+      threads.map(&:join)
+    end
+  end
+
+  context "when some replicas are down" do
+    it "balances query volume between working instances" do
+      conn = PG.connect(processes.pgcat.connection_string("sharded_db", "sharding_user"))
+      expected_share = QUERY_COUNT / (processes.all_databases.count - 2)
+      failed_count = 0
+
+      processes[:replicas][0].take_down do
+        processes[:replicas][1].take_down do
+          QUERY_COUNT.times do
+            conn.async_exec("SELECT 1 + 2")
+          rescue
+            conn = PG.connect(processes.pgcat.connection_string("sharded_db", "sharding_user"))
+            failed_count += 1
+          end
+        end
+      end
+
+      expect(failed_count).to be <= 2
+      processes.all_databases.each do |instance|
+        queries_routed = instance.count_select_1_plus_2
+        if processes.replicas[0..1].include?(instance)
+          expect(queries_routed).to eq(0)
+        else
+          expect(queries_routed).to be_within(expected_share * MARGIN_OF_ERROR).of(expected_share)
+        end
+      end
+    end
+  end
+end
+

tests/ruby/mirrors_spec.rb

@@ -0,0 +1,90 @@
+# frozen_string_literal: true
+require 'uri'
+require_relative 'spec_helper'
+
+describe "Query Mirroing" do
+  let(:processes) { Helpers::Pgcat.single_instance_setup("sharded_db", 10) }
+  let(:mirror_pg) { PgInstance.new(8432, "sharding_user", "sharding_user", "shard2")}
+  let(:pgcat_conn_str) { processes.pgcat.connection_string("sharded_db", "sharding_user") }
+  let(:mirror_host) { "localhost" }
+
+  before do
+    new_configs = processes.pgcat.current_config
+    new_configs["pools"]["sharded_db"]["shards"]["0"]["mirrors"] = [
+      [mirror_host, mirror_pg.port.to_s, "0"],
+      [mirror_host, mirror_pg.port.to_s, "0"],
+      [mirror_host, mirror_pg.port.to_s, "0"],
+    ]
+    processes.pgcat.update_config(new_configs)
+    processes.pgcat.reload_config
+  end
+
+  after do
+    processes.all_databases.map(&:reset)
+    mirror_pg.reset
+    processes.pgcat.shutdown
+  end
+
+  xit "can mirror a query" do
+    conn = PG.connect(processes.pgcat.connection_string("sharded_db", "sharding_user"))
+    runs = 15
+    runs.times { conn.async_exec("SELECT 1 + 2") }
+    sleep 0.5
+    expect(processes.all_databases.first.count_select_1_plus_2).to eq(runs)
+    expect(mirror_pg.count_select_1_plus_2).to eq(runs * 3)
+  end
+
+  context "when main server connection is closed" do
+    it "closes the mirror connection" do
+      baseline_count = processes.all_databases.first.count_connections
+      5.times do |i|
+        # Force pool cycling to detect zombie mirror connections
+        new_configs = processes.pgcat.current_config
+        new_configs["pools"]["sharded_db"]["idle_timeout"] = 5000 + i
+        new_configs["pools"]["sharded_db"]["shards"]["0"]["mirrors"] = [
+          [mirror_host, mirror_pg.port.to_s, "0"],
+          [mirror_host, mirror_pg.port.to_s, "0"],
+          [mirror_host, mirror_pg.port.to_s, "0"],
+        ]
+        processes.pgcat.update_config(new_configs)
+        processes.pgcat.reload_config
+      end
+      conn = PG.connect(processes.pgcat.connection_string("sharded_db", "sharding_user"))
+      conn.async_exec("SELECT 1 + 2")
+      sleep 0.5
+      # Expect same number of connection even after pool cycling
+      expect(processes.all_databases.first.count_connections).to be < baseline_count + 2
+    end
+  end
+
+  xcontext "when mirror server goes down temporarily" do
+    it "continues to transmit queries after recovery" do
+      conn = PG.connect(processes.pgcat.connection_string("sharded_db", "sharding_user"))
+      mirror_pg.take_down do
+        conn.async_exec("SELECT 1 + 2")
+        sleep 0.1
+      end
+      10.times { conn.async_exec("SELECT 1 + 2") }
+      sleep 1
+      expect(mirror_pg.count_select_1_plus_2).to be >= 2
+    end
+  end
+
+  context "when a mirror is down" do
+    let(:mirror_host) { "badhost" }
+
+    it "does not fail to send the main query" do
+      conn = PG.connect(processes.pgcat.connection_string("sharded_db", "sharding_user"))
+      # No Errors here
+      conn.async_exec("SELECT 1 + 2")
+      expect(processes.all_databases.first.count_select_1_plus_2).to eq(1)
+    end
+
+    it "does not fail to send the main query (even after thousands of mirror attempts)" do
+      conn = PG.connect(processes.pgcat.connection_string("sharded_db", "sharding_user"))
+      # No Errors here
+      1000.times { conn.async_exec("SELECT 1 + 2") }
+      expect(processes.all_databases.first.count_select_1_plus_2).to eq(1000)
+    end
+  end
+end

tests/ruby/misc_spec.rb

@@ -0,0 +1,378 @@
+# frozen_string_literal: true
+require_relative 'spec_helper'
+
+describe "Miscellaneous" do
+  let(:processes) { Helpers::Pgcat.single_shard_setup("sharded_db", 5) }
+  after do
+    processes.all_databases.map(&:reset)
+    processes.pgcat.shutdown
+  end
+
+  context "when adding then removing instance using RELOAD" do
+    it "works correctly" do
+      admin_conn = PG::connect(processes.pgcat.admin_connection_string)
+
+      current_configs = processes.pgcat.current_config
+      correct_count = current_configs["pools"]["sharded_db"]["shards"]["0"]["servers"].count
+      expect(admin_conn.async_exec("SHOW DATABASES").count).to eq(correct_count)
+
+      extra_replica = current_configs["pools"]["sharded_db"]["shards"]["0"]["servers"].last.clone
+      extra_replica[0] = "127.0.0.1"
+      current_configs["pools"]["sharded_db"]["shards"]["0"]["servers"] << extra_replica
+
+      processes.pgcat.update_config(current_configs) # with replica added
+      processes.pgcat.reload_config
+      correct_count = current_configs["pools"]["sharded_db"]["shards"]["0"]["servers"].count
+      expect(admin_conn.async_exec("SHOW DATABASES").count).to eq(correct_count)
+
+      current_configs["pools"]["sharded_db"]["shards"]["0"]["servers"].pop
+
+      processes.pgcat.update_config(current_configs) # with replica removed again
+      processes.pgcat.reload_config
+      correct_count = current_configs["pools"]["sharded_db"]["shards"]["0"]["servers"].count
+      expect(admin_conn.async_exec("SHOW DATABASES").count).to eq(correct_count)
+    end
+  end
+
+  context "when removing then adding instance back using RELOAD" do
+    it "works correctly" do
+      admin_conn = PG::connect(processes.pgcat.admin_connection_string)
+
+      current_configs = processes.pgcat.current_config
+      correct_count = current_configs["pools"]["sharded_db"]["shards"]["0"]["servers"].count
+      expect(admin_conn.async_exec("SHOW DATABASES").count).to eq(correct_count)
+
+      removed_replica = current_configs["pools"]["sharded_db"]["shards"]["0"]["servers"].pop
+      processes.pgcat.update_config(current_configs) # with replica removed
+      processes.pgcat.reload_config
+      correct_count = current_configs["pools"]["sharded_db"]["shards"]["0"]["servers"].count
+      expect(admin_conn.async_exec("SHOW DATABASES").count).to eq(correct_count)
+
+      current_configs["pools"]["sharded_db"]["shards"]["0"]["servers"] << removed_replica
+
+      processes.pgcat.update_config(current_configs) # with replica added again
+      processes.pgcat.reload_config
+      correct_count = current_configs["pools"]["sharded_db"]["shards"]["0"]["servers"].count
+      expect(admin_conn.async_exec("SHOW DATABASES").count).to eq(correct_count)
+    end
+  end
+
+  describe "TCP Keepalives" do
+    # Ideally, we should block TCP traffic to the database using
+    # iptables to mimic passive (connection is dropped without a RST packet)
+    # but we cannot do this in CircleCI because iptables requires NET_ADMIN
+    # capability that we cannot enable in CircleCI
+    # Toxiproxy won't work either because it does not block keepalives
+    # so our best bet is to query the OS keepalive params set on the socket
+
+    context "default settings" do
+      it "applies default keepalive settings" do
+        # We query ss command to verify that we have correct keepalive values set
+        # we can only verify the keepalives_idle parameter but that's good enough
+        # example output
+        #Recv-Q Send-Q Local Address:Port  Peer Address:Port Process
+        #0      0          127.0.0.1:60526    127.0.0.1:18432 timer:(keepalive,1min59sec,0)
+        #0      0          127.0.0.1:60664    127.0.0.1:19432 timer:(keepalive,4.123ms,0)
+
+        port_search_criteria = processes.all_databases.map { |d| "dport = :#{d.port}"}.join(" or ")
+        results = `ss -t4 state established -o -at '( #{port_search_criteria}  )'`.lines
+        results.shift
+        results.each { |line| expect(line).to match(/timer:\(keepalive,.*ms,0\)/) }
+      end
+    end
+
+    context "changed settings" do
+      it "applies keepalive settings from config" do
+        new_configs = processes.pgcat.current_config
+
+        new_configs["general"]["tcp_keepalives_idle"] = 120
+        new_configs["general"]["tcp_keepalives_count"] = 1
+        new_configs["general"]["tcp_keepalives_interval"] = 1
+        processes.pgcat.update_config(new_configs)
+        # We need to kill the old process that was using the default configs
+        processes.pgcat.stop
+        processes.pgcat.start
+        processes.pgcat.wait_until_ready
+
+        port_search_criteria = processes.all_databases.map { |d| "dport = :#{d.port}"}.join(" or ")
+        results = `ss -t4 state established -o -at '( #{port_search_criteria}  )'`.lines
+        results.shift
+        results.each { |line| expect(line).to include("timer:(keepalive,1min") }
+      end
+    end
+  end
+
+  describe "Extended Protocol handling" do
+    it "does not send packets that client does not expect during extended protocol sequence" do
+      new_configs = processes.pgcat.current_config
+
+      new_configs["general"]["connect_timeout"] = 500
+      new_configs["general"]["ban_time"] = 1
+      new_configs["general"]["shutdown_timeout"] = 1
+      new_configs["pools"]["sharded_db"]["users"]["0"]["pool_size"] = 1
+
+      processes.pgcat.update_config(new_configs)
+      processes.pgcat.reload_config
+
+      25.times do
+        Thread.new do
+          conn = PG::connect(processes.pgcat.connection_string("sharded_db", "sharding_user"))
+          conn.async_exec("SELECT pg_sleep(5)") rescue PG::SystemError
+        ensure
+          conn&.close
+        end
+      end
+
+      sleep(0.5)
+      conn_under_test = PG::connect(processes.pgcat.connection_string("sharded_db", "sharding_user"))
+      stdout, stderr = with_captured_stdout_stderr do
+        15.times do |i|
+          conn_under_test.async_exec("SELECT 1") rescue PG::SystemError
+          conn_under_test.exec_params("SELECT #{i} + $1", [i]) rescue PG::SystemError
+          sleep 1
+        end
+      end
+
+      raise StandardError, "Libpq got unexpected messages while idle" if stderr.include?("arrived from server while idle")
+    end
+  end
+
+  describe "Pool recycling after config reload" do
+    let(:processes) { Helpers::Pgcat.three_shard_setup("sharded_db", 5) }
+
+    it "should update pools for new clients and clients that are no longer in transaction" do
+      server_conn = PG::connect(processes.pgcat.connection_string("sharded_db", "sharding_user"))
+      server_conn.async_exec("BEGIN")
+
+      # No config change yet, client should set old configs
+      current_datebase_from_pg = server_conn.async_exec("SELECT current_database();")[0]["current_database"]
+      expect(current_datebase_from_pg).to eq('shard0')
+
+      # Swap shards
+      new_config = processes.pgcat.current_config
+      shard0 = new_config["pools"]["sharded_db"]["shards"]["0"]
+      shard1 = new_config["pools"]["sharded_db"]["shards"]["1"]
+      new_config["pools"]["sharded_db"]["shards"]["0"] = shard1
+      new_config["pools"]["sharded_db"]["shards"]["1"] = shard0
+
+      # Reload config
+      processes.pgcat.update_config(new_config)
+      processes.pgcat.reload_config
+      sleep 0.5
+
+      # Config changed but transaction is in progress, client should set old configs
+      current_datebase_from_pg = server_conn.async_exec("SELECT current_database();")[0]["current_database"]
+      expect(current_datebase_from_pg).to eq('shard0')
+      server_conn.async_exec("COMMIT")
+
+      # Transaction finished, client should get new configs
+      current_datebase_from_pg = server_conn.async_exec("SELECT current_database();")[0]["current_database"]
+      expect(current_datebase_from_pg).to eq('shard1')
+
+      # New connection should get new configs
+      server_conn.close()
+      server_conn = PG::connect(processes.pgcat.connection_string("sharded_db", "sharding_user"))
+      current_datebase_from_pg = server_conn.async_exec("SELECT current_database();")[0]["current_database"]
+      expect(current_datebase_from_pg).to eq('shard1')
+    end
+  end
+
+  describe "Clients closing connection in the middle of transaction" do
+    it "sends a rollback to the server" do
+      conn = PG::connect(processes.pgcat.connection_string("sharded_db", "sharding_user"))
+      conn.async_exec("SET SERVER ROLE to 'primary'")
+      conn.async_exec("BEGIN")
+      conn.close
+
+      expect(processes.primary.count_query("ROLLBACK")).to eq(1)
+    end
+  end
+
+  describe "Server version reporting" do
+    it "reports correct version for normal and admin databases" do
+      server_conn = PG::connect(processes.pgcat.connection_string("sharded_db", "sharding_user"))
+      expect(server_conn.server_version).not_to eq(0)
+      server_conn.close
+
+      admin_conn = PG::connect(processes.pgcat.admin_connection_string)
+      expect(admin_conn.server_version).not_to eq(0)
+      admin_conn.close
+    end
+  end
+
+  describe "State clearance" do
+    context "session mode" do
+      let(:processes) { Helpers::Pgcat.single_shard_setup("sharded_db", 5, "session") }
+
+      it "Clears state before connection checkin" do
+        # Both modes of operation should not raise
+        # ERROR:  prepared statement "prepared_q" already exists
+        15.times do
+          conn = PG::connect(processes.pgcat.connection_string("sharded_db", "sharding_user"))
+          conn.async_exec("PREPARE prepared_q (int) AS SELECT $1")
+          conn.close
+        end
+
+        conn = PG::connect(processes.pgcat.connection_string("sharded_db", "sharding_user"))
+        initial_value = conn.async_exec("SHOW statement_timeout")[0]["statement_timeout"]
+        conn.async_exec("SET statement_timeout to 1000")
+        current_value = conn.async_exec("SHOW statement_timeout")[0]["statement_timeout"]
+        expect(conn.async_exec("SHOW statement_timeout")[0]["statement_timeout"]).to eq("1s")
+        conn.close
+      end
+
+      it "Does not send DISCARD ALL unless necessary" do
+        10.times do
+          conn = PG::connect(processes.pgcat.connection_string("sharded_db", "sharding_user"))
+          conn.async_exec("SET SERVER ROLE to 'primary'")
+          conn.async_exec("SELECT 1")
+          conn.close
+        end
+
+        expect(processes.primary.count_query("DISCARD ALL")).to eq(0)
+
+        10.times do
+          conn = PG::connect(processes.pgcat.connection_string("sharded_db", "sharding_user"))
+          conn.async_exec("SET SERVER ROLE to 'primary'")
+          conn.async_exec("SELECT 1")
+          conn.async_exec("SET statement_timeout to 5000")
+          conn.close
+        end
+
+        expect(processes.primary.count_query("DISCARD ALL")).to eq(10)
+      end
+
+      it "Resets server roles correctly" do
+        10.times do
+          conn = PG::connect(processes.pgcat.connection_string("sharded_db", "sharding_user"))
+          conn.async_exec("SET SERVER ROLE to 'primary'")
+          conn.async_exec("SELECT 1")
+          conn.async_exec("SET statement_timeout to 5000")
+          conn.close
+        end
+
+        expect(processes.primary.count_query("RESET ROLE")).to eq(10)
+      end 
+    end
+
+    context "transaction mode" do
+      let(:processes) { Helpers::Pgcat.single_shard_setup("sharded_db", 5, "transaction") }
+      it "Clears state before connection checkin" do
+        # Both modes of operation should not raise
+        # ERROR:  prepared statement "prepared_q" already exists
+        15.times do
+          conn = PG::connect(processes.pgcat.connection_string("sharded_db", "sharding_user"))
+          conn.async_exec("PREPARE prepared_q (int) AS SELECT $1")
+          conn.close
+        end
+
+        15.times do
+          conn = PG::connect(processes.pgcat.connection_string("sharded_db", "sharding_user"))
+          conn.prepare("prepared_q", "SELECT $1")
+          conn.close
+        end
+      end
+
+      it "Does not send DISCARD ALL unless necessary" do
+        10.times do
+          conn = PG::connect(processes.pgcat.connection_string("sharded_db", "sharding_user"))
+          conn.async_exec("SET SERVER ROLE to 'primary'")
+          conn.async_exec("SELECT 1")
+          conn.exec_params("SELECT $1", [1])
+          conn.close
+        end
+
+        expect(processes.primary.count_query("DISCARD ALL")).to eq(0)
+
+        10.times do
+          conn = PG::connect(processes.pgcat.connection_string("sharded_db", "sharding_user"))
+          conn.async_exec("SET SERVER ROLE to 'primary'")
+          conn.async_exec("SELECT 1")
+          conn.async_exec("SET statement_timeout to 5000")
+          conn.close
+        end
+
+        expect(processes.primary.count_query("DISCARD ALL")).to eq(10)
+      end
+    end
+
+    context "transaction mode with transactions" do
+      let(:processes) { Helpers::Pgcat.single_shard_setup("sharded_db", 5, "transaction") }
+      it "Does not clear set statement state when declared in a transaction" do
+        10.times do
+          conn = PG::connect(processes.pgcat.connection_string("sharded_db", "sharding_user"))
+          conn.async_exec("SET SERVER ROLE to 'primary'")
+          conn.async_exec("BEGIN")
+          conn.async_exec("SET statement_timeout to 1000")
+          conn.async_exec("COMMIT")
+          conn.close
+        end
+        expect(processes.primary.count_query("DISCARD ALL")).to eq(0)
+
+        10.times do
+          conn = PG::connect(processes.pgcat.connection_string("sharded_db", "sharding_user"))
+          conn.async_exec("SET SERVER ROLE to 'primary'")
+          conn.async_exec("BEGIN")
+          conn.async_exec("SET LOCAL statement_timeout to 1000")
+          conn.async_exec("COMMIT")
+          conn.close
+        end
+        expect(processes.primary.count_query("DISCARD ALL")).to eq(0)
+      end
+    end
+  end
+
+  describe "Idle client timeout" do
+    context "idle transaction timeout set to 0" do
+      before do
+        current_configs = processes.pgcat.current_config
+        correct_idle_client_transaction_timeout = current_configs["general"]["idle_client_in_transaction_timeout"]
+        puts(current_configs["general"]["idle_client_in_transaction_timeout"])
+  
+        current_configs["general"]["idle_client_in_transaction_timeout"] = 0
+  
+        processes.pgcat.update_config(current_configs) # with timeout 0
+        processes.pgcat.reload_config
+      end
+
+      it "Allow client to be idle in transaction" do
+        conn = PG::connect(processes.pgcat.connection_string("sharded_db", "sharding_user"))
+        conn.async_exec("BEGIN")
+        conn.async_exec("SELECT 1")
+        sleep(2)
+        conn.async_exec("COMMIT")
+        conn.close
+      end
+    end
+
+    context "idle transaction timeout set to 500ms" do
+      before do
+        current_configs = processes.pgcat.current_config
+        correct_idle_client_transaction_timeout = current_configs["general"]["idle_client_in_transaction_timeout"]  
+        current_configs["general"]["idle_client_in_transaction_timeout"] = 500
+  
+        processes.pgcat.update_config(current_configs) # with timeout 500
+        processes.pgcat.reload_config
+      end
+
+      it "Allow client to be idle in transaction below timeout" do
+        conn = PG::connect(processes.pgcat.connection_string("sharded_db", "sharding_user"))
+        conn.async_exec("BEGIN")
+        conn.async_exec("SELECT 1")
+        sleep(0.4) # below 500ms
+        conn.async_exec("COMMIT")
+        conn.close
+      end
+
+      it "Error when client idle in transaction time exceeds timeout" do
+        conn = PG::connect(processes.pgcat.connection_string("sharded_db", "sharding_user"))
+        conn.async_exec("BEGIN")
+        conn.async_exec("SELECT 1")
+        sleep(1) # above 500ms
+        expect{ conn.async_exec("COMMIT") }.to raise_error(PG::SystemError, /idle transaction timeout/) 
+        conn.async_exec("SELECT 1") # should be able to send another query
+        conn.close
+      end
+    end
+  end
+end

tests/ruby/plugins_spec.rb

@@ -0,0 +1,14 @@
+require_relative 'spec_helper'
+
+
+describe "Plugins" do
+  let(:processes) { Helpers::Pgcat.three_shard_setup("sharded_db", 5) }
+
+  context "intercept" do
+    it "will intercept an intellij query" do
+      conn = PG.connect(processes.pgcat.connection_string("sharded_db", "sharding_user"))
+      res = conn.exec("select current_database() as a, current_schemas(false) as b")
+      expect(res.values).to eq([["sharded_db", "{public}"]])
+    end
+  end
+end

tests/ruby/protocol_spec.rb

@@ -0,0 +1,155 @@
+# frozen_string_literal: true
+require_relative 'spec_helper'
+
+
+describe "Portocol handling" do
+  let(:processes) { Helpers::Pgcat.single_instance_setup("sharded_db", 1, "session") }
+  let(:sequence) { [] }
+  let(:pgcat_socket) { PostgresSocket.new('localhost', processes.pgcat.port) }
+  let(:pgdb_socket) { PostgresSocket.new('localhost', processes.all_databases.first.port) }
+
+  after do
+    pgdb_socket.close
+    pgcat_socket.close
+    processes.all_databases.map(&:reset)
+    processes.pgcat.shutdown
+  end
+
+  def run_comparison(sequence, socket_a, socket_b)
+    sequence.each do |msg, *args|
+      socket_a.send(msg, *args)
+      socket_b.send(msg, *args)
+
+      compare_messages(
+        socket_a.read_from_server,
+        socket_b.read_from_server
+      )
+    end
+  end
+
+  def compare_messages(msg_arr0, msg_arr1)
+    if msg_arr0.count != msg_arr1.count
+      error_output = []
+
+      error_output << "#{msg_arr0.count} : #{msg_arr1.count}"
+      error_output << "PgCat Messages"
+      error_output += msg_arr0.map { |message| "\t#{message[:code]} - #{message[:bytes].map(&:chr).join(" ")}" }
+      error_output << "PgServer Messages"
+      error_output += msg_arr1.map { |message| "\t#{message[:code]} - #{message[:bytes].map(&:chr).join(" ")}" }
+      error_desc = error_output.join("\n")
+      raise StandardError, "Message count mismatch #{error_desc}"
+    end
+
+    (0..msg_arr0.count - 1).all? do |i|
+      msg0 = msg_arr0[i]
+      msg1 = msg_arr1[i]
+
+      result = [
+        msg0[:code] == msg1[:code],
+        msg0[:len] == msg1[:len],
+        msg0[:bytes] == msg1[:bytes],
+      ].all?
+
+      next result if result
+
+      if result == false
+        error_string = []
+        if msg0[:code] != msg1[:code]
+          error_string << "code #{msg0[:code]} != #{msg1[:code]}"
+        end
+        if msg0[:len] != msg1[:len]
+          error_string << "len #{msg0[:len]} != #{msg1[:len]}"
+        end
+        if msg0[:bytes] != msg1[:bytes]
+          error_string << "bytes #{msg0[:bytes]} != #{msg1[:bytes]}"
+        end
+        err = error_string.join("\n")
+
+        raise StandardError, "Message mismatch #{err}"
+      end
+    end
+  end
+
+  RSpec.shared_examples "at parity with database" do
+    before do
+      pgcat_socket.send_startup_message("sharding_user", "sharded_db", "sharding_user")
+      pgdb_socket.send_startup_message("sharding_user", "shard0", "sharding_user")
+    end
+
+    it "works" do
+      run_comparison(sequence, pgcat_socket, pgdb_socket)
+    end
+  end
+
+  context "Cancel Query" do
+    let(:sequence) {
+      [
+        [:send_query_message, "SELECT pg_sleep(5)"],
+        [:cancel_query]
+      ]
+    }
+
+    it_behaves_like "at parity with database"
+  end
+
+  xcontext "Simple query after parse" do
+    let(:sequence) {
+      [
+        [:send_parse_message, "SELECT 5"],
+        [:send_query_message, "SELECT 1"],
+        [:send_bind_message],
+        [:send_describe_message, "P"],
+        [:send_execute_message],
+        [:send_sync_message],
+      ]
+    }
+
+    # Known to fail due to PgCat not supporting flush
+    it_behaves_like "at parity with database"
+  end
+
+  xcontext "Flush message" do
+    let(:sequence) {
+      [
+        [:send_parse_message, "SELECT 1"],
+        [:send_flush_message]
+      ]
+    }
+
+    # Known to fail due to PgCat not supporting flush
+    it_behaves_like "at parity with database"
+  end
+
+  xcontext "Bind without parse" do
+    let(:sequence) {
+      [
+        [:send_bind_message]
+      ]
+    }
+    # This is known to fail.
+    # Server responds immediately, Proxy buffers the message
+    it_behaves_like "at parity with database"
+  end
+
+  context "Simple message" do
+    let(:sequence) {
+      [[:send_query_message, "SELECT 1"]]
+    }
+
+    it_behaves_like "at parity with database"
+  end
+
+  context "Extended protocol" do
+    let(:sequence) {
+      [
+        [:send_parse_message, "SELECT 1"],
+        [:send_bind_message],
+        [:send_describe_message, "P"],
+        [:send_execute_message],
+        [:send_sync_message],
+      ]
+    }
+
+    it_behaves_like "at parity with database"
+  end
+end

tests/ruby/routing_spec.rb

@@ -0,0 +1,81 @@
+# frozen_string_literal: true
+require_relative 'spec_helper'
+
+
+describe "Routing" do
+  let(:processes) { Helpers::Pgcat.single_shard_setup("sharded_db", 5) }
+  after do
+    processes.all_databases.map(&:reset)
+    processes.pgcat.shutdown
+  end
+
+  describe "SET ROLE" do
+    context "primary" do
+      it "routes queries only to primary" do
+        conn = PG.connect(processes.pgcat.connection_string("sharded_db", "sharding_user"))
+        conn.async_exec("SET SERVER ROLE to 'primary'")
+
+        query_count = 30
+        failed_count = 0
+
+        query_count.times do
+          conn.async_exec("SELECT 1 + 2")
+        rescue
+          failed_count += 1
+        end
+
+        expect(failed_count).to eq(0)
+        processes.replicas.map(&:count_select_1_plus_2).each do |instance_share|
+          expect(instance_share).to eq(0)
+        end
+
+        expect(processes.primary.count_select_1_plus_2).to eq(query_count)
+      end
+    end
+    context "replica" do
+      it "routes queries only to replicas" do
+        conn = PG.connect(processes.pgcat.connection_string("sharded_db", "sharding_user"))
+        conn.async_exec("SET SERVER ROLE to 'replica'")
+
+        expected_share = QUERY_COUNT / processes.replicas.count
+        failed_count = 0
+
+        QUERY_COUNT.times do
+          conn.async_exec("SELECT 1 + 2")
+        rescue
+          failed_count += 1
+        end
+
+        expect(failed_count).to eq(0)
+
+        processes.replicas.map(&:count_select_1_plus_2).each do |instance_share|
+          expect(instance_share).to be_within(expected_share * MARGIN_OF_ERROR).of(expected_share)
+        end
+
+        expect(processes.primary.count_select_1_plus_2).to eq(0)
+      end
+    end
+
+    context "any" do
+      it "routes queries to all instances" do
+        conn = PG.connect(processes.pgcat.connection_string("sharded_db", "sharding_user"))
+        conn.async_exec("SET SERVER ROLE to 'any'")
+
+        expected_share = QUERY_COUNT / processes.all_databases.count
+        failed_count = 0
+
+        QUERY_COUNT.times do
+          conn.async_exec("SELECT 1 + 2")
+        rescue
+          failed_count += 1
+        end
+
+        expect(failed_count).to eq(0)
+
+        processes.all_databases.map(&:count_select_1_plus_2).each do |instance_share|
+          expect(instance_share).to be_within(expected_share * MARGIN_OF_ERROR).of(expected_share)
+        end
+      end
+    end
+  end
+end

tests/ruby/sharding_spec.rb

@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+require_relative 'spec_helper'
+
+
+describe "Sharding" do
+  let(:processes) { Helpers::Pgcat.three_shard_setup("sharded_db", 5) }
+
+  before do
+    conn = PG.connect(processes.pgcat.connection_string("sharded_db", "sharding_user"))
+
+    # Setup the sharding data
+    3.times do |i|
+      conn.exec("SET SHARD TO '#{i}'")
+      conn.exec("DELETE FROM data WHERE id > 0")
+    end
+
+    18.times do |i|
+      i = i + 1
+      conn.exec("SET SHARDING KEY TO '#{i}'")
+      conn.exec("INSERT INTO data (id, value) VALUES (#{i}, 'value_#{i}')")
+    end
+  end
+
+  after do
+
+    processes.all_databases.map(&:reset)
+    processes.pgcat.shutdown
+  end
+
+  describe "automatic routing of extended protocol" do
+    it "can do it" do
+      conn = PG.connect(processes.pgcat.connection_string("sharded_db", "sharding_user"))
+      conn.exec("SET SERVER ROLE TO 'auto'")
+
+      18.times do |i|
+        result = conn.exec_params("SELECT * FROM data WHERE id = $1", [i + 1])
+        expect(result.ntuples).to eq(1)
+      end
+    end
+
+    it "can do it with multiple parameters" do
+      conn = PG.connect(processes.pgcat.connection_string("sharded_db", "sharding_user"))
+      conn.exec("SET SERVER ROLE TO 'auto'")
+
+      18.times do |i|
+        result = conn.exec_params("SELECT * FROM data WHERE id = $1 AND id = $2", [i + 1, i + 1])
+        expect(result.ntuples).to eq(1)
+      end
+    end
+  end
+end

tests/ruby/spec_helper.rb

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+require 'pg'
+require_relative 'helpers/pgcat_helper'
+
+QUERY_COUNT = 300
+MARGIN_OF_ERROR = 0.35
+
+def with_captured_stdout_stderr
+  sout = STDOUT.clone
+  serr = STDERR.clone
+  STDOUT.reopen("/tmp/out.txt", "w+")
+  STDERR.reopen("/tmp/err.txt", "w+")
+  STDOUT.sync = true
+  STDERR.sync = true
+  yield
+  return File.read('/tmp/out.txt'), File.read('/tmp/err.txt')
+ensure
+  STDOUT.reopen(sout)
+  STDERR.reopen(serr)
+end
+
+def clients_connected_to_pool(pool_index: 0, processes:)
+  admin_conn = PG::connect(processes.pgcat.admin_connection_string)
+  results = admin_conn.async_exec("SHOW POOLS")[pool_index]
+  admin_conn.close
+  results['cl_idle'].to_i + results['cl_active'].to_i + results['cl_waiting'].to_i
+end

tests/ruby/tests.rb

@@ -0,0 +1,113 @@
+# frozen_string_literal: true
+require 'pg'
+require 'active_record'
+
+# Uncomment these two to see all queries.
+# ActiveRecord.verbose_query_logs = true
+# ActiveRecord::Base.logger = Logger.new(STDOUT)
+
+ActiveRecord::Base.establish_connection(
+  adapter: 'postgresql',
+  host: '127.0.0.1',
+  port: 6432,
+  username: 'sharding_user',
+  password: 'sharding_user',
+  database: 'sharded_db',
+  application_name: 'testing_pgcat',
+  prepared_statements: false, # Transaction mode
+  advisory_locks: false # Same
+)
+
+class TestSafeTable < ActiveRecord::Base
+  self.table_name = 'test_safe_table'
+end
+
+class ShouldNeverHappenException < RuntimeError
+end
+
+class CreateSafeShardedTable < ActiveRecord::Migration[7.0]
+  # Disable transasctions or things will fly out of order!
+  disable_ddl_transaction!
+
+  SHARDS = 3
+
+  def up
+    SHARDS.times do |x|
+      # This will make this migration reversible!
+      connection.execute "SET SHARD TO '#{x.to_i}'"
+      connection.execute "SET SERVER ROLE TO 'primary'"
+
+      connection.execute <<-SQL
+        CREATE TABLE test_safe_table (
+          id BIGINT PRIMARY KEY,
+          name VARCHAR,
+          description TEXT
+        ) PARTITION BY HASH (id);
+
+        CREATE TABLE test_safe_table_data PARTITION OF test_safe_table
+        FOR VALUES WITH (MODULUS #{SHARDS.to_i}, REMAINDER #{x.to_i});
+      SQL
+    end
+  end
+
+  def down
+    SHARDS.times do |x|
+      connection.execute "SET SHARD TO '#{x.to_i}'"
+      connection.execute "SET SERVER ROLE TO 'primary'"
+      connection.execute 'DROP TABLE test_safe_table CASCADE'
+    end
+  end
+end
+
+SHARDS = 3
+
+2.times do
+  begin
+    CreateSafeShardedTable.migrate(:down)
+  rescue Exception
+    puts "Tables don't exist yet"
+  end
+
+  CreateSafeShardedTable.migrate(:up)
+
+  SHARDS.times do |x|
+    TestSafeTable.connection.execute "SET SHARD TO '#{x.to_i}'"
+    TestSafeTable.connection.execute "SET SERVER ROLE TO 'primary'"
+    TestSafeTable.connection.execute "TRUNCATE #{TestSafeTable.table_name}"
+  end
+
+  # Equivalent to Makara's stick_to_master! except it sticks until it's changed.
+  TestSafeTable.connection.execute "SET SERVER ROLE TO 'primary'"
+
+  200.times do |x|
+    x += 1 # Postgres ids start at 1
+    TestSafeTable.connection.execute "SET SHARDING KEY TO '#{x.to_i}'"
+    TestSafeTable.create(id: x, name: "something_special_#{x.to_i}", description: "It's a surprise!")
+  end
+
+  TestSafeTable.connection.execute "SET SERVER ROLE TO 'replica'"
+
+  100.times do |x|
+    x += 1 # 0 confuses our sharding function
+    TestSafeTable.connection.execute "SET SHARDING KEY TO '#{x.to_i}'"
+    TestSafeTable.find_by_id(x).id
+  end
+
+  # Will use the query parser to direct reads to replicas
+  TestSafeTable.connection.execute "SET SERVER ROLE TO 'auto'"
+
+  100.times do |x|
+    x += 101
+    TestSafeTable.connection.execute "SET SHARDING KEY TO '#{x.to_i}'"
+    TestSafeTable.find_by_id(x).id
+  end
+end
+
+# Test wrong shard
+TestSafeTable.connection.execute "SET SHARD TO '1'"
+begin
+  TestSafeTable.create(id: 5, name: 'test', description: 'test description')
+  raise ShouldNeverHappenException('Uh oh')
+rescue ActiveRecord::StatementInvalid
+  puts 'OK'
+end

tests/sharding/README.md

@@ -0,0 +1,35 @@
+# Sharding tests
+
+This helps us test the sharding algorithm we implemented.
+
+
+## Setup
+
+We setup 3 Postgres DBs, `shard0`, `shard1`, and `shard2`. In each database, we create a partitioned table called `data`. The table is partitioned by hash, and each database will only have _one_ partition, `shard0` will satisfy `modulus 3, remainder 0`, `shard1` will satisfy `modulus 3, remainder 1`, etc.
+
+To set this up, you can just run:
+
+```bash
+psql -f query_routing_setup.sql
+```
+
+## Run the tests
+
+Start up PgCat by running `cargo run --release` in the root of the repo. In a different tab, run this:
+
+```bash
+psql -h 127.0.0.1 -p 6432 -f query_routing_test_insert.sql
+psql -h 127.0.0.1 -p 6432 -f query_routing_test_select.sql
+```
+
+Note that no errors should take place. If our sharding logic was incorrect, we would get some errors
+about unsatisfiable partition bounds. We don't because the pooler picked the correct databases
+given the sharding keys.
+
+Finally, you can validate the result again by running
+
+```bash
+psql -f query_routing_test_validate.sql
+```
+
+## That's it!

tests/sharding/partition_hash_test_setup.sql

@@ -0,0 +1,26 @@
+DROP TABLE IF EXISTS shards CASCADE;
+
+CREATE TABLE shards (
+    id BIGINT,
+    value VARCHAR
+) PARTITION BY HASH (id);
+
+-- DROP TABLE IF EXISTS shard_0;
+CREATE TABLE shard_0 PARTITION OF shards FOR VALUES WITH (MODULUS 5, REMAINDER 0);
+-- DROP TABLE IF EXISTS shard_1;
+CREATE TABLE shard_1 PARTITION OF shards FOR VALUES WITH (MODULUS 5, REMAINDER 1);
+-- DROP TABLE IF EXISTS shard_2;
+CREATE TABLE shard_2 PARTITION OF shards FOR VALUES WITH (MODULUS 5, REMAINDER 2);
+-- DROP TABLE IF EXISTS shard_3;
+CREATE TABLE shard_3 PARTITION OF shards FOR VALUES WITH (MODULUS 5, REMAINDER 3);
+-- DROP TABLE IF EXISTS shard_4;
+CREATE TABLE shard_4 PARTITION OF shards FOR VALUES WITH (MODULUS 5, REMAINDER 4);
+
+
+INSERT INTO shards SELECT generate_series(1, 500), 'value';
+
+SELECT * FROM shard_0 ORDER BY id LIMIT 10;
+SELECT * FROM shard_1 ORDER BY id LIMIT 10;
+SELECT * FROM shard_2 ORDER BY id LIMIT 10;
+SELECT * FROM shard_3 ORDER BY id LIMIT 10;
+SELECT * FROM shard_4 ORDER BY id LIMIT 10;

tests/sharding/query_routing.sh

@@ -0,0 +1,19 @@
+#/bin/bash
+set -e
+
+# Setup all the shards.
+# sudo service postgresql restart
+
+echo "Giving Postgres 5 seconds to start up..."
+
+# sleep 5
+
+# psql -f query_routing_setup.sql
+
+psql -h 127.0.0.1 -p 6432 -f query_routing_test_insert.sql
+
+psql -h 127.0.0.1 -p 6432 -f query_routing_test_select.sql
+
+psql -e -h 127.0.0.1 -p 6432 -f query_routing_test_primary_replica.sql
+
+psql -f query_routing_test_validate.sql

tests/sharding/query_routing_setup.sql

@@ -0,0 +1,104 @@
+DROP DATABASE IF EXISTS shard0;
+DROP DATABASE IF EXISTS shard1;
+DROP DATABASE IF EXISTS shard2;
+DROP DATABASE IF EXISTS some_db;
+
+CREATE DATABASE shard0;
+CREATE DATABASE shard1;
+CREATE DATABASE shard2;
+CREATE DATABASE some_db;
+
+\c shard0
+
+DROP TABLE IF EXISTS data CASCADE;
+
+CREATE TABLE data (
+    id BIGINT,
+    value VARCHAR
+) PARTITION BY HASH (id);
+
+CREATE TABLE data_shard_0 PARTITION OF data FOR VALUES WITH (MODULUS 3, REMAINDER 0);
+
+\c shard1
+
+DROP TABLE IF EXISTS data CASCADE;
+
+CREATE TABLE data (
+    id BIGINT,
+    value VARCHAR
+) PARTITION BY HASH (id);
+
+CREATE TABLE data_shard_1 PARTITION OF data FOR VALUES WITH (MODULUS 3, REMAINDER 1);
+
+
+\c shard2
+
+DROP TABLE IF EXISTS data CASCADE;
+
+CREATE TABLE data (
+    id BIGINT,
+    value VARCHAR
+) PARTITION BY HASH (id);
+
+CREATE TABLE data_shard_2 PARTITION OF data FOR VALUES WITH (MODULUS 3, REMAINDER 2);
+
+
+\c some_db
+
+DROP TABLE IF EXISTS data CASCADE;
+
+CREATE TABLE data (
+    id BIGINT,
+    value VARCHAR
+);
+
+DROP ROLE IF EXISTS sharding_user;
+DROP ROLE IF EXISTS other_user;
+DROP ROLE IF EXISTS simple_user;
+CREATE ROLE sharding_user ENCRYPTED PASSWORD 'sharding_user' LOGIN;
+CREATE ROLE other_user ENCRYPTED PASSWORD 'other_user' LOGIN;
+CREATE ROLE simple_user ENCRYPTED PASSWORD 'simple_user' LOGIN;
+
+GRANT CONNECT ON DATABASE shard0  TO sharding_user;
+GRANT CONNECT ON DATABASE shard1  TO sharding_user;
+GRANT CONNECT ON DATABASE shard2  TO sharding_user;
+
+GRANT CONNECT ON DATABASE shard0  TO other_user;
+GRANT CONNECT ON DATABASE shard1  TO other_user;
+GRANT CONNECT ON DATABASE shard2  TO other_user;
+
+GRANT CONNECT ON DATABASE some_db TO simple_user;
+
+\c shard0
+CREATE EXTENSION IF NOT EXISTS pg_stat_statements;
+GRANT EXECUTE ON FUNCTION pg_stat_statements_reset TO sharding_user;
+GRANT ALL ON SCHEMA public TO sharding_user;
+GRANT ALL ON TABLE data TO sharding_user;
+GRANT ALL ON SCHEMA public TO other_user;
+GRANT ALL ON TABLE data TO other_user;
+GRANT EXECUTE ON FUNCTION pg_stat_statements_reset TO other_user;
+
+\c shard1
+CREATE EXTENSION IF NOT EXISTS pg_stat_statements;
+GRANT EXECUTE ON FUNCTION pg_stat_statements_reset TO sharding_user;
+GRANT ALL ON SCHEMA public TO sharding_user;
+GRANT ALL ON TABLE data TO sharding_user;
+GRANT ALL ON SCHEMA public TO other_user;
+GRANT ALL ON TABLE data TO other_user;
+GRANT EXECUTE ON FUNCTION pg_stat_statements_reset TO other_user;
+
+
+\c shard2
+CREATE EXTENSION IF NOT EXISTS pg_stat_statements;
+GRANT EXECUTE ON FUNCTION pg_stat_statements_reset TO sharding_user;
+GRANT ALL ON SCHEMA public TO sharding_user;
+GRANT ALL ON TABLE data TO sharding_user;
+GRANT ALL ON SCHEMA public TO other_user;
+GRANT ALL ON TABLE data TO other_user;
+GRANT EXECUTE ON FUNCTION pg_stat_statements_reset TO other_user;
+
+\c some_db
+CREATE EXTENSION IF NOT EXISTS pg_stat_statements;
+GRANT EXECUTE ON FUNCTION pg_stat_statements_reset TO simple_user;
+GRANT ALL ON SCHEMA public TO simple_user;
+GRANT ALL ON TABLE data TO simple_user;

tests/sharding/query_routing_test_insert.sql

@@ -0,0 +1,55 @@
+\set ON_ERROR_STOP on
+
+SET SHARDING KEY TO '1';
+INSERT INTO data (id, value) VALUES (1, 'value_1');
+
+SET SHARDING KEY TO '2';
+INSERT INTO data (id, value) VALUES (2, 'value_1');
+
+SET SHARDING KEY TO '3';
+INSERT INTO data (id, value) VALUES (3, 'value_1');
+
+SET SHARDING KEY TO '4';
+INSERT INTO data (id, value) VALUES (4, 'value_1');
+
+SET SHARDING KEY TO '5';
+INSERT INTO data (id, value) VALUES (5, 'value_1');
+
+SET SHARDING KEY TO '6';
+INSERT INTO data (id, value) VALUES (6, 'value_1');
+
+SET SHARDING KEY TO '7';
+INSERT INTO data (id, value) VALUES (7, 'value_1');
+
+SET SHARDING KEY TO '8';
+INSERT INTO data (id, value) VALUES (8, 'value_1');
+
+SET SHARDING KEY TO '9';
+INSERT INTO data (id, value) VALUES (9, 'value_1');
+
+SET SHARDING KEY TO '10';
+INSERT INTO data (id, value) VALUES (10, 'value_1');
+
+SET SHARDING KEY TO '11';
+INSERT INTO data (id, value) VALUES (11, 'value_1');
+
+SET SHARDING KEY TO '12';
+INSERT INTO data (id, value) VALUES (12, 'value_1');
+
+SET SHARDING KEY TO '13';
+INSERT INTO data (id, value) VALUES (13, 'value_1');
+
+SET SHARDING KEY TO '14';
+INSERT INTO data (id, value) VALUES (14, 'value_1');
+
+SET SHARDING KEY TO '15';
+INSERT INTO data (id, value) VALUES (15, 'value_1');
+
+SET SHARDING KEY TO '16';
+INSERT INTO data (id, value) VALUES (16, 'value_1');
+
+set sharding key to '17';
+INSERT INTO data (id, value) VALUES (17, 'value_1');
+
+SeT SHaRDInG KeY to '18';
+INSERT INTO data (id, value) VALUES (18, 'value_1');

tests/sharding/query_routing_test_primary_replica.sql

@@ -0,0 +1,162 @@
+\set ON_ERROR_STOP on
+
+SET SERVER ROLE TO 'primary';
+SET SHARDING KEY TO '1';
+INSERT INTO data (id, value) VALUES (1, 'value_1');
+
+SET SERVER ROLE TO 'replica';
+SET SHARDING KEY TO '1';
+SELECT * FROM data WHERE id = 1;
+
+---
+
+SET SERVER ROLE TO 'primary';
+SET SHARDING KEY TO '2';
+INSERT INTO data (id, value) VALUES (2, 'value_1');
+
+SET SERVER ROLE TO 'replica';
+SET SHARDING KEY TO '2';
+SELECT * FROM data WHERE id = 2;
+
+---
+
+SET SERVER ROLE TO 'primary';
+SET SHARDING KEY TO '3';
+INSERT INTO data (id, value) VALUES (3, 'value_1');
+
+SET SERVER ROLE TO 'replica';
+SET SHARDING KEY TO '3';
+SELECT * FROM data WHERE id = 3;
+
+---
+
+SET SERVER ROLE TO 'primary';
+SET SHARDING KEY TO '4';
+INSERT INTO data (id, value) VALUES (4, 'value_1');
+
+SET SERVER ROLE TO 'replica';
+SET SHARDING KEY TO '4';
+SELECT * FROM data WHERE id = 4;
+
+---
+
+SET SERVER ROLE TO 'primary';
+SET SHARDING KEY TO '5';
+INSERT INTO data (id, value) VALUES (5, 'value_1');
+
+SET SERVER ROLE TO 'replica';
+SET SHARDING KEY TO '5';
+SELECT * FROM data WHERE id = 5;
+
+---
+
+SET SERVER ROLE TO 'primary';
+SET SHARDING KEY TO '6';
+INSERT INTO data (id, value) VALUES (6, 'value_1');
+
+SET SERVER ROLE TO 'replica';
+SET SHARDING KEY TO '6';
+SELECT * FROM data WHERE id = 6;
+
+---
+
+SET SERVER ROLE TO 'primary';
+SET SHARDING KEY TO '7';
+INSERT INTO data (id, value) VALUES (7, 'value_1');
+
+SET SERVER ROLE TO 'replica';
+SET SHARDING KEY TO '7';
+SELECT * FROM data WHERE id = 7;
+
+---
+
+SET SERVER ROLE TO 'primary';
+SET SHARDING KEY TO '8';
+INSERT INTO data (id, value) VALUES (8, 'value_1');
+
+SET SERVER ROLE TO 'replica';
+SET SHARDING KEY TO '8';
+SELECT * FROM data WHERE id = 8;
+
+---
+
+SET SERVER ROLE TO 'primary';
+SET SHARDING KEY TO '9';
+INSERT INTO data (id, value) VALUES (9, 'value_1');
+
+SET SERVER ROLE TO 'replica';
+SET SHARDING KEY TO '9';
+SELECT * FROM data WHERE id = 9;
+
+---
+
+\set ON_ERROR_STOP on
+
+SET SERVER ROLE TO 'primary';
+SET SHARDING KEY TO '10';
+INSERT INTO data (id, value) VALUES (10, 'value_1');
+
+SET SERVER ROLE TO 'replica';
+SET SHARDING KEY TO '10';
+SELECT * FROM data WHERE id = 10;
+
+---
+
+SET SERVER ROLE TO 'primary';
+SET SHARDING KEY TO '11';
+INSERT INTO data (id, value) VALUES (11, 'value_1');
+
+SET SERVER ROLE TO 'replica';
+SET SHARDING KEY TO '11';
+SELECT * FROM data WHERE id = 11;
+
+---
+
+SET SERVER ROLE TO 'primary';
+SET SHARDING KEY TO '12';
+INSERT INTO data (id, value) VALUES (12, 'value_1');
+
+SET SERVER ROLE TO 'replica';
+SET SHARDING KEY TO '12';
+SELECT * FROM data WHERE id = 12;
+
+---
+
+SET SERVER ROLE TO 'primary';
+SET SHARDING KEY TO '13';
+INSERT INTO data (id, value) VALUES (13, 'value_1');
+
+SET SERVER ROLE TO 'replica';
+SET SHARDING KEY TO '13';
+SELECT * FROM data WHERE id = 13;
+
+---
+
+SET SERVER ROLE TO 'primary';
+SET SHARDING KEY TO '14';
+INSERT INTO data (id, value) VALUES (14, 'value_1');
+
+SET SERVER ROLE TO 'replica';
+SET SHARDING KEY TO '14';
+SELECT * FROM data WHERE id = 14;
+
+---
+
+SET SERVER ROLE TO 'primary';
+SELECT 1;
+
+SET SERVER ROLE TO 'replica';
+SELECT 1;
+
+set server role to 'replica';
+SeT SeRver Role TO 'PrImARY';
+select 1;
+
+SET PRIMARY READS TO 'on';
+SELECT 1;
+
+SET PRIMARY READS TO 'off';
+SELECT 1;
+
+SET PRIMARY READS TO 'default';
+SELECT 1;

tests/sharding/query_routing_test_select.sql

@@ -0,0 +1,49 @@
+\set ON_ERROR_STOP on
+
+SET SHARDING KEY TO '1';
+SELECT * FROM data WHERE id = 1;
+
+SET SHARDING KEY TO '2';
+SELECT * FROM data WHERE id = 2;
+
+SET SHARDING KEY TO '3';
+SELECT * FROM data WHERE id = 3;
+
+SET SHARDING KEY TO '4';
+SELECT * FROM data WHERE id = 4;
+
+SET SHARDING KEY TO '5';
+SELECT * FROM data WHERE id = 5;
+
+SET SHARDING KEY TO '6';
+SELECT * FROM data WHERE id = 6;
+
+SET SHARDING KEY TO '7';
+SELECT * FROM data WHERE id = 7;
+
+SET SHARDING KEY TO '8';
+SELECT * FROM data WHERE id = 8;
+
+SET SHARDING KEY TO '9';
+SELECT * FROM data WHERE id = 9;
+
+SET SHARDING KEY TO '10';
+SELECT * FROM data WHERE id = 10;
+
+SET SHARDING KEY TO '11';
+SELECT * FROM data WHERE id = 11;
+
+SET SHARDING KEY TO '12';
+SELECT * FROM data WHERE id = 12;
+
+SET SHARDING KEY TO '13';
+SELECT * FROM data WHERE id = 13;
+
+SET SHARDING KEY TO '14';
+SELECT * FROM data WHERE id = 14;
+
+SET SHARDING KEY TO '15';
+SELECT * FROM data WHERE id = 15;
+
+SET SHARDING KEY TO '16';
+SELECT * FROM data WHERE id = 16;

tests/sharding/query_routing_test_validate.sql

@@ -0,0 +1,11 @@
+\c shard0
+
+SELECT * FROM data;
+
+\c shard1
+
+SELECT * FROM data;
+
+\c shard2
+
+SELECT * FROM data;

utilities/generate_config_docs.py

@@ -0,0 +1,92 @@
+import re
+import tomli
+
+class DocGenerator:
+    def __init__(self, filename):
+        self.doc = []
+        self.current_section = ""
+        self.current_comment = []
+        self.current_field_name = ""
+        self.current_field_value = []
+        self.current_field_unset = False
+        self.filename = filename
+
+    def write(self):
+        with open("../CONFIG.md", "w") as text_file:
+            text_file.write("# PgCat Configurations \n")
+            for entry in self.doc:
+                if entry["name"] == "__section__":
+                    text_file.write("## `" + entry["section"] + "` Section" + "\n")
+                    text_file.write("\n")
+                    continue
+                text_file.write("### " + entry["name"]+ "\n")
+                text_file.write("```"+ "\n")
+                text_file.write("path: " + entry["fqdn"]+ "\n")
+                text_file.write("default: " + entry["defaults"].strip()+ "\n")
+                if entry["example"] is not None:
+                    text_file.write("example: " + entry["example"].strip()+ "\n")
+                text_file.write("```"+ "\n")
+                text_file.write("\n")
+                text_file.write(entry["comment"]+ "\n")
+                text_file.write("\n")
+
+    def save_entry(self):
+        if len(self.current_field_name) == 0:
+            return
+        if len(self.current_comment) == 0:
+            return
+        self.current_section = self.current_section.replace("sharded_db", "<pool_name>")
+        self.current_section = self.current_section.replace("simple_db", "<pool_name>")
+        self.current_section = self.current_section.replace("users.0", "users.<user_index>")
+        self.current_section = self.current_section.replace("users.1", "users.<user_index>")
+        self.current_section = self.current_section.replace("shards.0", "shards.<shard_index>")
+        self.current_section = self.current_section.replace("shards.1", "shards.<shard_index>")
+        self.doc.append(
+            {
+                "name": self.current_field_name,
+                "fqdn": self.current_section + "." + self.current_field_name,
+                "section": self.current_section,
+                "comment": "\n".join(self.current_comment),
+                "defaults": self.current_field_value if not self.current_field_unset else "<UNSET>",
+                "example": self.current_field_value  if self.current_field_unset  else None
+            }
+        )
+        self.current_comment = []
+        self.current_field_name = ""
+        self.current_field_value = []
+    def parse(self):
+        with open("../pgcat.toml", "r") as f:
+            for line in f.readlines():
+                line = line.strip()
+                if len(line) == 0:
+                    self.save_entry()
+
+                if line.startswith("["):
+                    self.current_section = line[1:-1]
+                    self.current_field_name = "__section__"
+                    self.current_field_unset = False
+                    self.save_entry()
+
+                elif line.startswith("#"):
+                    results = re.search("^#\s*([A-Za-z0-9_]+)\s*=(.+)$", line)
+                    if results is not None:
+                        self.current_field_name = results.group(1)
+                        self.current_field_value = results.group(2)
+                        self.current_field_unset = True
+                        self.save_entry()
+                    else:
+                        self.current_comment.append(line[1:].strip())
+                else:
+                    results = re.search("^\s*([A-Za-z0-9_]+)\s*=(.+)$", line)
+                    if results is None:
+                        continue
+                    self.current_field_name = results.group(1)
+                    self.current_field_value = results.group(2)
+                    self.current_field_unset = False
+                    self.save_entry()
+        self.save_entry()
+        return self
+
+
+DocGenerator("../pgcat.toml").parse().write()
+